From 79617ed10927542e9adae5139ce0317f4d08d079 Mon Sep 17 00:00:00 2001
From: curben-bot <3048979-curben-bot@users.noreply.gitlab.com>
Date: Mon, 17 Jan 2022 00:01:39 +0000
Subject: [PATCH] Filter updated: Mon, 17 Jan 2022 00:01:39 +0000

---
 dist/phishing-filter-ag.txt                   |   748 +-
 dist/phishing-filter-agh.txt                  |   713 +-
 dist/phishing-filter-bind.conf                |   711 +-
 dist/phishing-filter-dnscrypt-blocked-ips.txt |     4 +-
 ...phishing-filter-dnscrypt-blocked-names.txt |   711 +-
 dist/phishing-filter-dnsmasq.conf             |   711 +-
 dist/phishing-filter-domains.txt              |   713 +-
 dist/phishing-filter-hosts.txt                |   711 +-
 dist/phishing-filter-rpz.conf                 |   713 +-
 dist/phishing-filter-snort2.rules             | 10430 ++++++++--------
 dist/phishing-filter-snort3.rules             | 10430 ++++++++--------
 dist/phishing-filter-suricata.rules           | 10430 ++++++++--------
 dist/phishing-filter-unbound.conf             |   711 +-
 dist/phishing-filter-vivaldi.txt              |   748 +-
 dist/phishing-filter.tpl                      |   711 +-
 dist/phishing-filter.txt                      |   748 +-
 16 files changed, 18602 insertions(+), 21341 deletions(-)

diff --git a/dist/phishing-filter-ag.txt b/dist/phishing-filter-ag.txt
index f29625b0..782fd8ca 100644
--- a/dist/phishing-filter-ag.txt
+++ b/dist/phishing-filter-ag.txt
@@ -1,5 +1,5 @@
 ! Title: Phishing URL Blocklist (AdGuard)
-! Updated: Sun, 16 Jan 2022 12:01:44 +0000
+! Updated: Mon, 17 Jan 2022 00:01:35 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/phishing-filter
 ! License: https://gitlab.com/curben/phishing-filter#license
@@ -17,11 +17,9 @@
 ||045a3c0.wcomhost.com/ameli-assurance/remboursement/login/iframe-page2.html$all
 ||048d7b4.wcomhost.com/ameli-assurance/remboursement/login$all
 ||048d7b4.wcomhost.com/ameli-assurance/remboursement/login/$all
+||0572f4b.wcomhost.com/escaixa/es/espace/home/$all
 ||08863299.sso-secure-mail0454etr.pages.dev$all
 ||0bs.de$all
-||0gjvj7a8eydbjz3au8anbg-on.drv.tw$all
-||1000000000347789523698541.tk$all
-||1000000000347789523698545.tk$all
 ||1000000000347789523698546.tk$all
 ||1000000000347789523698547.tk$all
 ||103.114.16.4$all
@@ -39,10 +37,12 @@
 ||149-210-143-165.colo.transip.net$all
 ||149.210.143.165$all
 ||15004083383734.data-store-company.com$all
+||154.222.224.81$all
 ||154.30.211.130.bc.googleusercontent.com$all
 ||161.35.142.2$all
 ||165.227.122.125$all
 ||16park.cn$all
+||1727365.com$all
 ||173.82.154.253$all
 ||178.128.108.233.dsl.dyn.forthnet.gr$all
 ||179.43.140.208$all
@@ -62,9 +62,9 @@
 ||2022-exodus.com$all
 ||2022-girobanken-sparkassen.xyz$all
 ||2022.intrebrkprsonas.xyz$all
+||205.185.113.221$all
 ||208.82.115.230$all
 ||217651.8b.io$all
-||2247317.verifyinguser426128734570198363.com$all
 ||228.94.92.rev.sfr.net.gghost.ru$all
 ||24611250.sibforms.com$all
 ||2482689012.yolasite.com$all
@@ -74,6 +74,7 @@
 ||2fa.bthei.com$all
 ||2pil.ru$all
 ||2rakuten.co.jp.happyyear.cn$all
+||2yfh.short.gy$all
 ||3-139-75-158.cprapid.com$all
 ||343i.org$all
 ||343t3dv9qdufp.clickfunnels.com$all
@@ -81,10 +82,11 @@
 ||35.199.84.117$all
 ||35.225.222.142$all
 ||3568365.com$all
-||377080202567359722137708020256735972.blogspot.com/?m=0%5c$all
+||365unfreezesecurity.com$all
+||3782365.com$all
 ||3a10a178.s6t6sj4s46tu4sys54y5.pages.dev$all
 ||3bvjh.sbs$all
-||3c5.com/tnrxs$all
+||3c5.com$all
 ||3ck.me$all
 ||3dprintersupplies.com.au$all
 ||3dsecure-update-service-info-live.duckdns.org$all
@@ -113,21 +115,21 @@
 ||613707.selcdn.ru$all
 ||61da8ae6.6u6566hrrthsh45.pages.dev$all
 ||638ca12d-ba2f-451c-8418-faf56b7de7ff.htmlcomponentservice.com$all
-||65451440241544.hyperphp.com$all
-||664876.verifyinguser426128734570198363.com$all
+||6734365.com$all
 ||67lksxgjd.bttmassage-thai-tanger.com$all
 ||6a7zu9he6mqh.clickfunnels.com$all
 ||6c7f0acc.sibforms.com$all
+||6stupefacentevideo2022.pagedemo.co$all
+||754675377.xyz$all
 ||78.108.89.240$all
 ||7837365.com$all
 ||7a4298b9.sso-mail-secure234ds23d23wd1.pages.dev$all
 ||7wr4u.csb.app$all
 ||7yu3v.csb.app$all
 ||8.215.32.173$all
-||8010361370310234068010361370310234.blogspot.be$all
-||8010361370310234068010361370310234.blogspot.com/?m=0%5c$all
 ||859411.icu$all
 ||8760365.com$all
+||885211.icu$all
 ||889381.icu$all
 ||8899.jp$all
 ||89ix7y0.cn$all
@@ -152,10 +154,13 @@
 ||aagamsteelcorporation.com$all
 ||aar.macecri.com$all
 ||abeermultimediadesign.com$all
+||abre.ai/dhhh?trackingid=gnevs68e&signature=newsletter$all
+||abre.ai/dmjg$all
 ||absaonline2021.website2.me$all
 ||absolute-containers-sip.business.site$all
 ||absolutepleasure.com.my$all
 ||acacia.webdevonline.net$all
+||account-recovery.org$all
 ||account.herephyshy.info$all
 ||account.verifications.help-page.workers.dev$all
 ||accounts-autoscout24.de$all
@@ -170,10 +175,12 @@
 ||ach111.xyz$all
 ||activartransferenciainternacional.com/?page_id=758$all
 ||activate-hulu-com-activate.sitey.me$all
+||activatingmymainnet.com$all
 ||adamfeber.com$all
 ||adcloudserver.com$all
 ||admin-formserviceupdates.weeblysite.com$all
 ||admin.fifoundry.net/en/bellcocreditunion/$all
+||administer-708aa.web.app$all
 ||administraciondefincaspereznovo.com$all
 ||adorablepomskyhome.net$all
 ||adpunemploymentclaims.sharefile.com$all
@@ -183,15 +190,14 @@
 ||afreemart.xyz$all
 ||africansecrets.ca$all
 ||agora.imb.br$all
-||agricolefr-99f918.ingress-erytho.easywp.com$all
 ||agrimetiersmartinique.fr$all
 ||agurimu-nagoya.com$all
 ||ahhhh.pe.kr$all
 ||ai.macecri.com$all
-||aib-unauthorized-access.com$all
 ||aid-validation-human.run-us-west2.goorm.io$all
 ||aijcs.blogspot.com/2005/03/colourful-life-of-aij.html$all
 ||aimekidya-recpag.web.id$all
+||airbnb.book-space-b851927.live$all
 ||airportprescreening.com$all
 ||aitsidihamh.my-place.us$all
 ||akanksha3012.github.io$all
@@ -216,8 +222,10 @@
 ||alkhalilgraphics.com$all
 ||allegrolokalnie-pl-3dsafe.id-43051.xyz$all
 ||allegrolokalnie-pl-3dsafe.id-91501.xyz$all
+||allegrolokalnie-pl-3dseif.id-43051.xyz$all
 ||allegrolokalnie-pl-safe.id-43051.xyz$all
 ||alliancesuper.com$all
+||almarjantours.com$all
 ||almighty.edu.np$all
 ||alnajahh.com$all
 ||aloun.ps$all
@@ -225,6 +233,7 @@
 ||alqadi.ps$all
 ||alquilervillora.net$all
 ||alsofft.com$all
+||alupi-frey.shop$all
 ||amacez.jyrtery4.top$all
 ||amacredit.amacardpkey.xyz$all
 ||amaenv.fgasdfw6.xyz$all
@@ -235,22 +244,21 @@
 ||amazomsse.shop$all
 ||amazon-gcatech.com$all
 ||amazon-interruption.com$all
-||amazon.co.ip.jlig.cn$all
 ||amazon.co.jp.abaiaccounting.cn$all
 ||amazon.gousana.casa$all
-||amazon.jp-m.win$all
+||amazon.logins-co.jp$all
 ||amazon.works.ga$all
 ||amazonhome.sfrmobiles.com$all
 ||amazonjapsne.cf$all
+||amazonses.authflows.com$all
 ||amazoon.co.op.o4j.top$all
-||ambil-hadiah-gratis-resmi-dari-freefire.duckdns.org$all
 ||ambrosecourt.com/our/ourtime/ourtime.html$all
 ||amc-training.com$all
-||amcgardiennage.com$all
+||amecmasmerd.ga$all
 ||ameozom.jp.onaworks.com$all
 ||americanexpress-auth.azurewebsites.net$all
-||americanexpress.heiwakai.com$all
 ||amguevara.com$all
+||amhsd.com$all
 ||amidabuli.com$all
 ||amlnov7.web.app$all
 ||amnzma-jp.top$all
@@ -261,8 +269,8 @@
 ||amoazom.rm82j6-t8.cn$all
 ||amonzau_co_take.ktbf.shop$all
 ||amosleh.com$all
-||amozom.co.ip.taxhod.club$all
 ||amreeth.github.io$all
+||ams3.digitaloceanspaces.com/faxwxagm72247832mhwuk7224783272247832/index.html?961961d961$all
 ||ams3.digitaloceanspaces.com/njk/25_40_24_5e_40_26_40_26_28_29_23_23_5e_23_24_26_5e_25_26_40_5e_28_23_26.html$all
 ||amusebouche-bg.com$all
 ||amzcredit.dearva.xyz$all
@@ -279,26 +287,23 @@
 ||anhduongjsc.com$all
 ||anj-azakp.run.goorm.io$all
 ||anjalijha167.github.io$all
-||anjayredit.duckdns.org$all
 ||annacatania.com.mt$all
 ||anon-keep-admin-keep.rvsla.workers.dev$all
 ||ansr.ro$all
 ||aolmailukhelplinecustomerservice.blogspot.com$all
 ||aolmailukhelplinecustomerservice.blogspot.com.au$all
-||aolpoweredservice.duckdns.org$all
 ||aolverixon11dfd.weebly.com$all
 ||aolxperience.com$all
 ||api-freewallet.com/app/$all
+||api-saisoncard-co-jp.md160.net$all
 ||api-saisoncard-co-jp.o4ay8.net$all
 ||api.addthis.com/oexchange/0.8/wrap/opengraph?url=ahr0chm6ly93zxetnmrlodiud2vilmfwcc8znzg1mje5lze1lziwmjfjdw5plmn6nto1nibbttu6ntygqu13zwjtyxn0zxi5lze1lziwmjeznzg1mjfjdw5plmn6nto1nibbttu6ntygqu13zwjtyxn0zxiznzg1mje5lze1lziwmjfjdw5plmn6nto1nibbttu6ntygqu0znzg1mjf3zwjtyxn0zxi5lze1lziwmjfjdw5plmn6nto1nibbttm3oduymtu6ntygqu13zwjtyxn0zxiznzg1mjejd2vibwfzdgvyqgn1bmkuy3o=$all
 ||api.florense.com.br$all
 ||api.redirect-bentobot199.com$all
 ||api.redirect-safebrowser-online.com$all
-||api.safe-directmail.com$all
 ||aplintec.com.mx$all
 ||app-928e4a31-5ecb-44ae-8c1e-5a710ac73f9f.cleverapps.io$all
 ||app-bombcrypto-io-login-ab.blogspot.com$all
-||app-panckswp.xyz$all
 ||app.box.com/s/b9fu9axf9rcv7bhjp80fpcm8zna5wcwi$all
 ||app.box.com/s/x6agocx9zvj049azirk4aw3xrqdedqhl$all
 ||app.box.com/s/ymr0ltw3hmn8icxebz16gjhcyhqa49w4$all
@@ -315,13 +320,14 @@
 ||appatualizecef.com$all
 ||appibsolicitud.com$all
 ||appleid-check.info$all
+||applekra.com$all
 ||applepichincha.webcindario.com$all
 ||apply.aua.am$all
 ||apps.mobile-form-verification40124572700208277579.xjzsg0tqkl-ewl6ngk8w352.p.runcloud.link$all
-||appttech.com$all
 ||appurl.io/6dfhh1yrol$all
 ||appurl.io/lsmho6dyl-$all
 ||appurl.io/wywajnlbtl$all
+||aprilgagenesh.com$all
 ||aquaqualitas.com$all
 ||arafathrumman.github.io$all
 ||arcacg.com$all
@@ -329,15 +335,18 @@
 ||are.scicemecod.com$all
 ||areueaom.gtpzcve.cn$all
 ||areueaom.gtva.cn$all
+||arif.com.bd$all
 ||aromatic.webenliven.in$all
 ||arthamahotels.com$all
 ||artlux.com.pl$all
 ||arub-service.org$all
 ||aruba.fatt.ids-sys.com$all
 ||as.macecri.com$all
+||as.scicemecod.com$all
 ||asaipestcontrol.com$all
 ||ascom.co.tz$all
 ||asd.9sw53wk.cn$all
+||asdxa.p2x11pi.cn$all
 ||asgard-ampqy.run-us-west2.goorm.io$all
 ||asimpwsh.com$all
 ||asistentetramitadordigitalda.com$all
@@ -347,20 +356,25 @@
 ||at-t-yahoo.sitey.me$all
 ||atento-fdi.plusoftomni.com.br$all
 ||ativacao-online73681.com$all
+||atlanticeconcrete.com$all
 ||atnr76dxku336szy.clickfunnels.com$all
 ||att-yahoo.meculinkvolt.com/at&t/$all
-||attcustomdesk.weebly.com$all
+||att556.weebly.com$all
+||att87.weebly.com$all
 ||attinfoser.weebly.com$all
 ||attonlinemanagementpage.weebly.com$all
+||attonlineuserverification.weebly.com$all
 ||attpage1121.weebly.com$all
 ||atualizacao-online547864.com$all
 ||atualizarmodolo.com$all
 ||atulrathore-dev.github.io$all
+||auid-japan.com$all
 ||aurumship.com$all
-||aushfew.tokyo$all
 ||aushotel.es$all
 ||auth-task1-m.web.app$all
 ||auth-webmailakeonetcom.yolasite.com$all
+||auth.topgamers.cn$all
+||authent54-sedure32.duckdns.org$all
 ||authorize-trustvallet-protocol.com$all
 ||authorizewallet.app$all
 ||authuxeehmutconjxmailssocl.web.app$all
@@ -370,17 +384,16 @@
 ||autoranplususeremailprocessingupdate.pages.dev$all
 ||autoscurt24.de$all
 ||autumn-sun-4a21.paqesads-scure.workers.dev$all
+||avelocidad.com$all
 ||avrorganics.com$all
 ||awesome-gates-8bdd6f.netlify.app$all
 ||ax.xiguw.workers.dev$all
-||axieinfinity-meta.com$all
 ||axieinfinity-supportwallet.com$all
 ||axlr.in$all
-||ayguru.com$all
+||ayushenterprise.in$all
 ||az.macecri.com$all
 ||azb3s.cf$all
 ||azeioaz.blogspot.com/?m=0$all
-||azmnsaz.000webhostapp.com$all
 ||azmznonos_co_long.akys.shop$all
 ||b.com.0cdb6084fc320a42a6418192753f5960.laremolonarestaurante.com$all
 ||b059c86968a6427389952025bcee9886.svc.dynamics.com$all
@@ -388,7 +401,6 @@
 ||b96f7f93.sibforms.com$all
 ||b97bca39.srvr-cloudmail-srvr6754e5rte.pages.dev$all
 ||bacteralia.com$all
-||badnewswegewroighgserhhg.xyz$all
 ||bag-macben.eu$all
 ||bakhai.vn$all
 ||balajihospital.net$all
@@ -408,7 +420,6 @@
 ||bancaporlnternetlnterbarnk.libertycanais.com.br$all
 ||bancoiinng.site44.com$all
 ||bancooccidentalb.com$all
-||bank-id.pl$all
 ||bankapolska.com$all
 ||banki0wa.us$all
 ||bankocaoffo.webcindario.com$all
@@ -416,9 +427,9 @@
 ||bannerbank.control-inc.com$all
 ||bannerchampnyc.com$all
 ||banproseguridadasistenteenlineanic.webnode.es$all
-||banqsuepoy.temp.swtest.ru$all
 ||baovesusonglcxt.com/wp-includes/index.html$all
 ||baradua.it$all
+||barbecuef.top$all
 ||bardaiconnect.com/app/listeners/ae/n-nv6588123/ae/ae/verify/sms.php$all
 ||baritasonte.blogspot.com/?m=0$all
 ||battlelastmont.cyou$all
@@ -431,7 +442,7 @@
 ||be-home.web.do$all
 ||bearmybrand.com$all
 ||beast-blog.com$all
-||beibys.com.br$all
+||beccu07.zzux.com$all
 ||beijing.vfzfy1v.cn$all
 ||belovedaroma.com$all
 ||bendmytrend.com$all
@@ -476,7 +487,6 @@
 ||bit.do/fs7cb$all
 ||bit.do/fs8cx$all
 ||bit.do/fsf6l$all
-||bit.do/ftahp$all
 ||bit.ly./3ijwsm2$all
 ||bit.ly/2iz03nf$all
 ||bit.ly/2kduy2u$all
@@ -627,6 +637,7 @@
 ||bitly.com/3koilft$all
 ||bitly.com/3xmjxs4$all
 ||bitly.com/taxirsxcy$all
+||bitly.ws/nlwp$all
 ||bitmexinc.com$all
 ||bitso.cm$all
 ||bitsrflyer.com$all
@@ -653,12 +664,15 @@
 ||bncre.odoo.com$all
 ||bncxz.9wx9b27.cn$all
 ||bndigitalpersonas.com$all
-||bnpparibas-pl.mob-app.xyz$all
 ||boaupdate.bfaoscr.com$all
 ||bodegalatinacorp-my.sharepoint.com/:x:/r/personal/012dsd_fiestamart_com/_layouts/15/wopiframe.aspx?guestaccesstoken=t3v5ldmmhrtlw5cyiohlp9z4yo7ufnrop9j1plyfdkm%3d&docid=1_1d89d259f7e704301aca26ac4dbabaa8d&wdformid=%7bfeb771e5%2d93ee%2d4015%2d8e87%2dd1c30d0f406a%7d&action=formsubmit&cid=f609fe16-56c4-4e2b-a964-75e250d31c99$all
 ||bogdonovlerer.com$all
 ||bogged-finance.com$all
+||boi.365online-replacement.com$all
+||boke4-indonesia-2022a7whatsapp.duckdns.org$all
+||bokep-virall-sange33.duckdns.org$all
 ||bokgabanesolutions.co.za$all
+||bold-lichterman.45-81-232-15.plesk.page$all
 ||bom.to/nlozan9lgoapq$all
 ||bonomequedoencasa.blogspot.com/?aplicar$all
 ||bookfbs.evangsamuelministries.com$all
@@ -666,10 +680,8 @@
 ||bpl.kr/s9x$all
 ||br4.in$all
 ||br622.teste.website$all
-||brave-knuth-96d329.netlify.app$all
 ||bre.is/2r9pyocy$all
 ||breople.com$all
-||brigida_cossette.gitlab.io$all
 ||brooks-forrunning.top$all
 ||brooks-justforjogging.top$all
 ||brooks-move.top$all
@@ -708,7 +720,6 @@
 ||bujikena.web.app$all
 ||bundel-cobragratis2022.duckdns.org$all
 ||busanopen.org$all
-||business-action-copyright11022.web.app$all
 ||business-action-page129591.web.app$all
 ||business-appeal-copyright8211.web.app$all
 ||business-appeal-form-18222.web.app$all
@@ -716,24 +727,22 @@
 ||business-copyright-alert198082.web.app$all
 ||business-copyright-alert19882.web.app$all
 ||business-copyright-detected920.web.app$all
-||business-page-content125882.web.app$all
 ||business-required-helpcenter82.web.app$all
 ||business-required-info188221.web.app$all
 ||businessemailss.biz$all
-||bussines.messages-redirect-to-page.e37uezyquk-rz83y0rwz4d7.p.runcloud.link$all
 ||buyelectronicsnyc.com$all
 ||c.curiousmorty.be$all
 ||c.jardindemiedo.es$all
 ||c.loveawaits.be$all
 ||c.mail.com$all
 ||c0m-r51znzlh8i.isiolo.go.ke$all
-||c10012022j.temp.swtest.ru$all
 ||c1christine.tjelmeland2e.cso.gov.tt$all
 ||c2dc5b99.chgmar.pages.dev$all
 ||c6ebv708.caspio.com$all
 ||cabsiler.com$all
 ||cache.nebula.phx3.secureserver.net$all
 ||cadeau-orange.fr$all
+||caixabanki.temp.swtest.ru$all
 ||caixaseguradora.quadientcloud.com$all
 ||cakesbyannemotha.com$all
 ||cammymiller.com$all
@@ -751,7 +760,6 @@
 ||capstroyinvest.com/assets/content/fcc3a33269bb5f281754c49ab86c3d4e/?user=3d{{email}}&amp;_verify?service=mail&amp;data:text/html;charset=utf-8;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft$all
 ||caracasmateriais.blogspot.com$all
 ||carpediemxp.com$all
-||carry.reduxservices.com$all
 ||carservicessaupdate.xyz$all
 ||cartamorin-geometres.fr$all
 ||carwash.tv$all
@@ -764,6 +772,7 @@
 ||caymanreno.com$all
 ||cbmonlinegroups.com$all
 ||cc.scicemecod.com$all
+||cc23674.tmweb.ru$all
 ||ccjrlaw.com$all
 ||cdas.nxzigco.cn$all
 ||cdn.shopify.com/s/files/1/0533/5367/6992/t/3/assets/home.html$all
@@ -778,14 +787,13 @@
 ||centromedicoviladomat.com/index.php?option=com_content&view=article&id=67$all
 ||ceresgulf.com$all
 ||certifica-montepaschii.com$all
-||chalokradocallkakuch.azurewebsites.net$all
-||changenotification.pricesamazonlogincard.monster$all
+||charitascb.com$all
 ||charperimagedesign.com$all
 ||chat-whatasapp.com$all
 ||chat-whatsaap99.duckdns.org$all
 ||chat-whatsapp-com-go8i7q-qregrabc-ibuxub.duckdns.org$all
-||chat-whatsapp-group-2022.duckdns.org$all
 ||chat-whatsapp-grupo-invitacion.blogspot.com$all
+||chat-whatsapp-gscfghjsgsu.duckdns.org$all
 ||chckmaill1.web.app$all
 ||chckmaill10.web.app$all
 ||chckmaill11.web.app$all
@@ -819,13 +827,13 @@
 ||chois.jp$all
 ||christienstudystl.wixsite.com$all
 ||christmas-dhl-express-delvr.hopekosmos.com$all
+||chronopostaws.com$all
 ||chronopostvalidation.blogspot.com/2021/02/blog-post_12.html$all
 ||chtbnk.uk$all
 ||chutomen.com$all
 ||ci3.googleusercontent.com/proxy/rdh-rjsrv9zzrx57iscgov74o1gka4qjdfj01qr7v8-pkjgyvn50tivt7pzqgm5kuqdmonqle3f8eq_t8f4xl6jdozabmf2lxy-888ai8hdji633rg$all
 ||ci4.googleusercontent.com/proxy/djc3ckf7jcnj8l0duyaqyjwffeskzbccy9spjiauj_jwrplgw0ahyaf1xozvm6n_fjn8q1-2vkhqqujjr1en3qej703lyxxujt6tto-ttwsl6hgsggp3ehcc$all
 ||ci4.googleusercontent.com/proxy/zjba9cvtmkfnoveyofx6gqong0kqi3s69d9o2y32fmu_gankb59tj-rb79bolx0bwbsemnonfhh2esy9olfdp-20gybztkzstfhfheqrrjuefxwiwkqws29wxm6tdobikwz-qkzfphpaldfr$all
-||ciiusea.com$all
 ||cimslp-my.sharepoint.com/:x:/r/personal/eric_cimsltd_com/_layouts/15/wopiframe.aspx?guestaccesstoken=wnhqsp58ikn1qzzozpe2oiw%2fmizdr53wegdbyscml7y%3d&amp;docid=1_1207bcf2f71094b5cb97dcb5bea3e1a3a&amp;wdformid=%7bd98de46a%2d2777%2d417f%2dbbcf%2d5f08c8244727%7d&amp;action=formsubmit$all
 ||cinemaleftech.com$all
 ||citagestionenlineabn.com$all
@@ -834,7 +842,6 @@
 ||claiimdiamondgratis84.duckdns.org$all
 ||claim-event-freefire-garena-oldfree-a4.duckdns.org$all
 ||claim-skingratis-mobailegends161.duckdns.org$all
-||claimgratisff2022.duckdns.org$all
 ||claims-funds-enczj.run-us-west2.goorm.io$all
 ||claimseventmlbb.duckdns.org$all
 ||claimshopee.yolasite.com$all
@@ -842,7 +849,6 @@
 ||claus.bz$all
 ||clck.ru/yc8bd&post=665308711_37&cc_key$all
 ||clck.ru/yzuft&post=665308711_32&cc_key$all
-||clefman.cl$all
 ||click-here-help.in$all
 ||click.icptrack.com/icp/relay.php?r=57372110&amp;msgid=807563&amp;act=af7a&amp;c=1365247&amp;destination=https://www.linkedin.com/&amp;cf=17638&amp;v=6023ca6bc5e4f8b8568ed04ff6a646a7d7757336e750d772ecc1cb2b3b6063b4$all
 ||click.message.fruit.com/?qs=6541641088c869552ced792d84ee93eabf075e23cd5eba83a7d07a40ad9cf2ce36c931984719b9df7de658999defbc87f999ec46970a0280$all
@@ -884,8 +890,10 @@
 ||co.jp.sefdvsi.cn$all
 ||co.jp.tezkkbp.cn$all
 ||co.jp.ztxzzup.cn$all
+||cobaincurlduluom.duckdns.org$all
 ||codepasta.app/paste/c4tl1sfout2tbkhn5810/raw$all
 ||codwarzonemobile.com$all
+||coindappsync.online$all
 ||cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev$all
 ||cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev/#investor-relations@cyient.com$all
 ||collab-land.net$all
@@ -901,26 +909,27 @@
 ||com-r51znzlh8i.isiolo.go.ke$all
 ||com-sauuvazpjo.isiolo.go.ke$all
 ||com-ugsyk69nqb.isiolo.go.ke$all
-||comefuck.co$all
 ||community-die.blogspot.com/?!=%25_col_email%20address_%25$all
 ||community.fb-pages-01138913366342885284.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link$all
 ||community.fb-pages-28202553629866144006.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link$all
 ||community.fb-pages-44883444930165123303.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link$all
 ||communitychurch-my.sharepoint.com/:b:/g/personal/infonoreply_communitychurch_tv/eburrky2tklimiiiqf0ia5kbbhkaxaypf06-08wf9wjebq?e=w5jmrb$all
 ||completeegali.webcindario.com$all
+||completeyorcorp.lunsrgovert.net$all
 ||comunicazione-europe.net$all
 ||comunity-isue-ideent-andromeda-29.web.id$all
 ||comunity-isue-ideent-andromeda-33.web.id$all
-||comunity-isue-ideent-andromeda-88.web.id$all
 ||con-firma.firebaseapp.com$all
 ||confabint.com/discounts_services/writing/loginform2d0e.php$all
-||confirming-pages-idntitysupport.web.id$all
 ||congresosba.com.ar$all
 ||conhecaonlinedigital.com.br$all
 ||connect.au-login.0662smt.com$all
+||connect.auone.jp-login.kddi-sys.com$all
+||connect.myauone.jp-auid.jp-auid.com$all
+||connect.myauone.jp-auid.kddi-mail.com$all
+||connectlivewallet.io$all
 ||connectwallet.me$all
 ||conoscofaturahiiiper.com$all
-||consultavirtuai.bieah.com$all
 ||consultorioveterinario7colinas.pt/it/userbcc/indexx.html$all
 ||contabilidaderabello.com.br$all
 ||contact2acceptpoilcyverifingyouracceptancemailfullinbox.pages.dev$all
@@ -932,7 +941,7 @@
 ||contratodeparceria.com.br$all
 ||controlpichincha.webcindario.com$all
 ||copyright-center-live.ml$all
-||corl-inv.web.app$all
+||coroplastusa.com$all
 ||correosdemexico-web.com$all
 ||corta.ai$all
 ||cosemu.com$all
@@ -966,7 +975,6 @@
 ||credicorpfiduciariasa.com$all
 ||credifinanciera.didacsis.com$all
 ||crediserfinanza.com$all
-||credita302.temp.swtest.ru$all
 ||creditagricole-sudrhonealpes.blogspot.ba$all
 ||creditagricole-sudrhonealpes.blogspot.com$all
 ||creditagricole-sudrhonealpes.blogspot.ro$all
@@ -975,13 +983,16 @@
 ||creditiperhabbogratissicuro100.blogspot.it$all
 ||cresvin.com$all
 ||criticalcarevizag.com$all
+||crrdxwjap7t.typeform.com$all
 ||cryptocars-plays.buzz$all
 ||cryptocarsme.com$all
 ||cryptscars-logs.com$all
 ||cryqtocars.me$all
 ||cuans.bkaamiv.cn$all
 ||currentlyupgrade.mystrikingly.com$all
+||cusnas.366wuv.cn$all
 ||cusstomerservicee.blogspot.com/?m=0$all
+||custream.com/91eb6b959cd1249d6877/$all
 ||cutt.ly/2isbc3k$all
 ||cutt.ly/3yqokjg$all
 ||cutt.ly/3yy01ci$all
@@ -999,6 +1010,7 @@
 ||cutt.ly/dkvkq49/$all
 ||cutt.ly/gyqdc7m$all
 ||cutt.ly/ingdirect-es$all
+||cutt.ly/irsgov$all
 ||cutt.ly/iyn1owx$all
 ||cutt.ly/kiiataa$all
 ||cutt.ly/mynrk6q$all
@@ -1022,7 +1034,10 @@
 ||cutt.ly/wyc154r$all
 ||cutt.ly/xynjuem$all
 ||cutt.ly/ytv0uzv$all
+||cxas.bvd2q18.cn$all
+||cxas.zk6w4dt.cn$all
 ||cxasd.easghbl.cn$all
+||cxmnsa.04frh0w.cn$all
 ||cxnbas.nmkbmqk.cn$all
 ||cxuahs.1wc9bxm.cn$all
 ||cy.tc/oglp$all
@@ -1037,8 +1052,10 @@
 ||d3ncuwwrr82.typeform.com$all
 ||d854c624d7.gesundheitundschonheit.com/#?act=cl&pid=34515_md&uid=1&vid=25&ofid=1615&lid=126&cid=17171$all
 ||daatahomes.com$all
+||dadafa88.com$all
 ||damp-f43e.recovery-page-secur.workers.dev$all
 ||danitraseoexperts.com$all
+||dappconnecttvalidator.net$all
 ||dapponlines.com$all
 ||dappscoins.com$all
 ||dappsiconnect.com$all
@@ -1054,8 +1071,8 @@
 ||db-web-client.com$all
 ||dbesmdcjzturhizszllesbthsn-dot-gl44393333333.rj.r.appspot.com$all
 ||dbkuzwes.online$all
-||dbs-interrnet.online$all
 ||dbs.limited$all
+||dbs.online.webdbslistinonline.com$all
 ||dbs.webdbslistinonline.com$all
 ||dbw.gr$all
 ||dcm1.ae.iwc.static.tungmung.co.id$all
@@ -1088,6 +1105,7 @@
 ||dev-nadaj.orlenpaczka.ce5.pl$all
 ||dev-secu-credit-union.pantheonsite.io$all
 ||dev-www.orlenpaczka.ce5.pl$all
+||dev.massageliabilityinsurancegroup.com$all
 ||dev.shivaxi.com$all
 ||devicepichincha.webcindario.com$all
 ||devops.help$all
@@ -1100,16 +1118,18 @@
 ||dhl.recruitmentplatform.com$all
 ||diamondplate.us$all
 ||die-post-swiss-id-19782635812.psd2any.com$all
+||diepost-paketevhost207932.lowhost.ru$all
 ||diginto.org$all
 ||digisigner.com/online/showdocument?documentid=1fce937a-ba39-4053-a83a-f07711ad8efd&invitationid=82f3e840-cd11-4da4-8579-304bd7e930b0$all
-||dilscord.gift$all
+||diligentverify.com$all
 ||directqpuprozaakp.weebly.com$all
 ||dirtyez.com$all
 ||disccrdapp.com$all
 ||disckord.club$all
 ||discoord-nittro.com$all
-||discorc.gift$all
 ||discordbugs.com$all
+||discordnitroos.com$all
+||discrods.gift$all
 ||dispositivoapp.azurewebsites.net$all
 ||distinctivei.com$all
 ||distrial.ec$all
@@ -1122,7 +1142,6 @@
 ||dl.9xu.com$all
 ||dlink.me$all
 ||dmaxpesca.com.es$all
-||dminer.cloud$all
 ||doclab-console-auth.firebaseapp.com$all
 ||docs-verify-c671.thajetiase.workers.dev$all
 ||docs.google.com/document/d/e/2pacx-1vszcwxk6nifthkg32wjxfjgq9yc-jjujkbsumqeeau8uw7xkcutyp0tbgux2mvwu8iqfrxxlunajob8/pub$all
@@ -1243,7 +1262,6 @@
 ||docs.google.com/forms/d/e/1faipqlsfanborkr2ivrhpsjdnvnb-jktwkjbuub3wnsxb-md7haddsq/viewform?usp=send_form$all
 ||docs.google.com/forms/d/e/1faipqlsfbu-bfa-om2nk21gbc1gbbeoy4veybh7qcrj8jw7nwthmh_w/viewform$all
 ||docs.google.com/forms/d/e/1faipqlsfeoy_w3jwkkz8psgsw4nrja9tmg2lx0x0nvtmv38k0hjzzmq/viewform?usp=send_form$all
-||docs.google.com/forms/d/e/1faipqlsfgomlcpbyhodks1bwjmx6f5jr0tqwhngun_juf2qk0jp8dbq/viewform?vc=0&amp;c=0&amp;w=1&amp;flr=0&amp;usp=mail_form_link$all
 ||docs.google.com/forms/d/e/1faipqlsfgrkvxsp4vv3h2jpge8n2rwi_acvt3o91y4av8-nbjpc0xxw/viewform?c=0&amp;w=1$all
 ||docs.google.com/forms/d/e/1faipqlsfhzli805cycnlai887dfo6ra8bwbwjbc8uehmv5amiaqdbyq/viewform$all
 ||docs.google.com/forms/d/e/1faipqlsfjpx-sxpejnp_q2fmfu0jy8oqoesrx9wbrqplcychw9luupa/viewform$all
@@ -1276,7 +1294,6 @@
 ||docsharex-authorize.firebaseapp.com$all
 ||docuservice.us$all
 ||docusign-lnc.info$all
-||dodgersdigest.com/wp-content/uploads/2013/12/thereal_dv$all
 ||domaincontroller.pmeimg.co.uk$all
 ||domainserverlawa100.web.app$all
 ||domainserverlawa101.web.app$all
@@ -1296,12 +1313,9 @@
 ||domainserverlawa117.web.app$all
 ||domainserverlawa118.web.app$all
 ||domainserverlawa119.web.app$all
-||domainserverlawa120.web.app$all
-||domainserverlawa121.web.app$all
 ||domainserverlawa122.web.app$all
 ||domainserverlawa123.web.app$all
 ||domainserverlawa124.web.app$all
-||domainserverlawa125.web.app$all
 ||domainserverlawa126.web.app$all
 ||domainserverlawa127.web.app$all
 ||domainserverlawa128.web.app$all
@@ -1310,32 +1324,24 @@
 ||domainserverlawa130.web.app$all
 ||domainserverlawa131.web.app$all
 ||domainserverlawa132.web.app$all
-||domainserverlawa133.web.app$all
 ||domainserverlawa134.web.app$all
 ||domainserverlawa135.web.app$all
 ||domainserverlawa136.web.app$all
 ||domainserverlawa137.web.app$all
-||domainserverlawa138.web.app$all
 ||domainserverlawa139.web.app$all
 ||domainserverlawa14.web.app$all
-||domainserverlawa140.web.app$all
-||domainserverlawa141.web.app$all
 ||domainserverlawa142.web.app$all
 ||domainserverlawa143.web.app$all
 ||domainserverlawa144.web.app$all
 ||domainserverlawa145.web.app$all
 ||domainserverlawa146.web.app$all
-||domainserverlawa147.web.app$all
 ||domainserverlawa148.web.app$all
 ||domainserverlawa149.web.app$all
 ||domainserverlawa150.web.app$all
-||domainserverlawa151.web.app$all
 ||domainserverlawa152.web.app$all
 ||domainserverlawa153.web.app$all
-||domainserverlawa154.web.app$all
 ||domainserverlawa155.web.app$all
 ||domainserverlawa156.web.app$all
-||domainserverlawa157.web.app$all
 ||domainserverlawa158.web.app$all
 ||domainserverlawa159.web.app$all
 ||domainserverlawa160.web.app$all
@@ -1343,20 +1349,15 @@
 ||domainserverlawa162.web.app$all
 ||domainserverlawa163.web.app$all
 ||domainserverlawa164.web.app$all
-||domainserverlawa165.web.app$all
 ||domainserverlawa166.web.app$all
 ||domainserverlawa167.web.app$all
 ||domainserverlawa168.web.app$all
 ||domainserverlawa169.web.app$all
-||domainserverlawa17.web.app$all
-||domainserverlawa170.web.app$all
 ||domainserverlawa171.web.app$all
 ||domainserverlawa172.web.app$all
 ||domainserverlawa173.web.app$all
 ||domainserverlawa174.web.app$all
-||domainserverlawa175.web.app$all
 ||domainserverlawa176.web.app$all
-||domainserverlawa177.web.app$all
 ||domainserverlawa178.web.app$all
 ||domainserverlawa179.web.app$all
 ||domainserverlawa18.web.app$all
@@ -1365,34 +1366,25 @@
 ||domainserverlawa182.web.app$all
 ||domainserverlawa183.web.app$all
 ||domainserverlawa184.web.app$all
-||domainserverlawa185.web.app$all
 ||domainserverlawa186.web.app$all
 ||domainserverlawa187.web.app$all
 ||domainserverlawa188.web.app$all
 ||domainserverlawa189.web.app$all
 ||domainserverlawa19.web.app$all
-||domainserverlawa190.web.app$all
 ||domainserverlawa191.web.app$all
 ||domainserverlawa193.web.app$all
 ||domainserverlawa194.web.app$all
 ||domainserverlawa195.web.app$all
-||domainserverlawa196.web.app$all
-||domainserverlawa197.web.app$all
 ||domainserverlawa198.web.app$all
-||domainserverlawa199.web.app$all
 ||domainserverlawa20.web.app$all
-||domainserverlawa200.web.app$all
 ||domainserverlawa201.web.app$all
 ||domainserverlawa202.web.app$all
-||domainserverlawa203.web.app$all
 ||domainserverlawa204.web.app$all
 ||domainserverlawa205.web.app$all
 ||domainserverlawa206.web.app$all
-||domainserverlawa207.web.app$all
 ||domainserverlawa208.web.app$all
 ||domainserverlawa209.web.app$all
 ||domainserverlawa21.web.app$all
-||domainserverlawa210.web.app$all
 ||domainserverlawa211.web.app$all
 ||domainserverlawa212.web.app$all
 ||domainserverlawa213.web.app$all
@@ -1406,7 +1398,6 @@
 ||domainserverlawa221.web.app$all
 ||domainserverlawa222.web.app$all
 ||domainserverlawa223.web.app$all
-||domainserverlawa224.web.app$all
 ||domainserverlawa225.web.app$all
 ||domainserverlawa226.web.app$all
 ||domainserverlawa227.web.app$all
@@ -1419,12 +1410,10 @@
 ||domainserverlawa234.web.app$all
 ||domainserverlawa235.web.app$all
 ||domainserverlawa237.web.app$all
-||domainserverlawa238.web.app$all
 ||domainserverlawa239.web.app$all
 ||domainserverlawa240.web.app$all
 ||domainserverlawa241.web.app$all
 ||domainserverlawa242.web.app$all
-||domainserverlawa243.web.app$all
 ||domainserverlawa244.web.app$all
 ||domainserverlawa245.web.app$all
 ||domainserverlawa246.web.app$all
@@ -1432,35 +1421,23 @@
 ||domainserverlawa248.web.app$all
 ||domainserverlawa249.web.app$all
 ||domainserverlawa25.web.app$all
-||domainserverlawa250.web.app$all
 ||domainserverlawa251.web.app$all
 ||domainserverlawa252.web.app$all
 ||domainserverlawa253.web.app$all
-||domainserverlawa254.web.app$all
-||domainserverlawa255.web.app$all
 ||domainserverlawa256.web.app$all
 ||domainserverlawa257.web.app$all
 ||domainserverlawa258.web.app$all
-||domainserverlawa259.web.app$all
-||domainserverlawa26.web.app$all
 ||domainserverlawa260.web.app$all
-||domainserverlawa261.web.app$all
-||domainserverlawa262.web.app$all
 ||domainserverlawa263.web.app$all
 ||domainserverlawa264.web.app$all
 ||domainserverlawa265.web.app$all
 ||domainserverlawa266.web.app$all
 ||domainserverlawa267.web.app$all
-||domainserverlawa268.web.app$all
 ||domainserverlawa269.web.app$all
 ||domainserverlawa270.web.app$all
-||domainserverlawa271.web.app$all
-||domainserverlawa272.web.app$all
 ||domainserverlawa273.web.app$all
 ||domainserverlawa274.web.app$all
-||domainserverlawa275.web.app$all
 ||domainserverlawa276.web.app$all
-||domainserverlawa277.web.app$all
 ||domainserverlawa278.web.app$all
 ||domainserverlawa279.web.app$all
 ||domainserverlawa280.web.app$all
@@ -1469,9 +1446,7 @@
 ||domainserverlawa283.web.app$all
 ||domainserverlawa284.web.app$all
 ||domainserverlawa285.web.app$all
-||domainserverlawa286.web.app$all
 ||domainserverlawa287.web.app$all
-||domainserverlawa289.web.app$all
 ||domainserverlawa29.web.app$all
 ||domainserverlawa290.web.app$all
 ||domainserverlawa292.web.app$all
@@ -1480,28 +1455,20 @@
 ||domainserverlawa295.web.app$all
 ||domainserverlawa296.web.app$all
 ||domainserverlawa297.web.app$all
-||domainserverlawa298.web.app$all
 ||domainserverlawa299.web.app$all
-||domainserverlawa30.web.app$all
 ||domainserverlawa300.web.app$all
 ||domainserverlawa301.web.app$all
 ||domainserverlawa302.web.app$all
 ||domainserverlawa303.web.app$all
 ||domainserverlawa304.web.app$all
 ||domainserverlawa305.web.app$all
-||domainserverlawa306.web.app$all
 ||domainserverlawa307.web.app$all
 ||domainserverlawa308.web.app$all
-||domainserverlawa309.web.app$all
-||domainserverlawa31.web.app$all
 ||domainserverlawa310.web.app$all
 ||domainserverlawa311.web.app$all
 ||domainserverlawa312.web.app$all
 ||domainserverlawa313.web.app$all
-||domainserverlawa314.web.app$all
 ||domainserverlawa315.web.app$all
-||domainserverlawa316.web.app$all
-||domainserverlawa317.web.app$all
 ||domainserverlawa318.web.app$all
 ||domainserverlawa319.web.app$all
 ||domainserverlawa32.web.app$all
@@ -1509,13 +1476,11 @@
 ||domainserverlawa321.web.app$all
 ||domainserverlawa322.web.app$all
 ||domainserverlawa323.web.app$all
-||domainserverlawa324.web.app$all
 ||domainserverlawa325.web.app$all
 ||domainserverlawa326.web.app$all
 ||domainserverlawa327.web.app$all
 ||domainserverlawa328.web.app$all
 ||domainserverlawa329.web.app$all
-||domainserverlawa33.web.app$all
 ||domainserverlawa330.web.app$all
 ||domainserverlawa331.web.app$all
 ||domainserverlawa332.web.app$all
@@ -1526,17 +1491,14 @@
 ||domainserverlawa337.web.app$all
 ||domainserverlawa338.web.app$all
 ||domainserverlawa339.web.app$all
-||domainserverlawa34.web.app$all
 ||domainserverlawa340.web.app$all
 ||domainserverlawa341.web.app$all
 ||domainserverlawa342.web.app$all
 ||domainserverlawa343.web.app$all
 ||domainserverlawa344.web.app$all
-||domainserverlawa345.web.app$all
 ||domainserverlawa346.web.app$all
 ||domainserverlawa347.web.app$all
 ||domainserverlawa348.web.app$all
-||domainserverlawa35.web.app$all
 ||domainserverlawa350.web.app$all
 ||domainserverlawa351.web.app$all
 ||domainserverlawa352.web.app$all
@@ -1550,7 +1512,6 @@
 ||domainserverlawa36.web.app$all
 ||domainserverlawa360.web.app$all
 ||domainserverlawa361.web.app$all
-||domainserverlawa362.web.app$all
 ||domainserverlawa363.web.app$all
 ||domainserverlawa364.web.app$all
 ||domainserverlawa365.web.app$all
@@ -1561,7 +1522,6 @@
 ||domainserverlawa370.web.app$all
 ||domainserverlawa371.web.app$all
 ||domainserverlawa372.web.app$all
-||domainserverlawa373.web.app$all
 ||domainserverlawa374.web.app$all
 ||domainserverlawa375.web.app$all
 ||domainserverlawa376.web.app$all
@@ -1577,11 +1537,7 @@
 ||domainserverlawa385.web.app$all
 ||domainserverlawa386.web.app$all
 ||domainserverlawa387.web.app$all
-||domainserverlawa388.web.app$all
-||domainserverlawa389.web.app$all
-||domainserverlawa39.web.app$all
 ||domainserverlawa390.web.app$all
-||domainserverlawa391.web.app$all
 ||domainserverlawa392.web.app$all
 ||domainserverlawa393.web.app$all
 ||domainserverlawa394.web.app$all
@@ -1592,11 +1548,8 @@
 ||domainserverlawa40.web.app$all
 ||domainserverlawa400.web.app$all
 ||domainserverlawa401.web.app$all
-||domainserverlawa402.web.app$all
 ||domainserverlawa403.web.app$all
-||domainserverlawa404.web.app$all
 ||domainserverlawa405.web.app$all
-||domainserverlawa406.web.app$all
 ||domainserverlawa407.web.app$all
 ||domainserverlawa408.web.app$all
 ||domainserverlawa409.web.app$all
@@ -1607,7 +1560,6 @@
 ||domainserverlawa413.web.app$all
 ||domainserverlawa414.web.app$all
 ||domainserverlawa415.web.app$all
-||domainserverlawa416.web.app$all
 ||domainserverlawa417.web.app$all
 ||domainserverlawa418.web.app$all
 ||domainserverlawa419.web.app$all
@@ -1620,12 +1572,10 @@
 ||domainserverlawa425.web.app$all
 ||domainserverlawa426.web.app$all
 ||domainserverlawa427.web.app$all
-||domainserverlawa428.web.app$all
 ||domainserverlawa429.web.app$all
 ||domainserverlawa43.web.app$all
 ||domainserverlawa430.web.app$all
 ||domainserverlawa431.web.app$all
-||domainserverlawa432.web.app$all
 ||domainserverlawa433.web.app$all
 ||domainserverlawa434.web.app$all
 ||domainserverlawa435.web.app$all
@@ -1635,36 +1585,27 @@
 ||domainserverlawa439.web.app$all
 ||domainserverlawa44.web.app$all
 ||domainserverlawa440.web.app$all
-||domainserverlawa441.web.app$all
 ||domainserverlawa442.web.app$all
 ||domainserverlawa443.web.app$all
 ||domainserverlawa444.web.app$all
 ||domainserverlawa445.web.app$all
 ||domainserverlawa446.web.app$all
 ||domainserverlawa447.web.app$all
-||domainserverlawa448.web.app$all
 ||domainserverlawa449.web.app$all
-||domainserverlawa45.web.app$all
 ||domainserverlawa450.web.app$all
 ||domainserverlawa451.web.app$all
 ||domainserverlawa452.web.app$all
 ||domainserverlawa453.web.app$all
-||domainserverlawa454.web.app$all
 ||domainserverlawa455.web.app$all
 ||domainserverlawa456.web.app$all
-||domainserverlawa457.web.app$all
-||domainserverlawa458.web.app$all
 ||domainserverlawa459.web.app$all
 ||domainserverlawa46.web.app$all
 ||domainserverlawa460.web.app$all
-||domainserverlawa461.web.app$all
 ||domainserverlawa462.web.app$all
 ||domainserverlawa463.web.app$all
 ||domainserverlawa464.web.app$all
 ||domainserverlawa465.web.app$all
 ||domainserverlawa466.web.app$all
-||domainserverlawa467.web.app$all
-||domainserverlawa468.web.app$all
 ||domainserverlawa469.web.app$all
 ||domainserverlawa47.web.app$all
 ||domainserverlawa470.web.app$all
@@ -1675,18 +1616,14 @@
 ||domainserverlawa475.web.app$all
 ||domainserverlawa476.web.app$all
 ||domainserverlawa477.web.app$all
-||domainserverlawa478.web.app$all
 ||domainserverlawa479.web.app$all
 ||domainserverlawa480.web.app$all
 ||domainserverlawa481.web.app$all
-||domainserverlawa482.web.app$all
 ||domainserverlawa483.web.app$all
 ||domainserverlawa484.web.app$all
 ||domainserverlawa485.web.app$all
 ||domainserverlawa486.web.app$all
 ||domainserverlawa487.web.app$all
-||domainserverlawa488.web.app$all
-||domainserverlawa489.web.app$all
 ||domainserverlawa49.web.app$all
 ||domainserverlawa490.web.app$all
 ||domainserverlawa491.web.app$all
@@ -1697,22 +1634,15 @@
 ||domainserverlawa496.web.app$all
 ||domainserverlawa497.web.app$all
 ||domainserverlawa498.web.app$all
-||domainserverlawa499.web.app$all
 ||domainserverlawa50.web.app$all
 ||domainserverlawa500.web.app$all
-||domainserverlawa501.web.app$all
 ||domainserverlawa502.web.app$all
-||domainserverlawa503.web.app$all
-||domainserverlawa504.web.app$all
-||domainserverlawa505.web.app$all
 ||domainserverlawa506.web.app$all
 ||domainserverlawa507.web.app$all
 ||domainserverlawa508.web.app$all
 ||domainserverlawa509.web.app$all
 ||domainserverlawa51.web.app$all
-||domainserverlawa510.web.app$all
 ||domainserverlawa511.web.app$all
-||domainserverlawa513.web.app$all
 ||domainserverlawa514.web.app$all
 ||domainserverlawa515.web.app$all
 ||domainserverlawa516.web.app$all
@@ -1721,10 +1651,8 @@
 ||domainserverlawa519.web.app$all
 ||domainserverlawa52.web.app$all
 ||domainserverlawa520.web.app$all
-||domainserverlawa521.web.app$all
 ||domainserverlawa522.web.app$all
 ||domainserverlawa523.web.app$all
-||domainserverlawa524.web.app$all
 ||domainserverlawa525.web.app$all
 ||domainserverlawa526.web.app$all
 ||domainserverlawa527.web.app$all
@@ -1735,28 +1663,21 @@
 ||domainserverlawa531.web.app$all
 ||domainserverlawa532.web.app$all
 ||domainserverlawa533.web.app$all
-||domainserverlawa534.web.app$all
-||domainserverlawa535.web.app$all
 ||domainserverlawa536.web.app$all
 ||domainserverlawa537.web.app$all
 ||domainserverlawa538.web.app$all
 ||domainserverlawa539.web.app$all
 ||domainserverlawa54.web.app$all
-||domainserverlawa540.web.app$all
 ||domainserverlawa541.web.app$all
 ||domainserverlawa542.web.app$all
 ||domainserverlawa543.web.app$all
-||domainserverlawa544.web.app$all
 ||domainserverlawa545.web.app$all
 ||domainserverlawa546.web.app$all
 ||domainserverlawa547.web.app$all
-||domainserverlawa548.web.app$all
 ||domainserverlawa549.web.app$all
 ||domainserverlawa550.web.app$all
 ||domainserverlawa551.web.app$all
-||domainserverlawa552.web.app$all
 ||domainserverlawa553.web.app$all
-||domainserverlawa554.web.app$all
 ||domainserverlawa555.web.app$all
 ||domainserverlawa556.web.app$all
 ||domainserverlawa557.web.app$all
@@ -1766,9 +1687,7 @@
 ||domainserverlawa560.web.app$all
 ||domainserverlawa561.web.app$all
 ||domainserverlawa562.web.app$all
-||domainserverlawa563.web.app$all
 ||domainserverlawa564.web.app$all
-||domainserverlawa565.web.app$all
 ||domainserverlawa566.web.app$all
 ||domainserverlawa567.web.app$all
 ||domainserverlawa568.web.app$all
@@ -1777,35 +1696,24 @@
 ||domainserverlawa570.web.app$all
 ||domainserverlawa571.web.app$all
 ||domainserverlawa572.web.app$all
-||domainserverlawa573.web.app$all
 ||domainserverlawa574.web.app$all
 ||domainserverlawa575.web.app$all
 ||domainserverlawa576.web.app$all
 ||domainserverlawa577.web.app$all
 ||domainserverlawa578.web.app$all
 ||domainserverlawa579.web.app$all
-||domainserverlawa58.web.app$all
-||domainserverlawa580.web.app$all
 ||domainserverlawa581.web.app$all
 ||domainserverlawa582.web.app$all
 ||domainserverlawa583.web.app$all
-||domainserverlawa584.web.app$all
-||domainserverlawa585.web.app$all
 ||domainserverlawa586.web.app$all
 ||domainserverlawa587.web.app$all
 ||domainserverlawa588.web.app$all
 ||domainserverlawa589.web.app$all
 ||domainserverlawa59.web.app$all
-||domainserverlawa590.web.app$all
-||domainserverlawa591.web.app$all
 ||domainserverlawa592.web.app$all
 ||domainserverlawa593.web.app$all
-||domainserverlawa594.web.app$all
-||domainserverlawa595.web.app$all
-||domainserverlawa596.web.app$all
 ||domainserverlawa597.web.app$all
 ||domainserverlawa598.web.app$all
-||domainserverlawa599.web.app$all
 ||domainserverlawa60.web.app$all
 ||domainserverlawa600.web.app$all
 ||domainserverlawa601.web.app$all
@@ -1813,25 +1721,18 @@
 ||domainserverlawa603.web.app$all
 ||domainserverlawa604.web.app$all
 ||domainserverlawa605.web.app$all
-||domainserverlawa606.web.app$all
 ||domainserverlawa607.web.app$all
 ||domainserverlawa608.web.app$all
 ||domainserverlawa609.web.app$all
-||domainserverlawa61.web.app$all
 ||domainserverlawa610.web.app$all
-||domainserverlawa611.web.app$all
 ||domainserverlawa612.web.app$all
 ||domainserverlawa613.web.app$all
 ||domainserverlawa614.web.app$all
-||domainserverlawa615.web.app$all
-||domainserverlawa616.web.app$all
-||domainserverlawa617.web.app$all
 ||domainserverlawa618.web.app$all
 ||domainserverlawa619.web.app$all
 ||domainserverlawa62.web.app$all
 ||domainserverlawa620.web.app$all
 ||domainserverlawa621.web.app$all
-||domainserverlawa622.web.app$all
 ||domainserverlawa623.web.app$all
 ||domainserverlawa624.web.app$all
 ||domainserverlawa625.web.app$all
@@ -1852,7 +1753,6 @@
 ||domainserverlawa639.web.app$all
 ||domainserverlawa64.web.app$all
 ||domainserverlawa640.web.app$all
-||domainserverlawa641.web.app$all
 ||domainserverlawa642.web.app$all
 ||domainserverlawa643.web.app$all
 ||domainserverlawa644.web.app$all
@@ -1868,11 +1768,6 @@
 ||domainserverlawa653.web.app$all
 ||domainserverlawa654.web.app$all
 ||domainserverlawa655.web.app$all
-||domainserverlawa656.web.app$all
-||domainserverlawa657.web.app$all
-||domainserverlawa658.web.app$all
-||domainserverlawa659.web.app$all
-||domainserverlawa66.web.app$all
 ||domainserverlawa660.web.app$all
 ||domainserverlawa661.web.app$all
 ||domainserverlawa662.web.app$all
@@ -1883,14 +1778,10 @@
 ||domainserverlawa667.web.app$all
 ||domainserverlawa668.web.app$all
 ||domainserverlawa669.web.app$all
-||domainserverlawa67.web.app$all
-||domainserverlawa670.web.app$all
 ||domainserverlawa671.web.app$all
 ||domainserverlawa672.web.app$all
 ||domainserverlawa673.web.app$all
-||domainserverlawa674.web.app$all
 ||domainserverlawa675.web.app$all
-||domainserverlawa676.web.app$all
 ||domainserverlawa677.web.app$all
 ||domainserverlawa678.web.app$all
 ||domainserverlawa679.web.app$all
@@ -1898,12 +1789,8 @@
 ||domainserverlawa680.web.app$all
 ||domainserverlawa681.web.app$all
 ||domainserverlawa682.web.app$all
-||domainserverlawa683.web.app$all
 ||domainserverlawa684.web.app$all
 ||domainserverlawa685.web.app$all
-||domainserverlawa686.web.app$all
-||domainserverlawa687.web.app$all
-||domainserverlawa688.web.app$all
 ||domainserverlawa689.web.app$all
 ||domainserverlawa69.web.app$all
 ||domainserverlawa690.web.app$all
@@ -1911,7 +1798,6 @@
 ||domainserverlawa692.web.app$all
 ||domainserverlawa693.web.app$all
 ||domainserverlawa694.web.app$all
-||domainserverlawa695.web.app$all
 ||domainserverlawa696.web.app$all
 ||domainserverlawa697.web.app$all
 ||domainserverlawa698.web.app$all
@@ -1922,15 +1808,11 @@
 ||domainserverlawa702.web.app$all
 ||domainserverlawa703.web.app$all
 ||domainserverlawa704.web.app$all
-||domainserverlawa705.web.app$all
 ||domainserverlawa706.web.app$all
-||domainserverlawa707.web.app$all
 ||domainserverlawa708.web.app$all
 ||domainserverlawa709.web.app$all
 ||domainserverlawa71.web.app$all
-||domainserverlawa710.web.app$all
 ||domainserverlawa711.web.app$all
-||domainserverlawa712.web.app$all
 ||domainserverlawa713.web.app$all
 ||domainserverlawa714.web.app$all
 ||domainserverlawa715.web.app$all
@@ -1939,17 +1821,13 @@
 ||domainserverlawa718.web.app$all
 ||domainserverlawa719.web.app$all
 ||domainserverlawa72.web.app$all
-||domainserverlawa720.web.app$all
 ||domainserverlawa721.web.app$all
 ||domainserverlawa722.web.app$all
-||domainserverlawa723.web.app$all
 ||domainserverlawa724.web.app$all
 ||domainserverlawa725.web.app$all
 ||domainserverlawa726.web.app$all
 ||domainserverlawa727.web.app$all
-||domainserverlawa728.web.app$all
 ||domainserverlawa729.web.app$all
-||domainserverlawa73.web.app$all
 ||domainserverlawa730.web.app$all
 ||domainserverlawa731.web.app$all
 ||domainserverlawa732.web.app$all
@@ -1962,31 +1840,22 @@
 ||domainserverlawa739.web.app$all
 ||domainserverlawa74.web.app$all
 ||domainserverlawa740.web.app$all
-||domainserverlawa741.web.app$all
 ||domainserverlawa742.web.app$all
 ||domainserverlawa743.web.app$all
 ||domainserverlawa744.web.app$all
-||domainserverlawa745.web.app$all
 ||domainserverlawa746.web.app$all
-||domainserverlawa747.web.app$all
-||domainserverlawa748.web.app$all
 ||domainserverlawa749.web.app$all
 ||domainserverlawa75.web.app$all
 ||domainserverlawa750.web.app$all
-||domainserverlawa751.web.app$all
 ||domainserverlawa752.web.app$all
 ||domainserverlawa753.web.app$all
 ||domainserverlawa754.web.app$all
 ||domainserverlawa755.web.app$all
-||domainserverlawa756.web.app$all
 ||domainserverlawa757.web.app$all
 ||domainserverlawa758.web.app$all
 ||domainserverlawa759.web.app$all
-||domainserverlawa76.web.app$all
-||domainserverlawa760.web.app$all
 ||domainserverlawa761.web.app$all
 ||domainserverlawa762.web.app$all
-||domainserverlawa763.web.app$all
 ||domainserverlawa764.web.app$all
 ||domainserverlawa765.web.app$all
 ||domainserverlawa766.web.app$all
@@ -2006,22 +1875,17 @@
 ||domainserverlawa779.web.app$all
 ||domainserverlawa78.web.app$all
 ||domainserverlawa780.web.app$all
-||domainserverlawa781.web.app$all
 ||domainserverlawa782.web.app$all
 ||domainserverlawa783.web.app$all
 ||domainserverlawa784.web.app$all
 ||domainserverlawa785.web.app$all
 ||domainserverlawa786.web.app$all
-||domainserverlawa787.web.app$all
 ||domainserverlawa788.web.app$all
 ||domainserverlawa789.web.app$all
 ||domainserverlawa79.web.app$all
 ||domainserverlawa790.web.app$all
-||domainserverlawa791.web.app$all
-||domainserverlawa792.web.app$all
 ||domainserverlawa793.web.app$all
 ||domainserverlawa794.web.app$all
-||domainserverlawa795.web.app$all
 ||domainserverlawa796.web.app$all
 ||domainserverlawa797.web.app$all
 ||domainserverlawa798.web.app$all
@@ -2030,7 +1894,6 @@
 ||domainserverlawa800.web.app$all
 ||domainserverlawa801.web.app$all
 ||domainserverlawa802.web.app$all
-||domainserverlawa803.web.app$all
 ||domainserverlawa804.web.app$all
 ||domainserverlawa806.web.app$all
 ||domainserverlawa807.web.app$all
@@ -2038,8 +1901,6 @@
 ||domainserverlawa809.web.app$all
 ||domainserverlawa81.web.app$all
 ||domainserverlawa810.web.app$all
-||domainserverlawa811.web.app$all
-||domainserverlawa812.web.app$all
 ||domainserverlawa813.web.app$all
 ||domainserverlawa814.web.app$all
 ||domainserverlawa815.web.app$all
@@ -2053,7 +1914,6 @@
 ||domainserverlawa822.web.app$all
 ||domainserverlawa823.web.app$all
 ||domainserverlawa824.web.app$all
-||domainserverlawa825.web.app$all
 ||domainserverlawa826.web.app$all
 ||domainserverlawa827.web.app$all
 ||domainserverlawa828.web.app$all
@@ -2065,9 +1925,7 @@
 ||domainserverlawa833.web.app$all
 ||domainserverlawa834.web.app$all
 ||domainserverlawa835.web.app$all
-||domainserverlawa836.web.app$all
 ||domainserverlawa837.web.app$all
-||domainserverlawa838.web.app$all
 ||domainserverlawa839.web.app$all
 ||domainserverlawa84.web.app$all
 ||domainserverlawa840.web.app$all
@@ -2075,29 +1933,21 @@
 ||domainserverlawa842.web.app$all
 ||domainserverlawa843.web.app$all
 ||domainserverlawa844.web.app$all
-||domainserverlawa845.web.app$all
 ||domainserverlawa846.web.app$all
-||domainserverlawa847.web.app$all
-||domainserverlawa848.web.app$all
-||domainserverlawa849.web.app$all
 ||domainserverlawa85.web.app$all
-||domainserverlawa850.web.app$all
 ||domainserverlawa851.web.app$all
 ||domainserverlawa852.web.app$all
 ||domainserverlawa853.web.app$all
-||domainserverlawa854.web.app$all
 ||domainserverlawa855.web.app$all
 ||domainserverlawa856.web.app$all
 ||domainserverlawa857.web.app$all
 ||domainserverlawa858.web.app$all
-||domainserverlawa859.web.app$all
 ||domainserverlawa86.web.app$all
 ||domainserverlawa860.web.app$all
 ||domainserverlawa861.web.app$all
 ||domainserverlawa862.web.app$all
 ||domainserverlawa863.web.app$all
 ||domainserverlawa864.web.app$all
-||domainserverlawa865.web.app$all
 ||domainserverlawa866.web.app$all
 ||domainserverlawa867.web.app$all
 ||domainserverlawa868.web.app$all
@@ -2108,7 +1958,6 @@
 ||domainserverlawa872.web.app$all
 ||domainserverlawa873.web.app$all
 ||domainserverlawa874.web.app$all
-||domainserverlawa875.web.app$all
 ||domainserverlawa877.web.app$all
 ||domainserverlawa878.web.app$all
 ||domainserverlawa879.web.app$all
@@ -2116,9 +1965,7 @@
 ||domainserverlawa880.web.app$all
 ||domainserverlawa881.web.app$all
 ||domainserverlawa882.web.app$all
-||domainserverlawa883.web.app$all
 ||domainserverlawa884.web.app$all
-||domainserverlawa885.web.app$all
 ||domainserverlawa886.web.app$all
 ||domainserverlawa888.web.app$all
 ||domainserverlawa889.web.app$all
@@ -2138,19 +1985,14 @@
 ||domainserverlawa902.web.app$all
 ||domainserverlawa903.web.app$all
 ||domainserverlawa904.web.app$all
-||domainserverlawa905.web.app$all
 ||domainserverlawa906.web.app$all
 ||domainserverlawa907.web.app$all
 ||domainserverlawa908.web.app$all
 ||domainserverlawa909.web.app$all
 ||domainserverlawa91.web.app$all
 ||domainserverlawa910.web.app$all
-||domainserverlawa911.web.app$all
 ||domainserverlawa912.web.app$all
 ||domainserverlawa913.web.app$all
-||domainserverlawa914.web.app$all
-||domainserverlawa915.web.app$all
-||domainserverlawa916.web.app$all
 ||domainserverlawa917.web.app$all
 ||domainserverlawa918.web.app$all
 ||domainserverlawa92.web.app$all
@@ -2159,22 +2001,14 @@
 ||domainserverlawa922.web.app$all
 ||domainserverlawa923.web.app$all
 ||domainserverlawa924.web.app$all
-||domainserverlawa925.web.app$all
 ||domainserverlawa926.web.app$all
 ||domainserverlawa927.web.app$all
 ||domainserverlawa929.web.app$all
-||domainserverlawa93.web.app$all
 ||domainserverlawa930.web.app$all
-||domainserverlawa931.web.app$all
 ||domainserverlawa932.web.app$all
-||domainserverlawa933.web.app$all
-||domainserverlawa934.web.app$all
 ||domainserverlawa935.web.app$all
-||domainserverlawa936.web.app$all
 ||domainserverlawa937.web.app$all
 ||domainserverlawa938.web.app$all
-||domainserverlawa939.web.app$all
-||domainserverlawa94.web.app$all
 ||domainserverlawa940.web.app$all
 ||domainserverlawa941.web.app$all
 ||domainserverlawa942.web.app$all
@@ -2183,45 +2017,33 @@
 ||domainserverlawa945.web.app$all
 ||domainserverlawa946.web.app$all
 ||domainserverlawa947.web.app$all
-||domainserverlawa948.web.app$all
 ||domainserverlawa949.web.app$all
 ||domainserverlawa95.web.app$all
 ||domainserverlawa950.web.app$all
-||domainserverlawa951.web.app$all
 ||domainserverlawa952.web.app$all
 ||domainserverlawa953.web.app$all
 ||domainserverlawa954.web.app$all
 ||domainserverlawa955.web.app$all
-||domainserverlawa957.web.app$all
 ||domainserverlawa958.web.app$all
 ||domainserverlawa959.web.app$all
 ||domainserverlawa96.web.app$all
-||domainserverlawa960.web.app$all
 ||domainserverlawa961.web.app$all
 ||domainserverlawa962.web.app$all
 ||domainserverlawa963.web.app$all
 ||domainserverlawa964.web.app$all
-||domainserverlawa965.web.app$all
 ||domainserverlawa966.web.app$all
 ||domainserverlawa967.web.app$all
-||domainserverlawa968.web.app$all
-||domainserverlawa969.web.app$all
 ||domainserverlawa97.web.app$all
 ||domainserverlawa970.web.app$all
-||domainserverlawa971.web.app$all
-||domainserverlawa972.web.app$all
 ||domainserverlawa973.web.app$all
 ||domainserverlawa974.web.app$all
 ||domainserverlawa975.web.app$all
 ||domainserverlawa976.web.app$all
 ||domainserverlawa977.web.app$all
-||domainserverlawa978.web.app$all
 ||domainserverlawa979.web.app$all
 ||domainserverlawa98.web.app$all
 ||domainserverlawa980.web.app$all
-||domainserverlawa981.web.app$all
 ||domainserverlawa982.web.app$all
-||domainserverlawa983.web.app$all
 ||domainserverlawa984.web.app$all
 ||domainserverlawa985.web.app$all
 ||domainserverlawa986.web.app$all
@@ -2231,14 +2053,11 @@
 ||domainserverlawa99.web.app$all
 ||domainserverlawa990.web.app$all
 ||domainserverlawa991.web.app$all
-||domainserverlawa992.web.app$all
 ||domainserverlawa993.web.app$all
-||domainserverlawa994.web.app$all
 ||domainserverlawa995.web.app$all
 ||domainserverlawa996.web.app$all
-||domainserverlawa997.web.app$all
-||domainserverlawa998.web.app$all
 ||domainserverlawa999.web.app$all
+||donaidrsilcio.com$all
 ||doooog.cn$all
 ||dopeydog.co.nz$all
 ||dorouscom.com$all
@@ -2246,10 +2065,12 @@
 ||dowaba-s2dhl.blogspot.com$all
 ||doz.tode.cz$all
 ||dpasdasfasfasfas.pages.dev$all
+||dpd-pl.566868.space$all
 ||dpd-redelivery-uk.com$all
 ||dpmasdaskj.pages.dev$all
 ||dr-joannepeeler.com$all
 ||dr3aq.byethost32.com$all
+||dreamhacker.pro$all
 ||dreamotion-jp.com$all
 ||drive.google.com/file/d/19zpw90jgon3j5merxi1pauvkjdmx8nfq/edit$all
 ||drive.google.com/file/d/1bcdyitw2vo5jp6yrbdmiy8cfrkcf4tby/view?usp=drive_web$all
@@ -2266,13 +2087,11 @@
 ||drive.google.com/file/d/1robiosanbh8doqa7yuiewn3akz4094ho/edit$all
 ||drivingschoolglasgow.co.uk$all
 ||drmarciovaleriano.com.br$all
-||dsadsadsa.diskstation.eu$all
 ||dsgcbeonline.com$all
+||dskedirekt.web.app$all
 ||dsp2codemdp.t.justns.ru$all
-||dswboot.cc$all
 ||dtpprtmwbtudyquwgytcqcthzc-dot-gl44393333333.rj.r.appspot.com$all
 ||dtrpsystasfasgas.pages.dev$all
-||duanemanor.tk$all
 ||dukhovnist.in.ua$all
 ||durecorpperu.com$all
 ||dwrat.andalous.org$all
@@ -2286,7 +2105,6 @@
 ||e63q45f9h5fr.clickfunnels.com$all
 ||eagleeyeapparel.com$all
 ||earth01.info$all
-||easy-webtdapp.com$all
 ||easywalletfix.net$all
 ||easywalletsfix.com$all
 ||eba0200d0c.nxcli.net$all
@@ -2295,17 +2113,14 @@
 ||eberhardtedwige.wixsite.com$all
 ||ebuddynews.com$all
 ||ec.snadc-oecddo.com$all
-||ecloanmoney.com$all
 ||ecogreenjanitorial.com$all
 ||ecomcrew.staging.wpengine.com$all
 ||ecomcrew.staging.wpengine.com/wp-content/plugins/alldomain/domain/dmain/index.php?i=i&amp;0=abuse@optusnet.com.au$all
 ||ecosteelsolution.ro$all
 ||ecusltd-my.sharepoint.com/:x:/r/personal/angela_ure_ecusltd_co_uk/_layouts/15/wopiframe.aspx?guestaccesstoken=umwosbguhwaqic3hhtqfly7zjwf8oggrcn6d%2bggohoc%3d&docid=1_1956f6e254d71417a89981b2a1c8d0a99&wdformid=%7be61ca4f5-c461-425a-a52e-4598e7b699e5%7d&action=formsubmit&cid=4ab9a2a7-7cf4-43ae-8149-ffead8d66e7b$all
-||editpdfonline.tk$all
 ||edje.com$all
 ||edukickmexico.com$all
 ||ee-sms.co.uk$all
-||ee.mseocri.com$all
 ||ee.scicemecod.com$all
 ||eeverywhere-my.sharepoint.com/personal/marco_eeverywhere_com/_layouts/15/onedrive.aspx?id=/personal/marco_eeverywhere_com/documents/documents&amp;originalpath=ahr0chm6ly9lzxzlcnl3agvyzs1tes5zagfyzxbvaw50lmnvbs86zjovcc9tyxjjby9fcwhvbeq1x3hltknorzbdmdvvmgjvvujoy1z3b25futjvejhtlwxqrg9svwvrp3j0aw1lpvduaunytfu4mlvn$all
 ||efarms.com.ng$all
@@ -2330,7 +2145,6 @@
 ||emsi-lobo.firebaseapp.com$all
 ||en-template-solicito-16414253314897.onepage.website$all
 ||enbolivia.com$all
-||enchanting-guiltless-suede.glitch.me$all
 ||encryptdrive.booogle.net$all
 ||engcamp.org$all
 ||enoman.fqzsdgtg.cn$all
@@ -2359,23 +2173,21 @@
 ||eth.coinscout.cc$all
 ||ethnictrendz.com$all
 ||ets.jwr.pa-fakfak.go.id$all
-||etwtny.cf$all
 ||eu.questionpro.com/a/takesurvey?tt=/p9xlsw/pwa97qdwq8ubbg%3d%3d$all
 ||eu.questionpro.com/t/ab3uufjzb3vk20$all
 ||eucriomeumundo.com$all
 ||eugnerally-wixsite-com.filesusr.com$all
-||euraby.com$all
 ||eurobankovnikredit.com/?fbclid=iwar3cu_8pblosqw-rwa7evcrs5jpl6zvzkou0qrf7vl9oqge4h2ctmcxrdyk$all
 ||eusa-lombo.firebaseapp.com$all
 ||evashoes.com.ua$all
+||even-besar-banget.duckdns.org$all
 ||even-ff-gratisterbaru2022.duckdns.org$all
-||even-ff-terbarugratis2022.duckdns.org$all
+||event-ff-bundle-baru.duckdns.org$all
 ||event-freefire728.duckdns.org$all
+||event-freeskkinmlbb.duckdns.org$all
 ||event-garenafreefire263.duckdns.org$all
-||event-skin-resmi-2022.duckdns.org$all
-||eventclaimfreefiregratis2022.duckdns.org$all
 ||eventclaimsff0.duckdns.org$all
-||eventgarenafreefiremax2022.duckdns.org$all
+||eventspinfreefire2022.duckdns.org$all
 ||everestmotors.com.np$all
 ||evernote.com/shard/s339/client/snv?noteguid=f48e12fd-48da-e57f-8e76-cdf6e4054e1d&amp;notekey=02a9fa6bd051dc6b4581ee3b617b3f88&amp;sn=https://www.evernote.com/shard/s339/sh/f48e12fd-48da-e57f-8e76-cdf6e4054e1d/02a9fa6bd051dc6b4581ee3b617b3f88&amp;title=optus%20webmail$all
 ||evernote.com/shard/s446/client/snv?noteguid=4dc119ab-57d6-b8e0-4fcb-c11c0a637b94&notekey=9ddb3753cb700b0c86a78176be71f4f5&sn=https%3a%2f%2fwww.evernote.com%2fshard%2fs446%2fsh%2f4dc119ab-57d6-b8e0-4fcb-c11c0a637b94%2f9ddb3753cb700b0c86a78176be71f4f5&title=you%2bhave%2breceived%2ban%2binvoice.$all
@@ -2391,6 +2203,7 @@
 ||exchange4free.com/remote/mandate/4jya9anuerrpmikrph7-j5pl9nyz_uw1bc7q1vvmmhw$all
 ||exchangedictionary.com$all
 ||exodlus.net$all
+||exodus-2022.com$all
 ||exodus.com-wallet-signin.com$all
 ||exodus.com-web-wallet-online.com$all
 ||exodus.com.tccaponline.com$all
@@ -2403,6 +2216,7 @@
 ||extracloud.com.au$all
 ||ezblox.site$all
 ||ezssausage.com$all
+||f2f.co.jp$all
 ||f6fr7.codesandbox.io$all
 ||f9w1lned0ruqblxi6jahwotak.filesusr.com$all
 ||faccebook.azurewebsites.net$all
@@ -2417,7 +2231,10 @@
 ||facebook.com-zxsrf038k.isiolo.go.ke$all
 ||facebook.eventspinff.wtf$all
 ||facebook.kingstopup.com$all
+||facebook.whcserverbox.com$all
+||facebook8facebook.blogspot.com$all
 ||facebookk.azurewebsites.net$all
+||facebookphisher.herokuapp.com$all
 ||facebooks.azurewebsites.net$all
 ||faic.in$all
 ||faizankhan0408.github.io$all
@@ -2431,13 +2248,13 @@
 ||fax.gruppobiesse.it$all
 ||fb-case-id-28031803-fcdc-48af.web.app$all
 ||fb-pages.proteksion-help.workers.dev$all
+||fb.10004682.review$all
 ||fb.expressturkeyi.com$all
 ||fb7927.bget.ru$all
 ||fbapps.milestoneinternet.com/gvrmpushnotification/nbproject/private/fbapps/melis/$all
 ||fclighting.sharepoint.com/:x:/r/customercare/_layouts/15/wopiframe.aspx?guestaccesstoken=ce%2fd5uzxeu8hlntd6e5v18nttv4whxgmlwyudt4igom%3d&docid=1_1eb5df03726a240859b223a44b8b16724&wdformid=%7bb8008e00-21bc-4a4a-91dc-1e1b63610c96%7d&action=formsubmit&cid=c766f7bd-9562-4c9e-a9b0-75cf38b33e48$all
 ||fdasd.2e4jept.cn$all
 ||fdhgf.xyz$all
-||feceboolk.blogspot.com$all
 ||federalaccesscredit.com$all
 ||fedner.net$all
 ||feeds.feedburner.com/investorway$all
@@ -2447,9 +2264,10 @@
 ||feriadempleos.com$all
 ||ferienhof-gempel.de$all
 ||ff-anivesary225.duckdns.org$all
+||ff-member-ganena.com$all
 ||ff-membership-garena.com$all
 ||ff-membershipz-garena.ga$all
-||ff.membership.garenaj.vn$all
+||ff.members.garera.vn$all
 ||ffim-event-2022.duckdns.org$all
 ||fghjr74rhudfguhtfguji.blogspot.com$all
 ||fi.uy$all
@@ -2460,7 +2278,6 @@
 ||fikir.id$all
 ||files.fm/f/75h75hd7v$all
 ||fileundelete.net$all
-||filmkenner.com$all
 ||filtrosmil.com.br$all
 ||finalfantasyguide.co.uk$all
 ||finiiishingedgex.tk$all
@@ -2497,12 +2314,15 @@
 ||flowcode.com/page/bttelecommunicaation$all
 ||flowcode.com/page/bttelecoommunication$all
 ||flowcode.com/page/hjbsvjhfb$all
+||flowcode.com/page/jhgcfghj$all
 ||flowcode.com/page/mnkpo$all
 ||flowerfactoryonline.com$all
 ||fluksrv.mycpanel.rs$all
 ||fmwebapp.azurewebsites.net$all
 ||foliar.pl$all
 ||foma-ura-lote.firebaseapp.com$all
+||foor1.com$all
+||for-pakage-delevry.tragaroleary.com$all
 ||foresta-mod.firebaseapp.com$all
 ||forhimself9999.co.vu$all
 ||formbuddy.com$all
@@ -2549,7 +2369,6 @@
 ||forms.office.com/pages/responsepage.aspx?id=jrbxvx3x9keewcq72hm6fnkqekonandcsjd9av060h5urepumvvgmks2te41rfewmlletulvufnuqy4u$all
 ||formtools.com$all
 ||forum-dofus.com.co$all
-||foryour.gov-information.info$all
 ||fpalpha.myportfolio.com$all
 ||fpmaam.org$all
 ||fr-europe564598-com.filesusr.com$all
@@ -2565,6 +2384,7 @@
 ||freefireevent-codashop2022.duckdns.org$all
 ||freeitemff-allreward.duckdns.org$all
 ||freeliker.net$all
+||freereward-ff.duckdns.org$all
 ||frefire-membership-garena.sukienfreefire2021.top$all
 ||freg-nine.pt$all
 ||friendsofnechockey.com$all
@@ -2580,21 +2400,22 @@
 ||ftx.cool$all
 ||ftxbonus.site$all
 ||funiswap.exchange$all
+||furgonetka-1.pl$all
 ||fusionrestobar.cl$all
+||futurebits.in$all
+||fwztmgr.cn$all
 ||fxhalifax.com$all
 ||fxxmpavktyihgyqitmuaimubui-dot-gl44393333333.rj.r.appspot.com$all
 ||g-mtcc.com$all
 ||g.greatsubstance.com.my$all
 ||ga.teesmith.shop$all
 ||gabrielamims.com$all
-||gabung-grubnew1342.duckdns.org$all
 ||gagaclinic.com$all
 ||gakrvwufrvhxjaabezdbltlhff-dot-gl44393333333.rj.r.appspot.com$all
 ||gallciaonllne.webcindario.com$all
 ||garena-xacminhtaikhoan.com$all
-||garenafreefire728.duckdns.org$all
-||gastronomiarobertos.com$all
 ||gasunige.mfs.gg$all
+||gbunggrup-pmrsatu13.duckdns.org$all
 ||gedfdfsd.eu$all
 ||geg.li$all
 ||generali-italia-ag.hrweb.it$all
@@ -2625,11 +2446,9 @@
 ||go.skimresources.com/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp;test=off&amp;id=355x561&amp;url=https://www.paypal.com/shopping/&amp;xguid=01ff0qxy635yfpkrdaxav47j5k&amp;persistence=1&amp;checksum=cb2e0f7328d6ffea0e15a24046095a0bb98d27d4488e822bea4b181763f2eb0b$all
 ||go24link.com$all
 ||goldenlasgidi10.web.app$all
-||golfloslagos.com/wp-includes/js/thickbox/connexion/connexion/app/cdn/?fmfcgzgljlrvjdlwthjpssjfsnvbwgbbfmfcgzgljltdnhmxflbfwpzhjxchnhhqfmfcgzgkzqqhdhckrlvrtkvlbxfdwlclfmfcgzgkzqqhdhckrlvrtkvlbxfdwlclfmfcgzgkzqqhdhckrlvrtkvlbxfdwlcl$all
 ||golkondaresorts.com$all
 ||goo-gl.me$all
 ||good12345.tripod.com$all
-||goofy-wozniak.192-210-226-164.plesk.page$all
 ||google.com/url?q=http%3a%2f%2fbit.do%2ffr6ci&sa=d&sntz=1&usg=afqjcne7joz-iz-adrzkrxcihj8t9fs9qw$all
 ||google.com/url?q=http%3a%2f%2fbit.do%2ffsgjq&amp;sa=d&amp;sntz=1&amp;usg=afqjcngvqc30z-4hiaizv03gpwblwu3vnw$all
 ||google.com/url?q=http://srv-auth.web.app/upd/index.html%23%5b%5b-email-%5d%5d&amp;source=gmail&amp;ust=1607952068298000&amp;usg=afqjcnet34jepejaewvja8unv7ycds1vjg$all
@@ -2650,39 +2469,28 @@
 ||greekinfra.com$all
 ||greenclasses.in$all
 ||grosshandel-mevida.de$all
-||group-mantap-seger.duckdns.org$all
 ||group-wa-1.duckdns.org$all
-||groupbkep-vral15.duckdns.org$all
 ||groworldinternational.com$all
 ||grp02.member.mycld-rakuten.info$all
-||grub-sangex.wikaba.com$all
-||grubgabung.duckdns.org$all
 ||grubnatajadeh12.duckdns.org$all
+||grubterbarukk037.duckdns.org$all
 ||grubviralterbaru65c.duckdns.org$all
-||grup-bokephot-terbaru2022.duckdns.org$all
-||grup-bokepviral4.duckdns.org$all
-||grup-dwsa-indomesia845.duckdns.org$all
-||grup-viral-seleb.duckdns.org$all
-||grup-viralbokep111.myftp.org$all
-||grup-viralbokep2.ddns.net$all
+||gruo-wa-okep-dewasa-2022.duckdns.org$all
+||grup-bokep-terbaru555.duckdns.org$all
 ||grup-whatsapp121.duckdns.org$all
 ||grup-whatsappbokep1.duckdns.org$all
 ||grup-whatsappbokep2.duckdns.org$all
-||grupbokeppadacantik.duckdns.org$all
+||grup2022ssx.duckdns.org$all
 ||grupofsp.com.br$all
 ||gruposanpio.com$all
-||gruptiktok.wikaba.com$all
-||grupviral-xx.duckdns.org$all
-||grupviral109.duckdns.org$all
-||grupviralterbaru.duckdns.org$all
+||grupwhatsaap-viral-2022.duckdns.org$all
 ||grupwhatsappnobar-2022.duckdns.org$all
 ||gscommunityspirit.greenschool.org$all
 ||gstsolutions.online$all
+||gtw420.com$all
 ||gunatanahku.perkimtan.sumbarprov.go.id$all
 ||gurukanth.com$all
 ||gwenet.org$all
-||gyfnqyk.cn$all
-||gymjaokhanakho.azurewebsites.net$all
 ||habbocreditosparati.blogspot.com$all
 ||hafslundno.blogspot.com/2021/12/hafslund.html$all
 ||haftteam.ir$all
@@ -2719,20 +2527,19 @@
 ||haunlimited.org$all
 ||hcnprdvz.azureedge.net$all
 ||hdmediahub.club$all
-||hdss-stream.org$all
 ||heaterintwintersz.ams3.digitaloceanspaces.com/yuhgbfvdfvbtytrvdfbgt.html$all
 ||heinthu1.github.io$all
 ||hellenic-postbank.com$all
-||helloparis.co.uk$all
 ||help-account-bxsfe.ondigitalocean.app$all
+||help-identity-recoveri-support-center.web.id$all
 ||help-notice-center-identity-6532.web.id$all
 ||help.insecur.saftyalert.workers.dev$all
 ||help.validation-page.workers.dev$all
+||helpingcentere.com$all
 ||henan.vxim58i.cn$all
 ||hermes.parcel-tracker.com$all
 ||hetershaven.net$all
 ||heuristic-gagarin.45-88-108-231.plesk.page$all
-||hfemail.ntneancns.com$all
 ||hgda.db0u4hs.cn$all
 ||hgdaa.lfoxcct.cn$all
 ||hghgda.erjl0hx.cn$all
@@ -2747,11 +2554,9 @@
 ||hifly39091.top$all
 ||hifly61215.top$all
 ||hifly71191.top$all
-||hikaheal.com$all
 ||himalayansherpa.com.au$all
 ||himbauane.blogspot.com$all
 ||hitman71hd-wixsite-com.filesusr.com$all
-||hjhjjhjhjh.pagedemo.co$all
 ||hm.ru/mz4yho$all
 ||hockian.com$all
 ||holobeam.000webhostapp.com$all
@@ -2760,7 +2565,6 @@
 ||homeentertainmentexpo.com/zeland.html$all
 ||homepichilinea2.webcindario.com$all
 ||homesinlogin.com$all
-||homestaylongho.com$all
 ||hostnix.net$all
 ||hostpoint.ch.17a902ef.tcorner.fr$all
 ||hotbrooks.com$all
@@ -2770,7 +2574,6 @@
 ||house18.info/themes/engines/ira.xml$all
 ||houseofscotland.com.au$all
 ||hpnepgnmwrgdrrsdshzrvyirlx-dot-gl44393333333.rj.r.appspot.com$all
-||hpnepgnmwrgdrrsdshzrvyirlx-dot-gl44393333333.rj.r.appspot.com/''''''''''''''''''''''''''''''''/$all
 ||hpplotters.in$all
 ||href.li/?https://trimurl.co/0wsx7z$all
 ||href.li/?https://www.rkat2.2r-p.xyz/$all
@@ -2781,6 +2584,7 @@
 ||ht.ly/hgav30ruohf$all
 ||ht.ly/shoh30rwmdj?10/13/2021$all
 ||htlgroup.com.my$all
+||httpcom-0d4tol437.isiolo.go.ke$all
 ||httpeugnerally-wixsite-com.filesusr.com$all
 ||https-scert-con04.xyz$all
 ||https-scert-srv02.xyz$all
@@ -2807,7 +2611,6 @@
 ||ialvkqkadlmcdltczoqpwoociz-dot-gl44393333333.rj.r.appspot.com$all
 ||ibpm.ru$all
 ||icloud-map-live.com$all
-||icloudstatus.com.ng$all
 ||icy.martulangbelulalng.workers.dev$all
 ||idappswallets.com$all
 ||identifiez-vous-avec-votre-compte.yolasite.com$all
@@ -2822,7 +2625,6 @@
 ||igsasso-my.sharepoint.com/:x:/r/personal/pginet_groupe-igs_fr/_layouts/15/wopiframe.aspx?guestaccesstoken=o1ljzjnq70g8yg6w%2fce3ec9zu3%2bg6ck6ibkmhwt3wl0%3d&amp;docid=1_1c2a91e87cc7a4ffb85611d8ebf31f653&amp;wdformid=%7bcdf56303%2d9250%2d4cf1%2d8370%2db3f9a84cd714%7d&amp;action=formsubmit$all
 ||iipvit.by$all
 ||ijcda.bukkats.cn$all
-||ijeioqhawdqioqho.weebly.com$all
 ||ijhca.0gb0h7z.cn$all
 ||ijjd.h8nmtcc.cn$all
 ||ijmna.p2y00vd.cn$all
@@ -2833,10 +2635,12 @@
 ||ikcsa.ajiqvjf.cn$all
 ||ikdff.jmo904i.cn$all
 ||ikja.lbanwqp.cn$all
+||ikjcd.p1z98hl.cn$all
 ||ikjd.uk0xnp8.cn$all
 ||ikjgd.rg6bzk7.cn$all
 ||ikmcd.u4jdbxm.cn$all
 ||ikmxaa.qcqxlrq.cn$all
+||ilooksrare.com$all
 ||iloveyourglasses.com$all
 ||ilpconnect.org$all
 ||im-creator.com/free/4t6u/bt$all
@@ -2844,11 +2648,11 @@
 ||im-creator.com/free/kfouo/btcommmms$all
 ||im-creator.com/free/msw0rd/att_word$all
 ||im-creator.com/viewer/vbid-fa0f29d5-fpsjmms8$all
+||image-pict-ig.duckdns.org$all
 ||imagematch300.com/survey/27415/source=39-4621$all
 ||imcreator.com/viewer/vbid-fa0f29d5-fpsjmms8$all
 ||imersao.impulseingles.com.br$all
 ||imf0rm4t10nc3nt3r-1d3nt1tys.000webhostapp.com$all
-||imi-ksa.jajainfo.net$all
 ||imobiliaria-cardinali-com-br.blogspot.com$all
 ||impostazionebper.000webhostapp.com$all
 ||improvproject.com/appmanager/renouvellement-automatique-obligatoire/ovh/managerweb-ovhdepartmenttechniqueovh/web.index.html5400configuration_hosting_database/web-ovh/vh/?user-agent=mozilla/5.0+(windows+nt+10.0;+win64;+x64)+applewebkit/537.36+(khtml,+like+gecko)+chrome/86.0.4240.75+safari/537.36$all
@@ -2856,11 +2660,11 @@
 ||imxprs.com/free/outlookwebaccessupgrade/outlookwebaccessupgrade$all
 ||imxprs.com/free/webmaiil/accounttportal$all
 ||in.deraya.org$all
-||inaueab.com$all
 ||indo-viral2022.duckdns.org$all
 ||info.lionnets.com$all
 ||infohypesquad.com$all
 ||infopichinchaweb.webcindario.com$all
+||information.safeamazoncardweb.cyou$all
 ||informations.recovery.confiryourpage.workers.dev$all
 ||infos00001.temp.swtest.ru$all
 ||infosecplace.com$all
@@ -2873,17 +2677,17 @@
 ||innca.ol90k56.cn$all
 ||innovasjon.as$all
 ||inps-ep.com$all
-||instagram-9.blogspot.com$all
-||instagramhelpp.agency$all
+||instahelppbaddge.ml$all
 ||insurance2019.moneynet.com.tw/wp-admin/maint/?hash=a2fyaw5hywxtzwlkyxjpymvpcm9aag90bwfpbc5jb20=$all
 ||intellidata-analytica.com$all
-||interbankempresahome.rankforever.com$all
 ||interbankempresas.pe-il.ru$all
+||interbankhomeweb.fullcircleteam.com$all
 ||intern.unibas-com.ch$all
 ||international-formulier.91-218-65-223.plesk.page$all
 ||internetbanking-caixa-gov.xyz$all
 ||internetbankinghelp.com$all
 ||internetservicetech.com$all
+||intesalife.ie$all
 ||intexargentina.com.ar$all
 ||inthewildproductions.com$all
 ||intoli.ru$all
@@ -2891,13 +2695,18 @@
 ||intranet.sztpe.info$all
 ||investpl.work$all
 ||iplogger.info$all
+||iqwea.soxr0u1.cn$all
 ||ironmantech.shop$all
-||irs-gov.us-get-funds-assistance.com$all
+||irs-gov-supportcenters.com$all
+||irs.gov-coronavirus-pandemic-tax-refund-submission.com$all
 ||is.gd/areawebmps$all
 ||is.gd/clnhxv$all
+||is.gd/f0iqhg?trackingid=lxyqpvnl&signature=newsletter$all
 ||is.gd/t1xeia$all
+||ise.com.ar$all
 ||isfirsatibul.com$all
 ||ismamorlin.my-place.us$all
+||isntagranmeta.pagedemo.co$all
 ||istudyalumni.com$all
 ||it-europe564598-com.filesusr.com$all
 ||it.melnikhotels.com$all
@@ -2908,12 +2717,17 @@
 ||iuhs.tyopfhn.cn$all
 ||iujdas.yfwxlc9.cn$all
 ||iuyydd.ebeg6uk.cn$all
-||j.mp/34vpnqn?muriitya$all
 ||j.mp/3arx6oo$all
 ||j.mp/3gydg8x?/supporrecovery$all
 ||j.mp/3i22f5g?jnlope$all
 ||j.mp/3kkkf0n$all
 ||j9w77d0.cn$all
+||jacco.co.jp-service-tranid-0001-00001m.jtlctj.cn$all
+||jacco.co.jp-service-tranid-0001-00001m.jxbehx.cn$all
+||jacco.co.jp-service-tranid-0001-00001m.qyb59bk.cn$all
+||jacco.co.jp-service-tranid-0001-00001m.v8vxqi.cn$all
+||jacco.co.jp-service-tranid-0001-00001m.v9iasv.cn$all
+||jacco.co.jp-service-tranid-0001-00001m.vjsj3y.cn$all
 ||jacobliston.com$all
 ||jadaart.org$all
 ||jagex-rewards.com$all
@@ -2925,32 +2739,31 @@
 ||jeanbaileyrobor.com$all
 ||jendelajogja.com$all
 ||jerinja.github.io$all
-||jessicasproul.com$all
 ||jetser-electrical-supply.business.site$all
-||jetstoop.top$all
 ||jett.gator.site$all
 ||jflkp.csb.app$all
 ||jfovukvysqnglcjghfxncklqih-dot-gl44393333333.rj.r.appspot.com$all
 ||jhda.wfdyk9p.cn$all
 ||jhdd.fjcslad.cn$all
 ||jhff.93oe0u9.cn$all
+||jhnd.0drhnjk.cn$all
 ||jiwanramchemical.com$all
 ||jjhcd.27ke98i.cn$all
 ||jk99j.sbs$all
-||jkhkjjkjk.pagedemo.co$all
 ||jlogine.com$all
+||jmcna.jiwayjc.cn$all
+||jmfykd.cyou$all
+||jncba.diiqsmm.cn$all
 ||jnlope.tangguakrapekpuik.link$all
 ||jnnc.grnxkoj.cn$all
 ||job-type.com$all
 ||jobs.job.com.bd$all
-||jobtima.com/wp-content/themes/swww04/?key=azhoi,email={email}$all
 ||joecamera.net$all
 ||john-ashley.de$all
-||join-chat-whatssap-viral-2022.duckdns.org$all
-||join-group-wa2022.duckdns.org$all
-||join-grub-bokep-gratis.duckdns.org$all
-||join-grubkienzy849.duckdns.org$all
-||join-whatsapp-tante-hot18.duckdns.org$all
+||join-group-1.duckdns.org$all
+||join-gruo-waku282.duckdns.org$all
+||joinedprice.com$all
+||joingrupku183.duckdns.org$all
 ||joingrupp-bkep156.duckdns.org$all
 ||joingrupterbaru-0.duckdns.org$all
 ||joinlinkviral729.duckdns.org$all
@@ -2958,13 +2771,15 @@
 ||joinssgropssney6.duckdns.org$all
 ||jow-japan.or.jp$all
 ||joyeriajireh.com.mx$all
-||jp-bnnk.japappoit.asdwb.xyz$all
-||jp-bnnk.japappoit.asdwd.xyz$all
+||jp-auid.com$all
+||jp.mercari.omany.buzz$all
 ||jptechdocsign.net$all
 ||jrhayley.plus.com$all
 ||jtbtigers.com/65g2g$all
 ||juandfar.github.io$all
+||jurisgeneral.com$all
 ||jurlebedev.ru$all
+||juscook.com$all
 ||justgot.gonevis.com$all
 ||justsayingbro.com$all
 ||jvk.zultifarza.workers.dev$all
@@ -2973,6 +2788,7 @@
 ||k12inc-my.sharepoint.com/personal/jdonahue_k12_com/_layouts/15/wopiframe.aspx?guestaccesstoken=jxndynkzmynao0nofzmhz4t%2fk%2br%2fg7qir2agrjo42ha%3d&docid=1_12252b23331654ef4bf8ef978a8eb83ee&wdformid=%7b2711d93c%2d7591%2d4baa%2db377%2dcf40ba8c7343%7d&action=formsubmit$all
 ||k3ja6d.webwave.dev$all
 ||kaamwalibais.co.in$all
+||kachinas.be$all
 ||kamdhenurealities.com$all
 ||kargonova.com$all
 ||kartaltepespor.com$all
@@ -2984,9 +2800,11 @@
 ||kdlscaffolding.co.uk$all
 ||kecc.com$all
 ||kecmanijada.com$all
+||kedai-gamers.com$all
 ||keep-passw0rd-supp0rt20211129-0106.supp0rtaaqkadq2zgnizte3ltbly2etnge5yi05ntm3lty2yjcwyzywzdjhmwa.workers.dev$all
 ||keepactive-8k98-l9k8-98j8-98j78u-d3d3-fr3d34d-2.pages.dev$all
 ||keepboxactive-msoe3e3-osd2rrf432-d342f4-3f34e32edetferef.pages.dev$all
+||kenanhusovic.com$all
 ||kevinsmovingservice.com$all
 ||kex81.sbs$all
 ||key-drcp.com$all
@@ -3010,7 +2828,6 @@
 ||konnect2kamadhenu.com$all
 ||koteng.odoo.com$all
 ||kr-bithumb.web.app$all
-||kraftongame.net$all
 ||krupije.com$all
 ||krx887.com$all
 ||ksschool.org.in$all
@@ -3018,6 +2835,7 @@
 ||kurortnoye.com.ua$all
 ||kutt.it/c07czi$all
 ||kutt.it/l3leph$all
+||ky79.com$all
 ||l-abe.com$all
 ||l-q.in$all
 ||l.wl.co/l?u=https://claimthirdpaymnet.page.link/mvfa?trackingid=4rcleqvo&signature=newsletter$all
@@ -3048,20 +2866,21 @@
 ||learningimpactmodel.com$all
 ||leboncoiinlbc.000webhostapp.com$all
 ||leboncoin.delivery01588.icu$all
+||lefaf77683.temp.swtest.ru$all
 ||lemeiesta.com$all
 ||lenagruessdich.net$all
 ||leroycu.ca$all
+||letoptuswebmail-9b69f0.ingress-comporellon.easywp.com$all
 ||lettertracing4kids.com$all
 ||lexnotes.com.ng$all
-||lg-bluebadgecenter.ml$all
 ||lg-onecom-io.web.app$all
 ||liberasrl.it$all
 ||lifeiswhatyoumakeofit.com/match_login/match.com/match/login1876.html$all
 ||lihi1.cc/fqg9x$all
 ||lihi1.cc/uh2xv$all
 ||lihi3.cc$all
-||linkcontract.tech$all
 ||linkedin.com/slink?code=ek5cbk8g$all
+||linkgrupkakak-disini.duckdns.org$all
 ||linkprotect.cudasvc.com/url?a=https://u25098085.ct.sendgrid.net/ls/click?upn=4o0yybebwwobmwye6nfxf74k9v8ctniui1j2zge2nz95e9lyg4bkzyeqhmb7dtwcz7ioun-2bn1j8mpzi-2fpiiskt0bhpz08nwukegu0uqqki2h1s5yghctgcifqu-2bw1xclixrd_0qvnbxqwscekttpgl5skkts6yu-2batmdqkyh3bke4v1frfd55qka72zddyevzyat2nxv1k3yz6k8mwivrnsgvysy0wagfn8g5lfrsekexaptnpwfu0cediip-2bx7vwnyo9s20tqt2-2bj-2bvkbnfrh9uuad9j9stqo-2bcbol-2fjxsacxht5mztqgwx1c5d6x4fkpu32hmnetd1eimxhhfmzkxiukogw4aalovfcjsym0u8gjpy-3d&amp;c=e,1,2vluk9dfc0eb8l7-rios2j4nvvlmg8fu0rs0_haoaqpf_7ary6vt_oiimum26g-03mgzmsvdmzlfwohfhlogn3z77jluyi415qw9iw3dptggs_9sfqsq4a,,&amp;typo=1$all
 ||linkr.bio/2oj172$all
 ||linkr.bio/5254ov$all
@@ -3073,6 +2892,7 @@
 ||linktr.ee/attmailserver$all
 ||linktr.ee/attonlineservice$all
 ||linktr.ee/attverificationpro$all
+||linktr.ee/btelop$all
 ||linktr.ee/btinternettt$all
 ||linktr.ee/d.emery1$all
 ||linktr.ee/dannygeez$all
@@ -3115,6 +2935,7 @@
 ||lloydsbank.secure-personal-device-login.com$all
 ||lloyduk-newdevice-registered-online.com$all
 ||llsckhuhskcamuqwbonsrhwpvk-dot-gl44393333333.rj.r.appspot.com$all
+||lmbanang.pgryuangbtusngka.link$all
 ||lnkd.dev$all
 ||lnkd.in/d8ruzprc$all
 ||lnkd.in/di6hueus$all
@@ -3125,26 +2946,30 @@
 ||lnkd.in/gib6fpsz$all
 ||lnterbancape-lbk.com$all
 ||lnterbank.pe.starneonsignsug.com$all
+||local-postoffice-deliver.com$all
 ||localwithg.com$all
 ||lockpichincha.webcindario.com$all
 ||loengregkuetngferu.live$all
 ||lofon-add.firebaseapp.com$all
 ||loftywallet.com$all
+||logfuliz.web.app$all
 ||login-a5x1ir9bkd0dfo9nrbe2akijf3ux35u2gard0djpitipusxxc8.website.yandexcloud.net$all
 ||login-facebook18.webnode.page$all
 ||login-live.com-s02.net$all
 ||login-np6hh1hdf6csg7hcskopd44b7e7z4clqa8lput68g5abukevka.website.yandexcloud.net$all
 ||login-postfinance.com$all
+||login-singaporee.apply-now-online-digital.com$all
 ||login.dbs.webdbslistinonline.com$all
 ||login.privategold.uytrtyuhij987.gowithapex.com$all
-||login.smbc.weddirecttop.com$all
 ||login.xfinity.meculinkvolt.com/home/?6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d$all
 ||logindhlaccess.dhlupdatelogin.workers.dev$all
+||loginnewatt.weebly.com$all
 ||logverify-df12e-verify-1230-eu.web.app$all
 ||loinesports.com$all
 ||lomadesarrollos.mx$all
 ||lombard11.eu$all
 ||lot-lp-x.web.app$all
+||love.gos-box.com$all
 ||lp.vp4.me$all
 ||lrs.financial$all
 ||lrs.foundation$all
@@ -3164,13 +2989,10 @@
 ||m.recovery.safetyacount.workers.dev$all
 ||m.recovery.saftypageupdate.workers.dev$all
 ||m.salsomascard.top$all
-||m4-appcaixia.com$all
 ||m42club.com$all
-||m5bundle.com$all
 ||machineryzoneservice.com$all
 ||macjakarta.com$all
 ||macst.cc$all
-||madamailru.temp.swtest.ru$all
 ||madens.com.pl$all
 ||madrhinoconsulting.com$all
 ||maestro.my.prod.dfg152.ru$all
@@ -3183,15 +3005,14 @@
 ||mail-gmxaktualisierung.yolasite.com$all
 ||mail-ovhcloud.web.app$all
 ||mail-ssocloud-srvr67yhguh.pages.dev$all
+||mail.atlanticeconcrete.com$all
 ||mail.enrollmoreclientsbootcamp.com$all
-||mail.gov-taxid.completofyours.info$all
-||mail.grup-dwsa-indomesia845.duckdns.org$all
 ||mail.hfcfit.com/forms/forms/form1.html$all
 ||mail.ims-fe.com$all
+||mail.kenanhusovic.com$all
 ||mail.kuttabalfatih.com$all
 ||mail.santepluspharma.com$all
 ||mail.sweetshopspecialtycoffee.com.au$all
-||mail.tariqalaraimi.com$all
 ||mail.trendset.com.ar.ci3.toservers.com/mua/179.32.144.1585349/sucursalpersonas.transaccionesbancolombia.com/mua$all
 ||mail.trendset.com.ar.ci3.toservers.com/mua/179.32.144.1585349/sucursalpersonas.transaccionesbancolombia.com/mua/$all
 ||mail.trendset.com.ar.ci3.toservers.com/mua/181.143.31.2028037/sucursalpersonas.transaccionesbancolombia.com/mua$all
@@ -3205,6 +3026,7 @@
 ||mail.trendset.com.ar.ci3.toservers.com/mua/191.95.152.1287758/sucursalpersonas.transaccionesbancolombia.com/mua/index.html$all
 ||mail.trendset.com.ar.ci3.toservers.com/mua/201.233.42.1501206/sucursalpersonas.transaccionesbancolombia.com/mua/index.html$all
 ||mail.updateinfo-billingo2.com$all
+||mail.wellsfargous.duckdns.org$all
 ||mail.wheel1factory.net$all
 ||mail.zenstream.com$all
 ||maildomaiincheck1.web.app$all
@@ -3232,60 +3054,57 @@
 ||mailupdattee10.web.app$all
 ||mailupdattee11.web.app$all
 ||mailupdattee12.web.app$all
-||mailupdattee13.web.app$all
 ||mailupdattee14.web.app$all
-||mailupdattee15.web.app$all
 ||mailupdattee16.web.app$all
 ||mailupdattee17.web.app$all
-||mailupdattee18.web.app$all
 ||mailupdattee19.web.app$all
 ||mailupdattee20.web.app$all
 ||mailupdattee21.web.app$all
 ||mailupdattee22.web.app$all
-||mailupdattee23.web.app$all
 ||mailupdattee24.web.app$all
 ||mailupdattee26.web.app$all
 ||mailupdattee27.web.app$all
 ||mailupdattee28.web.app$all
 ||mailupdattee29.web.app$all
-||mailupdattee32.web.app$all
 ||mailupdattee34.web.app$all
 ||mailupdattee35.web.app$all
 ||mailupdattee40.web.app$all
-||mailupdattee5.web.app$all
 ||mailupdattee6.web.app$all
 ||mailupdattee7.web.app$all
 ||mailupdattee8.web.app$all
-||mailupdattee9.web.app$all
+||mainbugerrorfixing.com$all
+||mainmobilerectify.live$all
+||mainsbscrestore.com$all
 ||maintoken.org$all
-||mainwalletappconnect.com$all
 ||makcts-go.ru$all
 ||make-anon-keep-past.rvsla.workers.dev$all
 ||mala-riba.com$all
 ||malaprontaargentina.com.br$all
 ||malehaenterprises.com$all
 ||malukutenggarakab.go.id$all
+||mamasitasont.blogspot.com$all
+||mamasitasont.blogspot.com/?m=0$all
 ||mandirilivinlinksystem.brizy.site$all
-||mandirilivinlinksystem2.brizy.site$all
 ||mandirilivinlinksystem3.brizy.site$all
-||manthsedty.live$all
 ||manualsync.com$all
+||maotun.xyz$all
 ||mapsa.com.pe$all
+||marifilmines.ca$all
 ||marinthe.poingaitongamlm.link$all
 ||marketplace-axieinfinity.io$all
 ||marketplace-axlelnfiniity.com$all
 ||marketplace.facebook.com-1b6x8r3ep.isiolo.go.ke$all
 ||marketplace.facebook.com-29ta3qbv.isiolo.go.ke$all
 ||marketplace.facebook.com-hzup1bae.isiolo.go.ke$all
+||marketplace.facebook.com-izkbuxmx.isiolo.go.ke$all
 ||marketplace.facebook.com-kq1oh2ae.isiolo.go.ke$all
+||marketplace.facebook.com-milt5ssm.isiolo.go.ke$all
 ||marketplace.facebook.com-qze9zt75vm.isiolo.go.ke$all
 ||marketplace.facebook.com-sauuvazpjo.isiolo.go.ke$all
 ||marketplace.facebook.com-tyeuieb7.isiolo.go.ke$all
 ||marketplace.facebook.com-wd5sulr0f5.isiolo.go.ke$all
 ||marketplace.facebook.com-z1au8cxghl.isiolo.go.ke$all
 ||marketplaceaxieinfiniity.com$all
-||marmardian.co.vu$all
-||marylkmatzenger.com$all
 ||masdas0932.co.vu$all
 ||masum.lawyer$all
 ||match.lookatmynewphotos.com$all
@@ -3325,22 +3144,28 @@
 ||mercariz.xyz$all
 ||meremanovegabana.website2.me$all
 ||mericarir.mbudeu.cn$all
-||mericarir.mg0gbo1.cn$all
+||mericarir.mednljn.cn$all
 ||mericarir.mgeukpx.cn$all
 ||mericarir.mglsffs.cn$all
-||mericarir.mksydb.cn$all
+||mericarir.mglxyul.cn$all
+||mericarir.mhgqdtv.cn$all
+||mericarir.mjrsrfo.cn$all
 ||mericarir.mktbbr.cn$all
+||mericarir.mkxbqnu.cn$all
 ||mericarir.mlyffa.cn$all
+||mericarir.mmsfzys.cn$all
 ||mericarir.mnfjwy.cn$all
 ||mericarir.mnheijt.cn$all
-||mericarir.mrzcafk.cn$all
 ||mericarir.msnygk.cn$all
-||mericorci-logining.sfhs26r.lyb6srb.cn$all
+||mericarir.mtlrnzu.cn$all
+||mericarir.mukkwvc.cn$all
+||mericarir.mxsoecl.cn$all
 ||meriocori-logining.2y3uio.pyqbas.cn$all
 ||mestertignseekjet4.blogspot.com$all
 ||mestertignseekjet5.blogspot.com$all
 ||mestertignseekjet6.blogspot.com$all
 ||mestredaobra.com$all
+||meta-support-centers.ml$all
 ||metalurgicagiom.com.br$all
 ||metamasc.club$all
 ||metamask-connect.com$all
@@ -3351,11 +3176,13 @@
 ||metamask.cam$all
 ||metamask.io-php.com$all
 ||metamask.kiwi$all
+||metamask.loan$all
 ||metamask.protocol-process.me$all
 ||metamask.security-information.cc$all
 ||metamask.social$all
 ||metamask.wallets-reauth.net$all
 ||metamaskdownloadandroid.xyz$all
+||metamaskextension.xyz$all
 ||metamassklogins-us.tumblr.com$all
 ||metaversepadapp.com$all
 ||meusabor.com.br$all
@@ -3363,21 +3190,22 @@
 ||mfacebook.blogspot.lt$all
 ||mfacebook.blogspot.rs$all
 ||mgpskartarpur.com$all
+||mgrandroyale.com$all
 ||mi.jetblue.com/p/cp/0ccc3066dc2bcd17/c?mi_u=87923176&mi_origin=&url=http://email.stickercanada.com/t?entity_type=2&entity_id=32534&email_pref_id=34785928&sent_id=1600423397&service_id=22668&redirect_url=https:/relievehotmailonly.cloudns.cl/imagineme/ionos.php$all
 ||mibancocrece.com.co$all
 ||micacd.elshov.com$all
-||michaelxrandazzo.com$all
 ||michiyado.com$all
 ||microcav.square.site$all
 ||microsoftonline.pages.dev$all
 ||microsoftwebserver.mfs.gg$all
 ||micuenta01.github.io$all
+||midasbuy1st.com$all
+||midsposc2.com$all
 ||mijnics-actualisatie.185-236-231-64.plesk.page$all
-||mikhali.com$all
+||mikayelxhovakimyan.com$all
 ||milanno342.blogspot.com/2020/11/fiyatlar.html$all
 ||milanobet301.com$all
 ||militarybikers.org$all
-||minamikaga.or.jp$all
 ||mingming20160152.github.io$all
 ||miozpro.com$all
 ||miracdoviz.com$all
@@ -3407,16 +3235,17 @@
 ||mk2.ge$all
 ||mkjiool.weebly.com$all
 ||mnbxa.73kfer9.cn$all
+||mnbxcas.zm7wwar.cn$all
 ||mncxx.qbeepor.cn$all
 ||mnnbx.r1rpj09.cn$all
+||mnncxa.fwffsyt.cn$all
 ||mobiile.systemredirect-pages.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link$all
-||mobil-singaporre.digital-online-login-opportunity.com$all
 ||mobile-orange-forever.yolasite.com$all
 ||mobile-portail.live$all
 ||mobile.hedgesportst.me$all
-||moccasinyellowbetatest--josekkk.repl.co$all
 ||moccasinyellowbetatest.josekkk.repl.co$all
 ||modest-hertz.45-81-232-15.plesk.page$all
+||moiksys.com$all
 ||mon-token.com$all
 ||mon.espace.lcl.fr.certosini.info$all
 ||monbudri.xyz$all
@@ -3432,6 +3261,7 @@
 ||monyeward.com$all
 ||morcario.xyz$all
 ||morfybox.com$all
+||movil.particulares-secure.com$all
 ||mqzlsim.mindlogicinfotech.com$all
 ||mrpitchman.com$all
 ||msc-doelsach.at$all
@@ -3455,16 +3285,15 @@
 ||my.jcpwb.com$all
 ||my.nhs-get-pass.com$all
 ||my.paydi.login-index-home.x4typfc.cn$all
-||my.paydi.logining-nexy-home.en6cnm.asia$all
 ||my02billing-login.com$all
-||myaccount.aol.wallat-billing.com.authlog.gq$all
+||mybeii.live$all
+||mybrenger-transport.com/app/views/abn/identification.php$all
 ||mycoerver.es$all
 ||mygoogleaccount.stantrade.xyz$all
 ||myjcb.cyyptoi.cn$all
 ||myjcb.thxpj.cn$all
 ||mymbg-aa2e2.web.app$all
 ||mymeta-securearea.plesk07.zap-webspace.com$all
-||mymetamask-clientarea.185-236-231-227.plesk.page$all
 ||mymweb-owner.at.ua$all
 ||myparc.sharepoint.com/:x:/r/_layouts/15/wopiframe.aspx?guestaccesstoken=xvdowzk%2bkm4wndrziofnpfcj8fb8rkrsqt%2bkybvollg%3d&docid=1_16fb1a2a3e2f9468aa7cebc35874c9da0&wdformid=%7b95111770-0103-492b-8c70-e9625f96b49a%7d&action=formsubmit&cid=4d02a372-8b83-4120-84b5-1d9a2a3492dd$all
 ||mypo-delivery.com$all
@@ -3477,7 +3306,6 @@
 ||n-naoko-0319.github.io$all
 ||n.salsomascard.top$all
 ||n26.sa-france.fr$all
-||n26servicetechnique.click$all
 ||n7orton.com$all
 ||nab-access-breach.com$all
 ||nab-alert.mobi$all
@@ -3485,7 +3313,6 @@
 ||naderkhani.ir$all
 ||najboljeuslugezavas.betterservicesforyou.com$all
 ||nalandaias.com$all
-||nalodke.com.ua$all
 ||nanjing.itud167.cn$all
 ||napgamelienquan.net$all
 ||naranja-users.auth0.com$all
@@ -3500,8 +3327,10 @@
 ||nayablabs.com$all
 ||nayameehomes.com$all
 ||nbcc.0bit08a.cn$all
+||nbcd.xiu58rl.cn$all
 ||nbcvs.gd65y69.cn$all
 ||nbcxa.lctlfdq.cn$all
+||nbcxas.551awvr.cn$all
 ||nbhjxa.hblhi96.cn$all
 ||nbnonres.com$all
 ||nbxaa.b1b6nac.cn$all
@@ -3513,12 +3342,9 @@
 ||necessitymag.com$all
 ||nedbankqa.flowblocks.com$all
 ||nedriw.xyz$all
-||neftlexi.com$all
 ||negociebra.com.br$all
 ||neptuneinnovations.com$all
 ||netciti.id$all
-||netf1ix.us-891691712-local-781652.airalgeriecanada.ca$all
-||netfl-lixids938mailmealkas.duckdns.org$all
 ||netflix-techarmy.me$all
 ||netflixus-uwm-916726-sbi-917827.kamaliakhaddar.pk$all
 ||netorg6600800-my.sharepoint.com/:x:/r/personal/ginger_gingerfountain_com/_layouts/15/wopiframe.aspx?guestaccesstoken=gpys8ex7ys1urrzbfeasvlexkodtrovmmcpn%2brsnebs%3d&amp;docid=1_1882b07b5eb5643d2bdaa63426324ef0e&amp;wdformid=%7b9bd54af1%2dee16%2d4e07%2d8d62%2d6e9b76e47512%7d&amp;action=formsubmit&amp;cid=9adf3e74-8cc1-4e36-b545-c9165fcafde7$all
@@ -3546,9 +3372,8 @@
 ||niagarapower.com$all
 ||nic-home.com$all
 ||nihmt.com/examination/admitpanel/filemanager/5365678587$all
-||nisuper.com$all
 ||nizotchauffage.bilty.be$all
-||nontonvidioviral2022nohoax.duckdns.org$all
+||nodesconnection.com$all
 ||northlane.esy.es$all
 ||norwayposten.blogspot.com/2021/02/blog-post.html$all
 ||notife.help.institutepages.workers.dev$all
@@ -3592,23 +3417,22 @@
 ||oijcd.qvjcddv.cn$all
 ||oikca.smwceku.cn$all
 ||oikcas.6b914ty.cn$all
+||oikcd.uf27ce8.cn$all
 ||oikcxa.zvvx01z.cn$all
 ||oivac.com$all
 ||okcs.qj8yua.cn$all
 ||okds.bbtlcve.cn$all
-||okep-terbaru-viral-2022.duckdns.org$all
+||okep-viral-terbaru-terhist-2022.duckdns.org$all
 ||okmca.8xcrn6w.cn$all
 ||okmca.bxkfham.cn$all
 ||okmca.uwudagu.cn$all
 ||okmxa.lfgpror.cn$all
 ||okpwtu.webwave.dev$all
+||ol-run1.online$all
 ||olidooo.waca.tw$all
 ||olk.us7apye.cn$all
 ||olmnxa.wc2ikux.cn$all
-||olx-pay-pl.pay-id22343.top$all
-||olx.saferegulatory.com$all
 ||omesqiwines.de$all
-||omicronvariat.pagedemo.co$all
 ||oncopharma-ae.com$all
 ||onecreator.info$all
 ||onedrive.zhaoge.workers.dev$all
@@ -3619,17 +3443,19 @@
 ||online-sistem.com$all
 ||online.visual-paradigm.com/app/forms/view/zalxyved/a9adea36-d163-4d46-a3de-0e990d86e78e$all
 ||onlineasesor01.hostfree.pw$all
+||onlinebanking.unrecognised-new-payee.com$all
 ||onlinecasinospark.com/ions/index.php?email=redacted@abuse.ionos.com$all
 ||onlineffn2.temp.swtest.ru$all
+||onlineislemlersayfasivkfgirisicom.tk$all
+||onlinsfuco.temp.swtest.ru$all
 ||onlysportplus.com$all
 ||ooxvocalor.yolasite.com$all
 ||opansea.live$all
 ||open24.ie-tsb.email$all
+||operationroofingllc3.com$all
 ||opticabattilana.com.ar$all
-||optika-anda.hr$all
 ||ora-n.yolasite.com$all
 ||orabu.it$all
-||oraclemart.com/ondedrive/onedrive/rolex/index.php$all
 ||orange-dcr.fr$all
 ||orange-security.cloud.coreoz.com$all
 ||orange.iobeya.com$all
@@ -3638,11 +3464,8 @@
 ||orangeb191.temp.swtest.ru$all
 ||orangess.contactin.bio$all
 ||org-nr.yolasite.com$all
-||orlen-inwe.web.app$all
-||orlen-x.web.app$all
 ||orlen.digital$all
 ||ormantencs112.odoo.com$all
-||oryxcaracalsecurity.com$all
 ||osis.world$all
 ||otomoto-h229.net$all
 ||otomoto3452.com$all
@@ -3651,6 +3474,7 @@
 ||ourgarden.us$all
 ||outlook1541489.webcindario.com$all
 ||outlookcom119.yolasite.com$all
+||ouverturecompte.lbp-eer.fr$all
 ||oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com$all
 ||oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com/''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''$all
 ||p1c.servleboncoinser.com$all
@@ -3659,7 +3483,6 @@
 ||package2021.blogspot.com$all
 ||page-restrict-case22456548.help$all
 ||pages-1008009999700022199021.com$all
-||pages-1008097555214021.com$all
 ||pages-alert-facebook.ezyro.com$all
 ||pages-community-standart-2022.co$all
 ||pages-marvelous-project.webflow.io$all
@@ -3668,11 +3491,11 @@
 ||pages.secure-accts.workers.dev$all
 ||pagesdetectscopyrightpostingactivitiesreported.co.vu$all
 ||pagos.sinpemovil.cr$all
+||paidpapers.net$all
 ||paleyeer.com$all
 ||palmm.ps$all
 ||pancaakesvap.com$all
 ||pancake-sawp.com$all
-||pancake.ellipsis.finance$all
 ||pancake7wop.com$all
 ||pancakesawpes.com$all
 ||pancakesfinances.info$all
@@ -3682,7 +3505,6 @@
 ||pancakeswap.multi-wallet.info$all
 ||pancakeswap.salsasourcing.com$all
 ||pancakeswapes.company$all
-||pancakeswapex.com$all
 ||pancakeswapexcgn.com$all
 ||pancakeswapexch.com$all
 ||pancakeswapexchage.com$all
@@ -3691,17 +3513,15 @@
 ||pancakeswapsupport.co/walletconnect/$all
 ||pancaku-swap.com$all
 ||pancalteswap.finance$all
+||panccakesswap.org$all
 ||panckaceswap.finance$all
-||pancoke.com$all
 ||pandaskin.ru.com$all
 ||panelweb-4cae2.web.app$all
 ||pankaceeswap.com$all
 ||pankaceswapes.finance$all
 ||pankakeswap.ledgity.com$all
 ||pannelpub-benin.com$all
-||pansccakeswap.finance$all
 ||pantazisezopiiuurmail1.web.app$all
-||pantekkalisakitkepalaku.blogspot.com$all
 ||paozeia.blogspot.com/?m=0$all
 ||parcel-support018.com$all
 ||pardot.assemblecommunities.com$all
@@ -3713,6 +3533,7 @@
 ||patient-cell-40f5.updatedlogmylogin.workers.dev$all
 ||patwise.co.in$all
 ||paws.org.au$all
+||paxfulacct.com$all
 ||paxfulmenu.com$all
 ||pay-sera.web.app$all
 ||pay16-olx.pl$all
@@ -3721,13 +3542,16 @@
 ||paypal-online-2deposits-paymentaccept.tk$all
 ||paypal-opladen.be$all
 ||paypalforex.co.ke$all
+||pbemail.youxiangdashui.com$all
 ||pdf-cloud-document.weeblysite.com$all
 ||pdf-sharefile-doc.weeblysite.com$all
 ||pdflogincnvwo.app.link$all
 ||pdfsecured.mystrikingly.com$all
 ||peaceful-black.193-70-50-31.plesk.page$all
+||pedih.001www.com$all
 ||pembatalanakundinonaktifkan.weebly.com$all
 ||pencakecwap.com$all
+||pensive-payne-505e1a.netlify.app$all
 ||perfectliker.net$all
 ||peringatanakunfb2k214.webnode.com$all
 ||phantom-walletweb.app$all
@@ -3754,7 +3578,8 @@
 ||pilmezorda.temp.swtest.ru$all
 ||pinchinchaverify.webcindario.com$all
 ||pirana.co.rs$all
-||pl-swiatowe-wiadomosci.pl$all
+||pkobp.pl.justns.ru$all
+||pl-wiadomosciswiatowe.pl$all
 ||pla1060604.nichost.ru$all
 ||plan-o2-monthlypayments.com$all
 ||planetaamor.org$all
@@ -3763,9 +3588,7 @@
 ||playgirlgold.com$all
 ||ploferta.com$all
 ||plugmailextraexpiredoldpolicynotificationscenter.pages.dev$all
-||plwiadomosciwszystkie.pl$all
 ||plytecfi-my.sharepoint.com/personal/pasi_puumalainen_plytec_fi/_layouts/15/wopiframe.aspx?sourcedoc={8f0414f2-e7a8-46f4-a2bb-d38353ed20d6}&amp;action=default&amp;originalpath=ahr0chm6ly9wbhl0zwnmas1tes5zagfyzxbvaw50lmnvbs86bzovzy9wzxjzb25hbc9wyxnpx3b1dw1hbgfpbmvux3bsexrly19mas9fdklvqkktbzvfukdvcnzuzzfqdelowui1vgg5bxf2ltjlvl9mohvka09sb2pnp3j0aw1lpxvysjgtvnb2mtbn$all
-||po-deliver-fees.com$all
 ||po-service-page.com$all
 ||poc-rewards-program-c2dfc.web.app$all
 ||podpiska-darom.ru$all
@@ -3782,6 +3605,7 @@
 ||polkadot-france.fr$all
 ||polkastarter.app$all
 ||polsd.pa0cpof.cn$all
+||polska-informacyjna.pl$all
 ||polxa.uh8dg67.cn$all
 ||polygon-pro.com$all
 ||polygon-secure.com$all
@@ -3799,7 +3623,6 @@
 ||postechsuivre.ileanamlaw.com$all
 ||postnl.post-tracking-delivery.etelinfra.com$all
 ||poww.6hkjmb.cn$all
-||ppkllp.com$all
 ||pplastmart.com/att/citi$all
 ||ppnnttcc.ppcnthsc.me$all
 ||ppt.cc/fia8mx$all
@@ -3821,11 +3644,13 @@
 ||primecentral.qiourn.shop$all
 ||primeone.org$all
 ||printtoner.com.mx$all
+||prism.net.in$all
 ||privacy-update-page-prtections-association-recovry-secu.web.id$all
 ||privacy-update-secu-recovry-page-protection-4565544.web.id$all
 ||privacy-update-secu-recovry-page-protection-comunity-45.web.id$all
 ||priyankasandokar1606.github.io$all
 ||pro.icloudremovaltool.com$all
+||pro.systemine.xyz$all
 ||procservautomatizacion.com$all
 ||production.anon-rest-keep-reset.sales18130.workers.dev$all
 ||production.anon-step-keep-object.sales18130.workers.dev$all
@@ -3839,6 +3664,7 @@
 ||production.twilight-darkness-9e4b.updatelogaccountprogramedrfwerwrdhscsw.workers.dev$all
 ||project1-df3e9.web.app$all
 ||projectlovewell.com$all
+||promashoppe.com$all
 ||promehedinti.ro$all
 ||promerica-sv.webcindario.com$all
 ||promericalinea01.webcindario.com$all
@@ -3848,8 +3674,6 @@
 ||prosxsiuser.myfreesites.net$all
 ||prosys.poweredbygravit-e.co.uk$all
 ||protect-4d56vca.surge.sh$all
-||proteczzguuaaardzzzpagess.000webhostapp.com$all
-||proteczzpagezzguarddzzz.000webhostapp.com$all
 ||provodi.com$all
 ||proximus-account.azurewebsites.net$all
 ||ptxx.cc$all
@@ -3877,13 +3701,13 @@
 ||quinaroja.com$all
 ||quip.com/jeh2aebbsh97$all
 ||quip.com/qv7malu8n7cz/you-have-some-messages-pending$all
+||quirky-jones.172-245-159-112.plesk.page$all
 ||quotex-qx.com$all
 ||qwas.nfi71vw.cn$all
 ||qwea.wvhee0w.cn$all
 ||qweas.hi5g95r.cn$all
 ||qweas.p6rhddj.cn$all
 ||qweas.zwfaclq.cn$all
-||qxluatbght.cfolks.pl$all
 ||r3c31v30n3-1d3nt1ty.000webhostapp.com$all
 ||r3g34.fra1.digitaloceanspaces.com/77ll23ween.html$all
 ||rabellartz.de$all
@@ -3893,6 +3717,7 @@
 ||rackenfordlabs.com$all
 ||racuten.nuef.info$all
 ||radhikamd.github.io$all
+||rafbbmx.ga$all
 ||rafbbmx.ml$all
 ||raipurrussianescorts.com$all
 ||rakoten-card.buogfbizkugf.gq$all
@@ -3903,31 +3728,29 @@
 ||rakuitan-card.info$all
 ||rakuten.awjoadc.cn$all
 ||rakuten.card.nuosreaoms.com$all
-||rakuten.card.uosmcoua.com$all
-||rakuthn.shop$all
-||rakuttm.shop$all
+||rakuten.co.jp.rakutenajp.xyz$all
 ||ramgarhiamatrimonial.ca$all
 ||rareelements.io$all
-||rasmer.fi$all
 ||ratewatch.net$all
 ||raycargo.com$all
 ||raydiom.io$all
-||razcjjf.ga$all
-||razcjjf.ml$all
 ||rbcmontgomery.com$all
 ||rd8um.app.link$all
 ||rdirtfuo6t.vov.ru$all
 ||re-direct-me.com$all
 ||re-redirection-acc-id923872635122.blogspot.com$all
+||readymag.com/u1496343659/3363308/$all
+||readymag.com/u3169021124/3364004/$all
+||readymag.com/u3908669287/3364075/$all
 ||real-anon-keep-passing-word.rvsla.workers.dev$all
 ||realestate-page-10843446024.expresspestcontrol.co.nz$all
 ||realindiatravel.com$all
 ||reamaam.blogspot.com/?m=0$all
 ||rebrand.ly/j7107dr$all
 ||rebrand.ly/z83ig2n?rb.routing.mode=proxy&amp;rb.routing.signature=123%20836$all
+||recibeya.tufacilmoneyonline.online$all
 ||reconfirmpost287846656.us$all
 ||recover-pages-media-problems-secur-782.web.id$all
-||recover-pages-secur-media-problems-393.web.id$all
 ||recover-pages-secur-media-problems-397.web.id$all
 ||recovery-chain.com$all
 ||recovery-fb.secure-acct.workers.dev$all
@@ -3948,6 +3771,7 @@
 ||reignbike.com$all
 ||reikisadhna.com$all
 ||reikreitel.blogspot.com/?m=0$all
+||rekoution.bcszxcd.shop$all
 ||release-held-messageshee.fra1.digitaloceanspaces.com/v01iebe3vicvgirviexv4sbdve1r03f.html$all
 ||relevant.systems$all
 ||remittance369297292749.goshly.com$all
@@ -3955,7 +3779,6 @@
 ||renovkonstruksi.com$all
 ||repl-mess.myfreesites.net$all
 ||restore.exodusapp.ru$all
-||restoredabefore-com.filesusr.com$all
 ||restorewallet-activation.net$all
 ||retiro-extracash.com$all
 ||retiro.cl$all
@@ -3987,7 +3810,6 @@
 ||roisnoob.github.io$all
 ||rokulinktechnology.com$all
 ||rolinadd.surveysparrow.com$all
-||romanceify.com$all
 ||rondalowa.blogspot.com$all
 ||rondelbarrilito.com$all
 ||ronin-help.com$all
@@ -3999,27 +3821,26 @@
 ||routeksa.com$all
 ||royalwindsorpub.com$all
 ||roygijvhluozwnflsypmewrstt-dot-gl44393333333.rj.r.appspot.com$all
-||roygijvhluozwnflsypmewrstt-dot-gl44393333333.rj.r.appspot.com/''''''''''''''''''''''''''''''''$all
 ||rplg.co$all
 ||rrakutenn.co.jp.azii.cn$all
 ||rrakutenn.co.jp.nanofresh.cn$all
 ||rsujkblokqlyqfonpzgztejdji-dot-gl44393333333.rj.r.appspot.com$all
-||rufoxxy.com$all
 ||runescape-info.com$all
+||runescapebonds.com$all
+||runescapeevents.com$all
 ||ruralaccounting.com.au/ruralaccoun/alibaba.com/portal.php?email=june3354@naver.com$all
 ||ruth.martulangbelulalng.workers.dev$all
-||ryanicolehoward.com$all
 ||rymproducciones.com$all
 ||s-sarfati.co.il$all
 ||s.id/-rb9g$all
+||s.id/actueel1$all
+||s.id/actueel2$all
 ||s.id/crsqh$all
 ||s.id/ytk-r$all
 ||s.macecri.com$all
-||s3-us-west-2.amazonaws.com/bvqs45qsd4azdqzz/a.html$all
 ||s3.amazonaws.com/progressivebank-uat/index.html$all
 ||s5vzr.app.link$all
 ||s787v.cn$all
-||s973454980238668645789827366497203975890547864598033674329.fra1.digitaloceanspaces.com/realtrue.html$all
 ||sa.macecri.com$all
 ||sadervoyages.intnet.mu$all
 ||safty.summarycheck.workers.dev$all
@@ -4041,7 +3862,6 @@
 ||sankyo-rz.com$all
 ||sanru.cd$all
 ||santander.secured-auth-login.com$all
-||santanverifyfunction.com$all
 ||santepluspharma.eclatmediasolution.website$all
 ||santoshdangi.com.np$all
 ||saritapariyar.com.np$all
@@ -4064,16 +3884,16 @@
 ||secure-halifax-device.com$all
 ||secure-mynew-devices.com$all
 ||secure-runescape.xgm.rnp.mybluehost.me$all
-||secure-service-gateway.com$all
 ||secure-zirox.s3.ap-southeast-2.amazonaws.com$all
 ||secure.legalmetric.com$all
 ||secure.oldschool.com-cl.ru$all
 ||secure.oldschool.com-cu.ru$all
-||secure.oldschool.com-cv.ru$all
 ||secure.oldschool.com-oz.ru$all
 ||secure.oldschool.com-rsu.ru$all
+||secure.runescape.com-ak.ru$all
 ||secure.runescape.com-as.cz$all
 ||secure.runescape.com-az.ru$all
+||secure.runescape.com-ca.ru$all
 ||secure.runescape.com-cl.ru$all
 ||secure.runescape.com-co.ru$all
 ||secure.runescape.com-cu.ru$all
@@ -4086,14 +3906,14 @@
 ||secure300.inmotionhosting.com$all
 ||secure303.inmotionhosting.com$all
 ||secure55.webhostinghub.com$all
-||secure7-servr01-log-in.4nmn.com$all
-||securee37-authen21.duckdns.org$all
+||secureaccount.ntflxauth.co$all
 ||securegateway-ovhcloud.csl-sl.de$all
 ||securelloyd-help-app.com$all
+||securewalletprotocol.online$all
 ||security-page-community-standards.blogspot.com$all
 ||sefonta.blogspot.com/?m=0$all
 ||seguridad-oca.webcindario.com$all
-||seleb-indo.duckdns.org$all
+||seleccionperfil.xyz$all
 ||selector26.gg$all
 ||selector28.gg$all
 ||sem.my-drs.co.uk$all
@@ -4104,7 +3924,7 @@
 ||sergebubnin.space$all
 ||sertyxese.myfreesites.net$all
 ||server-networksolutions.web.app$all
-||serverprotocols.com$all
+||server221.security.coinbase.com.gdone.co.ke$all
 ||servervalidationcheck103.web.app$all
 ||servervalidationcheck104.web.app$all
 ||servervalidationcheck105.web.app$all
@@ -4159,7 +3979,6 @@
 ||servicepage.service-page.workers.dev$all
 ||servicepichincha.webcindario.com$all
 ||services.runescape.com-as.cz$all
-||services.runescape.com-oc.ru$all
 ||services.runescape.com-rse.ru$all
 ||services.runescape.com-rsu.ru$all
 ||servicesbancaire.com$all
@@ -4190,6 +4009,7 @@
 ||sharelink.sn.am$all
 ||shayvardphoto.ir$all
 ||shinex.lk$all
+||shippment2.temp.swtest.ru$all
 ||shirhokos-mhalskbsiaoutfew43535.duckdns.org$all
 ||shirtshanger.com$all
 ||shiye666.cn$all
@@ -4202,12 +4022,10 @@
 ||sign-trk.empressmd.com$all
 ||signin-gcq7uwojrw58brcckylebjuy39nk2ivt65ol39k6ut6ura94zk.website.yandexcloud.net$all
 ||signin-payeer.com$all
-||signin.eday.ed.ws.eday.ispi.dll.signin.using.ssl.hors-stade.com$all
 ||silitrade-my.sharepoint.com/:x:/r/personal/jh_silitrade_com/_layouts/15/wopiframe.aspx?guestaccesstoken=8vzaur%2f5gb%2fwmmsfdszlpfueeb0ml%2fzkiljmp9hfa0o%3d&amp;docid=1_14a3d3f238b844155b59bb08023697365&amp;wdformid=%7b3395edb6%2d941b%2d49a6%2dbd04%2dc039ca27bb2b%7d&amp;action=formsubmit$all
-||silkroadwines.com$all
 ||silpovsatb-ua.online$all
 ||silverberrygroup.com$all
-||sim0nt0k-viral-terbaru-2022.duckdns.org$all
+||simonecamposshop.com.br$all
 ||simp.ly/p/3cd35d$all
 ||simp.ly/p/h45c89$all
 ||simp.ly/publish/xhrdvc$all
@@ -4460,12 +4278,11 @@
 ||sleepmaskz.com$all
 ||slickparties.com$all
 ||slmkufeckf.jon-jensen.workers.dev$all
-||slovenska-posta.sytes.net$all
 ||slowlinebag.jp$all
 ||sm.scicemecod.com$all
 ||sm777.csb.app$all
+||smartfixconnect.live$all
 ||smbc-accout.com$all
-||smbc-credit.shop$all
 ||smbc-veaiana.com$all
 ||smbcbc.com$all
 ||smbccjp.shop$all
@@ -4473,10 +4290,11 @@
 ||smbcwodeqingguoshoujicojp.top$all
 ||smeo.org.mx$all
 ||smgolamalif.github.io$all
-||smirl.org$all
 ||smkkesehatanjember.sch.id$all
 ||smmsvocal.yolasite.com$all
+||smpn2jeruklegi.sch.id$all
 ||sms-check.sc-q.top$all
+||sms-infos.d2tt.co$all
 ||sms-shorter.com$all
 ||smsbc-info5.com$all
 ||smsenligne.myfreesites.net$all
@@ -4484,7 +4302,9 @@
 ||smsorangesmsmessage.myfreesites.net$all
 ||smss-mms.yolasite.com$all
 ||smsverificationmms.myfreesites.net$all
+||smvbc-info.com$all
 ||smwam.coms.cso.gov.tt$all
+||snip.ly/qevjwc$all
 ||so.macecri.com$all
 ||soaringskiesrentals.com$all
 ||soci-molen.web.app$all
@@ -4497,7 +4317,6 @@
 ||solicitarfirmaelectronica-sv.com$all
 ||solyanayakomnata.ru$all
 ||sopac.org.py$all
-||soracoes.xyz$all
 ||souaxwaoh.myfreesites.net$all
 ||soude-masi.firebaseapp.com$all
 ||soufatanse.blogspot.com/?m=0$all
@@ -4525,6 +4344,7 @@
 ||spk-entsperren.de$all
 ||spk-jahreswechsel.com$all
 ||spk-secure-de.com$all
+||spkfod.coms.cso.gov.tt$all
 ||sport.protected-secur.workers.dev$all
 ||sportshoes.top$all
 ||sportybetpremium.wapka.co$all
@@ -4542,8 +4362,10 @@
 ||ssl.dsl.isl.mll.aqmst6.stockestan.ir$all
 ||sso-garena.com$all
 ||sswebmail-4w5twsr.web.app$all
+||staffportal.uoz.edu.krd$all
 ||stage.vannaryfowler.com$all
 ||staging.eliteautomotive.com.au$all
+||standardcapbnk.com$all
 ||standardupdatesupportandhelpcenter2021.ga$all
 ||starforsure.com$all
 ||starliker.net$all
@@ -4553,11 +4375,10 @@
 ||static-dev.o2alerts.com$all
 ||static-promote.weebly.com$all
 ||status-dev.o2alerts.com$all
-||stbkcoltria.atwebpages.com$all
 ||stclarechurch.net$all
 ||steamcommunites.com$all
 ||steamcommunitj.com$all
-||steamnitrof.com$all
+||steamcommunityk.com$all
 ||steampoweredtrade.org$all
 ||steampoweredtrades.org$all
 ||steinercoza-my.sharepoint.com/:b:/g/personal/mandyb_steiner_co_za/exxq1passetnrojoe83fzboboxufoggwb7uvmyfqbionla?e=4:su8jhq&amp;at=9$all
@@ -4575,6 +4396,7 @@
 ||stolizaparketa.ru$all
 ||stolizaparketa.ru/wp-content/themes/twentyfifteen/css/read/chinavali/index.php?email=jsmith@imaphost.com$all
 ||stollgroup.coms.cso.gov.tt$all
+||stomkinscommercial.com.aus.cso.gov.tt$all
 ||storage.cloud.google.com/1lordman1man3/oscman2.html#user@calstatela.edu$all
 ||storage.cloud.google.com/acc03lzzl4m3izm03iauserpowa.appspot.com/index.html#user@calstatela.edu$all
 ||storage.cloud.google.com/algebraic-pact-316913.appspot.com/index.html#jbell@legalshield.com$all
@@ -4647,7 +4469,6 @@
 ||sukien-pubgmoblevng.ga$all
 ||sultan-raza.github.io$all
 ||sumpandtankcleaners.in$all
-||sunami.pagedemo.co$all
 ||sunbeltmembers.com$all
 ||sunge-ode.firebaseapp.com$all
 ||sunnylandingpages.com/usroutput/themeset1_2021-12-21-23-15-13/$all
@@ -4655,7 +4476,6 @@
 ||super-dawn-3035.ddahluwalia.workers.dev$all
 ||supermilhas.com$all
 ||superpark-my.sharepoint.com/:x:/r/personal/adrian_ramos_superpark_com_hk/_layouts/15/wopiframe.aspx?guestaccesstoken=vofjngnui%2fslbameorlq62qlg8mcdnpo1dizu6i%2bc1m%3d&amp;docid=1_124bbb2f682ca4c7daba6cec6ee34dfb9&amp;wdformid=%7ba85c8abe%2d68be%2d43dd%2d91f3%2db397386186be%7d&amp;action=formsubmit$all
-||suportecxacesso2020.com$all
 ||supotsstunes.servehttp.com$all
 ||suppliers.bitshepherd.org$all
 ||support-auwebaccessjpnaikpanggung.com$all
@@ -4668,7 +4488,6 @@
 ||survey18-aws.surveycenter.com$all
 ||survey18-aws.toluna.com$all
 ||surveyheart.com/form/608bca7586919c70a2066ef7$all
-||surveylegend.com/s/2vze$all
 ||surveys.adytude.com$all
 ||suspicious-williamson.193-70-50-31.plesk.page$all
 ||suumc-one.com$all
@@ -4712,6 +4531,7 @@
 ||t.co/zwuq6zjpdj$all
 ||t0nline0de0login-001-site1.itempurl.com$all
 ||taher-mohamed-ahmed-saad.github.io$all
+||take-free-2022.duckdns.org$all
 ||taoistw345ie.co$all
 ||tarik-fitness.com$all
 ||tasteentertainment.com/helton.law/outlook.office.com/$all
@@ -4736,11 +4556,13 @@
 ||templat65sldh.myfreesites.net$all
 ||temporary-url.com$all
 ||terpelsicumple.com$all
-||terracontiles.com$all
+||tesladrive-event.com$all
 ||test.bayoucitybadges.org$all
 ||test.bitflye87.com$all
 ||test.dxbproductions.com$all
+||test.myshopclub.ru$all
 ||test.webclient4.de$all
+||testing-domain.duckdns.org$all
 ||texasfreedomrun.com$all
 ||tgpafasfsakkk.pages.dev$all
 ||theaceofspaeder.com$all
@@ -4753,7 +4575,6 @@
 ||thedom.kg$all
 ||theironinnparlour.co.uk$all
 ||thelibrarysamui.com/wp-content/uploads/2021/11/1/1and1/index.php$all
-||themcsoft.com/wp-track/parceverification9887id=291250485$all
 ||theneontree.in$all
 ||thepointcj.com.br$all
 ||thespiritualtransformation.com$all
@@ -4765,7 +4586,6 @@
 ||tighi.creatorlink.net$all
 ||tight-samiuboc.co$all
 ||tikitaps.com$all
-||tinhtrangdon.com$all
 ||tiny.one/ing587388$all
 ||tiny.one/ing67454$all
 ||tiny.one/reuswnzc$all
@@ -4779,7 +4599,6 @@
 ||tinyurl.com/yxb48kqj$all
 ||tinyurl.com/yxry9vf5$all
 ||tinyurl.com/yyvm8qr5$all
-||tinyurl.mobi$all
 ||tipografieonline.ro$all
 ||tirozhjewelry.com$all
 ||titelinedrillingintl.yolasite.com$all
@@ -4799,7 +4618,6 @@
 ||torccolborrachas.blogspot.com$all
 ||torrinwine.com$all
 ||touchidea.top$all
-||touronline2022.com$all
 ||tovowhuqeojweawmubmaqmqlv.hofferflow.icu$all
 ||tpayleboncoin.com$all
 ||tr.cloudmagic.com/h/v6/link-track/1.0/1612678003989072-e5f6d8cc-499b-ea4f-85f1-8b23ad935661/1612677988/2f5895837f8d3f0a667c6b92ad41f652/8af273ac431e289838c8bf7c490185f3/3fe2530ffaa60580b73b9eec6af02f4d?redirect_uri=http://amazon.com$all
@@ -4815,14 +4633,11 @@
 ||tribratanewsbondowoso.com/webapp/tribratanews/public/js/hughesnet.com/index.php$all
 ||tribunbalikpapan.com$all
 ||truegrip.com$all
-||trust-wallet.com.cn$all
 ||trustinpichincha.webcindario.com$all
 ||trustpress.gr$all
 ||trustypichincha.webcindario.com$all
-||ts3cacd.jhfshm.com$all
 ||ts3cacd.rzjxbv.com$all
 ||turntekcnc.com$all
-||twoje-zdjecia-622.herokuapp.com$all
 ||tx.vc$all
 ||txwnmdsbqghviqxpglgzjrgbzv-dot-gl44393333333.rj.r.appspot.com$all
 ||typedream.site$all
@@ -4832,9 +4647,7 @@
 ||u.to/unrpgg$all
 ||u.to/wsddga$all
 ||u08qv44zu5h.typeform.com$all
-||u1571226.cp.regruhosting.ru$all
-||u1571630.cp.regruhosting.ru$all
-||u1571652.cp.regruhosting.ru$all
+||u1565723.plsk.regruhosting.ru$all
 ||u18741649.ct.sendgrid.net$all
 ||u827857uw6.ha004.t.justns.ru$all
 ||uabaiieo.com$all
@@ -4858,7 +4671,6 @@
 ||uhnxa.d23xsru.cn$all
 ||uhnxa.q83itv9.cn$all
 ||uhnxas.rvw56l.cn$all
-||uiuui.pagedemo.co$all
 ||ujcd.um2nlru.cn$all
 ||ujdaa.fn3m4en.cn$all
 ||ujds.5e8tn13.cn$all
@@ -4879,6 +4691,7 @@
 ||ujnca.zgbo0g.cn$all
 ||ujncd.kzi68ra.cn$all
 ||ujncd.lw2djbm.cn$all
+||ujnxas.vj135ih.cn$all
 ||ukcare.in$all
 ||umbrellaclubla.com$all
 ||umconnectumt-my.sharepoint.com/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=e%2f5p4lmr7oxtbuuzst9ihpacebtz%2bhbogl5i950bhau%3d&docid=1_151b39d9e7dd54cfba500875349d3beb6&wdformid=%7bda6fcad9%2d9684%2d43af%2db959%2de2fa774eaba6%7d&action=formsubmit$all
@@ -4895,10 +4708,9 @@
 ||unicreditaustria.ucs.info$all
 ||unifacema.edu.br$all
 ||unifacvest.net$all
+||unifiedsmartsync.live$all
 ||uniga.ac.id/wptracking/tracking2/tracking/tracking.php$all
-||unillantas.com.sv$all
 ||unionheightsresidental.com$all
-||unipo-a.web.app$all
 ||unisons.store$all
 ||unisonsouthayr.org.uk$all
 ||uniswap.ch$all
@@ -4908,7 +4720,6 @@
 ||uniswap.seal.finance$all
 ||uniswap.token.im$all
 ||uniswap.trading$all
-||uniswap.vn$all
 ||uniswapfinancing.info$all
 ||uniswaps.net$all
 ||unitedalliance-online.000webhostapp.com$all
@@ -4919,17 +4730,15 @@
 ||unpocodearte.cl$all
 ||unregpayee-lb.com$all
 ||unsub.listhandlr.com$all
-||upbeat-dhawan.179-43-173-14.plesk.page$all
 ||updateinfo-billingo2.com$all
+||updatemy.software$all
 ||updateseason.com$all
 ||updatestory2022.co.vu$all
 ||updatevoda-billing.com$all
 ||upgrade-25gb-email.thecornerstudio.com.au$all
 ||upgradedserver.online$all
-||upgradingattonlinee.weebly.com$all
 ||uploadpichincha.webcindario.com$all
 ||uploads.codesandbox.io$all
-||upnew.site$all
 ||uppledpichincha.webcindario.com$all
 ||urbenorte.com$all
 ||urgent-halifaxlogin.com$all
@@ -4938,7 +4747,6 @@
 ||userinformationstoreupdatesmail.pages.dev$all
 ||users.tpg.com.au/kcornwall/email-verification/notice/account_login/login.html#accounting@utu.fi$all
 ||usfn.net$all
-||uspsconfirm.iconoomikert.com$all
 ||uspsexpressdeliveryline.com$all
 ||uswowgame.net$all
 ||uueer.7jgy5xe.cn$all
@@ -4950,6 +4758,7 @@
 ||v.ht/1pxak$all
 ||v.ht/yogs$all
 ||v.macecri.com$all
+||v3r1f1c4t10ns-1d3nt1tys.000webhostapp.com$all
 ||v3r1f1c4t10ns-c3nt3rp4g3.000webhostapp.com$all
 ||vaccine-status-info.com$all
 ||vaiddzed.cc/rd/c56498tvifh29711728hupj8172asy17489blob7311$all
@@ -4958,6 +4767,7 @@
 ||valenciaoptometry.com$all
 ||valenteplay.com.br$all
 ||validacionpichincha.odoo.com$all
+||validate-chain.com$all
 ||validate-solana.com$all
 ||validator-fzkiy.run-us-west2.goorm.io$all
 ||vallion.motiffliterature.me$all
@@ -4967,18 +4777,18 @@
 ||velvish.com$all
 ||ventas.lnterbarnk.pe.jifad.org$all
 ||veredesafs.blogspot.com/?m=0$all
-||verfybadgeappform.com$all
 ||veri-pichincha.webcindario.com$all
-||verificaciondeprioridad.com$all
 ||verification-trustwallet.4bl-eg.com$all
 ||verification.fb-page.workers.dev$all
 ||verificationmessage.blob.core.windows.net$all
+||verifications-zones.com$all
 ||verififacebookid.wixsite.com$all
 ||verifiikasi-accounts.weebly.com$all
 ||verifikasi-akun-anda0011.weeblysite.com$all
 ||verifikasi-akun-facebook0022.weeblysite.com$all
 ||verifikasi-identitas47.weebly.com$all
 ||verifocaoffa.webcindario.com$all
+||verifymywallets.com$all
 ||vetrfedsonte.blogspot.com/?m=0$all
 ||vgiuhkjnm.b9u6vh5l7g1797.workers.dev$all
 ||viamobte.blogspot.com/2021/03/blog-post.html$all
@@ -4989,22 +4799,21 @@
 ||viettel-com-dot-c2c01-531c7.uc.r.appspot.com$all
 ||view.genial.ly/61e168ca67f4550de805d006/interactive-content-secured-document$all
 ||view.genial.ly/61e168ca67f4550de805d006/interactive-content-untitled-genially$all
-||vigortech.com.np$all
+||vigilant-murdock.45-81-232-15.plesk.page$all
 ||viguohilkasdsd.izwe6g6lyc.workers.dev$all
 ||vilaanimalviana.pt$all
 ||vinbpcfatfnkjftetwwkucfqsi-dot-gl44393333333.rj.r.appspot.com$all
 ||vinivet.mk$all
 ||vipfbtools.com$all
-||vipprofessional.net$all
 ||viral-groub.duckdns.org$all
 ||virginia-spi.com$all
 ||virtual1dattss.com$all
 ||vis-stort.github.io$all
-||visa-band.com$all
 ||vishaljangale01.github.io$all
 ||visione.co.id$all
 ||visionproperty.in$all
 ||vivaterouna.blogspot.com/?m=0$all
+||vk-money.xyz$all
 ||vk-posters.ru$all
 ||vk-vhods.co$all
 ||vk.com/away.php?cc_key=&amp;post=%7brandom_number_5%7d_1&amp;to=http://18.118.206.123/index.php?key=%7brandom_letternumberuplow_5%7d,email=%7bemail%7d$all
@@ -5047,6 +4856,7 @@
 ||vkjbm.4nt4nb464e6113.workers.dev$all
 ||vodaupdatepayment.com$all
 ||volvocarskc.us1.list-manage.com$all
+||vps3920.ultahost.com/all.php$all
 ||vps56290.servconfig.com$all
 ||vqed.5xcv81zrx0530.workers.dev$all
 ||vqwd.soboja1994.workers.dev$all
@@ -5060,25 +4870,30 @@
 ||vv.macecri.com$all
 ||vvjde0h0ttttf9hay.com$all
 ||vvpaes-me-index.egvtpp.cn$all
+||vws.co.in$all
+||vxcas.a35570.cn$all
 ||vxdse.myfreesites.net$all
 ||w2.deraya.org$all
 ||w5aproject.s3.us-east.cloud-object-storage.appdomain.cloud$all
-||w5czf.csb.app$all
 ||wahed-koudsi2001.github.io$all
 ||walkers-dot-composite-store-326315.uk.r.appspot.com$all
 ||wallcertifyonmesh.com$all
 ||walldesign.com.tr$all
 ||wallet-connect012.web.app$all
 ||wallet-reconnection.xyz$all
+||wallet-verified.com$all
 ||wallet.silesiacoin.com$all
 ||wallet22.000webhostapp.com$all
+||walletconnect-tool.net$all
+||walletconnect-tools.xyz$all
 ||walletconnectonline.pages.dev$all
 ||walletconnectors.com$all
 ||walleterrorsupport.com$all
+||walletokenvalidation.com$all
+||walletsconect.live$all
 ||walletsconnex.com$all
 ||walletsliveconnects.net$all
 ||walletsreauth.org$all
-||walletsvalidator.org$all
 ||walletsynclive.com$all
 ||walletvalidation.me$all
 ||walletvalidators.com$all
@@ -5098,6 +4913,7 @@
 ||warriorplus.com/o2/a/f5s4y/0$all
 ||warsa.bandungkab.go.id$all
 ||wasites.000webhostapp.com$all
+||waterproofingengineer.com$all
 ||we-exodus-wallet.yahoosites.com$all
 ||web-armas.royale-freefire1garena-bonus.com$all
 ||web-b4119.web.app$all
@@ -5115,13 +4931,15 @@
 ||web-verifi06.webcindario.com$all
 ||web.bredbanque.trans.sylog.co$all
 ||web.royale-freefire1garena-bonus.com$all
-||web7320.web07.bero-webspace.de$all
 ||webbbb.yolasite.com$all
 ||webbl.yolasite.com$all
+||webdappsconnection.com$all
 ||webdatamltrainingdiag842.blob.core.windows.net$all
 ||webdesecure.clickfunnels.com$all
+||webhost-verify.duckdns.org$all
 ||webip.yolasite.com$all
 ||webmail-2aaa0.web.app$all
+||webmail-optusnet-com-au-sign1.weebly.com$all
 ||webmail-sso8uyg.web.app$all
 ||webmail.gourmer.co.in$all
 ||webmail.login.access.docs67.live$all
@@ -5132,24 +4950,21 @@
 ||webregular.xyz$all
 ||webservice-verify.duckdns.org$all
 ||websitefun.club$all
-||websiteorange.wixsite.com$all
 ||webstories.eu$all
 ||webuyworkshopequipment.com/wp-content/themes/sketch/js/sf_trash/c45b222914e3c78d$all
 ||webuyworkshopequipment.com/wp-content/themes/sketch/js/sf_trash/c45b222914e3c78d/$all
 ||webvalidity.com$all
 ||well-42d74.web.app$all
-||wellsfargo-online06.herokuapp.com$all
-||weryfikacja-facebookowa-27.herokuapp.com$all
 ||weryfikacja-facebookowa-28.herokuapp.com$all
 ||weteachbh.com$all
 ||whare.100webspace.net$all
+||whatsapp-grub99zyc.duckdns.org$all
 ||wheelsofmercy.org$all
 ||whitelist-network.com$all
 ||whitmansasphalt.com/secure/wells$all
 ||whitmansasphalt.com/secure/wells/$all
 ||widadkamillah.github.io$all
 ||wiki.oceanreeflifegame.com$all
-||wildcard.isiolo.go.ke$all
 ||windstream-net.firebaseapp.com$all
 ||winville.biz$all
 ||wireconfirmation68c10a25442a3e13.blogspot.com$all
@@ -5173,14 +4988,17 @@
 ||wqass-index.chobqu.cn$all
 ||wqass-index.dccigq.cn$all
 ||wqass-index.gbswz.cn$all
-||wqass-index.jeewiki.cn$all
 ||wqass-index.pygbw.cn$all
 ||wrww-roblox.com$all
+||wsertyzx.gq$all
 ||wteeoq.pfinanceiro.com.de$all
 ||wvk12-my.sharepoint.com/:x:/r/personal/pklewis_k12_wv_us/_layouts/15/wopiframe.aspx?guestaccesstoken=tqintdtuii%2bam%2fbqmtnjkenggs2dptoi8hs2jqftjkq%3d&docid=1_1446052cffa4c4871bd24bb98fe86ed6d&wdformid=%7bdf30d25d%2d0b59%2d47e5%2d956e%2dc601397ea4d7%7d&action=formsubmit&cid=57cdb8ab-426b-4eff-a51f-903ee3684f96$all
 ||wvk12-my.sharepoint.com/personal/pklewis_k12_wv_us/_layouts/15/wopiframe.aspx?guestaccesstoken=tqintdtuii%2bam%2fbqmtnjkenggs2dptoi8hs2jqftjkq%3d&docid=1_1446052cffa4c4871bd24bb98fe86ed6d&wdformid=%7bdf30d25d%2d0b59%2d47e5%2d956e%2dc601397ea4d7%7d&action=formsubmit&cid=57cdb8ab-426b-4eff-a51f-903ee3684f96$all
+||ww.lnterbank.pe.personas.aaseguros.mx$all
 ||ww.lnterbank.pe.personas.onlinesocket.in$all
+||ww.lnterbank.pe.personas.t-class.org$all
 ||ww16.inpost-pl-3dsecure.clear-id.xyz$all
+||wwedealershipon.000webhostapp.com$all
 ||www-cursosdigitalesmx-com.filesusr.com$all
 ||www-degelyehuda-org-il.filesusr.com$all
 ||www-europe564598-com.filesusr.com$all
@@ -5188,10 +5006,9 @@
 ||www-key-com.test.edgekey.net$all
 ||www-mufg-jp.handicraft.ltd$all
 ||www-mufg-jp.kaiqi.ink$all
-||www-wattsapcom.duckdns.org$all
+||www.facebook.com-sauuvazpjo.isiolo.go.ke$all
 ||www2.rakutan.co.jploginffd9dfg7.carwork.cn$all
 ||www2.rakutan.co.jploginffd9dfg7h.iotbaas.cn$all
-||www2.rakutan.co.jploginvcx8ds.nanoart.cn$all
 ||www2.rakuten-card.co.jp.wzsrc.cn$all
 ||www2.rakutenn.co.jp.nanopark.cn$all
 ||www2.rakutenn.co.jp.zgyo.cn$all
@@ -5203,6 +5020,7 @@
 ||xcas.xoh29oz.cn$all
 ||xcasd.7vo6bt.cn$all
 ||xcasd.b204uje.cn$all
+||xcasd.tcbjnhq.cn$all
 ||xcasd.yikn2gd.cn$all
 ||xcryptocars.blogspot.com$all
 ||xcvdsd.page.link$all
@@ -5222,10 +5040,10 @@
 ||xjpyyds.pem4yp3.cn$all
 ||xkljfg.ml$all
 ||xn--gmal-sya.com$all
-||xn--instagam-sf0d.com$all
 ||xn--ltappen-80a.se$all
 ||xn--metamsk-lwa.link$all
 ||xn--rpondeur-sfr2-bhb.yolasite.com$all
+||xpubgfrozen.tk$all
 ||xqr3i.mjt.lu$all
 ||xqr3n.mjt.lu$all
 ||xqr3u.mjt.lu$all
@@ -5234,14 +5052,16 @@
 ||xrxh2.mjt.lu$all
 ||xrxhl.mjt.lu$all
 ||xsbrookshhjx.top$all
+||xspin.cawnibos.com$all
 ||xtio.ch$all
 ||xtw42.mjt.lu$all
+||xvideokoreanwifesister18.duckdns.org$all
 ||xx.macecri.com$all
 ||xxaas.tp00jv9.cn$all
 ||xxasd.sf29hrg.cn$all
 ||xxx-com-dot-c2c01-531c7.uc.r.appspot.com$all
-||xyproject.xtensio.com$all
 ||xzasd.uz64g3.cn$all
+||yahoo%2eco%2ejp@asdxa.p2x11pi.cn$all
 ||yahoo%2eco%2ejp@bghgcd.psuxscm.cn$all
 ||yahoo%2eco%2ejp@bhgxa.eo76sni.cn$all
 ||yahoo%2eco%2ejp@cdas.nxzigco.cn$all
@@ -5263,12 +5083,11 @@
 ||yahoo%2eco%2ejp@uyhnxx.urpzkva.cn$all
 ||yahoo%2eco%2ejp@zxas.2nd0g8.cn$all
 ||yahoo%2eco%2ejp@zxass.jbkyj0o.cn$all
-||yahoopoweredservice.duckdns.org$all
 ||yahuomall.square.site$all
 ||yairix.github.io$all
 ||yalena.me$all
+||yandex-viral.duckdns.org$all
 ||yaqoobi.org$all
-||yaranfayez.com$all
 ||yayanti.com$all
 ||ybdaa.oqsgm9r.cn$all
 ||ybggd.fjgjoux.cn$all
@@ -5288,11 +5107,13 @@
 ||ynbgdc.woprkzp.cn$all
 ||ynbxa.pvgulkz.cn$all
 ||yndda.m117s1s.cn$all
+||yo7ka-anna.com$all
 ||yogeshwarwiremesh.com$all
 ||youknowar.com$all
 ||young-snow-7447.tcheviron5269.workers.dev$all
 ||youreasygoing2022.co.vu$all
 ||yqlpeitost.duckdns.org$all
+||ytdjhstej.tk$all
 ||yuhjjkss.web.app$all
 ||yumpai.cn$all
 ||z.macecri.com$all
@@ -5300,10 +5121,12 @@
 ||z0massegurabclp1.shreeramwoodindustries.com$all
 ||z2qje.codesandbox.io$all
 ||z3voicrxxvs.typeform.com$all
+||zacharytlasko.com$all
 ||zackselectronics.co.zw$all
 ||zaktualizacja-platnosci.netfxtv.co.pl$all
 ||zasd.yhxmd30.cn$all
 ||zb2-home.web.app$all
+||zen-minsky-ef5931.netlify.app$all
 ||zenvinyl.com$all
 ||zepe.io$all
 ||zeroquiz.com$all
@@ -5317,13 +5140,11 @@
 ||znbint.com/fire/dhl/load.php?0=aw5mb0btzxrhbg9naxmuy29t&amp;guce_referrer=ahr0chm6ly9sb2dpbi55ywhvby5jb20v&amp;guce_referrer_sig=aqaaaba99nmgr9inqoyu5mi3asjqfyjcpatd_a8modgjxpnxynmo8n5zxdi8ezv7gfypzosc_rpmz0hyfdck0olmxnmb6tpfznd5enc$all
 ||zoho-online.web.app$all
 ||zoho-validationserv.web.app$all
-||zonalnterbank.com$all
 ||zonmca.hxljatvw.cn$all
 ||zpr.io/kms8u47zlxwk$all
 ||zpr.io/mxvzwlcdizyq$all
 ||zpr.io/nckeqquhrpuf$all
 ||zshrvvo.cn$all
-||zuiunsya.com$all
 ||zxas.2nd0g8.cn$all
 ||zxas.hs0rgq8.cn$all
 ||zxass.jbkyj0o.cn$all
@@ -5332,6 +5153,5 @@
 ||zxcnash.seufhsk.cn$all
 ||zxcod.01l241.cn$all
 ||zxcuashs.e0n0gh5.cn$all
-||zxdlbny.cn$all
 ||zxnahs.3cze6ri.cn$all
 ||zz.macecri.com$all
diff --git a/dist/phishing-filter-agh.txt b/dist/phishing-filter-agh.txt
index e7d1c1b7..41e43a6d 100644
--- a/dist/phishing-filter-agh.txt
+++ b/dist/phishing-filter-agh.txt
@@ -1,5 +1,5 @@
 ! Title: Phishing URL Blocklist (AdGuard Home)
-! Updated: Sun, 16 Jan 2022 12:01:44 +0000
+! Updated: Mon, 17 Jan 2022 00:01:35 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/phishing-filter
 ! License: https://gitlab.com/curben/phishing-filter#license
@@ -14,9 +14,6 @@
 ||02-billing-support.org^
 ||08863299.sso-secure-mail0454etr.pages.dev^
 ||0bs.de^
-||0gjvj7a8eydbjz3au8anbg-on.drv.tw^
-||1000000000347789523698541.tk^
-||1000000000347789523698545.tk^
 ||1000000000347789523698546.tk^
 ||1000000000347789523698547.tk^
 ||103.114.16.4^
@@ -33,10 +30,12 @@
 ||149-210-143-165.colo.transip.net^
 ||149.210.143.165^
 ||15004083383734.data-store-company.com^
+||154.222.224.81^
 ||154.30.211.130.bc.googleusercontent.com^
 ||161.35.142.2^
 ||165.227.122.125^
 ||16park.cn^
+||1727365.com^
 ||173.82.154.253^
 ||178.128.108.233.dsl.dyn.forthnet.gr^
 ||179.43.140.208^
@@ -56,9 +55,9 @@
 ||2022-exodus.com^
 ||2022-girobanken-sparkassen.xyz^
 ||2022.intrebrkprsonas.xyz^
+||205.185.113.221^
 ||208.82.115.230^
 ||217651.8b.io^
-||2247317.verifyinguser426128734570198363.com^
 ||228.94.92.rev.sfr.net.gghost.ru^
 ||24611250.sibforms.com^
 ||2482689012.yolasite.com^
@@ -67,6 +66,7 @@
 ||2fa.bthei.com^
 ||2pil.ru^
 ||2rakuten.co.jp.happyyear.cn^
+||2yfh.short.gy^
 ||3-139-75-158.cprapid.com^
 ||343i.org^
 ||343t3dv9qdufp.clickfunnels.com^
@@ -74,8 +74,11 @@
 ||35.199.84.117^
 ||35.225.222.142^
 ||3568365.com^
+||365unfreezesecurity.com^
+||3782365.com^
 ||3a10a178.s6t6sj4s46tu4sys54y5.pages.dev^
 ||3bvjh.sbs^
+||3c5.com^
 ||3ck.me^
 ||3dprintersupplies.com.au^
 ||3dsecure-update-service-info-live.duckdns.org^
@@ -103,20 +106,21 @@
 ||613707.selcdn.ru^
 ||61da8ae6.6u6566hrrthsh45.pages.dev^
 ||638ca12d-ba2f-451c-8418-faf56b7de7ff.htmlcomponentservice.com^
-||65451440241544.hyperphp.com^
-||664876.verifyinguser426128734570198363.com^
+||6734365.com^
 ||67lksxgjd.bttmassage-thai-tanger.com^
 ||6a7zu9he6mqh.clickfunnels.com^
 ||6c7f0acc.sibforms.com^
+||6stupefacentevideo2022.pagedemo.co^
+||754675377.xyz^
 ||78.108.89.240^
 ||7837365.com^
 ||7a4298b9.sso-mail-secure234ds23d23wd1.pages.dev^
 ||7wr4u.csb.app^
 ||7yu3v.csb.app^
 ||8.215.32.173^
-||8010361370310234068010361370310234.blogspot.be^
 ||859411.icu^
 ||8760365.com^
+||885211.icu^
 ||889381.icu^
 ||8899.jp^
 ||89ix7y0.cn^
@@ -144,15 +148,18 @@
 ||absolute-containers-sip.business.site^
 ||absolutepleasure.com.my^
 ||acacia.webdevonline.net^
+||account-recovery.org^
 ||account.herephyshy.info^
 ||account.verifications.help-page.workers.dev^
 ||accounts-autoscout24.de^
 ||acessobradesco.digital^
 ||ach111.xyz^
 ||activate-hulu-com-activate.sitey.me^
+||activatingmymainnet.com^
 ||adamfeber.com^
 ||adcloudserver.com^
 ||admin-formserviceupdates.weeblysite.com^
+||administer-708aa.web.app^
 ||administraciondefincaspereznovo.com^
 ||adorablepomskyhome.net^
 ||adpunemploymentclaims.sharefile.com^
@@ -162,14 +169,13 @@
 ||afreemart.xyz^
 ||africansecrets.ca^
 ||agora.imb.br^
-||agricolefr-99f918.ingress-erytho.easywp.com^
 ||agrimetiersmartinique.fr^
 ||agurimu-nagoya.com^
 ||ahhhh.pe.kr^
 ||ai.macecri.com^
-||aib-unauthorized-access.com^
 ||aid-validation-human.run-us-west2.goorm.io^
 ||aimekidya-recpag.web.id^
+||airbnb.book-space-b851927.live^
 ||airportprescreening.com^
 ||aitsidihamh.my-place.us^
 ||akanksha3012.github.io^
@@ -190,8 +196,10 @@
 ||alkhalilgraphics.com^
 ||allegrolokalnie-pl-3dsafe.id-43051.xyz^
 ||allegrolokalnie-pl-3dsafe.id-91501.xyz^
+||allegrolokalnie-pl-3dseif.id-43051.xyz^
 ||allegrolokalnie-pl-safe.id-43051.xyz^
 ||alliancesuper.com^
+||almarjantours.com^
 ||almighty.edu.np^
 ||alnajahh.com^
 ||aloun.ps^
@@ -199,6 +207,7 @@
 ||alqadi.ps^
 ||alquilervillora.net^
 ||alsofft.com^
+||alupi-frey.shop^
 ||amacez.jyrtery4.top^
 ||amacredit.amacardpkey.xyz^
 ||amaenv.fgasdfw6.xyz^
@@ -209,21 +218,20 @@
 ||amazomsse.shop^
 ||amazon-gcatech.com^
 ||amazon-interruption.com^
-||amazon.co.ip.jlig.cn^
 ||amazon.co.jp.abaiaccounting.cn^
 ||amazon.gousana.casa^
-||amazon.jp-m.win^
+||amazon.logins-co.jp^
 ||amazon.works.ga^
 ||amazonhome.sfrmobiles.com^
 ||amazonjapsne.cf^
+||amazonses.authflows.com^
 ||amazoon.co.op.o4j.top^
-||ambil-hadiah-gratis-resmi-dari-freefire.duckdns.org^
 ||amc-training.com^
-||amcgardiennage.com^
+||amecmasmerd.ga^
 ||ameozom.jp.onaworks.com^
 ||americanexpress-auth.azurewebsites.net^
-||americanexpress.heiwakai.com^
 ||amguevara.com^
+||amhsd.com^
 ||amidabuli.com^
 ||amlnov7.web.app^
 ||amnzma-jp.top^
@@ -234,7 +242,6 @@
 ||amoazom.rm82j6-t8.cn^
 ||amonzau_co_take.ktbf.shop^
 ||amosleh.com^
-||amozom.co.ip.taxhod.club^
 ||amreeth.github.io^
 ||amusebouche-bg.com^
 ||amzcredit.dearva.xyz^
@@ -250,24 +257,21 @@
 ||anhduongjsc.com^
 ||anj-azakp.run.goorm.io^
 ||anjalijha167.github.io^
-||anjayredit.duckdns.org^
 ||annacatania.com.mt^
 ||anon-keep-admin-keep.rvsla.workers.dev^
 ||ansr.ro^
 ||aolmailukhelplinecustomerservice.blogspot.com.au^
 ||aolmailukhelplinecustomerservice.blogspot.com^
-||aolpoweredservice.duckdns.org^
 ||aolverixon11dfd.weebly.com^
 ||aolxperience.com^
+||api-saisoncard-co-jp.md160.net^
 ||api-saisoncard-co-jp.o4ay8.net^
 ||api.florense.com.br^
 ||api.redirect-bentobot199.com^
 ||api.redirect-safebrowser-online.com^
-||api.safe-directmail.com^
 ||aplintec.com.mx^
 ||app-928e4a31-5ecb-44ae-8c1e-5a710ac73f9f.cleverapps.io^
 ||app-bombcrypto-io-login-ab.blogspot.com^
-||app-panckswp.xyz^
 ||app.bydn217.club^
 ||app.duel.network^
 ||app.fiiber.ca^
@@ -277,10 +281,11 @@
 ||appatualizecef.com^
 ||appibsolicitud.com^
 ||appleid-check.info^
+||applekra.com^
 ||applepichincha.webcindario.com^
 ||apply.aua.am^
 ||apps.mobile-form-verification40124572700208277579.xjzsg0tqkl-ewl6ngk8w352.p.runcloud.link^
-||appttech.com^
+||aprilgagenesh.com^
 ||aquaqualitas.com^
 ||arafathrumman.github.io^
 ||arcacg.com^
@@ -288,15 +293,18 @@
 ||are.scicemecod.com^
 ||areueaom.gtpzcve.cn^
 ||areueaom.gtva.cn^
+||arif.com.bd^
 ||aromatic.webenliven.in^
 ||arthamahotels.com^
 ||artlux.com.pl^
 ||arub-service.org^
 ||aruba.fatt.ids-sys.com^
 ||as.macecri.com^
+||as.scicemecod.com^
 ||asaipestcontrol.com^
 ||ascom.co.tz^
 ||asd.9sw53wk.cn^
+||asdxa.p2x11pi.cn^
 ||asgard-ampqy.run-us-west2.goorm.io^
 ||asimpwsh.com^
 ||asistentetramitadordigitalda.com^
@@ -306,19 +314,24 @@
 ||at-t-yahoo.sitey.me^
 ||atento-fdi.plusoftomni.com.br^
 ||ativacao-online73681.com^
+||atlanticeconcrete.com^
 ||atnr76dxku336szy.clickfunnels.com^
-||attcustomdesk.weebly.com^
+||att556.weebly.com^
+||att87.weebly.com^
 ||attinfoser.weebly.com^
 ||attonlinemanagementpage.weebly.com^
+||attonlineuserverification.weebly.com^
 ||attpage1121.weebly.com^
 ||atualizacao-online547864.com^
 ||atualizarmodolo.com^
 ||atulrathore-dev.github.io^
+||auid-japan.com^
 ||aurumship.com^
-||aushfew.tokyo^
 ||aushotel.es^
 ||auth-task1-m.web.app^
 ||auth-webmailakeonetcom.yolasite.com^
+||auth.topgamers.cn^
+||authent54-sedure32.duckdns.org^
 ||authorize-trustvallet-protocol.com^
 ||authorizewallet.app^
 ||authuxeehmutconjxmailssocl.web.app^
@@ -328,16 +341,15 @@
 ||autoranplususeremailprocessingupdate.pages.dev^
 ||autoscurt24.de^
 ||autumn-sun-4a21.paqesads-scure.workers.dev^
+||avelocidad.com^
 ||avrorganics.com^
 ||awesome-gates-8bdd6f.netlify.app^
 ||ax.xiguw.workers.dev^
-||axieinfinity-meta.com^
 ||axieinfinity-supportwallet.com^
 ||axlr.in^
-||ayguru.com^
+||ayushenterprise.in^
 ||az.macecri.com^
 ||azb3s.cf^
-||azmnsaz.000webhostapp.com^
 ||azmznonos_co_long.akys.shop^
 ||b.com.0cdb6084fc320a42a6418192753f5960.laremolonarestaurante.com^
 ||b059c86968a6427389952025bcee9886.svc.dynamics.com^
@@ -345,7 +357,6 @@
 ||b96f7f93.sibforms.com^
 ||b97bca39.srvr-cloudmail-srvr6754e5rte.pages.dev^
 ||bacteralia.com^
-||badnewswegewroighgserhhg.xyz^
 ||bag-macben.eu^
 ||bakhai.vn^
 ||balajihospital.net^
@@ -365,7 +376,6 @@
 ||bancaporlnternetlnterbarnk.libertycanais.com.br^
 ||bancoiinng.site44.com^
 ||bancooccidentalb.com^
-||bank-id.pl^
 ||bankapolska.com^
 ||banki0wa.us^
 ||bankocaoffo.webcindario.com^
@@ -373,8 +383,8 @@
 ||bannerbank.control-inc.com^
 ||bannerchampnyc.com^
 ||banproseguridadasistenteenlineanic.webnode.es^
-||banqsuepoy.temp.swtest.ru^
 ||baradua.it^
+||barbecuef.top^
 ||battlelastmont.cyou^
 ||bc1.paiementervice.com^
 ||bconclutmjy.ru^
@@ -383,7 +393,7 @@
 ||be-home.web.do^
 ||bearmybrand.com^
 ||beast-blog.com^
-||beibys.com.br^
+||beccu07.zzux.com^
 ||beijing.vfzfy1v.cn^
 ||belovedaroma.com^
 ||bendmytrend.com^
@@ -449,18 +459,19 @@
 ||bncre.odoo.com^
 ||bncxz.9wx9b27.cn^
 ||bndigitalpersonas.com^
-||bnpparibas-pl.mob-app.xyz^
 ||boaupdate.bfaoscr.com^
 ||bogdonovlerer.com^
 ||bogged-finance.com^
+||boi.365online-replacement.com^
+||boke4-indonesia-2022a7whatsapp.duckdns.org^
+||bokep-virall-sange33.duckdns.org^
 ||bokgabanesolutions.co.za^
+||bold-lichterman.45-81-232-15.plesk.page^
 ||bookfbs.evangsamuelministries.com^
 ||boxes.com.py^
 ||br4.in^
 ||br622.teste.website^
-||brave-knuth-96d329.netlify.app^
 ||breople.com^
-||brigida_cossette.gitlab.io^
 ||brooks-forrunning.top^
 ||brooks-justforjogging.top^
 ||brooks-move.top^
@@ -499,7 +510,6 @@
 ||bujikena.web.app^
 ||bundel-cobragratis2022.duckdns.org^
 ||busanopen.org^
-||business-action-copyright11022.web.app^
 ||business-action-page129591.web.app^
 ||business-appeal-copyright8211.web.app^
 ||business-appeal-form-18222.web.app^
@@ -507,24 +517,22 @@
 ||business-copyright-alert198082.web.app^
 ||business-copyright-alert19882.web.app^
 ||business-copyright-detected920.web.app^
-||business-page-content125882.web.app^
 ||business-required-helpcenter82.web.app^
 ||business-required-info188221.web.app^
 ||businessemailss.biz^
-||bussines.messages-redirect-to-page.e37uezyquk-rz83y0rwz4d7.p.runcloud.link^
 ||buyelectronicsnyc.com^
 ||c.curiousmorty.be^
 ||c.jardindemiedo.es^
 ||c.loveawaits.be^
 ||c.mail.com^
 ||c0m-r51znzlh8i.isiolo.go.ke^
-||c10012022j.temp.swtest.ru^
 ||c1christine.tjelmeland2e.cso.gov.tt^
 ||c2dc5b99.chgmar.pages.dev^
 ||c6ebv708.caspio.com^
 ||cabsiler.com^
 ||cache.nebula.phx3.secureserver.net^
 ||cadeau-orange.fr^
+||caixabanki.temp.swtest.ru^
 ||caixaseguradora.quadientcloud.com^
 ||cakesbyannemotha.com^
 ||cammymiller.com^
@@ -534,7 +542,6 @@
 ||capservice.online^
 ||caracasmateriais.blogspot.com^
 ||carpediemxp.com^
-||carry.reduxservices.com^
 ||carservicessaupdate.xyz^
 ||cartamorin-geometres.fr^
 ||carwash.tv^
@@ -547,6 +554,7 @@
 ||caymanreno.com^
 ||cbmonlinegroups.com^
 ||cc.scicemecod.com^
+||cc23674.tmweb.ru^
 ||ccjrlaw.com^
 ||cdas.nxzigco.cn^
 ||cdsoa.wuefyta.cn^
@@ -559,14 +567,13 @@
 ||centre1.bubbleapps.io^
 ||ceresgulf.com^
 ||certifica-montepaschii.com^
-||chalokradocallkakuch.azurewebsites.net^
-||changenotification.pricesamazonlogincard.monster^
+||charitascb.com^
 ||charperimagedesign.com^
 ||chat-whatasapp.com^
 ||chat-whatsaap99.duckdns.org^
 ||chat-whatsapp-com-go8i7q-qregrabc-ibuxub.duckdns.org^
-||chat-whatsapp-group-2022.duckdns.org^
 ||chat-whatsapp-grupo-invitacion.blogspot.com^
+||chat-whatsapp-gscfghjsgsu.duckdns.org^
 ||chckmaill1.web.app^
 ||chckmaill10.web.app^
 ||chckmaill11.web.app^
@@ -600,9 +607,9 @@
 ||chois.jp^
 ||christienstudystl.wixsite.com^
 ||christmas-dhl-express-delvr.hopekosmos.com^
+||chronopostaws.com^
 ||chtbnk.uk^
 ||chutomen.com^
-||ciiusea.com^
 ||cinemaleftech.com^
 ||citagestionenlineabn.com^
 ||city-of-jazz.de^
@@ -610,13 +617,11 @@
 ||claiimdiamondgratis84.duckdns.org^
 ||claim-event-freefire-garena-oldfree-a4.duckdns.org^
 ||claim-skingratis-mobailegends161.duckdns.org^
-||claimgratisff2022.duckdns.org^
 ||claims-funds-enczj.run-us-west2.goorm.io^
 ||claimseventmlbb.duckdns.org^
 ||claimshopee.yolasite.com^
 ||claro-link.brsafe.com.br^
 ||claus.bz^
-||clefman.cl^
 ||click-here-help.in^
 ||client-support-page.com^
 ||clientid-h5p8n7f9e6fbmkhbr3i4gbnia7e9zpts4nbk3ebk0zj625t2ol.website.yandexcloud.net^
@@ -655,7 +660,9 @@
 ||co.jp.sefdvsi.cn^
 ||co.jp.tezkkbp.cn^
 ||co.jp.ztxzzup.cn^
+||cobaincurlduluom.duckdns.org^
 ||codwarzonemobile.com^
+||coindappsync.online^
 ||cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev^
 ||collab-land.net^
 ||collabland.info^
@@ -670,23 +677,24 @@
 ||com-r51znzlh8i.isiolo.go.ke^
 ||com-sauuvazpjo.isiolo.go.ke^
 ||com-ugsyk69nqb.isiolo.go.ke^
-||comefuck.co^
 ||community.fb-pages-01138913366342885284.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link^
 ||community.fb-pages-28202553629866144006.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link^
 ||community.fb-pages-44883444930165123303.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link^
 ||completeegali.webcindario.com^
+||completeyorcorp.lunsrgovert.net^
 ||comunicazione-europe.net^
 ||comunity-isue-ideent-andromeda-29.web.id^
 ||comunity-isue-ideent-andromeda-33.web.id^
-||comunity-isue-ideent-andromeda-88.web.id^
 ||con-firma.firebaseapp.com^
-||confirming-pages-idntitysupport.web.id^
 ||congresosba.com.ar^
 ||conhecaonlinedigital.com.br^
 ||connect.au-login.0662smt.com^
+||connect.auone.jp-login.kddi-sys.com^
+||connect.myauone.jp-auid.jp-auid.com^
+||connect.myauone.jp-auid.kddi-mail.com^
+||connectlivewallet.io^
 ||connectwallet.me^
 ||conoscofaturahiiiper.com^
-||consultavirtuai.bieah.com^
 ||contabilidaderabello.com.br^
 ||contact2acceptpoilcyverifingyouracceptancemailfullinbox.pages.dev^
 ||contapessoal.digital^
@@ -697,7 +705,7 @@
 ||contratodeparceria.com.br^
 ||controlpichincha.webcindario.com^
 ||copyright-center-live.ml^
-||corl-inv.web.app^
+||coroplastusa.com^
 ||correosdemexico-web.com^
 ||corta.ai^
 ||cosemu.com^
@@ -717,7 +725,6 @@
 ||credicorpfiduciariasa.com^
 ||credifinanciera.didacsis.com^
 ||crediserfinanza.com^
-||credita302.temp.swtest.ru^
 ||creditagricole-sudrhonealpes.blogspot.ba^
 ||creditagricole-sudrhonealpes.blogspot.com^
 ||creditagricole-sudrhonealpes.blogspot.ro^
@@ -725,13 +732,18 @@
 ||creditiperhabbogratissicuro100.blogspot.it^
 ||cresvin.com^
 ||criticalcarevizag.com^
+||crrdxwjap7t.typeform.com^
 ||cryptocars-plays.buzz^
 ||cryptocarsme.com^
 ||cryptscars-logs.com^
 ||cryqtocars.me^
 ||cuans.bkaamiv.cn^
 ||currentlyupgrade.mystrikingly.com^
+||cusnas.366wuv.cn^
+||cxas.bvd2q18.cn^
+||cxas.zk6w4dt.cn^
 ||cxasd.easghbl.cn^
+||cxmnsa.04frh0w.cn^
 ||cxnbas.nmkbmqk.cn^
 ||cxuahs.1wc9bxm.cn^
 ||cyna.rkpmage.cn^
@@ -744,8 +756,10 @@
 ||d2aae6a6.srvr-cloudmail-srvr675eu6r.pages.dev^
 ||d3ncuwwrr82.typeform.com^
 ||daatahomes.com^
+||dadafa88.com^
 ||damp-f43e.recovery-page-secur.workers.dev^
 ||danitraseoexperts.com^
+||dappconnecttvalidator.net^
 ||dapponlines.com^
 ||dappscoins.com^
 ||dappsiconnect.com^
@@ -761,8 +775,8 @@
 ||db-web-client.com^
 ||dbesmdcjzturhizszllesbthsn-dot-gl44393333333.rj.r.appspot.com^
 ||dbkuzwes.online^
-||dbs-interrnet.online^
 ||dbs.limited^
+||dbs.online.webdbslistinonline.com^
 ||dbs.webdbslistinonline.com^
 ||dbw.gr^
 ||dcm1.ae.iwc.static.tungmung.co.id^
@@ -795,6 +809,7 @@
 ||dev-nadaj.orlenpaczka.ce5.pl^
 ||dev-secu-credit-union.pantheonsite.io^
 ||dev-www.orlenpaczka.ce5.pl^
+||dev.massageliabilityinsurancegroup.com^
 ||dev.shivaxi.com^
 ||devicepichincha.webcindario.com^
 ||devops.help^
@@ -807,15 +822,17 @@
 ||dhl.recruitmentplatform.com^
 ||diamondplate.us^
 ||die-post-swiss-id-19782635812.psd2any.com^
+||diepost-paketevhost207932.lowhost.ru^
 ||diginto.org^
-||dilscord.gift^
+||diligentverify.com^
 ||directqpuprozaakp.weebly.com^
 ||dirtyez.com^
 ||disccrdapp.com^
 ||disckord.club^
 ||discoord-nittro.com^
-||discorc.gift^
 ||discordbugs.com^
+||discordnitroos.com^
+||discrods.gift^
 ||dispositivoapp.azurewebsites.net^
 ||distinctivei.com^
 ||distrial.ec^
@@ -828,7 +845,6 @@
 ||dl.9xu.com^
 ||dlink.me^
 ||dmaxpesca.com.es^
-||dminer.cloud^
 ||doclab-console-auth.firebaseapp.com^
 ||docs-verify-c671.thajetiase.workers.dev^
 ||docs.revv.so^
@@ -854,12 +870,9 @@
 ||domainserverlawa117.web.app^
 ||domainserverlawa118.web.app^
 ||domainserverlawa119.web.app^
-||domainserverlawa120.web.app^
-||domainserverlawa121.web.app^
 ||domainserverlawa122.web.app^
 ||domainserverlawa123.web.app^
 ||domainserverlawa124.web.app^
-||domainserverlawa125.web.app^
 ||domainserverlawa126.web.app^
 ||domainserverlawa127.web.app^
 ||domainserverlawa128.web.app^
@@ -868,32 +881,24 @@
 ||domainserverlawa130.web.app^
 ||domainserverlawa131.web.app^
 ||domainserverlawa132.web.app^
-||domainserverlawa133.web.app^
 ||domainserverlawa134.web.app^
 ||domainserverlawa135.web.app^
 ||domainserverlawa136.web.app^
 ||domainserverlawa137.web.app^
-||domainserverlawa138.web.app^
 ||domainserverlawa139.web.app^
 ||domainserverlawa14.web.app^
-||domainserverlawa140.web.app^
-||domainserverlawa141.web.app^
 ||domainserverlawa142.web.app^
 ||domainserverlawa143.web.app^
 ||domainserverlawa144.web.app^
 ||domainserverlawa145.web.app^
 ||domainserverlawa146.web.app^
-||domainserverlawa147.web.app^
 ||domainserverlawa148.web.app^
 ||domainserverlawa149.web.app^
 ||domainserverlawa150.web.app^
-||domainserverlawa151.web.app^
 ||domainserverlawa152.web.app^
 ||domainserverlawa153.web.app^
-||domainserverlawa154.web.app^
 ||domainserverlawa155.web.app^
 ||domainserverlawa156.web.app^
-||domainserverlawa157.web.app^
 ||domainserverlawa158.web.app^
 ||domainserverlawa159.web.app^
 ||domainserverlawa160.web.app^
@@ -901,20 +906,15 @@
 ||domainserverlawa162.web.app^
 ||domainserverlawa163.web.app^
 ||domainserverlawa164.web.app^
-||domainserverlawa165.web.app^
 ||domainserverlawa166.web.app^
 ||domainserverlawa167.web.app^
 ||domainserverlawa168.web.app^
 ||domainserverlawa169.web.app^
-||domainserverlawa17.web.app^
-||domainserverlawa170.web.app^
 ||domainserverlawa171.web.app^
 ||domainserverlawa172.web.app^
 ||domainserverlawa173.web.app^
 ||domainserverlawa174.web.app^
-||domainserverlawa175.web.app^
 ||domainserverlawa176.web.app^
-||domainserverlawa177.web.app^
 ||domainserverlawa178.web.app^
 ||domainserverlawa179.web.app^
 ||domainserverlawa18.web.app^
@@ -923,34 +923,25 @@
 ||domainserverlawa182.web.app^
 ||domainserverlawa183.web.app^
 ||domainserverlawa184.web.app^
-||domainserverlawa185.web.app^
 ||domainserverlawa186.web.app^
 ||domainserverlawa187.web.app^
 ||domainserverlawa188.web.app^
 ||domainserverlawa189.web.app^
 ||domainserverlawa19.web.app^
-||domainserverlawa190.web.app^
 ||domainserverlawa191.web.app^
 ||domainserverlawa193.web.app^
 ||domainserverlawa194.web.app^
 ||domainserverlawa195.web.app^
-||domainserverlawa196.web.app^
-||domainserverlawa197.web.app^
 ||domainserverlawa198.web.app^
-||domainserverlawa199.web.app^
 ||domainserverlawa20.web.app^
-||domainserverlawa200.web.app^
 ||domainserverlawa201.web.app^
 ||domainserverlawa202.web.app^
-||domainserverlawa203.web.app^
 ||domainserverlawa204.web.app^
 ||domainserverlawa205.web.app^
 ||domainserverlawa206.web.app^
-||domainserverlawa207.web.app^
 ||domainserverlawa208.web.app^
 ||domainserverlawa209.web.app^
 ||domainserverlawa21.web.app^
-||domainserverlawa210.web.app^
 ||domainserverlawa211.web.app^
 ||domainserverlawa212.web.app^
 ||domainserverlawa213.web.app^
@@ -964,7 +955,6 @@
 ||domainserverlawa221.web.app^
 ||domainserverlawa222.web.app^
 ||domainserverlawa223.web.app^
-||domainserverlawa224.web.app^
 ||domainserverlawa225.web.app^
 ||domainserverlawa226.web.app^
 ||domainserverlawa227.web.app^
@@ -977,12 +967,10 @@
 ||domainserverlawa234.web.app^
 ||domainserverlawa235.web.app^
 ||domainserverlawa237.web.app^
-||domainserverlawa238.web.app^
 ||domainserverlawa239.web.app^
 ||domainserverlawa240.web.app^
 ||domainserverlawa241.web.app^
 ||domainserverlawa242.web.app^
-||domainserverlawa243.web.app^
 ||domainserverlawa244.web.app^
 ||domainserverlawa245.web.app^
 ||domainserverlawa246.web.app^
@@ -990,35 +978,23 @@
 ||domainserverlawa248.web.app^
 ||domainserverlawa249.web.app^
 ||domainserverlawa25.web.app^
-||domainserverlawa250.web.app^
 ||domainserverlawa251.web.app^
 ||domainserverlawa252.web.app^
 ||domainserverlawa253.web.app^
-||domainserverlawa254.web.app^
-||domainserverlawa255.web.app^
 ||domainserverlawa256.web.app^
 ||domainserverlawa257.web.app^
 ||domainserverlawa258.web.app^
-||domainserverlawa259.web.app^
-||domainserverlawa26.web.app^
 ||domainserverlawa260.web.app^
-||domainserverlawa261.web.app^
-||domainserverlawa262.web.app^
 ||domainserverlawa263.web.app^
 ||domainserverlawa264.web.app^
 ||domainserverlawa265.web.app^
 ||domainserverlawa266.web.app^
 ||domainserverlawa267.web.app^
-||domainserverlawa268.web.app^
 ||domainserverlawa269.web.app^
 ||domainserverlawa270.web.app^
-||domainserverlawa271.web.app^
-||domainserverlawa272.web.app^
 ||domainserverlawa273.web.app^
 ||domainserverlawa274.web.app^
-||domainserverlawa275.web.app^
 ||domainserverlawa276.web.app^
-||domainserverlawa277.web.app^
 ||domainserverlawa278.web.app^
 ||domainserverlawa279.web.app^
 ||domainserverlawa280.web.app^
@@ -1027,9 +1003,7 @@
 ||domainserverlawa283.web.app^
 ||domainserverlawa284.web.app^
 ||domainserverlawa285.web.app^
-||domainserverlawa286.web.app^
 ||domainserverlawa287.web.app^
-||domainserverlawa289.web.app^
 ||domainserverlawa29.web.app^
 ||domainserverlawa290.web.app^
 ||domainserverlawa292.web.app^
@@ -1038,28 +1012,20 @@
 ||domainserverlawa295.web.app^
 ||domainserverlawa296.web.app^
 ||domainserverlawa297.web.app^
-||domainserverlawa298.web.app^
 ||domainserverlawa299.web.app^
-||domainserverlawa30.web.app^
 ||domainserverlawa300.web.app^
 ||domainserverlawa301.web.app^
 ||domainserverlawa302.web.app^
 ||domainserverlawa303.web.app^
 ||domainserverlawa304.web.app^
 ||domainserverlawa305.web.app^
-||domainserverlawa306.web.app^
 ||domainserverlawa307.web.app^
 ||domainserverlawa308.web.app^
-||domainserverlawa309.web.app^
-||domainserverlawa31.web.app^
 ||domainserverlawa310.web.app^
 ||domainserverlawa311.web.app^
 ||domainserverlawa312.web.app^
 ||domainserverlawa313.web.app^
-||domainserverlawa314.web.app^
 ||domainserverlawa315.web.app^
-||domainserverlawa316.web.app^
-||domainserverlawa317.web.app^
 ||domainserverlawa318.web.app^
 ||domainserverlawa319.web.app^
 ||domainserverlawa32.web.app^
@@ -1067,13 +1033,11 @@
 ||domainserverlawa321.web.app^
 ||domainserverlawa322.web.app^
 ||domainserverlawa323.web.app^
-||domainserverlawa324.web.app^
 ||domainserverlawa325.web.app^
 ||domainserverlawa326.web.app^
 ||domainserverlawa327.web.app^
 ||domainserverlawa328.web.app^
 ||domainserverlawa329.web.app^
-||domainserverlawa33.web.app^
 ||domainserverlawa330.web.app^
 ||domainserverlawa331.web.app^
 ||domainserverlawa332.web.app^
@@ -1084,17 +1048,14 @@
 ||domainserverlawa337.web.app^
 ||domainserverlawa338.web.app^
 ||domainserverlawa339.web.app^
-||domainserverlawa34.web.app^
 ||domainserverlawa340.web.app^
 ||domainserverlawa341.web.app^
 ||domainserverlawa342.web.app^
 ||domainserverlawa343.web.app^
 ||domainserverlawa344.web.app^
-||domainserverlawa345.web.app^
 ||domainserverlawa346.web.app^
 ||domainserverlawa347.web.app^
 ||domainserverlawa348.web.app^
-||domainserverlawa35.web.app^
 ||domainserverlawa350.web.app^
 ||domainserverlawa351.web.app^
 ||domainserverlawa352.web.app^
@@ -1108,7 +1069,6 @@
 ||domainserverlawa36.web.app^
 ||domainserverlawa360.web.app^
 ||domainserverlawa361.web.app^
-||domainserverlawa362.web.app^
 ||domainserverlawa363.web.app^
 ||domainserverlawa364.web.app^
 ||domainserverlawa365.web.app^
@@ -1119,7 +1079,6 @@
 ||domainserverlawa370.web.app^
 ||domainserverlawa371.web.app^
 ||domainserverlawa372.web.app^
-||domainserverlawa373.web.app^
 ||domainserverlawa374.web.app^
 ||domainserverlawa375.web.app^
 ||domainserverlawa376.web.app^
@@ -1135,11 +1094,7 @@
 ||domainserverlawa385.web.app^
 ||domainserverlawa386.web.app^
 ||domainserverlawa387.web.app^
-||domainserverlawa388.web.app^
-||domainserverlawa389.web.app^
-||domainserverlawa39.web.app^
 ||domainserverlawa390.web.app^
-||domainserverlawa391.web.app^
 ||domainserverlawa392.web.app^
 ||domainserverlawa393.web.app^
 ||domainserverlawa394.web.app^
@@ -1150,11 +1105,8 @@
 ||domainserverlawa40.web.app^
 ||domainserverlawa400.web.app^
 ||domainserverlawa401.web.app^
-||domainserverlawa402.web.app^
 ||domainserverlawa403.web.app^
-||domainserverlawa404.web.app^
 ||domainserverlawa405.web.app^
-||domainserverlawa406.web.app^
 ||domainserverlawa407.web.app^
 ||domainserverlawa408.web.app^
 ||domainserverlawa409.web.app^
@@ -1165,7 +1117,6 @@
 ||domainserverlawa413.web.app^
 ||domainserverlawa414.web.app^
 ||domainserverlawa415.web.app^
-||domainserverlawa416.web.app^
 ||domainserverlawa417.web.app^
 ||domainserverlawa418.web.app^
 ||domainserverlawa419.web.app^
@@ -1178,12 +1129,10 @@
 ||domainserverlawa425.web.app^
 ||domainserverlawa426.web.app^
 ||domainserverlawa427.web.app^
-||domainserverlawa428.web.app^
 ||domainserverlawa429.web.app^
 ||domainserverlawa43.web.app^
 ||domainserverlawa430.web.app^
 ||domainserverlawa431.web.app^
-||domainserverlawa432.web.app^
 ||domainserverlawa433.web.app^
 ||domainserverlawa434.web.app^
 ||domainserverlawa435.web.app^
@@ -1193,36 +1142,27 @@
 ||domainserverlawa439.web.app^
 ||domainserverlawa44.web.app^
 ||domainserverlawa440.web.app^
-||domainserverlawa441.web.app^
 ||domainserverlawa442.web.app^
 ||domainserverlawa443.web.app^
 ||domainserverlawa444.web.app^
 ||domainserverlawa445.web.app^
 ||domainserverlawa446.web.app^
 ||domainserverlawa447.web.app^
-||domainserverlawa448.web.app^
 ||domainserverlawa449.web.app^
-||domainserverlawa45.web.app^
 ||domainserverlawa450.web.app^
 ||domainserverlawa451.web.app^
 ||domainserverlawa452.web.app^
 ||domainserverlawa453.web.app^
-||domainserverlawa454.web.app^
 ||domainserverlawa455.web.app^
 ||domainserverlawa456.web.app^
-||domainserverlawa457.web.app^
-||domainserverlawa458.web.app^
 ||domainserverlawa459.web.app^
 ||domainserverlawa46.web.app^
 ||domainserverlawa460.web.app^
-||domainserverlawa461.web.app^
 ||domainserverlawa462.web.app^
 ||domainserverlawa463.web.app^
 ||domainserverlawa464.web.app^
 ||domainserverlawa465.web.app^
 ||domainserverlawa466.web.app^
-||domainserverlawa467.web.app^
-||domainserverlawa468.web.app^
 ||domainserverlawa469.web.app^
 ||domainserverlawa47.web.app^
 ||domainserverlawa470.web.app^
@@ -1233,18 +1173,14 @@
 ||domainserverlawa475.web.app^
 ||domainserverlawa476.web.app^
 ||domainserverlawa477.web.app^
-||domainserverlawa478.web.app^
 ||domainserverlawa479.web.app^
 ||domainserverlawa480.web.app^
 ||domainserverlawa481.web.app^
-||domainserverlawa482.web.app^
 ||domainserverlawa483.web.app^
 ||domainserverlawa484.web.app^
 ||domainserverlawa485.web.app^
 ||domainserverlawa486.web.app^
 ||domainserverlawa487.web.app^
-||domainserverlawa488.web.app^
-||domainserverlawa489.web.app^
 ||domainserverlawa49.web.app^
 ||domainserverlawa490.web.app^
 ||domainserverlawa491.web.app^
@@ -1255,22 +1191,15 @@
 ||domainserverlawa496.web.app^
 ||domainserverlawa497.web.app^
 ||domainserverlawa498.web.app^
-||domainserverlawa499.web.app^
 ||domainserverlawa50.web.app^
 ||domainserverlawa500.web.app^
-||domainserverlawa501.web.app^
 ||domainserverlawa502.web.app^
-||domainserverlawa503.web.app^
-||domainserverlawa504.web.app^
-||domainserverlawa505.web.app^
 ||domainserverlawa506.web.app^
 ||domainserverlawa507.web.app^
 ||domainserverlawa508.web.app^
 ||domainserverlawa509.web.app^
 ||domainserverlawa51.web.app^
-||domainserverlawa510.web.app^
 ||domainserverlawa511.web.app^
-||domainserverlawa513.web.app^
 ||domainserverlawa514.web.app^
 ||domainserverlawa515.web.app^
 ||domainserverlawa516.web.app^
@@ -1279,10 +1208,8 @@
 ||domainserverlawa519.web.app^
 ||domainserverlawa52.web.app^
 ||domainserverlawa520.web.app^
-||domainserverlawa521.web.app^
 ||domainserverlawa522.web.app^
 ||domainserverlawa523.web.app^
-||domainserverlawa524.web.app^
 ||domainserverlawa525.web.app^
 ||domainserverlawa526.web.app^
 ||domainserverlawa527.web.app^
@@ -1293,28 +1220,21 @@
 ||domainserverlawa531.web.app^
 ||domainserverlawa532.web.app^
 ||domainserverlawa533.web.app^
-||domainserverlawa534.web.app^
-||domainserverlawa535.web.app^
 ||domainserverlawa536.web.app^
 ||domainserverlawa537.web.app^
 ||domainserverlawa538.web.app^
 ||domainserverlawa539.web.app^
 ||domainserverlawa54.web.app^
-||domainserverlawa540.web.app^
 ||domainserverlawa541.web.app^
 ||domainserverlawa542.web.app^
 ||domainserverlawa543.web.app^
-||domainserverlawa544.web.app^
 ||domainserverlawa545.web.app^
 ||domainserverlawa546.web.app^
 ||domainserverlawa547.web.app^
-||domainserverlawa548.web.app^
 ||domainserverlawa549.web.app^
 ||domainserverlawa550.web.app^
 ||domainserverlawa551.web.app^
-||domainserverlawa552.web.app^
 ||domainserverlawa553.web.app^
-||domainserverlawa554.web.app^
 ||domainserverlawa555.web.app^
 ||domainserverlawa556.web.app^
 ||domainserverlawa557.web.app^
@@ -1324,9 +1244,7 @@
 ||domainserverlawa560.web.app^
 ||domainserverlawa561.web.app^
 ||domainserverlawa562.web.app^
-||domainserverlawa563.web.app^
 ||domainserverlawa564.web.app^
-||domainserverlawa565.web.app^
 ||domainserverlawa566.web.app^
 ||domainserverlawa567.web.app^
 ||domainserverlawa568.web.app^
@@ -1335,35 +1253,24 @@
 ||domainserverlawa570.web.app^
 ||domainserverlawa571.web.app^
 ||domainserverlawa572.web.app^
-||domainserverlawa573.web.app^
 ||domainserverlawa574.web.app^
 ||domainserverlawa575.web.app^
 ||domainserverlawa576.web.app^
 ||domainserverlawa577.web.app^
 ||domainserverlawa578.web.app^
 ||domainserverlawa579.web.app^
-||domainserverlawa58.web.app^
-||domainserverlawa580.web.app^
 ||domainserverlawa581.web.app^
 ||domainserverlawa582.web.app^
 ||domainserverlawa583.web.app^
-||domainserverlawa584.web.app^
-||domainserverlawa585.web.app^
 ||domainserverlawa586.web.app^
 ||domainserverlawa587.web.app^
 ||domainserverlawa588.web.app^
 ||domainserverlawa589.web.app^
 ||domainserverlawa59.web.app^
-||domainserverlawa590.web.app^
-||domainserverlawa591.web.app^
 ||domainserverlawa592.web.app^
 ||domainserverlawa593.web.app^
-||domainserverlawa594.web.app^
-||domainserverlawa595.web.app^
-||domainserverlawa596.web.app^
 ||domainserverlawa597.web.app^
 ||domainserverlawa598.web.app^
-||domainserverlawa599.web.app^
 ||domainserverlawa60.web.app^
 ||domainserverlawa600.web.app^
 ||domainserverlawa601.web.app^
@@ -1371,25 +1278,18 @@
 ||domainserverlawa603.web.app^
 ||domainserverlawa604.web.app^
 ||domainserverlawa605.web.app^
-||domainserverlawa606.web.app^
 ||domainserverlawa607.web.app^
 ||domainserverlawa608.web.app^
 ||domainserverlawa609.web.app^
-||domainserverlawa61.web.app^
 ||domainserverlawa610.web.app^
-||domainserverlawa611.web.app^
 ||domainserverlawa612.web.app^
 ||domainserverlawa613.web.app^
 ||domainserverlawa614.web.app^
-||domainserverlawa615.web.app^
-||domainserverlawa616.web.app^
-||domainserverlawa617.web.app^
 ||domainserverlawa618.web.app^
 ||domainserverlawa619.web.app^
 ||domainserverlawa62.web.app^
 ||domainserverlawa620.web.app^
 ||domainserverlawa621.web.app^
-||domainserverlawa622.web.app^
 ||domainserverlawa623.web.app^
 ||domainserverlawa624.web.app^
 ||domainserverlawa625.web.app^
@@ -1410,7 +1310,6 @@
 ||domainserverlawa639.web.app^
 ||domainserverlawa64.web.app^
 ||domainserverlawa640.web.app^
-||domainserverlawa641.web.app^
 ||domainserverlawa642.web.app^
 ||domainserverlawa643.web.app^
 ||domainserverlawa644.web.app^
@@ -1426,11 +1325,6 @@
 ||domainserverlawa653.web.app^
 ||domainserverlawa654.web.app^
 ||domainserverlawa655.web.app^
-||domainserverlawa656.web.app^
-||domainserverlawa657.web.app^
-||domainserverlawa658.web.app^
-||domainserverlawa659.web.app^
-||domainserverlawa66.web.app^
 ||domainserverlawa660.web.app^
 ||domainserverlawa661.web.app^
 ||domainserverlawa662.web.app^
@@ -1441,14 +1335,10 @@
 ||domainserverlawa667.web.app^
 ||domainserverlawa668.web.app^
 ||domainserverlawa669.web.app^
-||domainserverlawa67.web.app^
-||domainserverlawa670.web.app^
 ||domainserverlawa671.web.app^
 ||domainserverlawa672.web.app^
 ||domainserverlawa673.web.app^
-||domainserverlawa674.web.app^
 ||domainserverlawa675.web.app^
-||domainserverlawa676.web.app^
 ||domainserverlawa677.web.app^
 ||domainserverlawa678.web.app^
 ||domainserverlawa679.web.app^
@@ -1456,12 +1346,8 @@
 ||domainserverlawa680.web.app^
 ||domainserverlawa681.web.app^
 ||domainserverlawa682.web.app^
-||domainserverlawa683.web.app^
 ||domainserverlawa684.web.app^
 ||domainserverlawa685.web.app^
-||domainserverlawa686.web.app^
-||domainserverlawa687.web.app^
-||domainserverlawa688.web.app^
 ||domainserverlawa689.web.app^
 ||domainserverlawa69.web.app^
 ||domainserverlawa690.web.app^
@@ -1469,7 +1355,6 @@
 ||domainserverlawa692.web.app^
 ||domainserverlawa693.web.app^
 ||domainserverlawa694.web.app^
-||domainserverlawa695.web.app^
 ||domainserverlawa696.web.app^
 ||domainserverlawa697.web.app^
 ||domainserverlawa698.web.app^
@@ -1480,15 +1365,11 @@
 ||domainserverlawa702.web.app^
 ||domainserverlawa703.web.app^
 ||domainserverlawa704.web.app^
-||domainserverlawa705.web.app^
 ||domainserverlawa706.web.app^
-||domainserverlawa707.web.app^
 ||domainserverlawa708.web.app^
 ||domainserverlawa709.web.app^
 ||domainserverlawa71.web.app^
-||domainserverlawa710.web.app^
 ||domainserverlawa711.web.app^
-||domainserverlawa712.web.app^
 ||domainserverlawa713.web.app^
 ||domainserverlawa714.web.app^
 ||domainserverlawa715.web.app^
@@ -1497,17 +1378,13 @@
 ||domainserverlawa718.web.app^
 ||domainserverlawa719.web.app^
 ||domainserverlawa72.web.app^
-||domainserverlawa720.web.app^
 ||domainserverlawa721.web.app^
 ||domainserverlawa722.web.app^
-||domainserverlawa723.web.app^
 ||domainserverlawa724.web.app^
 ||domainserverlawa725.web.app^
 ||domainserverlawa726.web.app^
 ||domainserverlawa727.web.app^
-||domainserverlawa728.web.app^
 ||domainserverlawa729.web.app^
-||domainserverlawa73.web.app^
 ||domainserverlawa730.web.app^
 ||domainserverlawa731.web.app^
 ||domainserverlawa732.web.app^
@@ -1520,31 +1397,22 @@
 ||domainserverlawa739.web.app^
 ||domainserverlawa74.web.app^
 ||domainserverlawa740.web.app^
-||domainserverlawa741.web.app^
 ||domainserverlawa742.web.app^
 ||domainserverlawa743.web.app^
 ||domainserverlawa744.web.app^
-||domainserverlawa745.web.app^
 ||domainserverlawa746.web.app^
-||domainserverlawa747.web.app^
-||domainserverlawa748.web.app^
 ||domainserverlawa749.web.app^
 ||domainserverlawa75.web.app^
 ||domainserverlawa750.web.app^
-||domainserverlawa751.web.app^
 ||domainserverlawa752.web.app^
 ||domainserverlawa753.web.app^
 ||domainserverlawa754.web.app^
 ||domainserverlawa755.web.app^
-||domainserverlawa756.web.app^
 ||domainserverlawa757.web.app^
 ||domainserverlawa758.web.app^
 ||domainserverlawa759.web.app^
-||domainserverlawa76.web.app^
-||domainserverlawa760.web.app^
 ||domainserverlawa761.web.app^
 ||domainserverlawa762.web.app^
-||domainserverlawa763.web.app^
 ||domainserverlawa764.web.app^
 ||domainserverlawa765.web.app^
 ||domainserverlawa766.web.app^
@@ -1564,22 +1432,17 @@
 ||domainserverlawa779.web.app^
 ||domainserverlawa78.web.app^
 ||domainserverlawa780.web.app^
-||domainserverlawa781.web.app^
 ||domainserverlawa782.web.app^
 ||domainserverlawa783.web.app^
 ||domainserverlawa784.web.app^
 ||domainserverlawa785.web.app^
 ||domainserverlawa786.web.app^
-||domainserverlawa787.web.app^
 ||domainserverlawa788.web.app^
 ||domainserverlawa789.web.app^
 ||domainserverlawa79.web.app^
 ||domainserverlawa790.web.app^
-||domainserverlawa791.web.app^
-||domainserverlawa792.web.app^
 ||domainserverlawa793.web.app^
 ||domainserverlawa794.web.app^
-||domainserverlawa795.web.app^
 ||domainserverlawa796.web.app^
 ||domainserverlawa797.web.app^
 ||domainserverlawa798.web.app^
@@ -1588,7 +1451,6 @@
 ||domainserverlawa800.web.app^
 ||domainserverlawa801.web.app^
 ||domainserverlawa802.web.app^
-||domainserverlawa803.web.app^
 ||domainserverlawa804.web.app^
 ||domainserverlawa806.web.app^
 ||domainserverlawa807.web.app^
@@ -1596,8 +1458,6 @@
 ||domainserverlawa809.web.app^
 ||domainserverlawa81.web.app^
 ||domainserverlawa810.web.app^
-||domainserverlawa811.web.app^
-||domainserverlawa812.web.app^
 ||domainserverlawa813.web.app^
 ||domainserverlawa814.web.app^
 ||domainserverlawa815.web.app^
@@ -1611,7 +1471,6 @@
 ||domainserverlawa822.web.app^
 ||domainserverlawa823.web.app^
 ||domainserverlawa824.web.app^
-||domainserverlawa825.web.app^
 ||domainserverlawa826.web.app^
 ||domainserverlawa827.web.app^
 ||domainserverlawa828.web.app^
@@ -1623,9 +1482,7 @@
 ||domainserverlawa833.web.app^
 ||domainserverlawa834.web.app^
 ||domainserverlawa835.web.app^
-||domainserverlawa836.web.app^
 ||domainserverlawa837.web.app^
-||domainserverlawa838.web.app^
 ||domainserverlawa839.web.app^
 ||domainserverlawa84.web.app^
 ||domainserverlawa840.web.app^
@@ -1633,29 +1490,21 @@
 ||domainserverlawa842.web.app^
 ||domainserverlawa843.web.app^
 ||domainserverlawa844.web.app^
-||domainserverlawa845.web.app^
 ||domainserverlawa846.web.app^
-||domainserverlawa847.web.app^
-||domainserverlawa848.web.app^
-||domainserverlawa849.web.app^
 ||domainserverlawa85.web.app^
-||domainserverlawa850.web.app^
 ||domainserverlawa851.web.app^
 ||domainserverlawa852.web.app^
 ||domainserverlawa853.web.app^
-||domainserverlawa854.web.app^
 ||domainserverlawa855.web.app^
 ||domainserverlawa856.web.app^
 ||domainserverlawa857.web.app^
 ||domainserverlawa858.web.app^
-||domainserverlawa859.web.app^
 ||domainserverlawa86.web.app^
 ||domainserverlawa860.web.app^
 ||domainserverlawa861.web.app^
 ||domainserverlawa862.web.app^
 ||domainserverlawa863.web.app^
 ||domainserverlawa864.web.app^
-||domainserverlawa865.web.app^
 ||domainserverlawa866.web.app^
 ||domainserverlawa867.web.app^
 ||domainserverlawa868.web.app^
@@ -1666,7 +1515,6 @@
 ||domainserverlawa872.web.app^
 ||domainserverlawa873.web.app^
 ||domainserverlawa874.web.app^
-||domainserverlawa875.web.app^
 ||domainserverlawa877.web.app^
 ||domainserverlawa878.web.app^
 ||domainserverlawa879.web.app^
@@ -1674,9 +1522,7 @@
 ||domainserverlawa880.web.app^
 ||domainserverlawa881.web.app^
 ||domainserverlawa882.web.app^
-||domainserverlawa883.web.app^
 ||domainserverlawa884.web.app^
-||domainserverlawa885.web.app^
 ||domainserverlawa886.web.app^
 ||domainserverlawa888.web.app^
 ||domainserverlawa889.web.app^
@@ -1696,19 +1542,14 @@
 ||domainserverlawa902.web.app^
 ||domainserverlawa903.web.app^
 ||domainserverlawa904.web.app^
-||domainserverlawa905.web.app^
 ||domainserverlawa906.web.app^
 ||domainserverlawa907.web.app^
 ||domainserverlawa908.web.app^
 ||domainserverlawa909.web.app^
 ||domainserverlawa91.web.app^
 ||domainserverlawa910.web.app^
-||domainserverlawa911.web.app^
 ||domainserverlawa912.web.app^
 ||domainserverlawa913.web.app^
-||domainserverlawa914.web.app^
-||domainserverlawa915.web.app^
-||domainserverlawa916.web.app^
 ||domainserverlawa917.web.app^
 ||domainserverlawa918.web.app^
 ||domainserverlawa92.web.app^
@@ -1717,22 +1558,14 @@
 ||domainserverlawa922.web.app^
 ||domainserverlawa923.web.app^
 ||domainserverlawa924.web.app^
-||domainserverlawa925.web.app^
 ||domainserverlawa926.web.app^
 ||domainserverlawa927.web.app^
 ||domainserverlawa929.web.app^
-||domainserverlawa93.web.app^
 ||domainserverlawa930.web.app^
-||domainserverlawa931.web.app^
 ||domainserverlawa932.web.app^
-||domainserverlawa933.web.app^
-||domainserverlawa934.web.app^
 ||domainserverlawa935.web.app^
-||domainserverlawa936.web.app^
 ||domainserverlawa937.web.app^
 ||domainserverlawa938.web.app^
-||domainserverlawa939.web.app^
-||domainserverlawa94.web.app^
 ||domainserverlawa940.web.app^
 ||domainserverlawa941.web.app^
 ||domainserverlawa942.web.app^
@@ -1741,45 +1574,33 @@
 ||domainserverlawa945.web.app^
 ||domainserverlawa946.web.app^
 ||domainserverlawa947.web.app^
-||domainserverlawa948.web.app^
 ||domainserverlawa949.web.app^
 ||domainserverlawa95.web.app^
 ||domainserverlawa950.web.app^
-||domainserverlawa951.web.app^
 ||domainserverlawa952.web.app^
 ||domainserverlawa953.web.app^
 ||domainserverlawa954.web.app^
 ||domainserverlawa955.web.app^
-||domainserverlawa957.web.app^
 ||domainserverlawa958.web.app^
 ||domainserverlawa959.web.app^
 ||domainserverlawa96.web.app^
-||domainserverlawa960.web.app^
 ||domainserverlawa961.web.app^
 ||domainserverlawa962.web.app^
 ||domainserverlawa963.web.app^
 ||domainserverlawa964.web.app^
-||domainserverlawa965.web.app^
 ||domainserverlawa966.web.app^
 ||domainserverlawa967.web.app^
-||domainserverlawa968.web.app^
-||domainserverlawa969.web.app^
 ||domainserverlawa97.web.app^
 ||domainserverlawa970.web.app^
-||domainserverlawa971.web.app^
-||domainserverlawa972.web.app^
 ||domainserverlawa973.web.app^
 ||domainserverlawa974.web.app^
 ||domainserverlawa975.web.app^
 ||domainserverlawa976.web.app^
 ||domainserverlawa977.web.app^
-||domainserverlawa978.web.app^
 ||domainserverlawa979.web.app^
 ||domainserverlawa98.web.app^
 ||domainserverlawa980.web.app^
-||domainserverlawa981.web.app^
 ||domainserverlawa982.web.app^
-||domainserverlawa983.web.app^
 ||domainserverlawa984.web.app^
 ||domainserverlawa985.web.app^
 ||domainserverlawa986.web.app^
@@ -1789,14 +1610,11 @@
 ||domainserverlawa99.web.app^
 ||domainserverlawa990.web.app^
 ||domainserverlawa991.web.app^
-||domainserverlawa992.web.app^
 ||domainserverlawa993.web.app^
-||domainserverlawa994.web.app^
 ||domainserverlawa995.web.app^
 ||domainserverlawa996.web.app^
-||domainserverlawa997.web.app^
-||domainserverlawa998.web.app^
 ||domainserverlawa999.web.app^
+||donaidrsilcio.com^
 ||doooog.cn^
 ||dopeydog.co.nz^
 ||dorouscom.com^
@@ -1804,20 +1622,20 @@
 ||dowaba-s2dhl.blogspot.com^
 ||doz.tode.cz^
 ||dpasdasfasfasfas.pages.dev^
+||dpd-pl.566868.space^
 ||dpd-redelivery-uk.com^
 ||dpmasdaskj.pages.dev^
 ||dr-joannepeeler.com^
 ||dr3aq.byethost32.com^
+||dreamhacker.pro^
 ||dreamotion-jp.com^
 ||drivingschoolglasgow.co.uk^
 ||drmarciovaleriano.com.br^
-||dsadsadsa.diskstation.eu^
 ||dsgcbeonline.com^
+||dskedirekt.web.app^
 ||dsp2codemdp.t.justns.ru^
-||dswboot.cc^
 ||dtpprtmwbtudyquwgytcqcthzc-dot-gl44393333333.rj.r.appspot.com^
 ||dtrpsystasfasgas.pages.dev^
-||duanemanor.tk^
 ||dukhovnist.in.ua^
 ||durecorpperu.com^
 ||dwrat.andalous.org^
@@ -1831,7 +1649,6 @@
 ||e63q45f9h5fr.clickfunnels.com^
 ||eagleeyeapparel.com^
 ||earth01.info^
-||easy-webtdapp.com^
 ||easywalletfix.net^
 ||easywalletsfix.com^
 ||eba0200d0c.nxcli.net^
@@ -1840,15 +1657,12 @@
 ||eberhardtedwige.wixsite.com^
 ||ebuddynews.com^
 ||ec.snadc-oecddo.com^
-||ecloanmoney.com^
 ||ecogreenjanitorial.com^
 ||ecomcrew.staging.wpengine.com^
 ||ecosteelsolution.ro^
-||editpdfonline.tk^
 ||edje.com^
 ||edukickmexico.com^
 ||ee-sms.co.uk^
-||ee.mseocri.com^
 ||ee.scicemecod.com^
 ||efarms.com.ng^
 ||eharmonyservice.com^
@@ -1871,7 +1685,6 @@
 ||emsi-lobo.firebaseapp.com^
 ||en-template-solicito-16414253314897.onepage.website^
 ||enbolivia.com^
-||enchanting-guiltless-suede.glitch.me^
 ||encryptdrive.booogle.net^
 ||engcamp.org^
 ||enoman.fqzsdgtg.cn^
@@ -1897,20 +1710,18 @@
 ||eth.coinscout.cc^
 ||ethnictrendz.com^
 ||ets.jwr.pa-fakfak.go.id^
-||etwtny.cf^
 ||eucriomeumundo.com^
 ||eugnerally-wixsite-com.filesusr.com^
-||euraby.com^
 ||eusa-lombo.firebaseapp.com^
 ||evashoes.com.ua^
+||even-besar-banget.duckdns.org^
 ||even-ff-gratisterbaru2022.duckdns.org^
-||even-ff-terbarugratis2022.duckdns.org^
+||event-ff-bundle-baru.duckdns.org^
 ||event-freefire728.duckdns.org^
+||event-freeskkinmlbb.duckdns.org^
 ||event-garenafreefire263.duckdns.org^
-||event-skin-resmi-2022.duckdns.org^
-||eventclaimfreefiregratis2022.duckdns.org^
 ||eventclaimsff0.duckdns.org^
-||eventgarenafreefiremax2022.duckdns.org^
+||eventspinfreefire2022.duckdns.org^
 ||everestmotors.com.np^
 ||evo-revolutioncups.com^
 ||evolbithman.web.app^
@@ -1919,6 +1730,7 @@
 ||exchange-pancakeswaps.com^
 ||exchangedictionary.com^
 ||exodlus.net^
+||exodus-2022.com^
 ||exodus.com-wallet-signin.com^
 ||exodus.com-web-wallet-online.com^
 ||exodus.com.tccaponline.com^
@@ -1930,6 +1742,7 @@
 ||extracloud.com.au^
 ||ezblox.site^
 ||ezssausage.com^
+||f2f.co.jp^
 ||f6fr7.codesandbox.io^
 ||f9w1lned0ruqblxi6jahwotak.filesusr.com^
 ||faccebook.azurewebsites.net^
@@ -1944,7 +1757,10 @@
 ||facebook.com-zxsrf038k.isiolo.go.ke^
 ||facebook.eventspinff.wtf^
 ||facebook.kingstopup.com^
+||facebook.whcserverbox.com^
+||facebook8facebook.blogspot.com^
 ||facebookk.azurewebsites.net^
+||facebookphisher.herokuapp.com^
 ||facebooks.azurewebsites.net^
 ||faic.in^
 ||faizankhan0408.github.io^
@@ -1958,20 +1774,21 @@
 ||fax.gruppobiesse.it^
 ||fb-case-id-28031803-fcdc-48af.web.app^
 ||fb-pages.proteksion-help.workers.dev^
+||fb.10004682.review^
 ||fb.expressturkeyi.com^
 ||fb7927.bget.ru^
 ||fdasd.2e4jept.cn^
 ||fdhgf.xyz^
-||feceboolk.blogspot.com^
 ||federalaccesscredit.com^
 ||fedner.net^
 ||fer-brooks.top^
 ||feriadempleos.com^
 ||ferienhof-gempel.de^
 ||ff-anivesary225.duckdns.org^
+||ff-member-ganena.com^
 ||ff-membership-garena.com^
 ||ff-membershipz-garena.ga^
-||ff.membership.garenaj.vn^
+||ff.members.garera.vn^
 ||ffim-event-2022.duckdns.org^
 ||fghjr74rhudfguhtfguji.blogspot.com^
 ||fi.uy^
@@ -1980,7 +1797,6 @@
 ||fighting40s.com^
 ||fikir.id^
 ||fileundelete.net^
-||filmkenner.com^
 ||filtrosmil.com.br^
 ||finalfantasyguide.co.uk^
 ||finiiishingedgex.tk^
@@ -1995,13 +1811,14 @@
 ||fmwebapp.azurewebsites.net^
 ||foliar.pl^
 ||foma-ura-lote.firebaseapp.com^
+||foor1.com^
+||for-pakage-delevry.tragaroleary.com^
 ||foresta-mod.firebaseapp.com^
 ||forhimself9999.co.vu^
 ||formbuddy.com^
 ||forms.formium.io^
 ||formtools.com^
 ||forum-dofus.com.co^
-||foryour.gov-information.info^
 ||fpalpha.myportfolio.com^
 ||fpmaam.org^
 ||fr-europe564598-com.filesusr.com^
@@ -2014,6 +1831,7 @@
 ||freefireevent-codashop2022.duckdns.org^
 ||freeitemff-allreward.duckdns.org^
 ||freeliker.net^
+||freereward-ff.duckdns.org^
 ||frefire-membership-garena.sukienfreefire2021.top^
 ||freg-nine.pt^
 ||friendsofnechockey.com^
@@ -2029,21 +1847,22 @@
 ||ftx.cool^
 ||ftxbonus.site^
 ||funiswap.exchange^
+||furgonetka-1.pl^
 ||fusionrestobar.cl^
+||futurebits.in^
+||fwztmgr.cn^
 ||fxhalifax.com^
 ||fxxmpavktyihgyqitmuaimubui-dot-gl44393333333.rj.r.appspot.com^
 ||g-mtcc.com^
 ||g.greatsubstance.com.my^
 ||ga.teesmith.shop^
 ||gabrielamims.com^
-||gabung-grubnew1342.duckdns.org^
 ||gagaclinic.com^
 ||gakrvwufrvhxjaabezdbltlhff-dot-gl44393333333.rj.r.appspot.com^
 ||gallciaonllne.webcindario.com^
 ||garena-xacminhtaikhoan.com^
-||garenafreefire728.duckdns.org^
-||gastronomiarobertos.com^
 ||gasunige.mfs.gg^
+||gbunggrup-pmrsatu13.duckdns.org^
 ||gedfdfsd.eu^
 ||geg.li^
 ||generali-italia-ag.hrweb.it^
@@ -2069,7 +1888,6 @@
 ||golkondaresorts.com^
 ||goo-gl.me^
 ||good12345.tripod.com^
-||goofy-wozniak.192-210-226-164.plesk.page^
 ||gorol-cost.web.app^
 ||gorol-investor.web.app^
 ||gosafes.com^
@@ -2079,39 +1897,28 @@
 ||greekinfra.com^
 ||greenclasses.in^
 ||grosshandel-mevida.de^
-||group-mantap-seger.duckdns.org^
 ||group-wa-1.duckdns.org^
-||groupbkep-vral15.duckdns.org^
 ||groworldinternational.com^
 ||grp02.member.mycld-rakuten.info^
-||grub-sangex.wikaba.com^
-||grubgabung.duckdns.org^
 ||grubnatajadeh12.duckdns.org^
+||grubterbarukk037.duckdns.org^
 ||grubviralterbaru65c.duckdns.org^
-||grup-bokephot-terbaru2022.duckdns.org^
-||grup-bokepviral4.duckdns.org^
-||grup-dwsa-indomesia845.duckdns.org^
-||grup-viral-seleb.duckdns.org^
-||grup-viralbokep111.myftp.org^
-||grup-viralbokep2.ddns.net^
+||gruo-wa-okep-dewasa-2022.duckdns.org^
+||grup-bokep-terbaru555.duckdns.org^
 ||grup-whatsapp121.duckdns.org^
 ||grup-whatsappbokep1.duckdns.org^
 ||grup-whatsappbokep2.duckdns.org^
-||grupbokeppadacantik.duckdns.org^
+||grup2022ssx.duckdns.org^
 ||grupofsp.com.br^
 ||gruposanpio.com^
-||gruptiktok.wikaba.com^
-||grupviral-xx.duckdns.org^
-||grupviral109.duckdns.org^
-||grupviralterbaru.duckdns.org^
+||grupwhatsaap-viral-2022.duckdns.org^
 ||grupwhatsappnobar-2022.duckdns.org^
 ||gscommunityspirit.greenschool.org^
 ||gstsolutions.online^
+||gtw420.com^
 ||gunatanahku.perkimtan.sumbarprov.go.id^
 ||gurukanth.com^
 ||gwenet.org^
-||gyfnqyk.cn^
-||gymjaokhanakho.azurewebsites.net^
 ||habbocreditosparati.blogspot.com^
 ||haftteam.ir^
 ||hahdaeupdate.es.tl^
@@ -2128,19 +1935,18 @@
 ||haunlimited.org^
 ||hcnprdvz.azureedge.net^
 ||hdmediahub.club^
-||hdss-stream.org^
 ||heinthu1.github.io^
 ||hellenic-postbank.com^
-||helloparis.co.uk^
 ||help-account-bxsfe.ondigitalocean.app^
+||help-identity-recoveri-support-center.web.id^
 ||help-notice-center-identity-6532.web.id^
 ||help.insecur.saftyalert.workers.dev^
 ||help.validation-page.workers.dev^
+||helpingcentere.com^
 ||henan.vxim58i.cn^
 ||hermes.parcel-tracker.com^
 ||hetershaven.net^
 ||heuristic-gagarin.45-88-108-231.plesk.page^
-||hfemail.ntneancns.com^
 ||hgda.db0u4hs.cn^
 ||hgdaa.lfoxcct.cn^
 ||hghgda.erjl0hx.cn^
@@ -2155,18 +1961,15 @@
 ||hifly39091.top^
 ||hifly61215.top^
 ||hifly71191.top^
-||hikaheal.com^
 ||himalayansherpa.com.au^
 ||himbauane.blogspot.com^
 ||hitman71hd-wixsite-com.filesusr.com^
-||hjhjjhjhjh.pagedemo.co^
 ||hockian.com^
 ||holobeam.000webhostapp.com^
 ||home.ei1ns.de^
 ||home.myfairpoint.net^
 ||homepichilinea2.webcindario.com^
 ||homesinlogin.com^
-||homestaylongho.com^
 ||hostnix.net^
 ||hostpoint.ch.17a902ef.tcorner.fr^
 ||hotbrooks.com^
@@ -2179,6 +1982,7 @@
 ||hs-giveaways.ca^
 ||ht-cargo.com.vn^
 ||htlgroup.com.my^
+||httpcom-0d4tol437.isiolo.go.ke^
 ||httpeugnerally-wixsite-com.filesusr.com^
 ||https-scert-con04.xyz^
 ||https-scert-srv02.xyz^
@@ -2203,7 +2007,6 @@
 ||ialvkqkadlmcdltczoqpwoociz-dot-gl44393333333.rj.r.appspot.com^
 ||ibpm.ru^
 ||icloud-map-live.com^
-||icloudstatus.com.ng^
 ||icy.martulangbelulalng.workers.dev^
 ||idappswallets.com^
 ||identifiez-vous-avec-votre-compte.yolasite.com^
@@ -2216,7 +2019,6 @@
 ||ighk.umjlrs7uci2751.workers.dev^
 ||iipvit.by^
 ||ijcda.bukkats.cn^
-||ijeioqhawdqioqho.weebly.com^
 ||ijhca.0gb0h7z.cn^
 ||ijjd.h8nmtcc.cn^
 ||ijmna.p2y00vd.cn^
@@ -2227,23 +2029,25 @@
 ||ikcsa.ajiqvjf.cn^
 ||ikdff.jmo904i.cn^
 ||ikja.lbanwqp.cn^
+||ikjcd.p1z98hl.cn^
 ||ikjd.uk0xnp8.cn^
 ||ikjgd.rg6bzk7.cn^
 ||ikmcd.u4jdbxm.cn^
 ||ikmxaa.qcqxlrq.cn^
+||ilooksrare.com^
 ||iloveyourglasses.com^
 ||ilpconnect.org^
+||image-pict-ig.duckdns.org^
 ||imersao.impulseingles.com.br^
 ||imf0rm4t10nc3nt3r-1d3nt1tys.000webhostapp.com^
-||imi-ksa.jajainfo.net^
 ||imobiliaria-cardinali-com-br.blogspot.com^
 ||impostazionebper.000webhostapp.com^
 ||in.deraya.org^
-||inaueab.com^
 ||indo-viral2022.duckdns.org^
 ||info.lionnets.com^
 ||infohypesquad.com^
 ||infopichinchaweb.webcindario.com^
+||information.safeamazoncardweb.cyou^
 ||informations.recovery.confiryourpage.workers.dev^
 ||infos00001.temp.swtest.ru^
 ||infosecplace.com^
@@ -2256,16 +2060,16 @@
 ||innca.ol90k56.cn^
 ||innovasjon.as^
 ||inps-ep.com^
-||instagram-9.blogspot.com^
-||instagramhelpp.agency^
+||instahelppbaddge.ml^
 ||intellidata-analytica.com^
-||interbankempresahome.rankforever.com^
 ||interbankempresas.pe-il.ru^
+||interbankhomeweb.fullcircleteam.com^
 ||intern.unibas-com.ch^
 ||international-formulier.91-218-65-223.plesk.page^
 ||internetbanking-caixa-gov.xyz^
 ||internetbankinghelp.com^
 ||internetservicetech.com^
+||intesalife.ie^
 ||intexargentina.com.ar^
 ||inthewildproductions.com^
 ||intoli.ru^
@@ -2273,10 +2077,14 @@
 ||intranet.sztpe.info^
 ||investpl.work^
 ||iplogger.info^
+||iqwea.soxr0u1.cn^
 ||ironmantech.shop^
-||irs-gov.us-get-funds-assistance.com^
+||irs-gov-supportcenters.com^
+||irs.gov-coronavirus-pandemic-tax-refund-submission.com^
+||ise.com.ar^
 ||isfirsatibul.com^
 ||ismamorlin.my-place.us^
+||isntagranmeta.pagedemo.co^
 ||istudyalumni.com^
 ||it-europe564598-com.filesusr.com^
 ||it.melnikhotels.com^
@@ -2288,6 +2096,12 @@
 ||iujdas.yfwxlc9.cn^
 ||iuyydd.ebeg6uk.cn^
 ||j9w77d0.cn^
+||jacco.co.jp-service-tranid-0001-00001m.jtlctj.cn^
+||jacco.co.jp-service-tranid-0001-00001m.jxbehx.cn^
+||jacco.co.jp-service-tranid-0001-00001m.qyb59bk.cn^
+||jacco.co.jp-service-tranid-0001-00001m.v8vxqi.cn^
+||jacco.co.jp-service-tranid-0001-00001m.v9iasv.cn^
+||jacco.co.jp-service-tranid-0001-00001m.vjsj3y.cn^
 ||jacobliston.com^
 ||jadaart.org^
 ||jagex-rewards.com^
@@ -2299,31 +2113,31 @@
 ||jeanbaileyrobor.com^
 ||jendelajogja.com^
 ||jerinja.github.io^
-||jessicasproul.com^
 ||jetser-electrical-supply.business.site^
-||jetstoop.top^
 ||jett.gator.site^
 ||jflkp.csb.app^
 ||jfovukvysqnglcjghfxncklqih-dot-gl44393333333.rj.r.appspot.com^
 ||jhda.wfdyk9p.cn^
 ||jhdd.fjcslad.cn^
 ||jhff.93oe0u9.cn^
+||jhnd.0drhnjk.cn^
 ||jiwanramchemical.com^
 ||jjhcd.27ke98i.cn^
 ||jk99j.sbs^
-||jkhkjjkjk.pagedemo.co^
 ||jlogine.com^
+||jmcna.jiwayjc.cn^
+||jmfykd.cyou^
+||jncba.diiqsmm.cn^
 ||jnlope.tangguakrapekpuik.link^
 ||jnnc.grnxkoj.cn^
 ||job-type.com^
 ||jobs.job.com.bd^
 ||joecamera.net^
 ||john-ashley.de^
-||join-chat-whatssap-viral-2022.duckdns.org^
-||join-group-wa2022.duckdns.org^
-||join-grub-bokep-gratis.duckdns.org^
-||join-grubkienzy849.duckdns.org^
-||join-whatsapp-tante-hot18.duckdns.org^
+||join-group-1.duckdns.org^
+||join-gruo-waku282.duckdns.org^
+||joinedprice.com^
+||joingrupku183.duckdns.org^
 ||joingrupp-bkep156.duckdns.org^
 ||joingrupterbaru-0.duckdns.org^
 ||joinlinkviral729.duckdns.org^
@@ -2331,12 +2145,14 @@
 ||joinssgropssney6.duckdns.org^
 ||jow-japan.or.jp^
 ||joyeriajireh.com.mx^
-||jp-bnnk.japappoit.asdwb.xyz^
-||jp-bnnk.japappoit.asdwd.xyz^
+||jp-auid.com^
+||jp.mercari.omany.buzz^
 ||jptechdocsign.net^
 ||jrhayley.plus.com^
 ||juandfar.github.io^
+||jurisgeneral.com^
 ||jurlebedev.ru^
+||juscook.com^
 ||justgot.gonevis.com^
 ||justsayingbro.com^
 ||jvk.zultifarza.workers.dev^
@@ -2344,6 +2160,7 @@
 ||jz2bab.webwave.dev^
 ||k3ja6d.webwave.dev^
 ||kaamwalibais.co.in^
+||kachinas.be^
 ||kamdhenurealities.com^
 ||kargonova.com^
 ||kartaltepespor.com^
@@ -2355,9 +2172,11 @@
 ||kdlscaffolding.co.uk^
 ||kecc.com^
 ||kecmanijada.com^
+||kedai-gamers.com^
 ||keep-passw0rd-supp0rt20211129-0106.supp0rtaaqkadq2zgnizte3ltbly2etnge5yi05ntm3lty2yjcwyzywzdjhmwa.workers.dev^
 ||keepactive-8k98-l9k8-98j8-98j78u-d3d3-fr3d34d-2.pages.dev^
 ||keepboxactive-msoe3e3-osd2rrf432-d342f4-3f34e32edetferef.pages.dev^
+||kenanhusovic.com^
 ||kevinsmovingservice.com^
 ||kex81.sbs^
 ||key-drcp.com^
@@ -2381,12 +2200,12 @@
 ||konnect2kamadhenu.com^
 ||koteng.odoo.com^
 ||kr-bithumb.web.app^
-||kraftongame.net^
 ||krupije.com^
 ||krx887.com^
 ||ksschool.org.in^
 ||kuchkuchnights.com^
 ||kurortnoye.com.ua^
+||ky79.com^
 ||l-abe.com^
 ||l-q.in^
 ||lambdaweb.info^
@@ -2408,16 +2227,17 @@
 ||learningimpactmodel.com^
 ||leboncoiinlbc.000webhostapp.com^
 ||leboncoin.delivery01588.icu^
+||lefaf77683.temp.swtest.ru^
 ||lemeiesta.com^
 ||lenagruessdich.net^
 ||leroycu.ca^
+||letoptuswebmail-9b69f0.ingress-comporellon.easywp.com^
 ||lettertracing4kids.com^
 ||lexnotes.com.ng^
-||lg-bluebadgecenter.ml^
 ||lg-onecom-io.web.app^
 ||liberasrl.it^
 ||lihi3.cc^
-||linkcontract.tech^
+||linkgrupkakak-disini.duckdns.org^
 ||liongear.com^
 ||lirc.cep.edu.vn^
 ||little-frost-1a15.chrisc11004842.workers.dev^
@@ -2441,28 +2261,33 @@
 ||lloydsbank.secure-personal-device-login.com^
 ||lloyduk-newdevice-registered-online.com^
 ||llsckhuhskcamuqwbonsrhwpvk-dot-gl44393333333.rj.r.appspot.com^
+||lmbanang.pgryuangbtusngka.link^
 ||lnkd.dev^
 ||lnterbancape-lbk.com^
 ||lnterbank.pe.starneonsignsug.com^
+||local-postoffice-deliver.com^
 ||localwithg.com^
 ||lockpichincha.webcindario.com^
 ||loengregkuetngferu.live^
 ||lofon-add.firebaseapp.com^
 ||loftywallet.com^
+||logfuliz.web.app^
 ||login-a5x1ir9bkd0dfo9nrbe2akijf3ux35u2gard0djpitipusxxc8.website.yandexcloud.net^
 ||login-facebook18.webnode.page^
 ||login-live.com-s02.net^
 ||login-np6hh1hdf6csg7hcskopd44b7e7z4clqa8lput68g5abukevka.website.yandexcloud.net^
 ||login-postfinance.com^
+||login-singaporee.apply-now-online-digital.com^
 ||login.dbs.webdbslistinonline.com^
 ||login.privategold.uytrtyuhij987.gowithapex.com^
-||login.smbc.weddirecttop.com^
 ||logindhlaccess.dhlupdatelogin.workers.dev^
+||loginnewatt.weebly.com^
 ||logverify-df12e-verify-1230-eu.web.app^
 ||loinesports.com^
 ||lomadesarrollos.mx^
 ||lombard11.eu^
 ||lot-lp-x.web.app^
+||love.gos-box.com^
 ||lp.vp4.me^
 ||lrs.financial^
 ||lrs.foundation^
@@ -2482,13 +2307,10 @@
 ||m.recovery.safetyacount.workers.dev^
 ||m.recovery.saftypageupdate.workers.dev^
 ||m.salsomascard.top^
-||m4-appcaixia.com^
 ||m42club.com^
-||m5bundle.com^
 ||machineryzoneservice.com^
 ||macjakarta.com^
 ||macst.cc^
-||madamailru.temp.swtest.ru^
 ||madens.com.pl^
 ||madrhinoconsulting.com^
 ||maestro.my.prod.dfg152.ru^
@@ -2500,15 +2322,15 @@
 ||mail-gmxaktualisierung.yolasite.com^
 ||mail-ovhcloud.web.app^
 ||mail-ssocloud-srvr67yhguh.pages.dev^
+||mail.atlanticeconcrete.com^
 ||mail.enrollmoreclientsbootcamp.com^
-||mail.gov-taxid.completofyours.info^
-||mail.grup-dwsa-indomesia845.duckdns.org^
 ||mail.ims-fe.com^
+||mail.kenanhusovic.com^
 ||mail.kuttabalfatih.com^
 ||mail.santepluspharma.com^
 ||mail.sweetshopspecialtycoffee.com.au^
-||mail.tariqalaraimi.com^
 ||mail.updateinfo-billingo2.com^
+||mail.wellsfargous.duckdns.org^
 ||mail.wheel1factory.net^
 ||mail.zenstream.com^
 ||maildomaiincheck1.web.app^
@@ -2536,60 +2358,56 @@
 ||mailupdattee10.web.app^
 ||mailupdattee11.web.app^
 ||mailupdattee12.web.app^
-||mailupdattee13.web.app^
 ||mailupdattee14.web.app^
-||mailupdattee15.web.app^
 ||mailupdattee16.web.app^
 ||mailupdattee17.web.app^
-||mailupdattee18.web.app^
 ||mailupdattee19.web.app^
 ||mailupdattee20.web.app^
 ||mailupdattee21.web.app^
 ||mailupdattee22.web.app^
-||mailupdattee23.web.app^
 ||mailupdattee24.web.app^
 ||mailupdattee26.web.app^
 ||mailupdattee27.web.app^
 ||mailupdattee28.web.app^
 ||mailupdattee29.web.app^
-||mailupdattee32.web.app^
 ||mailupdattee34.web.app^
 ||mailupdattee35.web.app^
 ||mailupdattee40.web.app^
-||mailupdattee5.web.app^
 ||mailupdattee6.web.app^
 ||mailupdattee7.web.app^
 ||mailupdattee8.web.app^
-||mailupdattee9.web.app^
+||mainbugerrorfixing.com^
+||mainmobilerectify.live^
+||mainsbscrestore.com^
 ||maintoken.org^
-||mainwalletappconnect.com^
 ||makcts-go.ru^
 ||make-anon-keep-past.rvsla.workers.dev^
 ||mala-riba.com^
 ||malaprontaargentina.com.br^
 ||malehaenterprises.com^
 ||malukutenggarakab.go.id^
+||mamasitasont.blogspot.com^
 ||mandirilivinlinksystem.brizy.site^
-||mandirilivinlinksystem2.brizy.site^
 ||mandirilivinlinksystem3.brizy.site^
-||manthsedty.live^
 ||manualsync.com^
+||maotun.xyz^
 ||mapsa.com.pe^
+||marifilmines.ca^
 ||marinthe.poingaitongamlm.link^
 ||marketplace-axieinfinity.io^
 ||marketplace-axlelnfiniity.com^
 ||marketplace.facebook.com-1b6x8r3ep.isiolo.go.ke^
 ||marketplace.facebook.com-29ta3qbv.isiolo.go.ke^
 ||marketplace.facebook.com-hzup1bae.isiolo.go.ke^
+||marketplace.facebook.com-izkbuxmx.isiolo.go.ke^
 ||marketplace.facebook.com-kq1oh2ae.isiolo.go.ke^
+||marketplace.facebook.com-milt5ssm.isiolo.go.ke^
 ||marketplace.facebook.com-qze9zt75vm.isiolo.go.ke^
 ||marketplace.facebook.com-sauuvazpjo.isiolo.go.ke^
 ||marketplace.facebook.com-tyeuieb7.isiolo.go.ke^
 ||marketplace.facebook.com-wd5sulr0f5.isiolo.go.ke^
 ||marketplace.facebook.com-z1au8cxghl.isiolo.go.ke^
 ||marketplaceaxieinfiniity.com^
-||marmardian.co.vu^
-||marylkmatzenger.com^
 ||masdas0932.co.vu^
 ||masum.lawyer^
 ||match.lookatmynewphotos.com^
@@ -2617,22 +2435,28 @@
 ||mercariz.xyz^
 ||meremanovegabana.website2.me^
 ||mericarir.mbudeu.cn^
-||mericarir.mg0gbo1.cn^
+||mericarir.mednljn.cn^
 ||mericarir.mgeukpx.cn^
 ||mericarir.mglsffs.cn^
-||mericarir.mksydb.cn^
+||mericarir.mglxyul.cn^
+||mericarir.mhgqdtv.cn^
+||mericarir.mjrsrfo.cn^
 ||mericarir.mktbbr.cn^
+||mericarir.mkxbqnu.cn^
 ||mericarir.mlyffa.cn^
+||mericarir.mmsfzys.cn^
 ||mericarir.mnfjwy.cn^
 ||mericarir.mnheijt.cn^
-||mericarir.mrzcafk.cn^
 ||mericarir.msnygk.cn^
-||mericorci-logining.sfhs26r.lyb6srb.cn^
+||mericarir.mtlrnzu.cn^
+||mericarir.mukkwvc.cn^
+||mericarir.mxsoecl.cn^
 ||meriocori-logining.2y3uio.pyqbas.cn^
 ||mestertignseekjet4.blogspot.com^
 ||mestertignseekjet5.blogspot.com^
 ||mestertignseekjet6.blogspot.com^
 ||mestredaobra.com^
+||meta-support-centers.ml^
 ||metalurgicagiom.com.br^
 ||metamasc.club^
 ||metamask-connect.com^
@@ -2643,11 +2467,13 @@
 ||metamask.cam^
 ||metamask.io-php.com^
 ||metamask.kiwi^
+||metamask.loan^
 ||metamask.protocol-process.me^
 ||metamask.security-information.cc^
 ||metamask.social^
 ||metamask.wallets-reauth.net^
 ||metamaskdownloadandroid.xyz^
+||metamaskextension.xyz^
 ||metamassklogins-us.tumblr.com^
 ||metaversepadapp.com^
 ||meusabor.com.br^
@@ -2655,19 +2481,20 @@
 ||mfacebook.blogspot.lt^
 ||mfacebook.blogspot.rs^
 ||mgpskartarpur.com^
+||mgrandroyale.com^
 ||mibancocrece.com.co^
 ||micacd.elshov.com^
-||michaelxrandazzo.com^
 ||michiyado.com^
 ||microcav.square.site^
 ||microsoftonline.pages.dev^
 ||microsoftwebserver.mfs.gg^
 ||micuenta01.github.io^
+||midasbuy1st.com^
+||midsposc2.com^
 ||mijnics-actualisatie.185-236-231-64.plesk.page^
-||mikhali.com^
+||mikayelxhovakimyan.com^
 ||milanobet301.com^
 ||militarybikers.org^
-||minamikaga.or.jp^
 ||mingming20160152.github.io^
 ||miozpro.com^
 ||miracdoviz.com^
@@ -2697,16 +2524,17 @@
 ||mk2.ge^
 ||mkjiool.weebly.com^
 ||mnbxa.73kfer9.cn^
+||mnbxcas.zm7wwar.cn^
 ||mncxx.qbeepor.cn^
 ||mnnbx.r1rpj09.cn^
+||mnncxa.fwffsyt.cn^
 ||mobiile.systemredirect-pages.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link^
-||mobil-singaporre.digital-online-login-opportunity.com^
 ||mobile-orange-forever.yolasite.com^
 ||mobile-portail.live^
 ||mobile.hedgesportst.me^
-||moccasinyellowbetatest--josekkk.repl.co^
 ||moccasinyellowbetatest.josekkk.repl.co^
 ||modest-hertz.45-81-232-15.plesk.page^
+||moiksys.com^
 ||mon-token.com^
 ||mon.espace.lcl.fr.certosini.info^
 ||monbudri.xyz^
@@ -2721,6 +2549,7 @@
 ||monyeward.com^
 ||morcario.xyz^
 ||morfybox.com^
+||movil.particulares-secure.com^
 ||mqzlsim.mindlogicinfotech.com^
 ||mrpitchman.com^
 ||msc-doelsach.at^
@@ -2741,16 +2570,14 @@
 ||my.jcpwb.com^
 ||my.nhs-get-pass.com^
 ||my.paydi.login-index-home.x4typfc.cn^
-||my.paydi.logining-nexy-home.en6cnm.asia^
 ||my02billing-login.com^
-||myaccount.aol.wallat-billing.com.authlog.gq^
+||mybeii.live^
 ||mycoerver.es^
 ||mygoogleaccount.stantrade.xyz^
 ||myjcb.cyyptoi.cn^
 ||myjcb.thxpj.cn^
 ||mymbg-aa2e2.web.app^
 ||mymeta-securearea.plesk07.zap-webspace.com^
-||mymetamask-clientarea.185-236-231-227.plesk.page^
 ||mymweb-owner.at.ua^
 ||mypo-delivery.com^
 ||mypsm.psm.edu.mm^
@@ -2762,7 +2589,6 @@
 ||n-naoko-0319.github.io^
 ||n.salsomascard.top^
 ||n26.sa-france.fr^
-||n26servicetechnique.click^
 ||n7orton.com^
 ||nab-access-breach.com^
 ||nab-alert.mobi^
@@ -2770,7 +2596,6 @@
 ||naderkhani.ir^
 ||najboljeuslugezavas.betterservicesforyou.com^
 ||nalandaias.com^
-||nalodke.com.ua^
 ||nanjing.itud167.cn^
 ||napgamelienquan.net^
 ||naranja-users.auth0.com^
@@ -2785,8 +2610,10 @@
 ||nayablabs.com^
 ||nayameehomes.com^
 ||nbcc.0bit08a.cn^
+||nbcd.xiu58rl.cn^
 ||nbcvs.gd65y69.cn^
 ||nbcxa.lctlfdq.cn^
+||nbcxas.551awvr.cn^
 ||nbhjxa.hblhi96.cn^
 ||nbnonres.com^
 ||nbxaa.b1b6nac.cn^
@@ -2798,12 +2625,9 @@
 ||necessitymag.com^
 ||nedbankqa.flowblocks.com^
 ||nedriw.xyz^
-||neftlexi.com^
 ||negociebra.com.br^
 ||neptuneinnovations.com^
 ||netciti.id^
-||netf1ix.us-891691712-local-781652.airalgeriecanada.ca^
-||netfl-lixids938mailmealkas.duckdns.org^
 ||netflix-techarmy.me^
 ||netflixus-uwm-916726-sbi-917827.kamaliakhaddar.pk^
 ||networksol-f35e7.web.app^
@@ -2827,9 +2651,8 @@
 ||nhs.my-vaccine-status.com^
 ||niagarapower.com^
 ||nic-home.com^
-||nisuper.com^
 ||nizotchauffage.bilty.be^
-||nontonvidioviral2022nohoax.duckdns.org^
+||nodesconnection.com^
 ||northlane.esy.es^
 ||notife.help.institutepages.workers.dev^
 ||notification-fb.secure-pages.workers.dev^
@@ -2870,23 +2693,22 @@
 ||oijcd.qvjcddv.cn^
 ||oikca.smwceku.cn^
 ||oikcas.6b914ty.cn^
+||oikcd.uf27ce8.cn^
 ||oikcxa.zvvx01z.cn^
 ||oivac.com^
 ||okcs.qj8yua.cn^
 ||okds.bbtlcve.cn^
-||okep-terbaru-viral-2022.duckdns.org^
+||okep-viral-terbaru-terhist-2022.duckdns.org^
 ||okmca.8xcrn6w.cn^
 ||okmca.bxkfham.cn^
 ||okmca.uwudagu.cn^
 ||okmxa.lfgpror.cn^
 ||okpwtu.webwave.dev^
+||ol-run1.online^
 ||olidooo.waca.tw^
 ||olk.us7apye.cn^
 ||olmnxa.wc2ikux.cn^
-||olx-pay-pl.pay-id22343.top^
-||olx.saferegulatory.com^
 ||omesqiwines.de^
-||omicronvariat.pagedemo.co^
 ||oncopharma-ae.com^
 ||onecreator.info^
 ||onedrive.zhaoge.workers.dev^
@@ -2896,13 +2718,16 @@
 ||oneone-a38ef.web.app^
 ||online-sistem.com^
 ||onlineasesor01.hostfree.pw^
+||onlinebanking.unrecognised-new-payee.com^
 ||onlineffn2.temp.swtest.ru^
+||onlineislemlersayfasivkfgirisicom.tk^
+||onlinsfuco.temp.swtest.ru^
 ||onlysportplus.com^
 ||ooxvocalor.yolasite.com^
 ||opansea.live^
 ||open24.ie-tsb.email^
+||operationroofingllc3.com^
 ||opticabattilana.com.ar^
-||optika-anda.hr^
 ||ora-n.yolasite.com^
 ||orabu.it^
 ||orange-dcr.fr^
@@ -2913,11 +2738,8 @@
 ||orangeb191.temp.swtest.ru^
 ||orangess.contactin.bio^
 ||org-nr.yolasite.com^
-||orlen-inwe.web.app^
-||orlen-x.web.app^
 ||orlen.digital^
 ||ormantencs112.odoo.com^
-||oryxcaracalsecurity.com^
 ||osis.world^
 ||otomoto-h229.net^
 ||otomoto3452.com^
@@ -2926,6 +2748,7 @@
 ||ourgarden.us^
 ||outlook1541489.webcindario.com^
 ||outlookcom119.yolasite.com^
+||ouverturecompte.lbp-eer.fr^
 ||oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com^
 ||p1c.servleboncoinser.com^
 ||package2021.blogspot.ba^
@@ -2933,7 +2756,6 @@
 ||package2021.blogspot.com^
 ||page-restrict-case22456548.help^
 ||pages-1008009999700022199021.com^
-||pages-1008097555214021.com^
 ||pages-alert-facebook.ezyro.com^
 ||pages-community-standart-2022.co^
 ||pages-marvelous-project.webflow.io^
@@ -2942,11 +2764,11 @@
 ||pages.secure-accts.workers.dev^
 ||pagesdetectscopyrightpostingactivitiesreported.co.vu^
 ||pagos.sinpemovil.cr^
+||paidpapers.net^
 ||paleyeer.com^
 ||palmm.ps^
 ||pancaakesvap.com^
 ||pancake-sawp.com^
-||pancake.ellipsis.finance^
 ||pancake7wop.com^
 ||pancakesawpes.com^
 ||pancakesfinances.info^
@@ -2956,7 +2778,6 @@
 ||pancakeswap.multi-wallet.info^
 ||pancakeswap.salsasourcing.com^
 ||pancakeswapes.company^
-||pancakeswapex.com^
 ||pancakeswapexcgn.com^
 ||pancakeswapexch.com^
 ||pancakeswapexchage.com^
@@ -2964,17 +2785,15 @@
 ||pancakeswappshop.blogspot.com^
 ||pancaku-swap.com^
 ||pancalteswap.finance^
+||panccakesswap.org^
 ||panckaceswap.finance^
-||pancoke.com^
 ||pandaskin.ru.com^
 ||panelweb-4cae2.web.app^
 ||pankaceeswap.com^
 ||pankaceswapes.finance^
 ||pankakeswap.ledgity.com^
 ||pannelpub-benin.com^
-||pansccakeswap.finance^
 ||pantazisezopiiuurmail1.web.app^
-||pantekkalisakitkepalaku.blogspot.com^
 ||parcel-support018.com^
 ||pardot.assemblecommunities.com^
 ||pasarbta.info^
@@ -2985,6 +2804,7 @@
 ||patient-cell-40f5.updatedlogmylogin.workers.dev^
 ||patwise.co.in^
 ||paws.org.au^
+||paxfulacct.com^
 ||paxfulmenu.com^
 ||pay-sera.web.app^
 ||pay16-olx.pl^
@@ -2992,13 +2812,16 @@
 ||paypal-online-2deposits-paymentaccept.tk^
 ||paypal-opladen.be^
 ||paypalforex.co.ke^
+||pbemail.youxiangdashui.com^
 ||pdf-cloud-document.weeblysite.com^
 ||pdf-sharefile-doc.weeblysite.com^
 ||pdflogincnvwo.app.link^
 ||pdfsecured.mystrikingly.com^
 ||peaceful-black.193-70-50-31.plesk.page^
+||pedih.001www.com^
 ||pembatalanakundinonaktifkan.weebly.com^
 ||pencakecwap.com^
+||pensive-payne-505e1a.netlify.app^
 ||perfectliker.net^
 ||peringatanakunfb2k214.webnode.com^
 ||phantom-walletweb.app^
@@ -3024,7 +2847,8 @@
 ||pilmezorda.temp.swtest.ru^
 ||pinchinchaverify.webcindario.com^
 ||pirana.co.rs^
-||pl-swiatowe-wiadomosci.pl^
+||pkobp.pl.justns.ru^
+||pl-wiadomosciswiatowe.pl^
 ||pla1060604.nichost.ru^
 ||plan-o2-monthlypayments.com^
 ||planetaamor.org^
@@ -3033,8 +2857,6 @@
 ||playgirlgold.com^
 ||ploferta.com^
 ||plugmailextraexpiredoldpolicynotificationscenter.pages.dev^
-||plwiadomosciwszystkie.pl^
-||po-deliver-fees.com^
 ||po-service-page.com^
 ||poc-rewards-program-c2dfc.web.app^
 ||podpiska-darom.ru^
@@ -3051,6 +2873,7 @@
 ||polkadot-france.fr^
 ||polkastarter.app^
 ||polsd.pa0cpof.cn^
+||polska-informacyjna.pl^
 ||polxa.uh8dg67.cn^
 ||polygon-pro.com^
 ||polygon-secure.com^
@@ -3068,7 +2891,6 @@
 ||postechsuivre.ileanamlaw.com^
 ||postnl.post-tracking-delivery.etelinfra.com^
 ||poww.6hkjmb.cn^
-||ppkllp.com^
 ||ppnnttcc.ppcnthsc.me^
 ||precisionimpex.com^
 ||preg.dspearhead.com^
@@ -3085,11 +2907,13 @@
 ||primecentral.qiourn.shop^
 ||primeone.org^
 ||printtoner.com.mx^
+||prism.net.in^
 ||privacy-update-page-prtections-association-recovry-secu.web.id^
 ||privacy-update-secu-recovry-page-protection-4565544.web.id^
 ||privacy-update-secu-recovry-page-protection-comunity-45.web.id^
 ||priyankasandokar1606.github.io^
 ||pro.icloudremovaltool.com^
+||pro.systemine.xyz^
 ||procservautomatizacion.com^
 ||production.anon-rest-keep-reset.sales18130.workers.dev^
 ||production.anon-step-keep-object.sales18130.workers.dev^
@@ -3103,6 +2927,7 @@
 ||production.twilight-darkness-9e4b.updatelogaccountprogramedrfwerwrdhscsw.workers.dev^
 ||project1-df3e9.web.app^
 ||projectlovewell.com^
+||promashoppe.com^
 ||promehedinti.ro^
 ||promerica-sv.webcindario.com^
 ||promericalinea01.webcindario.com^
@@ -3111,8 +2936,6 @@
 ||prosxsiuser.myfreesites.net^
 ||prosys.poweredbygravit-e.co.uk^
 ||protect-4d56vca.surge.sh^
-||proteczzguuaaardzzzpagess.000webhostapp.com^
-||proteczzpagezzguarddzzz.000webhostapp.com^
 ||provodi.com^
 ||proximus-account.azurewebsites.net^
 ||ptxx.cc^
@@ -3132,13 +2955,13 @@
 ||qsh74pekkv5e8.clickfunnels.com^
 ||qssa.x5yrlr.cn^
 ||quinaroja.com^
+||quirky-jones.172-245-159-112.plesk.page^
 ||quotex-qx.com^
 ||qwas.nfi71vw.cn^
 ||qwea.wvhee0w.cn^
 ||qweas.hi5g95r.cn^
 ||qweas.p6rhddj.cn^
 ||qweas.zwfaclq.cn^
-||qxluatbght.cfolks.pl^
 ||r3c31v30n3-1d3nt1ty.000webhostapp.com^
 ||rabellartz.de^
 ||rabofree.blogspot.com^
@@ -3146,6 +2969,7 @@
 ||rackenfordlabs.com^
 ||racuten.nuef.info^
 ||radhikamd.github.io^
+||rafbbmx.ga^
 ||rafbbmx.ml^
 ||raipurrussianescorts.com^
 ||rakoten-card.buogfbizkugf.gq^
@@ -3156,17 +2980,12 @@
 ||rakuitan-card.info^
 ||rakuten.awjoadc.cn^
 ||rakuten.card.nuosreaoms.com^
-||rakuten.card.uosmcoua.com^
-||rakuthn.shop^
-||rakuttm.shop^
+||rakuten.co.jp.rakutenajp.xyz^
 ||ramgarhiamatrimonial.ca^
 ||rareelements.io^
-||rasmer.fi^
 ||ratewatch.net^
 ||raycargo.com^
 ||raydiom.io^
-||razcjjf.ga^
-||razcjjf.ml^
 ||rbcmontgomery.com^
 ||rd8um.app.link^
 ||rdirtfuo6t.vov.ru^
@@ -3175,9 +2994,9 @@
 ||real-anon-keep-passing-word.rvsla.workers.dev^
 ||realestate-page-10843446024.expresspestcontrol.co.nz^
 ||realindiatravel.com^
+||recibeya.tufacilmoneyonline.online^
 ||reconfirmpost287846656.us^
 ||recover-pages-media-problems-secur-782.web.id^
-||recover-pages-secur-media-problems-393.web.id^
 ||recover-pages-secur-media-problems-397.web.id^
 ||recovery-chain.com^
 ||recovery-fb.secure-acct.workers.dev^
@@ -3195,12 +3014,12 @@
 ||regularsweeps.xyz^
 ||reignbike.com^
 ||reikisadhna.com^
+||rekoution.bcszxcd.shop^
 ||relevant.systems^
 ||remittance369297292749.goshly.com^
 ||renovkonstruksi.com^
 ||repl-mess.myfreesites.net^
 ||restore.exodusapp.ru^
-||restoredabefore-com.filesusr.com^
 ||restorewallet-activation.net^
 ||retiro-extracash.com^
 ||retiro.cl^
@@ -3228,7 +3047,6 @@
 ||roisnoob.github.io^
 ||rokulinktechnology.com^
 ||rolinadd.surveysparrow.com^
-||romanceify.com^
 ||rondalowa.blogspot.com^
 ||rondelbarrilito.com^
 ||ronin-help.com^
@@ -3244,10 +3062,10 @@
 ||rrakutenn.co.jp.azii.cn^
 ||rrakutenn.co.jp.nanofresh.cn^
 ||rsujkblokqlyqfonpzgztejdji-dot-gl44393333333.rj.r.appspot.com^
-||rufoxxy.com^
 ||runescape-info.com^
+||runescapebonds.com^
+||runescapeevents.com^
 ||ruth.martulangbelulalng.workers.dev^
-||ryanicolehoward.com^
 ||rymproducciones.com^
 ||s-sarfati.co.il^
 ||s.macecri.com^
@@ -3272,7 +3090,6 @@
 ||sankyo-rz.com^
 ||sanru.cd^
 ||santander.secured-auth-login.com^
-||santanverifyfunction.com^
 ||santepluspharma.eclatmediasolution.website^
 ||santoshdangi.com.np^
 ||saritapariyar.com.np^
@@ -3294,16 +3111,16 @@
 ||secure-halifax-device.com^
 ||secure-mynew-devices.com^
 ||secure-runescape.xgm.rnp.mybluehost.me^
-||secure-service-gateway.com^
 ||secure-zirox.s3.ap-southeast-2.amazonaws.com^
 ||secure.legalmetric.com^
 ||secure.oldschool.com-cl.ru^
 ||secure.oldschool.com-cu.ru^
-||secure.oldschool.com-cv.ru^
 ||secure.oldschool.com-oz.ru^
 ||secure.oldschool.com-rsu.ru^
+||secure.runescape.com-ak.ru^
 ||secure.runescape.com-as.cz^
 ||secure.runescape.com-az.ru^
+||secure.runescape.com-ca.ru^
 ||secure.runescape.com-cl.ru^
 ||secure.runescape.com-co.ru^
 ||secure.runescape.com-cu.ru^
@@ -3316,13 +3133,13 @@
 ||secure300.inmotionhosting.com^
 ||secure303.inmotionhosting.com^
 ||secure55.webhostinghub.com^
-||secure7-servr01-log-in.4nmn.com^
-||securee37-authen21.duckdns.org^
+||secureaccount.ntflxauth.co^
 ||securegateway-ovhcloud.csl-sl.de^
 ||securelloyd-help-app.com^
+||securewalletprotocol.online^
 ||security-page-community-standards.blogspot.com^
 ||seguridad-oca.webcindario.com^
-||seleb-indo.duckdns.org^
+||seleccionperfil.xyz^
 ||selector26.gg^
 ||selector28.gg^
 ||sem.my-drs.co.uk^
@@ -3332,7 +3149,7 @@
 ||sergebubnin.space^
 ||sertyxese.myfreesites.net^
 ||server-networksolutions.web.app^
-||serverprotocols.com^
+||server221.security.coinbase.com.gdone.co.ke^
 ||servervalidationcheck103.web.app^
 ||servervalidationcheck104.web.app^
 ||servervalidationcheck105.web.app^
@@ -3387,7 +3204,6 @@
 ||servicepage.service-page.workers.dev^
 ||servicepichincha.webcindario.com^
 ||services.runescape.com-as.cz^
-||services.runescape.com-oc.ru^
 ||services.runescape.com-rse.ru^
 ||services.runescape.com-rsu.ru^
 ||servicesbancaire.com^
@@ -3415,6 +3231,7 @@
 ||sharelink.sn.am^
 ||shayvardphoto.ir^
 ||shinex.lk^
+||shippment2.temp.swtest.ru^
 ||shirhokos-mhalskbsiaoutfew43535.duckdns.org^
 ||shirtshanger.com^
 ||shiye666.cn^
@@ -3426,11 +3243,9 @@
 ||sign-trk.empressmd.com^
 ||signin-gcq7uwojrw58brcckylebjuy39nk2ivt65ol39k6ut6ura94zk.website.yandexcloud.net^
 ||signin-payeer.com^
-||signin.eday.ed.ws.eday.ispi.dll.signin.using.ssl.hors-stade.com^
-||silkroadwines.com^
 ||silpovsatb-ua.online^
 ||silverberrygroup.com^
-||sim0nt0k-viral-terbaru-2022.duckdns.org^
+||simonecamposshop.com.br^
 ||simpkk.karanganyarkab.go.id^
 ||sindarspen.org.br^
 ||siporados15585.blogspot.com^
@@ -3463,12 +3278,11 @@
 ||sleepmaskz.com^
 ||slickparties.com^
 ||slmkufeckf.jon-jensen.workers.dev^
-||slovenska-posta.sytes.net^
 ||slowlinebag.jp^
 ||sm.scicemecod.com^
 ||sm777.csb.app^
+||smartfixconnect.live^
 ||smbc-accout.com^
-||smbc-credit.shop^
 ||smbc-veaiana.com^
 ||smbcbc.com^
 ||smbccjp.shop^
@@ -3476,10 +3290,11 @@
 ||smbcwodeqingguoshoujicojp.top^
 ||smeo.org.mx^
 ||smgolamalif.github.io^
-||smirl.org^
 ||smkkesehatanjember.sch.id^
 ||smmsvocal.yolasite.com^
+||smpn2jeruklegi.sch.id^
 ||sms-check.sc-q.top^
+||sms-infos.d2tt.co^
 ||sms-shorter.com^
 ||smsbc-info5.com^
 ||smsenligne.myfreesites.net^
@@ -3487,6 +3302,7 @@
 ||smsorangesmsmessage.myfreesites.net^
 ||smss-mms.yolasite.com^
 ||smsverificationmms.myfreesites.net^
+||smvbc-info.com^
 ||smwam.coms.cso.gov.tt^
 ||so.macecri.com^
 ||soaringskiesrentals.com^
@@ -3499,7 +3315,6 @@
 ||solicitarfirmaelectronica-sv.com^
 ||solyanayakomnata.ru^
 ||sopac.org.py^
-||soracoes.xyz^
 ||souaxwaoh.myfreesites.net^
 ||soude-masi.firebaseapp.com^
 ||soufsont.blogspot.com^
@@ -3525,6 +3340,7 @@
 ||spk-entsperren.de^
 ||spk-jahreswechsel.com^
 ||spk-secure-de.com^
+||spkfod.coms.cso.gov.tt^
 ||sport.protected-secur.workers.dev^
 ||sportshoes.top^
 ||sportybetpremium.wapka.co^
@@ -3541,8 +3357,10 @@
 ||ssl.dsl.isl.mll.aqmst6.stockestan.ir^
 ||sso-garena.com^
 ||sswebmail-4w5twsr.web.app^
+||staffportal.uoz.edu.krd^
 ||stage.vannaryfowler.com^
 ||staging.eliteautomotive.com.au^
+||standardcapbnk.com^
 ||standardupdatesupportandhelpcenter2021.ga^
 ||starforsure.com^
 ||starliker.net^
@@ -3552,11 +3370,10 @@
 ||static-dev.o2alerts.com^
 ||static-promote.weebly.com^
 ||status-dev.o2alerts.com^
-||stbkcoltria.atwebpages.com^
 ||stclarechurch.net^
 ||steamcommunites.com^
 ||steamcommunitj.com^
-||steamnitrof.com^
+||steamcommunityk.com^
 ||steampoweredtrade.org^
 ||steampoweredtrades.org^
 ||stevemadden-sverige.com^
@@ -3572,6 +3389,7 @@
 ||stjudes.in^
 ||stolizaparketa.ru^
 ||stollgroup.coms.cso.gov.tt^
+||stomkinscommercial.com.aus.cso.gov.tt^
 ||storage.yandexcloud.net^
 ||storenike365.top^
 ||studio-lol.com^
@@ -3586,13 +3404,11 @@
 ||sukien-pubgmoblevng.ga^
 ||sultan-raza.github.io^
 ||sumpandtankcleaners.in^
-||sunami.pagedemo.co^
 ||sunbeltmembers.com^
 ||sunge-ode.firebaseapp.com^
 ||sunshineteam.in^
 ||super-dawn-3035.ddahluwalia.workers.dev^
 ||supermilhas.com^
-||suportecxacesso2020.com^
 ||supotsstunes.servehttp.com^
 ||suppliers.bitshepherd.org^
 ||support-auwebaccessjpnaikpanggung.com^
@@ -3624,6 +3440,7 @@
 ||system-fassil-net-2-3242353453453--12344443.repl.co^
 ||t0nline0de0login-001-site1.itempurl.com^
 ||taher-mohamed-ahmed-saad.github.io^
+||take-free-2022.duckdns.org^
 ||taoistw345ie.co^
 ||tarik-fitness.com^
 ||taxcare.page.link^
@@ -3645,11 +3462,13 @@
 ||templat65sldh.myfreesites.net^
 ||temporary-url.com^
 ||terpelsicumple.com^
-||terracontiles.com^
+||tesladrive-event.com^
 ||test.bayoucitybadges.org^
 ||test.bitflye87.com^
 ||test.dxbproductions.com^
+||test.myshopclub.ru^
 ||test.webclient4.de^
+||testing-domain.duckdns.org^
 ||texasfreedomrun.com^
 ||tgpafasfsakkk.pages.dev^
 ||theaceofspaeder.com^
@@ -3671,8 +3490,6 @@
 ||tighi.creatorlink.net^
 ||tight-samiuboc.co^
 ||tikitaps.com^
-||tinhtrangdon.com^
-||tinyurl.mobi^
 ||tipografieonline.ro^
 ||tirozhjewelry.com^
 ||titelinedrillingintl.yolasite.com^
@@ -3691,7 +3508,6 @@
 ||torccolborrachas.blogspot.com^
 ||torrinwine.com^
 ||touchidea.top^
-||touronline2022.com^
 ||tovowhuqeojweawmubmaqmqlv.hofferflow.icu^
 ||tpayleboncoin.com^
 ||traders-joesxyz.com^
@@ -3702,23 +3518,18 @@
 ||tribratanewsbondowoso.com^
 ||tribunbalikpapan.com^
 ||truegrip.com^
-||trust-wallet.com.cn^
 ||trustinpichincha.webcindario.com^
 ||trustpress.gr^
 ||trustypichincha.webcindario.com^
-||ts3cacd.jhfshm.com^
 ||ts3cacd.rzjxbv.com^
 ||turntekcnc.com^
-||twoje-zdjecia-622.herokuapp.com^
 ||tx.vc^
 ||txwnmdsbqghviqxpglgzjrgbzv-dot-gl44393333333.rj.r.appspot.com^
 ||typedream.site^
 ||typesmartlyocr.com^
 ||tyrecentre.ru^
 ||u08qv44zu5h.typeform.com^
-||u1571226.cp.regruhosting.ru^
-||u1571630.cp.regruhosting.ru^
-||u1571652.cp.regruhosting.ru^
+||u1565723.plsk.regruhosting.ru^
 ||u18741649.ct.sendgrid.net^
 ||u827857uw6.ha004.t.justns.ru^
 ||uabaiieo.com^
@@ -3741,7 +3552,6 @@
 ||uhnxa.d23xsru.cn^
 ||uhnxa.q83itv9.cn^
 ||uhnxas.rvw56l.cn^
-||uiuui.pagedemo.co^
 ||ujcd.um2nlru.cn^
 ||ujdaa.fn3m4en.cn^
 ||ujds.5e8tn13.cn^
@@ -3762,6 +3572,7 @@
 ||ujnca.zgbo0g.cn^
 ||ujncd.kzi68ra.cn^
 ||ujncd.lw2djbm.cn^
+||ujnxas.vj135ih.cn^
 ||ukcare.in^
 ||umbrellaclubla.com^
 ||unam.myfreesites.net^
@@ -3772,9 +3583,8 @@
 ||unicreditaustria.ucs.info^
 ||unifacema.edu.br^
 ||unifacvest.net^
-||unillantas.com.sv^
+||unifiedsmartsync.live^
 ||unionheightsresidental.com^
-||unipo-a.web.app^
 ||unisons.store^
 ||unisonsouthayr.org.uk^
 ||uniswap.ch^
@@ -3784,7 +3594,6 @@
 ||uniswap.seal.finance^
 ||uniswap.token.im^
 ||uniswap.trading^
-||uniswap.vn^
 ||uniswapfinancing.info^
 ||uniswaps.net^
 ||unitedalliance-online.000webhostapp.com^
@@ -3795,24 +3604,21 @@
 ||unpocodearte.cl^
 ||unregpayee-lb.com^
 ||unsub.listhandlr.com^
-||upbeat-dhawan.179-43-173-14.plesk.page^
 ||updateinfo-billingo2.com^
+||updatemy.software^
 ||updateseason.com^
 ||updatestory2022.co.vu^
 ||updatevoda-billing.com^
 ||upgrade-25gb-email.thecornerstudio.com.au^
 ||upgradedserver.online^
-||upgradingattonlinee.weebly.com^
 ||uploadpichincha.webcindario.com^
 ||uploads.codesandbox.io^
-||upnew.site^
 ||uppledpichincha.webcindario.com^
 ||urbenorte.com^
 ||urgent-halifaxlogin.com^
 ||userboitevocalweb.flazio.com^
 ||userinformationstoreupdatesmail.pages.dev^
 ||usfn.net^
-||uspsconfirm.iconoomikert.com^
 ||uspsexpressdeliveryline.com^
 ||uswowgame.net^
 ||uueer.7jgy5xe.cn^
@@ -3822,6 +3628,7 @@
 ||uyqw.dykowec.cn^
 ||uz154.sbs^
 ||v.macecri.com^
+||v3r1f1c4t10ns-1d3nt1tys.000webhostapp.com^
 ||v3r1f1c4t10ns-c3nt3rp4g3.000webhostapp.com^
 ||vaccine-status-info.com^
 ||vakif.albay-arnold.com^
@@ -3829,45 +3636,45 @@
 ||valenciaoptometry.com^
 ||valenteplay.com.br^
 ||validacionpichincha.odoo.com^
+||validate-chain.com^
 ||validate-solana.com^
 ||validator-fzkiy.run-us-west2.goorm.io^
 ||vallion.motiffliterature.me^
 ||vcz.gmoqkzu.cn^
 ||velvish.com^
 ||ventas.lnterbarnk.pe.jifad.org^
-||verfybadgeappform.com^
 ||veri-pichincha.webcindario.com^
-||verificaciondeprioridad.com^
 ||verification-trustwallet.4bl-eg.com^
 ||verification.fb-page.workers.dev^
 ||verificationmessage.blob.core.windows.net^
+||verifications-zones.com^
 ||verififacebookid.wixsite.com^
 ||verifiikasi-accounts.weebly.com^
 ||verifikasi-akun-anda0011.weeblysite.com^
 ||verifikasi-akun-facebook0022.weeblysite.com^
 ||verifikasi-identitas47.weebly.com^
 ||verifocaoffa.webcindario.com^
+||verifymywallets.com^
 ||vgiuhkjnm.b9u6vh5l7g1797.workers.dev^
 ||victorarath99.github.io^
 ||videobigo.com^
 ||vietlime.vn^
 ||vietschi.de^
 ||viettel-com-dot-c2c01-531c7.uc.r.appspot.com^
-||vigortech.com.np^
+||vigilant-murdock.45-81-232-15.plesk.page^
 ||viguohilkasdsd.izwe6g6lyc.workers.dev^
 ||vilaanimalviana.pt^
 ||vinbpcfatfnkjftetwwkucfqsi-dot-gl44393333333.rj.r.appspot.com^
 ||vinivet.mk^
 ||vipfbtools.com^
-||vipprofessional.net^
 ||viral-groub.duckdns.org^
 ||virginia-spi.com^
 ||virtual1dattss.com^
 ||vis-stort.github.io^
-||visa-band.com^
 ||vishaljangale01.github.io^
 ||visione.co.id^
 ||visionproperty.in^
+||vk-money.xyz^
 ||vk-posters.ru^
 ||vk-vhods.co^
 ||vkjbm.4nt4nb464e6113.workers.dev^
@@ -3886,25 +3693,30 @@
 ||vv.macecri.com^
 ||vvjde0h0ttttf9hay.com^
 ||vvpaes-me-index.egvtpp.cn^
+||vws.co.in^
+||vxcas.a35570.cn^
 ||vxdse.myfreesites.net^
 ||w2.deraya.org^
 ||w5aproject.s3.us-east.cloud-object-storage.appdomain.cloud^
-||w5czf.csb.app^
 ||wahed-koudsi2001.github.io^
 ||walkers-dot-composite-store-326315.uk.r.appspot.com^
 ||wallcertifyonmesh.com^
 ||walldesign.com.tr^
 ||wallet-connect012.web.app^
 ||wallet-reconnection.xyz^
+||wallet-verified.com^
 ||wallet.silesiacoin.com^
 ||wallet22.000webhostapp.com^
+||walletconnect-tool.net^
+||walletconnect-tools.xyz^
 ||walletconnectonline.pages.dev^
 ||walletconnectors.com^
 ||walleterrorsupport.com^
+||walletokenvalidation.com^
+||walletsconect.live^
 ||walletsconnex.com^
 ||walletsliveconnects.net^
 ||walletsreauth.org^
-||walletsvalidator.org^
 ||walletsynclive.com^
 ||walletvalidation.me^
 ||walletvalidators.com^
@@ -3920,6 +3732,7 @@
 ||warningshadows.org^
 ||warsa.bandungkab.go.id^
 ||wasites.000webhostapp.com^
+||waterproofingengineer.com^
 ||we-exodus-wallet.yahoosites.com^
 ||web-armas.royale-freefire1garena-bonus.com^
 ||web-b4119.web.app^
@@ -3937,13 +3750,15 @@
 ||web-verifi06.webcindario.com^
 ||web.bredbanque.trans.sylog.co^
 ||web.royale-freefire1garena-bonus.com^
-||web7320.web07.bero-webspace.de^
 ||webbbb.yolasite.com^
 ||webbl.yolasite.com^
+||webdappsconnection.com^
 ||webdatamltrainingdiag842.blob.core.windows.net^
 ||webdesecure.clickfunnels.com^
+||webhost-verify.duckdns.org^
 ||webip.yolasite.com^
 ||webmail-2aaa0.web.app^
+||webmail-optusnet-com-au-sign1.weebly.com^
 ||webmail-sso8uyg.web.app^
 ||webmail.gourmer.co.in^
 ||webmail.login.access.docs67.live^
@@ -3953,20 +3768,17 @@
 ||webregular.xyz^
 ||webservice-verify.duckdns.org^
 ||websitefun.club^
-||websiteorange.wixsite.com^
 ||webstories.eu^
 ||webvalidity.com^
 ||well-42d74.web.app^
-||wellsfargo-online06.herokuapp.com^
-||weryfikacja-facebookowa-27.herokuapp.com^
 ||weryfikacja-facebookowa-28.herokuapp.com^
 ||weteachbh.com^
 ||whare.100webspace.net^
+||whatsapp-grub99zyc.duckdns.org^
 ||wheelsofmercy.org^
 ||whitelist-network.com^
 ||widadkamillah.github.io^
 ||wiki.oceanreeflifegame.com^
-||wildcard.isiolo.go.ke^
 ||windstream-net.firebaseapp.com^
 ||winville.biz^
 ||wireconfirmation68c10a25442a3e13.blogspot.com^
@@ -3983,12 +3795,15 @@
 ||wqass-index.chobqu.cn^
 ||wqass-index.dccigq.cn^
 ||wqass-index.gbswz.cn^
-||wqass-index.jeewiki.cn^
 ||wqass-index.pygbw.cn^
 ||wrww-roblox.com^
+||wsertyzx.gq^
 ||wteeoq.pfinanceiro.com.de^
+||ww.lnterbank.pe.personas.aaseguros.mx^
 ||ww.lnterbank.pe.personas.onlinesocket.in^
+||ww.lnterbank.pe.personas.t-class.org^
 ||ww16.inpost-pl-3dsecure.clear-id.xyz^
+||wwedealershipon.000webhostapp.com^
 ||www-cursosdigitalesmx-com.filesusr.com^
 ||www-degelyehuda-org-il.filesusr.com^
 ||www-europe564598-com.filesusr.com^
@@ -3996,10 +3811,9 @@
 ||www-key-com.test.edgekey.net^
 ||www-mufg-jp.handicraft.ltd^
 ||www-mufg-jp.kaiqi.ink^
-||www-wattsapcom.duckdns.org^
+||www.facebook.com-sauuvazpjo.isiolo.go.ke^
 ||www2.rakutan.co.jploginffd9dfg7.carwork.cn^
 ||www2.rakutan.co.jploginffd9dfg7h.iotbaas.cn^
-||www2.rakutan.co.jploginvcx8ds.nanoart.cn^
 ||www2.rakuten-card.co.jp.wzsrc.cn^
 ||www2.rakutenn.co.jp.nanopark.cn^
 ||www2.rakutenn.co.jp.zgyo.cn^
@@ -4011,6 +3825,7 @@
 ||xcas.xoh29oz.cn^
 ||xcasd.7vo6bt.cn^
 ||xcasd.b204uje.cn^
+||xcasd.tcbjnhq.cn^
 ||xcasd.yikn2gd.cn^
 ||xcryptocars.blogspot.com^
 ||xcvdsd.page.link^
@@ -4029,10 +3844,10 @@
 ||xjpyyds.pem4yp3.cn^
 ||xkljfg.ml^
 ||xn--gmal-sya.com^
-||xn--instagam-sf0d.com^
 ||xn--ltappen-80a.se^
 ||xn--metamsk-lwa.link^
 ||xn--rpondeur-sfr2-bhb.yolasite.com^
+||xpubgfrozen.tk^
 ||xqr3i.mjt.lu^
 ||xqr3n.mjt.lu^
 ||xqr3u.mjt.lu^
@@ -4041,14 +3856,16 @@
 ||xrxh2.mjt.lu^
 ||xrxhl.mjt.lu^
 ||xsbrookshhjx.top^
+||xspin.cawnibos.com^
 ||xtio.ch^
 ||xtw42.mjt.lu^
+||xvideokoreanwifesister18.duckdns.org^
 ||xx.macecri.com^
 ||xxaas.tp00jv9.cn^
 ||xxasd.sf29hrg.cn^
 ||xxx-com-dot-c2c01-531c7.uc.r.appspot.com^
-||xyproject.xtensio.com^
 ||xzasd.uz64g3.cn^
+||yahoo%2eco%2ejp@asdxa.p2x11pi.cn^
 ||yahoo%2eco%2ejp@bghgcd.psuxscm.cn^
 ||yahoo%2eco%2ejp@bhgxa.eo76sni.cn^
 ||yahoo%2eco%2ejp@cdas.nxzigco.cn^
@@ -4070,12 +3887,11 @@
 ||yahoo%2eco%2ejp@uyhnxx.urpzkva.cn^
 ||yahoo%2eco%2ejp@zxas.2nd0g8.cn^
 ||yahoo%2eco%2ejp@zxass.jbkyj0o.cn^
-||yahoopoweredservice.duckdns.org^
 ||yahuomall.square.site^
 ||yairix.github.io^
 ||yalena.me^
+||yandex-viral.duckdns.org^
 ||yaqoobi.org^
-||yaranfayez.com^
 ||yayanti.com^
 ||ybdaa.oqsgm9r.cn^
 ||ybggd.fjgjoux.cn^
@@ -4095,11 +3911,13 @@
 ||ynbgdc.woprkzp.cn^
 ||ynbxa.pvgulkz.cn^
 ||yndda.m117s1s.cn^
+||yo7ka-anna.com^
 ||yogeshwarwiremesh.com^
 ||youknowar.com^
 ||young-snow-7447.tcheviron5269.workers.dev^
 ||youreasygoing2022.co.vu^
 ||yqlpeitost.duckdns.org^
+||ytdjhstej.tk^
 ||yuhjjkss.web.app^
 ||yumpai.cn^
 ||z.macecri.com^
@@ -4107,10 +3925,12 @@
 ||z0massegurabclp1.shreeramwoodindustries.com^
 ||z2qje.codesandbox.io^
 ||z3voicrxxvs.typeform.com^
+||zacharytlasko.com^
 ||zackselectronics.co.zw^
 ||zaktualizacja-platnosci.netfxtv.co.pl^
 ||zasd.yhxmd30.cn^
 ||zb2-home.web.app^
+||zen-minsky-ef5931.netlify.app^
 ||zenvinyl.com^
 ||zepe.io^
 ||zeroquiz.com^
@@ -4123,10 +3943,8 @@
 ||zmpcoado.cyou^
 ||zoho-online.web.app^
 ||zoho-validationserv.web.app^
-||zonalnterbank.com^
 ||zonmca.hxljatvw.cn^
 ||zshrvvo.cn^
-||zuiunsya.com^
 ||zxas.2nd0g8.cn^
 ||zxas.hs0rgq8.cn^
 ||zxass.jbkyj0o.cn^
@@ -4135,6 +3953,5 @@
 ||zxcnash.seufhsk.cn^
 ||zxcod.01l241.cn^
 ||zxcuashs.e0n0gh5.cn^
-||zxdlbny.cn^
 ||zxnahs.3cze6ri.cn^
 ||zz.macecri.com^
diff --git a/dist/phishing-filter-bind.conf b/dist/phishing-filter-bind.conf
index 48453153..0a7d71cb 100644
--- a/dist/phishing-filter-bind.conf
+++ b/dist/phishing-filter-bind.conf
@@ -1,5 +1,5 @@
 # Title: Phishing Domains BIND Blocklist
-# Updated: Sun, 16 Jan 2022 12:01:44 +0000
+# Updated: Mon, 17 Jan 2022 00:01:35 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/phishing-filter
 # License: https://gitlab.com/curben/phishing-filter#license
@@ -13,9 +13,6 @@ zone "00oeady.cn" { type master; notify no; file "null.zone.file"; };
 zone "02-billing-support.org" { type master; notify no; file "null.zone.file"; };
 zone "08863299.sso-secure-mail0454etr.pages.dev" { type master; notify no; file "null.zone.file"; };
 zone "0bs.de" { type master; notify no; file "null.zone.file"; };
-zone "0gjvj7a8eydbjz3au8anbg-on.drv.tw" { type master; notify no; file "null.zone.file"; };
-zone "1000000000347789523698541.tk" { type master; notify no; file "null.zone.file"; };
-zone "1000000000347789523698545.tk" { type master; notify no; file "null.zone.file"; };
 zone "1000000000347789523698546.tk" { type master; notify no; file "null.zone.file"; };
 zone "1000000000347789523698547.tk" { type master; notify no; file "null.zone.file"; };
 zone "109edc5b.ssdtfgyb09.pages.dev" { type master; notify no; file "null.zone.file"; };
@@ -25,6 +22,7 @@ zone "149-210-143-165.colo.transip.net" { type master; notify no; file "null.zon
 zone "15004083383734.data-store-company.com" { type master; notify no; file "null.zone.file"; };
 zone "154.30.211.130.bc.googleusercontent.com" { type master; notify no; file "null.zone.file"; };
 zone "16park.cn" { type master; notify no; file "null.zone.file"; };
+zone "1727365.com" { type master; notify no; file "null.zone.file"; };
 zone "178.128.108.233.dsl.dyn.forthnet.gr" { type master; notify no; file "null.zone.file"; };
 zone "1800poolservice.com" { type master; notify no; file "null.zone.file"; };
 zone "185-46-10-159.cloudvps.regruhosting.ru" { type master; notify no; file "null.zone.file"; };
@@ -39,7 +37,6 @@ zone "2022-exodus.com" { type master; notify no; file "null.zone.file"; };
 zone "2022-girobanken-sparkassen.xyz" { type master; notify no; file "null.zone.file"; };
 zone "2022.intrebrkprsonas.xyz" { type master; notify no; file "null.zone.file"; };
 zone "217651.8b.io" { type master; notify no; file "null.zone.file"; };
-zone "2247317.verifyinguser426128734570198363.com" { type master; notify no; file "null.zone.file"; };
 zone "228.94.92.rev.sfr.net.gghost.ru" { type master; notify no; file "null.zone.file"; };
 zone "24611250.sibforms.com" { type master; notify no; file "null.zone.file"; };
 zone "2482689012.yolasite.com" { type master; notify no; file "null.zone.file"; };
@@ -48,12 +45,16 @@ zone "2ex2cfu.cn" { type master; notify no; file "null.zone.file"; };
 zone "2fa.bthei.com" { type master; notify no; file "null.zone.file"; };
 zone "2pil.ru" { type master; notify no; file "null.zone.file"; };
 zone "2rakuten.co.jp.happyyear.cn" { type master; notify no; file "null.zone.file"; };
+zone "2yfh.short.gy" { type master; notify no; file "null.zone.file"; };
 zone "3-139-75-158.cprapid.com" { type master; notify no; file "null.zone.file"; };
 zone "343i.org" { type master; notify no; file "null.zone.file"; };
 zone "343t3dv9qdufp.clickfunnels.com" { type master; notify no; file "null.zone.file"; };
 zone "3568365.com" { type master; notify no; file "null.zone.file"; };
+zone "365unfreezesecurity.com" { type master; notify no; file "null.zone.file"; };
+zone "3782365.com" { type master; notify no; file "null.zone.file"; };
 zone "3a10a178.s6t6sj4s46tu4sys54y5.pages.dev" { type master; notify no; file "null.zone.file"; };
 zone "3bvjh.sbs" { type master; notify no; file "null.zone.file"; };
+zone "3c5.com" { type master; notify no; file "null.zone.file"; };
 zone "3ck.me" { type master; notify no; file "null.zone.file"; };
 zone "3dprintersupplies.com.au" { type master; notify no; file "null.zone.file"; };
 zone "3dsecure-update-service-info-live.duckdns.org" { type master; notify no; file "null.zone.file"; };
@@ -77,18 +78,19 @@ zone "5e841ae2.srvr-cloudmail-srvr6765e7tg.pages.dev" { type master; notify no;
 zone "613707.selcdn.ru" { type master; notify no; file "null.zone.file"; };
 zone "61da8ae6.6u6566hrrthsh45.pages.dev" { type master; notify no; file "null.zone.file"; };
 zone "638ca12d-ba2f-451c-8418-faf56b7de7ff.htmlcomponentservice.com" { type master; notify no; file "null.zone.file"; };
-zone "65451440241544.hyperphp.com" { type master; notify no; file "null.zone.file"; };
-zone "664876.verifyinguser426128734570198363.com" { type master; notify no; file "null.zone.file"; };
+zone "6734365.com" { type master; notify no; file "null.zone.file"; };
 zone "67lksxgjd.bttmassage-thai-tanger.com" { type master; notify no; file "null.zone.file"; };
 zone "6a7zu9he6mqh.clickfunnels.com" { type master; notify no; file "null.zone.file"; };
 zone "6c7f0acc.sibforms.com" { type master; notify no; file "null.zone.file"; };
+zone "6stupefacentevideo2022.pagedemo.co" { type master; notify no; file "null.zone.file"; };
+zone "754675377.xyz" { type master; notify no; file "null.zone.file"; };
 zone "7837365.com" { type master; notify no; file "null.zone.file"; };
 zone "7a4298b9.sso-mail-secure234ds23d23wd1.pages.dev" { type master; notify no; file "null.zone.file"; };
 zone "7wr4u.csb.app" { type master; notify no; file "null.zone.file"; };
 zone "7yu3v.csb.app" { type master; notify no; file "null.zone.file"; };
-zone "8010361370310234068010361370310234.blogspot.be" { type master; notify no; file "null.zone.file"; };
 zone "859411.icu" { type master; notify no; file "null.zone.file"; };
 zone "8760365.com" { type master; notify no; file "null.zone.file"; };
+zone "885211.icu" { type master; notify no; file "null.zone.file"; };
 zone "889381.icu" { type master; notify no; file "null.zone.file"; };
 zone "8899.jp" { type master; notify no; file "null.zone.file"; };
 zone "89ix7y0.cn" { type master; notify no; file "null.zone.file"; };
@@ -116,15 +118,18 @@ zone "absaonline2021.website2.me" { type master; notify no; file "null.zone.file
 zone "absolute-containers-sip.business.site" { type master; notify no; file "null.zone.file"; };
 zone "absolutepleasure.com.my" { type master; notify no; file "null.zone.file"; };
 zone "acacia.webdevonline.net" { type master; notify no; file "null.zone.file"; };
+zone "account-recovery.org" { type master; notify no; file "null.zone.file"; };
 zone "account.herephyshy.info" { type master; notify no; file "null.zone.file"; };
 zone "account.verifications.help-page.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "accounts-autoscout24.de" { type master; notify no; file "null.zone.file"; };
 zone "acessobradesco.digital" { type master; notify no; file "null.zone.file"; };
 zone "ach111.xyz" { type master; notify no; file "null.zone.file"; };
 zone "activate-hulu-com-activate.sitey.me" { type master; notify no; file "null.zone.file"; };
+zone "activatingmymainnet.com" { type master; notify no; file "null.zone.file"; };
 zone "adamfeber.com" { type master; notify no; file "null.zone.file"; };
 zone "adcloudserver.com" { type master; notify no; file "null.zone.file"; };
 zone "admin-formserviceupdates.weeblysite.com" { type master; notify no; file "null.zone.file"; };
+zone "administer-708aa.web.app" { type master; notify no; file "null.zone.file"; };
 zone "administraciondefincaspereznovo.com" { type master; notify no; file "null.zone.file"; };
 zone "adorablepomskyhome.net" { type master; notify no; file "null.zone.file"; };
 zone "adpunemploymentclaims.sharefile.com" { type master; notify no; file "null.zone.file"; };
@@ -134,14 +139,13 @@ zone "affixsports.net" { type master; notify no; file "null.zone.file"; };
 zone "afreemart.xyz" { type master; notify no; file "null.zone.file"; };
 zone "africansecrets.ca" { type master; notify no; file "null.zone.file"; };
 zone "agora.imb.br" { type master; notify no; file "null.zone.file"; };
-zone "agricolefr-99f918.ingress-erytho.easywp.com" { type master; notify no; file "null.zone.file"; };
 zone "agrimetiersmartinique.fr" { type master; notify no; file "null.zone.file"; };
 zone "agurimu-nagoya.com" { type master; notify no; file "null.zone.file"; };
 zone "ahhhh.pe.kr" { type master; notify no; file "null.zone.file"; };
 zone "ai.macecri.com" { type master; notify no; file "null.zone.file"; };
-zone "aib-unauthorized-access.com" { type master; notify no; file "null.zone.file"; };
 zone "aid-validation-human.run-us-west2.goorm.io" { type master; notify no; file "null.zone.file"; };
 zone "aimekidya-recpag.web.id" { type master; notify no; file "null.zone.file"; };
+zone "airbnb.book-space-b851927.live" { type master; notify no; file "null.zone.file"; };
 zone "airportprescreening.com" { type master; notify no; file "null.zone.file"; };
 zone "aitsidihamh.my-place.us" { type master; notify no; file "null.zone.file"; };
 zone "akanksha3012.github.io" { type master; notify no; file "null.zone.file"; };
@@ -162,8 +166,10 @@ zone "aliciabot.azurewebsites.net" { type master; notify no; file "null.zone.fil
 zone "alkhalilgraphics.com" { type master; notify no; file "null.zone.file"; };
 zone "allegrolokalnie-pl-3dsafe.id-43051.xyz" { type master; notify no; file "null.zone.file"; };
 zone "allegrolokalnie-pl-3dsafe.id-91501.xyz" { type master; notify no; file "null.zone.file"; };
+zone "allegrolokalnie-pl-3dseif.id-43051.xyz" { type master; notify no; file "null.zone.file"; };
 zone "allegrolokalnie-pl-safe.id-43051.xyz" { type master; notify no; file "null.zone.file"; };
 zone "alliancesuper.com" { type master; notify no; file "null.zone.file"; };
+zone "almarjantours.com" { type master; notify no; file "null.zone.file"; };
 zone "almighty.edu.np" { type master; notify no; file "null.zone.file"; };
 zone "alnajahh.com" { type master; notify no; file "null.zone.file"; };
 zone "aloun.ps" { type master; notify no; file "null.zone.file"; };
@@ -171,6 +177,7 @@ zone "alphabnkgre.com" { type master; notify no; file "null.zone.file"; };
 zone "alqadi.ps" { type master; notify no; file "null.zone.file"; };
 zone "alquilervillora.net" { type master; notify no; file "null.zone.file"; };
 zone "alsofft.com" { type master; notify no; file "null.zone.file"; };
+zone "alupi-frey.shop" { type master; notify no; file "null.zone.file"; };
 zone "amacez.jyrtery4.top" { type master; notify no; file "null.zone.file"; };
 zone "amacredit.amacardpkey.xyz" { type master; notify no; file "null.zone.file"; };
 zone "amaenv.fgasdfw6.xyz" { type master; notify no; file "null.zone.file"; };
@@ -181,21 +188,20 @@ zone "amazom.supwwe.xyz" { type master; notify no; file "null.zone.file"; };
 zone "amazomsse.shop" { type master; notify no; file "null.zone.file"; };
 zone "amazon-gcatech.com" { type master; notify no; file "null.zone.file"; };
 zone "amazon-interruption.com" { type master; notify no; file "null.zone.file"; };
-zone "amazon.co.ip.jlig.cn" { type master; notify no; file "null.zone.file"; };
 zone "amazon.co.jp.abaiaccounting.cn" { type master; notify no; file "null.zone.file"; };
 zone "amazon.gousana.casa" { type master; notify no; file "null.zone.file"; };
-zone "amazon.jp-m.win" { type master; notify no; file "null.zone.file"; };
+zone "amazon.logins-co.jp" { type master; notify no; file "null.zone.file"; };
 zone "amazon.works.ga" { type master; notify no; file "null.zone.file"; };
 zone "amazonhome.sfrmobiles.com" { type master; notify no; file "null.zone.file"; };
 zone "amazonjapsne.cf" { type master; notify no; file "null.zone.file"; };
+zone "amazonses.authflows.com" { type master; notify no; file "null.zone.file"; };
 zone "amazoon.co.op.o4j.top" { type master; notify no; file "null.zone.file"; };
-zone "ambil-hadiah-gratis-resmi-dari-freefire.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "amc-training.com" { type master; notify no; file "null.zone.file"; };
-zone "amcgardiennage.com" { type master; notify no; file "null.zone.file"; };
+zone "amecmasmerd.ga" { type master; notify no; file "null.zone.file"; };
 zone "ameozom.jp.onaworks.com" { type master; notify no; file "null.zone.file"; };
 zone "americanexpress-auth.azurewebsites.net" { type master; notify no; file "null.zone.file"; };
-zone "americanexpress.heiwakai.com" { type master; notify no; file "null.zone.file"; };
 zone "amguevara.com" { type master; notify no; file "null.zone.file"; };
+zone "amhsd.com" { type master; notify no; file "null.zone.file"; };
 zone "amidabuli.com" { type master; notify no; file "null.zone.file"; };
 zone "amlnov7.web.app" { type master; notify no; file "null.zone.file"; };
 zone "amnzma-jp.top" { type master; notify no; file "null.zone.file"; };
@@ -206,7 +212,6 @@ zone "amnzmsn3-jp.shop" { type master; notify no; file "null.zone.file"; };
 zone "amoazom.rm82j6-t8.cn" { type master; notify no; file "null.zone.file"; };
 zone "amonzau_co_take.ktbf.shop" { type master; notify no; file "null.zone.file"; };
 zone "amosleh.com" { type master; notify no; file "null.zone.file"; };
-zone "amozom.co.ip.taxhod.club" { type master; notify no; file "null.zone.file"; };
 zone "amreeth.github.io" { type master; notify no; file "null.zone.file"; };
 zone "amusebouche-bg.com" { type master; notify no; file "null.zone.file"; };
 zone "amzcredit.dearva.xyz" { type master; notify no; file "null.zone.file"; };
@@ -222,24 +227,21 @@ zone "angryezgames.com" { type master; notify no; file "null.zone.file"; };
 zone "anhduongjsc.com" { type master; notify no; file "null.zone.file"; };
 zone "anj-azakp.run.goorm.io" { type master; notify no; file "null.zone.file"; };
 zone "anjalijha167.github.io" { type master; notify no; file "null.zone.file"; };
-zone "anjayredit.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "annacatania.com.mt" { type master; notify no; file "null.zone.file"; };
 zone "anon-keep-admin-keep.rvsla.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "ansr.ro" { type master; notify no; file "null.zone.file"; };
 zone "aolmailukhelplinecustomerservice.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "aolmailukhelplinecustomerservice.blogspot.com.au" { type master; notify no; file "null.zone.file"; };
-zone "aolpoweredservice.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "aolverixon11dfd.weebly.com" { type master; notify no; file "null.zone.file"; };
 zone "aolxperience.com" { type master; notify no; file "null.zone.file"; };
+zone "api-saisoncard-co-jp.md160.net" { type master; notify no; file "null.zone.file"; };
 zone "api-saisoncard-co-jp.o4ay8.net" { type master; notify no; file "null.zone.file"; };
 zone "api.florense.com.br" { type master; notify no; file "null.zone.file"; };
 zone "api.redirect-bentobot199.com" { type master; notify no; file "null.zone.file"; };
 zone "api.redirect-safebrowser-online.com" { type master; notify no; file "null.zone.file"; };
-zone "api.safe-directmail.com" { type master; notify no; file "null.zone.file"; };
 zone "aplintec.com.mx" { type master; notify no; file "null.zone.file"; };
 zone "app-928e4a31-5ecb-44ae-8c1e-5a710ac73f9f.cleverapps.io" { type master; notify no; file "null.zone.file"; };
 zone "app-bombcrypto-io-login-ab.blogspot.com" { type master; notify no; file "null.zone.file"; };
-zone "app-panckswp.xyz" { type master; notify no; file "null.zone.file"; };
 zone "app.bydn217.club" { type master; notify no; file "null.zone.file"; };
 zone "app.duel.network" { type master; notify no; file "null.zone.file"; };
 zone "app.fiiber.ca" { type master; notify no; file "null.zone.file"; };
@@ -249,10 +251,11 @@ zone "app.sugarsync.com" { type master; notify no; file "null.zone.file"; };
 zone "appatualizecef.com" { type master; notify no; file "null.zone.file"; };
 zone "appibsolicitud.com" { type master; notify no; file "null.zone.file"; };
 zone "appleid-check.info" { type master; notify no; file "null.zone.file"; };
+zone "applekra.com" { type master; notify no; file "null.zone.file"; };
 zone "applepichincha.webcindario.com" { type master; notify no; file "null.zone.file"; };
 zone "apply.aua.am" { type master; notify no; file "null.zone.file"; };
 zone "apps.mobile-form-verification40124572700208277579.xjzsg0tqkl-ewl6ngk8w352.p.runcloud.link" { type master; notify no; file "null.zone.file"; };
-zone "appttech.com" { type master; notify no; file "null.zone.file"; };
+zone "aprilgagenesh.com" { type master; notify no; file "null.zone.file"; };
 zone "aquaqualitas.com" { type master; notify no; file "null.zone.file"; };
 zone "arafathrumman.github.io" { type master; notify no; file "null.zone.file"; };
 zone "arcacg.com" { type master; notify no; file "null.zone.file"; };
@@ -260,15 +263,18 @@ zone "archivio-supporto.sitoper.it" { type master; notify no; file "null.zone.fi
 zone "are.scicemecod.com" { type master; notify no; file "null.zone.file"; };
 zone "areueaom.gtpzcve.cn" { type master; notify no; file "null.zone.file"; };
 zone "areueaom.gtva.cn" { type master; notify no; file "null.zone.file"; };
+zone "arif.com.bd" { type master; notify no; file "null.zone.file"; };
 zone "aromatic.webenliven.in" { type master; notify no; file "null.zone.file"; };
 zone "arthamahotels.com" { type master; notify no; file "null.zone.file"; };
 zone "artlux.com.pl" { type master; notify no; file "null.zone.file"; };
 zone "arub-service.org" { type master; notify no; file "null.zone.file"; };
 zone "aruba.fatt.ids-sys.com" { type master; notify no; file "null.zone.file"; };
 zone "as.macecri.com" { type master; notify no; file "null.zone.file"; };
+zone "as.scicemecod.com" { type master; notify no; file "null.zone.file"; };
 zone "asaipestcontrol.com" { type master; notify no; file "null.zone.file"; };
 zone "ascom.co.tz" { type master; notify no; file "null.zone.file"; };
 zone "asd.9sw53wk.cn" { type master; notify no; file "null.zone.file"; };
+zone "asdxa.p2x11pi.cn" { type master; notify no; file "null.zone.file"; };
 zone "asgard-ampqy.run-us-west2.goorm.io" { type master; notify no; file "null.zone.file"; };
 zone "asimpwsh.com" { type master; notify no; file "null.zone.file"; };
 zone "asistentetramitadordigitalda.com" { type master; notify no; file "null.zone.file"; };
@@ -278,19 +284,24 @@ zone "at-t-support-service1.sitey.me" { type master; notify no; file "null.zone.
 zone "at-t-yahoo.sitey.me" { type master; notify no; file "null.zone.file"; };
 zone "atento-fdi.plusoftomni.com.br" { type master; notify no; file "null.zone.file"; };
 zone "ativacao-online73681.com" { type master; notify no; file "null.zone.file"; };
+zone "atlanticeconcrete.com" { type master; notify no; file "null.zone.file"; };
 zone "atnr76dxku336szy.clickfunnels.com" { type master; notify no; file "null.zone.file"; };
-zone "attcustomdesk.weebly.com" { type master; notify no; file "null.zone.file"; };
+zone "att556.weebly.com" { type master; notify no; file "null.zone.file"; };
+zone "att87.weebly.com" { type master; notify no; file "null.zone.file"; };
 zone "attinfoser.weebly.com" { type master; notify no; file "null.zone.file"; };
 zone "attonlinemanagementpage.weebly.com" { type master; notify no; file "null.zone.file"; };
+zone "attonlineuserverification.weebly.com" { type master; notify no; file "null.zone.file"; };
 zone "attpage1121.weebly.com" { type master; notify no; file "null.zone.file"; };
 zone "atualizacao-online547864.com" { type master; notify no; file "null.zone.file"; };
 zone "atualizarmodolo.com" { type master; notify no; file "null.zone.file"; };
 zone "atulrathore-dev.github.io" { type master; notify no; file "null.zone.file"; };
+zone "auid-japan.com" { type master; notify no; file "null.zone.file"; };
 zone "aurumship.com" { type master; notify no; file "null.zone.file"; };
-zone "aushfew.tokyo" { type master; notify no; file "null.zone.file"; };
 zone "aushotel.es" { type master; notify no; file "null.zone.file"; };
 zone "auth-task1-m.web.app" { type master; notify no; file "null.zone.file"; };
 zone "auth-webmailakeonetcom.yolasite.com" { type master; notify no; file "null.zone.file"; };
+zone "auth.topgamers.cn" { type master; notify no; file "null.zone.file"; };
+zone "authent54-sedure32.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "authorize-trustvallet-protocol.com" { type master; notify no; file "null.zone.file"; };
 zone "authorizewallet.app" { type master; notify no; file "null.zone.file"; };
 zone "authuxeehmutconjxmailssocl.web.app" { type master; notify no; file "null.zone.file"; };
@@ -300,16 +311,15 @@ zone "autoexprs.com" { type master; notify no; file "null.zone.file"; };
 zone "autoranplususeremailprocessingupdate.pages.dev" { type master; notify no; file "null.zone.file"; };
 zone "autoscurt24.de" { type master; notify no; file "null.zone.file"; };
 zone "autumn-sun-4a21.paqesads-scure.workers.dev" { type master; notify no; file "null.zone.file"; };
+zone "avelocidad.com" { type master; notify no; file "null.zone.file"; };
 zone "avrorganics.com" { type master; notify no; file "null.zone.file"; };
 zone "awesome-gates-8bdd6f.netlify.app" { type master; notify no; file "null.zone.file"; };
 zone "ax.xiguw.workers.dev" { type master; notify no; file "null.zone.file"; };
-zone "axieinfinity-meta.com" { type master; notify no; file "null.zone.file"; };
 zone "axieinfinity-supportwallet.com" { type master; notify no; file "null.zone.file"; };
 zone "axlr.in" { type master; notify no; file "null.zone.file"; };
-zone "ayguru.com" { type master; notify no; file "null.zone.file"; };
+zone "ayushenterprise.in" { type master; notify no; file "null.zone.file"; };
 zone "az.macecri.com" { type master; notify no; file "null.zone.file"; };
 zone "azb3s.cf" { type master; notify no; file "null.zone.file"; };
-zone "azmnsaz.000webhostapp.com" { type master; notify no; file "null.zone.file"; };
 zone "azmznonos_co_long.akys.shop" { type master; notify no; file "null.zone.file"; };
 zone "b.com.0cdb6084fc320a42a6418192753f5960.laremolonarestaurante.com" { type master; notify no; file "null.zone.file"; };
 zone "b059c86968a6427389952025bcee9886.svc.dynamics.com" { type master; notify no; file "null.zone.file"; };
@@ -317,7 +327,6 @@ zone "b4e921f0.sso-mailsrvr-4344e5teed.pages.dev" { type master; notify no; file
 zone "b96f7f93.sibforms.com" { type master; notify no; file "null.zone.file"; };
 zone "b97bca39.srvr-cloudmail-srvr6754e5rte.pages.dev" { type master; notify no; file "null.zone.file"; };
 zone "bacteralia.com" { type master; notify no; file "null.zone.file"; };
-zone "badnewswegewroighgserhhg.xyz" { type master; notify no; file "null.zone.file"; };
 zone "bag-macben.eu" { type master; notify no; file "null.zone.file"; };
 zone "bakhai.vn" { type master; notify no; file "null.zone.file"; };
 zone "balajihospital.net" { type master; notify no; file "null.zone.file"; };
@@ -337,7 +346,6 @@ zone "bancaporlnternetlnterbarnk.jifad.org" { type master; notify no; file "null
 zone "bancaporlnternetlnterbarnk.libertycanais.com.br" { type master; notify no; file "null.zone.file"; };
 zone "bancoiinng.site44.com" { type master; notify no; file "null.zone.file"; };
 zone "bancooccidentalb.com" { type master; notify no; file "null.zone.file"; };
-zone "bank-id.pl" { type master; notify no; file "null.zone.file"; };
 zone "bankapolska.com" { type master; notify no; file "null.zone.file"; };
 zone "banki0wa.us" { type master; notify no; file "null.zone.file"; };
 zone "bankocaoffo.webcindario.com" { type master; notify no; file "null.zone.file"; };
@@ -345,8 +353,8 @@ zone "bankofamer86.ddns.net" { type master; notify no; file "null.zone.file"; };
 zone "bannerbank.control-inc.com" { type master; notify no; file "null.zone.file"; };
 zone "bannerchampnyc.com" { type master; notify no; file "null.zone.file"; };
 zone "banproseguridadasistenteenlineanic.webnode.es" { type master; notify no; file "null.zone.file"; };
-zone "banqsuepoy.temp.swtest.ru" { type master; notify no; file "null.zone.file"; };
 zone "baradua.it" { type master; notify no; file "null.zone.file"; };
+zone "barbecuef.top" { type master; notify no; file "null.zone.file"; };
 zone "battlelastmont.cyou" { type master; notify no; file "null.zone.file"; };
 zone "bc1.paiementervice.com" { type master; notify no; file "null.zone.file"; };
 zone "bconclutmjy.ru" { type master; notify no; file "null.zone.file"; };
@@ -355,7 +363,7 @@ zone "bcpzonaseguirabeta.com" { type master; notify no; file "null.zone.file"; }
 zone "be-home.web.do" { type master; notify no; file "null.zone.file"; };
 zone "bearmybrand.com" { type master; notify no; file "null.zone.file"; };
 zone "beast-blog.com" { type master; notify no; file "null.zone.file"; };
-zone "beibys.com.br" { type master; notify no; file "null.zone.file"; };
+zone "beccu07.zzux.com" { type master; notify no; file "null.zone.file"; };
 zone "beijing.vfzfy1v.cn" { type master; notify no; file "null.zone.file"; };
 zone "belovedaroma.com" { type master; notify no; file "null.zone.file"; };
 zone "bendmytrend.com" { type master; notify no; file "null.zone.file"; };
@@ -421,18 +429,19 @@ zone "bnconacional.odoo.com" { type master; notify no; file "null.zone.file"; };
 zone "bncre.odoo.com" { type master; notify no; file "null.zone.file"; };
 zone "bncxz.9wx9b27.cn" { type master; notify no; file "null.zone.file"; };
 zone "bndigitalpersonas.com" { type master; notify no; file "null.zone.file"; };
-zone "bnpparibas-pl.mob-app.xyz" { type master; notify no; file "null.zone.file"; };
 zone "boaupdate.bfaoscr.com" { type master; notify no; file "null.zone.file"; };
 zone "bogdonovlerer.com" { type master; notify no; file "null.zone.file"; };
 zone "bogged-finance.com" { type master; notify no; file "null.zone.file"; };
+zone "boi.365online-replacement.com" { type master; notify no; file "null.zone.file"; };
+zone "boke4-indonesia-2022a7whatsapp.duckdns.org" { type master; notify no; file "null.zone.file"; };
+zone "bokep-virall-sange33.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "bokgabanesolutions.co.za" { type master; notify no; file "null.zone.file"; };
+zone "bold-lichterman.45-81-232-15.plesk.page" { type master; notify no; file "null.zone.file"; };
 zone "bookfbs.evangsamuelministries.com" { type master; notify no; file "null.zone.file"; };
 zone "boxes.com.py" { type master; notify no; file "null.zone.file"; };
 zone "br4.in" { type master; notify no; file "null.zone.file"; };
 zone "br622.teste.website" { type master; notify no; file "null.zone.file"; };
-zone "brave-knuth-96d329.netlify.app" { type master; notify no; file "null.zone.file"; };
 zone "breople.com" { type master; notify no; file "null.zone.file"; };
-zone "brigida_cossette.gitlab.io" { type master; notify no; file "null.zone.file"; };
 zone "brooks-forrunning.top" { type master; notify no; file "null.zone.file"; };
 zone "brooks-justforjogging.top" { type master; notify no; file "null.zone.file"; };
 zone "brooks-move.top" { type master; notify no; file "null.zone.file"; };
@@ -471,7 +480,6 @@ zone "builmon.xyz" { type master; notify no; file "null.zone.file"; };
 zone "bujikena.web.app" { type master; notify no; file "null.zone.file"; };
 zone "bundel-cobragratis2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "busanopen.org" { type master; notify no; file "null.zone.file"; };
-zone "business-action-copyright11022.web.app" { type master; notify no; file "null.zone.file"; };
 zone "business-action-page129591.web.app" { type master; notify no; file "null.zone.file"; };
 zone "business-appeal-copyright8211.web.app" { type master; notify no; file "null.zone.file"; };
 zone "business-appeal-form-18222.web.app" { type master; notify no; file "null.zone.file"; };
@@ -479,24 +487,22 @@ zone "business-copyright-alert100821.web.app" { type master; notify no; file "nu
 zone "business-copyright-alert198082.web.app" { type master; notify no; file "null.zone.file"; };
 zone "business-copyright-alert19882.web.app" { type master; notify no; file "null.zone.file"; };
 zone "business-copyright-detected920.web.app" { type master; notify no; file "null.zone.file"; };
-zone "business-page-content125882.web.app" { type master; notify no; file "null.zone.file"; };
 zone "business-required-helpcenter82.web.app" { type master; notify no; file "null.zone.file"; };
 zone "business-required-info188221.web.app" { type master; notify no; file "null.zone.file"; };
 zone "businessemailss.biz" { type master; notify no; file "null.zone.file"; };
-zone "bussines.messages-redirect-to-page.e37uezyquk-rz83y0rwz4d7.p.runcloud.link" { type master; notify no; file "null.zone.file"; };
 zone "buyelectronicsnyc.com" { type master; notify no; file "null.zone.file"; };
 zone "c.curiousmorty.be" { type master; notify no; file "null.zone.file"; };
 zone "c.jardindemiedo.es" { type master; notify no; file "null.zone.file"; };
 zone "c.loveawaits.be" { type master; notify no; file "null.zone.file"; };
 zone "c.mail.com" { type master; notify no; file "null.zone.file"; };
 zone "c0m-r51znzlh8i.isiolo.go.ke" { type master; notify no; file "null.zone.file"; };
-zone "c10012022j.temp.swtest.ru" { type master; notify no; file "null.zone.file"; };
 zone "c1christine.tjelmeland2e.cso.gov.tt" { type master; notify no; file "null.zone.file"; };
 zone "c2dc5b99.chgmar.pages.dev" { type master; notify no; file "null.zone.file"; };
 zone "c6ebv708.caspio.com" { type master; notify no; file "null.zone.file"; };
 zone "cabsiler.com" { type master; notify no; file "null.zone.file"; };
 zone "cache.nebula.phx3.secureserver.net" { type master; notify no; file "null.zone.file"; };
 zone "cadeau-orange.fr" { type master; notify no; file "null.zone.file"; };
+zone "caixabanki.temp.swtest.ru" { type master; notify no; file "null.zone.file"; };
 zone "caixaseguradora.quadientcloud.com" { type master; notify no; file "null.zone.file"; };
 zone "cakesbyannemotha.com" { type master; notify no; file "null.zone.file"; };
 zone "cammymiller.com" { type master; notify no; file "null.zone.file"; };
@@ -506,7 +512,6 @@ zone "cannellandcoflooring.co.uk" { type master; notify no; file "null.zone.file
 zone "capservice.online" { type master; notify no; file "null.zone.file"; };
 zone "caracasmateriais.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "carpediemxp.com" { type master; notify no; file "null.zone.file"; };
-zone "carry.reduxservices.com" { type master; notify no; file "null.zone.file"; };
 zone "carservicessaupdate.xyz" { type master; notify no; file "null.zone.file"; };
 zone "cartamorin-geometres.fr" { type master; notify no; file "null.zone.file"; };
 zone "carwash.tv" { type master; notify no; file "null.zone.file"; };
@@ -519,6 +524,7 @@ zone "caycos.beispielseite-wmka.de" { type master; notify no; file "null.zone.fi
 zone "caymanreno.com" { type master; notify no; file "null.zone.file"; };
 zone "cbmonlinegroups.com" { type master; notify no; file "null.zone.file"; };
 zone "cc.scicemecod.com" { type master; notify no; file "null.zone.file"; };
+zone "cc23674.tmweb.ru" { type master; notify no; file "null.zone.file"; };
 zone "ccjrlaw.com" { type master; notify no; file "null.zone.file"; };
 zone "cdas.nxzigco.cn" { type master; notify no; file "null.zone.file"; };
 zone "cdsoa.wuefyta.cn" { type master; notify no; file "null.zone.file"; };
@@ -531,14 +537,13 @@ zone "centralconsulta.link" { type master; notify no; file "null.zone.file"; };
 zone "centre1.bubbleapps.io" { type master; notify no; file "null.zone.file"; };
 zone "ceresgulf.com" { type master; notify no; file "null.zone.file"; };
 zone "certifica-montepaschii.com" { type master; notify no; file "null.zone.file"; };
-zone "chalokradocallkakuch.azurewebsites.net" { type master; notify no; file "null.zone.file"; };
-zone "changenotification.pricesamazonlogincard.monster" { type master; notify no; file "null.zone.file"; };
+zone "charitascb.com" { type master; notify no; file "null.zone.file"; };
 zone "charperimagedesign.com" { type master; notify no; file "null.zone.file"; };
 zone "chat-whatasapp.com" { type master; notify no; file "null.zone.file"; };
 zone "chat-whatsaap99.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "chat-whatsapp-com-go8i7q-qregrabc-ibuxub.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "chat-whatsapp-group-2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "chat-whatsapp-grupo-invitacion.blogspot.com" { type master; notify no; file "null.zone.file"; };
+zone "chat-whatsapp-gscfghjsgsu.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "chckmaill1.web.app" { type master; notify no; file "null.zone.file"; };
 zone "chckmaill10.web.app" { type master; notify no; file "null.zone.file"; };
 zone "chckmaill11.web.app" { type master; notify no; file "null.zone.file"; };
@@ -572,9 +577,9 @@ zone "chiragrajoria.github.io" { type master; notify no; file "null.zone.file";
 zone "chois.jp" { type master; notify no; file "null.zone.file"; };
 zone "christienstudystl.wixsite.com" { type master; notify no; file "null.zone.file"; };
 zone "christmas-dhl-express-delvr.hopekosmos.com" { type master; notify no; file "null.zone.file"; };
+zone "chronopostaws.com" { type master; notify no; file "null.zone.file"; };
 zone "chtbnk.uk" { type master; notify no; file "null.zone.file"; };
 zone "chutomen.com" { type master; notify no; file "null.zone.file"; };
-zone "ciiusea.com" { type master; notify no; file "null.zone.file"; };
 zone "cinemaleftech.com" { type master; notify no; file "null.zone.file"; };
 zone "citagestionenlineabn.com" { type master; notify no; file "null.zone.file"; };
 zone "city-of-jazz.de" { type master; notify no; file "null.zone.file"; };
@@ -582,13 +587,11 @@ zone "ckwgruppe.service-now.com" { type master; notify no; file "null.zone.file"
 zone "claiimdiamondgratis84.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "claim-event-freefire-garena-oldfree-a4.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "claim-skingratis-mobailegends161.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "claimgratisff2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "claims-funds-enczj.run-us-west2.goorm.io" { type master; notify no; file "null.zone.file"; };
 zone "claimseventmlbb.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "claimshopee.yolasite.com" { type master; notify no; file "null.zone.file"; };
 zone "claro-link.brsafe.com.br" { type master; notify no; file "null.zone.file"; };
 zone "claus.bz" { type master; notify no; file "null.zone.file"; };
-zone "clefman.cl" { type master; notify no; file "null.zone.file"; };
 zone "click-here-help.in" { type master; notify no; file "null.zone.file"; };
 zone "client-support-page.com" { type master; notify no; file "null.zone.file"; };
 zone "clientid-h5p8n7f9e6fbmkhbr3i4gbnia7e9zpts4nbk3ebk0zj625t2ol.website.yandexcloud.net" { type master; notify no; file "null.zone.file"; };
@@ -627,7 +630,9 @@ zone "co.jp.rukbcga.cn" { type master; notify no; file "null.zone.file"; };
 zone "co.jp.sefdvsi.cn" { type master; notify no; file "null.zone.file"; };
 zone "co.jp.tezkkbp.cn" { type master; notify no; file "null.zone.file"; };
 zone "co.jp.ztxzzup.cn" { type master; notify no; file "null.zone.file"; };
+zone "cobaincurlduluom.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "codwarzonemobile.com" { type master; notify no; file "null.zone.file"; };
+zone "coindappsync.online" { type master; notify no; file "null.zone.file"; };
 zone "cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "collab-land.net" { type master; notify no; file "null.zone.file"; };
 zone "collabland.info" { type master; notify no; file "null.zone.file"; };
@@ -642,23 +647,24 @@ zone "com-mm2ai86orr.isiolo.go.ke" { type master; notify no; file "null.zone.fil
 zone "com-r51znzlh8i.isiolo.go.ke" { type master; notify no; file "null.zone.file"; };
 zone "com-sauuvazpjo.isiolo.go.ke" { type master; notify no; file "null.zone.file"; };
 zone "com-ugsyk69nqb.isiolo.go.ke" { type master; notify no; file "null.zone.file"; };
-zone "comefuck.co" { type master; notify no; file "null.zone.file"; };
 zone "community.fb-pages-01138913366342885284.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link" { type master; notify no; file "null.zone.file"; };
 zone "community.fb-pages-28202553629866144006.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link" { type master; notify no; file "null.zone.file"; };
 zone "community.fb-pages-44883444930165123303.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link" { type master; notify no; file "null.zone.file"; };
 zone "completeegali.webcindario.com" { type master; notify no; file "null.zone.file"; };
+zone "completeyorcorp.lunsrgovert.net" { type master; notify no; file "null.zone.file"; };
 zone "comunicazione-europe.net" { type master; notify no; file "null.zone.file"; };
 zone "comunity-isue-ideent-andromeda-29.web.id" { type master; notify no; file "null.zone.file"; };
 zone "comunity-isue-ideent-andromeda-33.web.id" { type master; notify no; file "null.zone.file"; };
-zone "comunity-isue-ideent-andromeda-88.web.id" { type master; notify no; file "null.zone.file"; };
 zone "con-firma.firebaseapp.com" { type master; notify no; file "null.zone.file"; };
-zone "confirming-pages-idntitysupport.web.id" { type master; notify no; file "null.zone.file"; };
 zone "congresosba.com.ar" { type master; notify no; file "null.zone.file"; };
 zone "conhecaonlinedigital.com.br" { type master; notify no; file "null.zone.file"; };
 zone "connect.au-login.0662smt.com" { type master; notify no; file "null.zone.file"; };
+zone "connect.auone.jp-login.kddi-sys.com" { type master; notify no; file "null.zone.file"; };
+zone "connect.myauone.jp-auid.jp-auid.com" { type master; notify no; file "null.zone.file"; };
+zone "connect.myauone.jp-auid.kddi-mail.com" { type master; notify no; file "null.zone.file"; };
+zone "connectlivewallet.io" { type master; notify no; file "null.zone.file"; };
 zone "connectwallet.me" { type master; notify no; file "null.zone.file"; };
 zone "conoscofaturahiiiper.com" { type master; notify no; file "null.zone.file"; };
-zone "consultavirtuai.bieah.com" { type master; notify no; file "null.zone.file"; };
 zone "contabilidaderabello.com.br" { type master; notify no; file "null.zone.file"; };
 zone "contact2acceptpoilcyverifingyouracceptancemailfullinbox.pages.dev" { type master; notify no; file "null.zone.file"; };
 zone "contapessoal.digital" { type master; notify no; file "null.zone.file"; };
@@ -669,7 +675,7 @@ zone "continentepecas.com" { type master; notify no; file "null.zone.file"; };
 zone "contratodeparceria.com.br" { type master; notify no; file "null.zone.file"; };
 zone "controlpichincha.webcindario.com" { type master; notify no; file "null.zone.file"; };
 zone "copyright-center-live.ml" { type master; notify no; file "null.zone.file"; };
-zone "corl-inv.web.app" { type master; notify no; file "null.zone.file"; };
+zone "coroplastusa.com" { type master; notify no; file "null.zone.file"; };
 zone "correosdemexico-web.com" { type master; notify no; file "null.zone.file"; };
 zone "corta.ai" { type master; notify no; file "null.zone.file"; };
 zone "cosemu.com" { type master; notify no; file "null.zone.file"; };
@@ -689,7 +695,6 @@ zone "credicorp-capital.net" { type master; notify no; file "null.zone.file"; };
 zone "credicorpfiduciariasa.com" { type master; notify no; file "null.zone.file"; };
 zone "credifinanciera.didacsis.com" { type master; notify no; file "null.zone.file"; };
 zone "crediserfinanza.com" { type master; notify no; file "null.zone.file"; };
-zone "credita302.temp.swtest.ru" { type master; notify no; file "null.zone.file"; };
 zone "creditagricole-sudrhonealpes.blogspot.ba" { type master; notify no; file "null.zone.file"; };
 zone "creditagricole-sudrhonealpes.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "creditagricole-sudrhonealpes.blogspot.ro" { type master; notify no; file "null.zone.file"; };
@@ -697,13 +702,18 @@ zone "creditinternationalbank.com" { type master; notify no; file "null.zone.fil
 zone "creditiperhabbogratissicuro100.blogspot.it" { type master; notify no; file "null.zone.file"; };
 zone "cresvin.com" { type master; notify no; file "null.zone.file"; };
 zone "criticalcarevizag.com" { type master; notify no; file "null.zone.file"; };
+zone "crrdxwjap7t.typeform.com" { type master; notify no; file "null.zone.file"; };
 zone "cryptocars-plays.buzz" { type master; notify no; file "null.zone.file"; };
 zone "cryptocarsme.com" { type master; notify no; file "null.zone.file"; };
 zone "cryptscars-logs.com" { type master; notify no; file "null.zone.file"; };
 zone "cryqtocars.me" { type master; notify no; file "null.zone.file"; };
 zone "cuans.bkaamiv.cn" { type master; notify no; file "null.zone.file"; };
 zone "currentlyupgrade.mystrikingly.com" { type master; notify no; file "null.zone.file"; };
+zone "cusnas.366wuv.cn" { type master; notify no; file "null.zone.file"; };
+zone "cxas.bvd2q18.cn" { type master; notify no; file "null.zone.file"; };
+zone "cxas.zk6w4dt.cn" { type master; notify no; file "null.zone.file"; };
 zone "cxasd.easghbl.cn" { type master; notify no; file "null.zone.file"; };
+zone "cxmnsa.04frh0w.cn" { type master; notify no; file "null.zone.file"; };
 zone "cxnbas.nmkbmqk.cn" { type master; notify no; file "null.zone.file"; };
 zone "cxuahs.1wc9bxm.cn" { type master; notify no; file "null.zone.file"; };
 zone "cyna.rkpmage.cn" { type master; notify no; file "null.zone.file"; };
@@ -716,8 +726,10 @@ zone "d18gc1ytkdv37u.cloudfront.net" { type master; notify no; file "null.zone.f
 zone "d2aae6a6.srvr-cloudmail-srvr675eu6r.pages.dev" { type master; notify no; file "null.zone.file"; };
 zone "d3ncuwwrr82.typeform.com" { type master; notify no; file "null.zone.file"; };
 zone "daatahomes.com" { type master; notify no; file "null.zone.file"; };
+zone "dadafa88.com" { type master; notify no; file "null.zone.file"; };
 zone "damp-f43e.recovery-page-secur.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "danitraseoexperts.com" { type master; notify no; file "null.zone.file"; };
+zone "dappconnecttvalidator.net" { type master; notify no; file "null.zone.file"; };
 zone "dapponlines.com" { type master; notify no; file "null.zone.file"; };
 zone "dappscoins.com" { type master; notify no; file "null.zone.file"; };
 zone "dappsiconnect.com" { type master; notify no; file "null.zone.file"; };
@@ -733,8 +745,8 @@ zone "daycoval.facildepagar.com.br" { type master; notify no; file "null.zone.fi
 zone "db-web-client.com" { type master; notify no; file "null.zone.file"; };
 zone "dbesmdcjzturhizszllesbthsn-dot-gl44393333333.rj.r.appspot.com" { type master; notify no; file "null.zone.file"; };
 zone "dbkuzwes.online" { type master; notify no; file "null.zone.file"; };
-zone "dbs-interrnet.online" { type master; notify no; file "null.zone.file"; };
 zone "dbs.limited" { type master; notify no; file "null.zone.file"; };
+zone "dbs.online.webdbslistinonline.com" { type master; notify no; file "null.zone.file"; };
 zone "dbs.webdbslistinonline.com" { type master; notify no; file "null.zone.file"; };
 zone "dbw.gr" { type master; notify no; file "null.zone.file"; };
 zone "dcm1.ae.iwc.static.tungmung.co.id" { type master; notify no; file "null.zone.file"; };
@@ -767,6 +779,7 @@ zone "deutsche-post.apurvathespygenesh.com" { type master; notify no; file "null
 zone "dev-nadaj.orlenpaczka.ce5.pl" { type master; notify no; file "null.zone.file"; };
 zone "dev-secu-credit-union.pantheonsite.io" { type master; notify no; file "null.zone.file"; };
 zone "dev-www.orlenpaczka.ce5.pl" { type master; notify no; file "null.zone.file"; };
+zone "dev.massageliabilityinsurancegroup.com" { type master; notify no; file "null.zone.file"; };
 zone "dev.shivaxi.com" { type master; notify no; file "null.zone.file"; };
 zone "devicepichincha.webcindario.com" { type master; notify no; file "null.zone.file"; };
 zone "devops.help" { type master; notify no; file "null.zone.file"; };
@@ -779,15 +792,17 @@ zone "dhl-event.app" { type master; notify no; file "null.zone.file"; };
 zone "dhl.recruitmentplatform.com" { type master; notify no; file "null.zone.file"; };
 zone "diamondplate.us" { type master; notify no; file "null.zone.file"; };
 zone "die-post-swiss-id-19782635812.psd2any.com" { type master; notify no; file "null.zone.file"; };
+zone "diepost-paketevhost207932.lowhost.ru" { type master; notify no; file "null.zone.file"; };
 zone "diginto.org" { type master; notify no; file "null.zone.file"; };
-zone "dilscord.gift" { type master; notify no; file "null.zone.file"; };
+zone "diligentverify.com" { type master; notify no; file "null.zone.file"; };
 zone "directqpuprozaakp.weebly.com" { type master; notify no; file "null.zone.file"; };
 zone "dirtyez.com" { type master; notify no; file "null.zone.file"; };
 zone "disccrdapp.com" { type master; notify no; file "null.zone.file"; };
 zone "disckord.club" { type master; notify no; file "null.zone.file"; };
 zone "discoord-nittro.com" { type master; notify no; file "null.zone.file"; };
-zone "discorc.gift" { type master; notify no; file "null.zone.file"; };
 zone "discordbugs.com" { type master; notify no; file "null.zone.file"; };
+zone "discordnitroos.com" { type master; notify no; file "null.zone.file"; };
+zone "discrods.gift" { type master; notify no; file "null.zone.file"; };
 zone "dispositivoapp.azurewebsites.net" { type master; notify no; file "null.zone.file"; };
 zone "distinctivei.com" { type master; notify no; file "null.zone.file"; };
 zone "distrial.ec" { type master; notify no; file "null.zone.file"; };
@@ -800,7 +815,6 @@ zone "dkglobaljobs.com" { type master; notify no; file "null.zone.file"; };
 zone "dl.9xu.com" { type master; notify no; file "null.zone.file"; };
 zone "dlink.me" { type master; notify no; file "null.zone.file"; };
 zone "dmaxpesca.com.es" { type master; notify no; file "null.zone.file"; };
-zone "dminer.cloud" { type master; notify no; file "null.zone.file"; };
 zone "doclab-console-auth.firebaseapp.com" { type master; notify no; file "null.zone.file"; };
 zone "docs-verify-c671.thajetiase.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "docs.revv.so" { type master; notify no; file "null.zone.file"; };
@@ -826,12 +840,9 @@ zone "domainserverlawa116.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa117.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa118.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa119.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa120.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa121.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa122.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa123.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa124.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa125.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa126.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa127.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa128.web.app" { type master; notify no; file "null.zone.file"; };
@@ -840,32 +851,24 @@ zone "domainserverlawa13.web.app" { type master; notify no; file "null.zone.file
 zone "domainserverlawa130.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa131.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa132.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa133.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa134.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa135.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa136.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa137.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa138.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa139.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa14.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa140.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa141.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa142.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa143.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa144.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa145.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa146.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa147.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa148.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa149.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa150.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa151.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa152.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa153.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa154.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa155.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa156.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa157.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa158.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa159.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa160.web.app" { type master; notify no; file "null.zone.file"; };
@@ -873,20 +876,15 @@ zone "domainserverlawa161.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa162.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa163.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa164.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa165.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa166.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa167.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa168.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa169.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa17.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa170.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa171.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa172.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa173.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa174.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa175.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa176.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa177.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa178.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa179.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa18.web.app" { type master; notify no; file "null.zone.file"; };
@@ -895,34 +893,25 @@ zone "domainserverlawa181.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa182.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa183.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa184.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa185.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa186.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa187.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa188.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa189.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa19.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa190.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa191.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa193.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa194.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa195.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa196.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa197.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa198.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa199.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa20.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa200.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa201.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa202.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa203.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa204.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa205.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa206.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa207.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa208.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa209.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa21.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa210.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa211.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa212.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa213.web.app" { type master; notify no; file "null.zone.file"; };
@@ -936,7 +925,6 @@ zone "domainserverlawa220.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa221.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa222.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa223.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa224.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa225.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa226.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa227.web.app" { type master; notify no; file "null.zone.file"; };
@@ -949,12 +937,10 @@ zone "domainserverlawa233.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa234.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa235.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa237.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa238.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa239.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa240.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa241.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa242.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa243.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa244.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa245.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa246.web.app" { type master; notify no; file "null.zone.file"; };
@@ -962,35 +948,23 @@ zone "domainserverlawa247.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa248.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa249.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa25.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa250.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa251.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa252.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa253.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa254.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa255.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa256.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa257.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa258.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa259.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa26.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa260.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa261.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa262.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa263.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa264.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa265.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa266.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa267.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa268.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa269.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa270.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa271.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa272.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa273.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa274.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa275.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa276.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa277.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa278.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa279.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa280.web.app" { type master; notify no; file "null.zone.file"; };
@@ -999,9 +973,7 @@ zone "domainserverlawa282.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa283.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa284.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa285.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa286.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa287.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa289.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa29.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa290.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa292.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1010,28 +982,20 @@ zone "domainserverlawa294.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa295.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa296.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa297.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa298.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa299.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa30.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa300.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa301.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa302.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa303.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa304.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa305.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa306.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa307.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa308.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa309.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa31.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa310.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa311.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa312.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa313.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa314.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa315.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa316.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa317.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa318.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa319.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa32.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1039,13 +1003,11 @@ zone "domainserverlawa320.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa321.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa322.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa323.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa324.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa325.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa326.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa327.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa328.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa329.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa33.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa330.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa331.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa332.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1056,17 +1018,14 @@ zone "domainserverlawa336.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa337.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa338.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa339.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa34.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa340.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa341.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa342.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa343.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa344.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa345.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa346.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa347.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa348.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa35.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa350.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa351.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa352.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1080,7 +1039,6 @@ zone "domainserverlawa359.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa36.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa360.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa361.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa362.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa363.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa364.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa365.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1091,7 +1049,6 @@ zone "domainserverlawa37.web.app" { type master; notify no; file "null.zone.file
 zone "domainserverlawa370.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa371.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa372.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa373.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa374.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa375.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa376.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1107,11 +1064,7 @@ zone "domainserverlawa384.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa385.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa386.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa387.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa388.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa389.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa39.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa390.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa391.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa392.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa393.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa394.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1122,11 +1075,8 @@ zone "domainserverlawa398.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa40.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa400.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa401.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa402.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa403.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa404.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa405.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa406.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa407.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa408.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa409.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1137,7 +1087,6 @@ zone "domainserverlawa412.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa413.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa414.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa415.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa416.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa417.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa418.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa419.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1150,12 +1099,10 @@ zone "domainserverlawa424.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa425.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa426.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa427.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa428.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa429.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa43.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa430.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa431.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa432.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa433.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa434.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa435.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1165,36 +1112,27 @@ zone "domainserverlawa438.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa439.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa44.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa440.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa441.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa442.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa443.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa444.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa445.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa446.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa447.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa448.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa449.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa45.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa450.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa451.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa452.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa453.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa454.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa455.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa456.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa457.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa458.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa459.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa46.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa460.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa461.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa462.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa463.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa464.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa465.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa466.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa467.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa468.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa469.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa47.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa470.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1205,18 +1143,14 @@ zone "domainserverlawa474.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa475.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa476.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa477.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa478.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa479.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa480.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa481.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa482.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa483.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa484.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa485.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa486.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa487.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa488.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa489.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa49.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa490.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa491.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1227,22 +1161,15 @@ zone "domainserverlawa495.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa496.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa497.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa498.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa499.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa50.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa500.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa501.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa502.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa503.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa504.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa505.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa506.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa507.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa508.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa509.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa51.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa510.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa511.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa513.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa514.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa515.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa516.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1251,10 +1178,8 @@ zone "domainserverlawa518.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa519.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa52.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa520.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa521.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa522.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa523.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa524.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa525.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa526.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa527.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1265,28 +1190,21 @@ zone "domainserverlawa530.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa531.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa532.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa533.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa534.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa535.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa536.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa537.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa538.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa539.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa54.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa540.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa541.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa542.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa543.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa544.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa545.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa546.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa547.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa548.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa549.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa550.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa551.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa552.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa553.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa554.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa555.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa556.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa557.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1296,9 +1214,7 @@ zone "domainserverlawa56.web.app" { type master; notify no; file "null.zone.file
 zone "domainserverlawa560.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa561.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa562.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa563.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa564.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa565.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa566.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa567.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa568.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1307,35 +1223,24 @@ zone "domainserverlawa57.web.app" { type master; notify no; file "null.zone.file
 zone "domainserverlawa570.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa571.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa572.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa573.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa574.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa575.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa576.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa577.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa578.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa579.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa58.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa580.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa581.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa582.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa583.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa584.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa585.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa586.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa587.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa588.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa589.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa59.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa590.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa591.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa592.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa593.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa594.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa595.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa596.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa597.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa598.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa599.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa60.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa600.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa601.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1343,25 +1248,18 @@ zone "domainserverlawa602.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa603.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa604.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa605.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa606.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa607.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa608.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa609.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa61.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa610.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa611.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa612.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa613.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa614.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa615.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa616.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa617.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa618.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa619.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa62.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa620.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa621.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa622.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa623.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa624.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa625.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1382,7 +1280,6 @@ zone "domainserverlawa638.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa639.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa64.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa640.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa641.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa642.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa643.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa644.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1398,11 +1295,6 @@ zone "domainserverlawa652.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa653.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa654.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa655.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa656.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa657.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa658.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa659.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa66.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa660.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa661.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa662.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1413,14 +1305,10 @@ zone "domainserverlawa666.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa667.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa668.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa669.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa67.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa670.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa671.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa672.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa673.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa674.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa675.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa676.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa677.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa678.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa679.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1428,12 +1316,8 @@ zone "domainserverlawa68.web.app" { type master; notify no; file "null.zone.file
 zone "domainserverlawa680.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa681.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa682.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa683.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa684.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa685.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa686.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa687.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa688.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa689.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa69.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa690.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1441,7 +1325,6 @@ zone "domainserverlawa691.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa692.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa693.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa694.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa695.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa696.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa697.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa698.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1452,15 +1335,11 @@ zone "domainserverlawa701.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa702.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa703.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa704.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa705.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa706.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa707.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa708.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa709.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa71.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa710.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa711.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa712.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa713.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa714.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa715.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1469,17 +1348,13 @@ zone "domainserverlawa717.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa718.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa719.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa72.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa720.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa721.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa722.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa723.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa724.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa725.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa726.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa727.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa728.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa729.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa73.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa730.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa731.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa732.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1492,31 +1367,22 @@ zone "domainserverlawa738.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa739.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa74.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa740.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa741.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa742.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa743.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa744.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa745.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa746.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa747.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa748.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa749.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa75.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa750.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa751.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa752.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa753.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa754.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa755.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa756.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa757.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa758.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa759.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa76.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa760.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa761.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa762.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa763.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa764.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa765.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa766.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1536,22 +1402,17 @@ zone "domainserverlawa778.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa779.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa78.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa780.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa781.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa782.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa783.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa784.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa785.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa786.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa787.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa788.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa789.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa79.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa790.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa791.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa792.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa793.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa794.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa795.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa796.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa797.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa798.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1560,7 +1421,6 @@ zone "domainserverlawa80.web.app" { type master; notify no; file "null.zone.file
 zone "domainserverlawa800.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa801.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa802.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa803.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa804.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa806.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa807.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1568,8 +1428,6 @@ zone "domainserverlawa808.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa809.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa81.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa810.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa811.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa812.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa813.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa814.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa815.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1583,7 +1441,6 @@ zone "domainserverlawa821.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa822.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa823.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa824.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa825.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa826.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa827.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa828.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1595,9 +1452,7 @@ zone "domainserverlawa832.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa833.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa834.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa835.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa836.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa837.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa838.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa839.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa84.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa840.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1605,29 +1460,21 @@ zone "domainserverlawa841.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa842.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa843.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa844.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa845.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa846.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa847.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa848.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa849.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa85.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa850.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa851.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa852.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa853.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa854.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa855.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa856.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa857.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa858.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa859.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa86.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa860.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa861.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa862.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa863.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa864.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa865.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa866.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa867.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa868.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1638,7 +1485,6 @@ zone "domainserverlawa871.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa872.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa873.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa874.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa875.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa877.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa878.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa879.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1646,9 +1492,7 @@ zone "domainserverlawa88.web.app" { type master; notify no; file "null.zone.file
 zone "domainserverlawa880.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa881.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa882.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa883.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa884.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa885.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa886.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa888.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa889.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1668,19 +1512,14 @@ zone "domainserverlawa901.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa902.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa903.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa904.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa905.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa906.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa907.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa908.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa909.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa91.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa910.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa911.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa912.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa913.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa914.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa915.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa916.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa917.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa918.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa92.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1689,22 +1528,14 @@ zone "domainserverlawa921.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa922.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa923.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa924.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa925.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa926.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa927.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa929.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa93.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa930.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa931.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa932.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa933.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa934.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa935.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa936.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa937.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa938.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa939.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa94.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa940.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa941.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa942.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1713,45 +1544,33 @@ zone "domainserverlawa944.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa945.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa946.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa947.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa948.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa949.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa95.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa950.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa951.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa952.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa953.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa954.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa955.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa957.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa958.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa959.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa96.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa960.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa961.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa962.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa963.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa964.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa965.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa966.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa967.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa968.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa969.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa97.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa970.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa971.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa972.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa973.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa974.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa975.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa976.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa977.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa978.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa979.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa98.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa980.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa981.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa982.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa983.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa984.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa985.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa986.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1761,14 +1580,11 @@ zone "domainserverlawa989.web.app" { type master; notify no; file "null.zone.fil
 zone "domainserverlawa99.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa990.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa991.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa992.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa993.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa994.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa995.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa996.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa997.web.app" { type master; notify no; file "null.zone.file"; };
-zone "domainserverlawa998.web.app" { type master; notify no; file "null.zone.file"; };
 zone "domainserverlawa999.web.app" { type master; notify no; file "null.zone.file"; };
+zone "donaidrsilcio.com" { type master; notify no; file "null.zone.file"; };
 zone "doooog.cn" { type master; notify no; file "null.zone.file"; };
 zone "dopeydog.co.nz" { type master; notify no; file "null.zone.file"; };
 zone "dorouscom.com" { type master; notify no; file "null.zone.file"; };
@@ -1776,20 +1592,20 @@ zone "douuodwoman.com" { type master; notify no; file "null.zone.file"; };
 zone "dowaba-s2dhl.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "doz.tode.cz" { type master; notify no; file "null.zone.file"; };
 zone "dpasdasfasfasfas.pages.dev" { type master; notify no; file "null.zone.file"; };
+zone "dpd-pl.566868.space" { type master; notify no; file "null.zone.file"; };
 zone "dpd-redelivery-uk.com" { type master; notify no; file "null.zone.file"; };
 zone "dpmasdaskj.pages.dev" { type master; notify no; file "null.zone.file"; };
 zone "dr-joannepeeler.com" { type master; notify no; file "null.zone.file"; };
 zone "dr3aq.byethost32.com" { type master; notify no; file "null.zone.file"; };
+zone "dreamhacker.pro" { type master; notify no; file "null.zone.file"; };
 zone "dreamotion-jp.com" { type master; notify no; file "null.zone.file"; };
 zone "drivingschoolglasgow.co.uk" { type master; notify no; file "null.zone.file"; };
 zone "drmarciovaleriano.com.br" { type master; notify no; file "null.zone.file"; };
-zone "dsadsadsa.diskstation.eu" { type master; notify no; file "null.zone.file"; };
 zone "dsgcbeonline.com" { type master; notify no; file "null.zone.file"; };
+zone "dskedirekt.web.app" { type master; notify no; file "null.zone.file"; };
 zone "dsp2codemdp.t.justns.ru" { type master; notify no; file "null.zone.file"; };
-zone "dswboot.cc" { type master; notify no; file "null.zone.file"; };
 zone "dtpprtmwbtudyquwgytcqcthzc-dot-gl44393333333.rj.r.appspot.com" { type master; notify no; file "null.zone.file"; };
 zone "dtrpsystasfasgas.pages.dev" { type master; notify no; file "null.zone.file"; };
-zone "duanemanor.tk" { type master; notify no; file "null.zone.file"; };
 zone "dukhovnist.in.ua" { type master; notify no; file "null.zone.file"; };
 zone "durecorpperu.com" { type master; notify no; file "null.zone.file"; };
 zone "dwrat.andalous.org" { type master; notify no; file "null.zone.file"; };
@@ -1803,7 +1619,6 @@ zone "e4ra.byethost8.com" { type master; notify no; file "null.zone.file"; };
 zone "e63q45f9h5fr.clickfunnels.com" { type master; notify no; file "null.zone.file"; };
 zone "eagleeyeapparel.com" { type master; notify no; file "null.zone.file"; };
 zone "earth01.info" { type master; notify no; file "null.zone.file"; };
-zone "easy-webtdapp.com" { type master; notify no; file "null.zone.file"; };
 zone "easywalletfix.net" { type master; notify no; file "null.zone.file"; };
 zone "easywalletsfix.com" { type master; notify no; file "null.zone.file"; };
 zone "eba0200d0c.nxcli.net" { type master; notify no; file "null.zone.file"; };
@@ -1812,15 +1627,12 @@ zone "ebay.com.dashboard-seller.center" { type master; notify no; file "null.zon
 zone "eberhardtedwige.wixsite.com" { type master; notify no; file "null.zone.file"; };
 zone "ebuddynews.com" { type master; notify no; file "null.zone.file"; };
 zone "ec.snadc-oecddo.com" { type master; notify no; file "null.zone.file"; };
-zone "ecloanmoney.com" { type master; notify no; file "null.zone.file"; };
 zone "ecogreenjanitorial.com" { type master; notify no; file "null.zone.file"; };
 zone "ecomcrew.staging.wpengine.com" { type master; notify no; file "null.zone.file"; };
 zone "ecosteelsolution.ro" { type master; notify no; file "null.zone.file"; };
-zone "editpdfonline.tk" { type master; notify no; file "null.zone.file"; };
 zone "edje.com" { type master; notify no; file "null.zone.file"; };
 zone "edukickmexico.com" { type master; notify no; file "null.zone.file"; };
 zone "ee-sms.co.uk" { type master; notify no; file "null.zone.file"; };
-zone "ee.mseocri.com" { type master; notify no; file "null.zone.file"; };
 zone "ee.scicemecod.com" { type master; notify no; file "null.zone.file"; };
 zone "efarms.com.ng" { type master; notify no; file "null.zone.file"; };
 zone "eharmonyservice.com" { type master; notify no; file "null.zone.file"; };
@@ -1843,7 +1655,6 @@ zone "emojis.dels.bar" { type master; notify no; file "null.zone.file"; };
 zone "emsi-lobo.firebaseapp.com" { type master; notify no; file "null.zone.file"; };
 zone "en-template-solicito-16414253314897.onepage.website" { type master; notify no; file "null.zone.file"; };
 zone "enbolivia.com" { type master; notify no; file "null.zone.file"; };
-zone "enchanting-guiltless-suede.glitch.me" { type master; notify no; file "null.zone.file"; };
 zone "encryptdrive.booogle.net" { type master; notify no; file "null.zone.file"; };
 zone "engcamp.org" { type master; notify no; file "null.zone.file"; };
 zone "enoman.fqzsdgtg.cn" { type master; notify no; file "null.zone.file"; };
@@ -1869,20 +1680,18 @@ zone "eth-coinwallet.net" { type master; notify no; file "null.zone.file"; };
 zone "eth.coinscout.cc" { type master; notify no; file "null.zone.file"; };
 zone "ethnictrendz.com" { type master; notify no; file "null.zone.file"; };
 zone "ets.jwr.pa-fakfak.go.id" { type master; notify no; file "null.zone.file"; };
-zone "etwtny.cf" { type master; notify no; file "null.zone.file"; };
 zone "eucriomeumundo.com" { type master; notify no; file "null.zone.file"; };
 zone "eugnerally-wixsite-com.filesusr.com" { type master; notify no; file "null.zone.file"; };
-zone "euraby.com" { type master; notify no; file "null.zone.file"; };
 zone "eusa-lombo.firebaseapp.com" { type master; notify no; file "null.zone.file"; };
 zone "evashoes.com.ua" { type master; notify no; file "null.zone.file"; };
+zone "even-besar-banget.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "even-ff-gratisterbaru2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "even-ff-terbarugratis2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
+zone "event-ff-bundle-baru.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "event-freefire728.duckdns.org" { type master; notify no; file "null.zone.file"; };
+zone "event-freeskkinmlbb.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "event-garenafreefire263.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "event-skin-resmi-2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "eventclaimfreefiregratis2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "eventclaimsff0.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "eventgarenafreefiremax2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
+zone "eventspinfreefire2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "everestmotors.com.np" { type master; notify no; file "null.zone.file"; };
 zone "evo-revolutioncups.com" { type master; notify no; file "null.zone.file"; };
 zone "evolbithman.web.app" { type master; notify no; file "null.zone.file"; };
@@ -1891,6 +1700,7 @@ zone "excelhana.com" { type master; notify no; file "null.zone.file"; };
 zone "exchange-pancakeswaps.com" { type master; notify no; file "null.zone.file"; };
 zone "exchangedictionary.com" { type master; notify no; file "null.zone.file"; };
 zone "exodlus.net" { type master; notify no; file "null.zone.file"; };
+zone "exodus-2022.com" { type master; notify no; file "null.zone.file"; };
 zone "exodus.com-wallet-signin.com" { type master; notify no; file "null.zone.file"; };
 zone "exodus.com-web-wallet-online.com" { type master; notify no; file "null.zone.file"; };
 zone "exodus.com.tccaponline.com" { type master; notify no; file "null.zone.file"; };
@@ -1902,6 +1712,7 @@ zone "extracash-interlbankonline.com" { type master; notify no; file "null.zone.
 zone "extracloud.com.au" { type master; notify no; file "null.zone.file"; };
 zone "ezblox.site" { type master; notify no; file "null.zone.file"; };
 zone "ezssausage.com" { type master; notify no; file "null.zone.file"; };
+zone "f2f.co.jp" { type master; notify no; file "null.zone.file"; };
 zone "f6fr7.codesandbox.io" { type master; notify no; file "null.zone.file"; };
 zone "f9w1lned0ruqblxi6jahwotak.filesusr.com" { type master; notify no; file "null.zone.file"; };
 zone "faccebook.azurewebsites.net" { type master; notify no; file "null.zone.file"; };
@@ -1916,7 +1727,10 @@ zone "facebook.com-r51znzih8i.isiolo.go.ke" { type master; notify no; file "null
 zone "facebook.com-zxsrf038k.isiolo.go.ke" { type master; notify no; file "null.zone.file"; };
 zone "facebook.eventspinff.wtf" { type master; notify no; file "null.zone.file"; };
 zone "facebook.kingstopup.com" { type master; notify no; file "null.zone.file"; };
+zone "facebook.whcserverbox.com" { type master; notify no; file "null.zone.file"; };
+zone "facebook8facebook.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "facebookk.azurewebsites.net" { type master; notify no; file "null.zone.file"; };
+zone "facebookphisher.herokuapp.com" { type master; notify no; file "null.zone.file"; };
 zone "facebooks.azurewebsites.net" { type master; notify no; file "null.zone.file"; };
 zone "faic.in" { type master; notify no; file "null.zone.file"; };
 zone "faizankhan0408.github.io" { type master; notify no; file "null.zone.file"; };
@@ -1930,20 +1744,21 @@ zone "fassilnet5.ultimatefreehost.in" { type master; notify no; file "null.zone.
 zone "fax.gruppobiesse.it" { type master; notify no; file "null.zone.file"; };
 zone "fb-case-id-28031803-fcdc-48af.web.app" { type master; notify no; file "null.zone.file"; };
 zone "fb-pages.proteksion-help.workers.dev" { type master; notify no; file "null.zone.file"; };
+zone "fb.10004682.review" { type master; notify no; file "null.zone.file"; };
 zone "fb.expressturkeyi.com" { type master; notify no; file "null.zone.file"; };
 zone "fb7927.bget.ru" { type master; notify no; file "null.zone.file"; };
 zone "fdasd.2e4jept.cn" { type master; notify no; file "null.zone.file"; };
 zone "fdhgf.xyz" { type master; notify no; file "null.zone.file"; };
-zone "feceboolk.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "federalaccesscredit.com" { type master; notify no; file "null.zone.file"; };
 zone "fedner.net" { type master; notify no; file "null.zone.file"; };
 zone "fer-brooks.top" { type master; notify no; file "null.zone.file"; };
 zone "feriadempleos.com" { type master; notify no; file "null.zone.file"; };
 zone "ferienhof-gempel.de" { type master; notify no; file "null.zone.file"; };
 zone "ff-anivesary225.duckdns.org" { type master; notify no; file "null.zone.file"; };
+zone "ff-member-ganena.com" { type master; notify no; file "null.zone.file"; };
 zone "ff-membership-garena.com" { type master; notify no; file "null.zone.file"; };
 zone "ff-membershipz-garena.ga" { type master; notify no; file "null.zone.file"; };
-zone "ff.membership.garenaj.vn" { type master; notify no; file "null.zone.file"; };
+zone "ff.members.garera.vn" { type master; notify no; file "null.zone.file"; };
 zone "ffim-event-2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "fghjr74rhudfguhtfguji.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "fi.uy" { type master; notify no; file "null.zone.file"; };
@@ -1952,7 +1767,6 @@ zone "fidelitybank-mn.net" { type master; notify no; file "null.zone.file"; };
 zone "fighting40s.com" { type master; notify no; file "null.zone.file"; };
 zone "fikir.id" { type master; notify no; file "null.zone.file"; };
 zone "fileundelete.net" { type master; notify no; file "null.zone.file"; };
-zone "filmkenner.com" { type master; notify no; file "null.zone.file"; };
 zone "filtrosmil.com.br" { type master; notify no; file "null.zone.file"; };
 zone "finalfantasyguide.co.uk" { type master; notify no; file "null.zone.file"; };
 zone "finiiishingedgex.tk" { type master; notify no; file "null.zone.file"; };
@@ -1967,13 +1781,14 @@ zone "fluksrv.mycpanel.rs" { type master; notify no; file "null.zone.file"; };
 zone "fmwebapp.azurewebsites.net" { type master; notify no; file "null.zone.file"; };
 zone "foliar.pl" { type master; notify no; file "null.zone.file"; };
 zone "foma-ura-lote.firebaseapp.com" { type master; notify no; file "null.zone.file"; };
+zone "foor1.com" { type master; notify no; file "null.zone.file"; };
+zone "for-pakage-delevry.tragaroleary.com" { type master; notify no; file "null.zone.file"; };
 zone "foresta-mod.firebaseapp.com" { type master; notify no; file "null.zone.file"; };
 zone "forhimself9999.co.vu" { type master; notify no; file "null.zone.file"; };
 zone "formbuddy.com" { type master; notify no; file "null.zone.file"; };
 zone "forms.formium.io" { type master; notify no; file "null.zone.file"; };
 zone "formtools.com" { type master; notify no; file "null.zone.file"; };
 zone "forum-dofus.com.co" { type master; notify no; file "null.zone.file"; };
-zone "foryour.gov-information.info" { type master; notify no; file "null.zone.file"; };
 zone "fpalpha.myportfolio.com" { type master; notify no; file "null.zone.file"; };
 zone "fpmaam.org" { type master; notify no; file "null.zone.file"; };
 zone "fr-europe564598-com.filesusr.com" { type master; notify no; file "null.zone.file"; };
@@ -1986,6 +1801,7 @@ zone "freefiredot-comerhadiah.duckdns.org" { type master; notify no; file "null.
 zone "freefireevent-codashop2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "freeitemff-allreward.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "freeliker.net" { type master; notify no; file "null.zone.file"; };
+zone "freereward-ff.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "frefire-membership-garena.sukienfreefire2021.top" { type master; notify no; file "null.zone.file"; };
 zone "freg-nine.pt" { type master; notify no; file "null.zone.file"; };
 zone "friendsofnechockey.com" { type master; notify no; file "null.zone.file"; };
@@ -2001,21 +1817,22 @@ zone "ftx.com.vn" { type master; notify no; file "null.zone.file"; };
 zone "ftx.cool" { type master; notify no; file "null.zone.file"; };
 zone "ftxbonus.site" { type master; notify no; file "null.zone.file"; };
 zone "funiswap.exchange" { type master; notify no; file "null.zone.file"; };
+zone "furgonetka-1.pl" { type master; notify no; file "null.zone.file"; };
 zone "fusionrestobar.cl" { type master; notify no; file "null.zone.file"; };
+zone "futurebits.in" { type master; notify no; file "null.zone.file"; };
+zone "fwztmgr.cn" { type master; notify no; file "null.zone.file"; };
 zone "fxhalifax.com" { type master; notify no; file "null.zone.file"; };
 zone "fxxmpavktyihgyqitmuaimubui-dot-gl44393333333.rj.r.appspot.com" { type master; notify no; file "null.zone.file"; };
 zone "g-mtcc.com" { type master; notify no; file "null.zone.file"; };
 zone "g.greatsubstance.com.my" { type master; notify no; file "null.zone.file"; };
 zone "ga.teesmith.shop" { type master; notify no; file "null.zone.file"; };
 zone "gabrielamims.com" { type master; notify no; file "null.zone.file"; };
-zone "gabung-grubnew1342.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "gagaclinic.com" { type master; notify no; file "null.zone.file"; };
 zone "gakrvwufrvhxjaabezdbltlhff-dot-gl44393333333.rj.r.appspot.com" { type master; notify no; file "null.zone.file"; };
 zone "gallciaonllne.webcindario.com" { type master; notify no; file "null.zone.file"; };
 zone "garena-xacminhtaikhoan.com" { type master; notify no; file "null.zone.file"; };
-zone "garenafreefire728.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "gastronomiarobertos.com" { type master; notify no; file "null.zone.file"; };
 zone "gasunige.mfs.gg" { type master; notify no; file "null.zone.file"; };
+zone "gbunggrup-pmrsatu13.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "gedfdfsd.eu" { type master; notify no; file "null.zone.file"; };
 zone "geg.li" { type master; notify no; file "null.zone.file"; };
 zone "generali-italia-ag.hrweb.it" { type master; notify no; file "null.zone.file"; };
@@ -2041,7 +1858,6 @@ zone "goldenlasgidi10.web.app" { type master; notify no; file "null.zone.file";
 zone "golkondaresorts.com" { type master; notify no; file "null.zone.file"; };
 zone "goo-gl.me" { type master; notify no; file "null.zone.file"; };
 zone "good12345.tripod.com" { type master; notify no; file "null.zone.file"; };
-zone "goofy-wozniak.192-210-226-164.plesk.page" { type master; notify no; file "null.zone.file"; };
 zone "gorol-cost.web.app" { type master; notify no; file "null.zone.file"; };
 zone "gorol-investor.web.app" { type master; notify no; file "null.zone.file"; };
 zone "gosafes.com" { type master; notify no; file "null.zone.file"; };
@@ -2051,39 +1867,28 @@ zone "gramarcales.com.br" { type master; notify no; file "null.zone.file"; };
 zone "greekinfra.com" { type master; notify no; file "null.zone.file"; };
 zone "greenclasses.in" { type master; notify no; file "null.zone.file"; };
 zone "grosshandel-mevida.de" { type master; notify no; file "null.zone.file"; };
-zone "group-mantap-seger.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "group-wa-1.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "groupbkep-vral15.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "groworldinternational.com" { type master; notify no; file "null.zone.file"; };
 zone "grp02.member.mycld-rakuten.info" { type master; notify no; file "null.zone.file"; };
-zone "grub-sangex.wikaba.com" { type master; notify no; file "null.zone.file"; };
-zone "grubgabung.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "grubnatajadeh12.duckdns.org" { type master; notify no; file "null.zone.file"; };
+zone "grubterbarukk037.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "grubviralterbaru65c.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "grup-bokephot-terbaru2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "grup-bokepviral4.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "grup-dwsa-indomesia845.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "grup-viral-seleb.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "grup-viralbokep111.myftp.org" { type master; notify no; file "null.zone.file"; };
-zone "grup-viralbokep2.ddns.net" { type master; notify no; file "null.zone.file"; };
+zone "gruo-wa-okep-dewasa-2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
+zone "grup-bokep-terbaru555.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "grup-whatsapp121.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "grup-whatsappbokep1.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "grup-whatsappbokep2.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "grupbokeppadacantik.duckdns.org" { type master; notify no; file "null.zone.file"; };
+zone "grup2022ssx.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "grupofsp.com.br" { type master; notify no; file "null.zone.file"; };
 zone "gruposanpio.com" { type master; notify no; file "null.zone.file"; };
-zone "gruptiktok.wikaba.com" { type master; notify no; file "null.zone.file"; };
-zone "grupviral-xx.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "grupviral109.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "grupviralterbaru.duckdns.org" { type master; notify no; file "null.zone.file"; };
+zone "grupwhatsaap-viral-2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "grupwhatsappnobar-2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "gscommunityspirit.greenschool.org" { type master; notify no; file "null.zone.file"; };
 zone "gstsolutions.online" { type master; notify no; file "null.zone.file"; };
+zone "gtw420.com" { type master; notify no; file "null.zone.file"; };
 zone "gunatanahku.perkimtan.sumbarprov.go.id" { type master; notify no; file "null.zone.file"; };
 zone "gurukanth.com" { type master; notify no; file "null.zone.file"; };
 zone "gwenet.org" { type master; notify no; file "null.zone.file"; };
-zone "gyfnqyk.cn" { type master; notify no; file "null.zone.file"; };
-zone "gymjaokhanakho.azurewebsites.net" { type master; notify no; file "null.zone.file"; };
 zone "habbocreditosparati.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "haftteam.ir" { type master; notify no; file "null.zone.file"; };
 zone "hahdaeupdate.es.tl" { type master; notify no; file "null.zone.file"; };
@@ -2100,19 +1905,18 @@ zone "hasseanhannitybeenwaterboarded.com" { type master; notify no; file "null.z
 zone "haunlimited.org" { type master; notify no; file "null.zone.file"; };
 zone "hcnprdvz.azureedge.net" { type master; notify no; file "null.zone.file"; };
 zone "hdmediahub.club" { type master; notify no; file "null.zone.file"; };
-zone "hdss-stream.org" { type master; notify no; file "null.zone.file"; };
 zone "heinthu1.github.io" { type master; notify no; file "null.zone.file"; };
 zone "hellenic-postbank.com" { type master; notify no; file "null.zone.file"; };
-zone "helloparis.co.uk" { type master; notify no; file "null.zone.file"; };
 zone "help-account-bxsfe.ondigitalocean.app" { type master; notify no; file "null.zone.file"; };
+zone "help-identity-recoveri-support-center.web.id" { type master; notify no; file "null.zone.file"; };
 zone "help-notice-center-identity-6532.web.id" { type master; notify no; file "null.zone.file"; };
 zone "help.insecur.saftyalert.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "help.validation-page.workers.dev" { type master; notify no; file "null.zone.file"; };
+zone "helpingcentere.com" { type master; notify no; file "null.zone.file"; };
 zone "henan.vxim58i.cn" { type master; notify no; file "null.zone.file"; };
 zone "hermes.parcel-tracker.com" { type master; notify no; file "null.zone.file"; };
 zone "hetershaven.net" { type master; notify no; file "null.zone.file"; };
 zone "heuristic-gagarin.45-88-108-231.plesk.page" { type master; notify no; file "null.zone.file"; };
-zone "hfemail.ntneancns.com" { type master; notify no; file "null.zone.file"; };
 zone "hgda.db0u4hs.cn" { type master; notify no; file "null.zone.file"; };
 zone "hgdaa.lfoxcct.cn" { type master; notify no; file "null.zone.file"; };
 zone "hghgda.erjl0hx.cn" { type master; notify no; file "null.zone.file"; };
@@ -2127,18 +1931,15 @@ zone "hifly38926.top" { type master; notify no; file "null.zone.file"; };
 zone "hifly39091.top" { type master; notify no; file "null.zone.file"; };
 zone "hifly61215.top" { type master; notify no; file "null.zone.file"; };
 zone "hifly71191.top" { type master; notify no; file "null.zone.file"; };
-zone "hikaheal.com" { type master; notify no; file "null.zone.file"; };
 zone "himalayansherpa.com.au" { type master; notify no; file "null.zone.file"; };
 zone "himbauane.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "hitman71hd-wixsite-com.filesusr.com" { type master; notify no; file "null.zone.file"; };
-zone "hjhjjhjhjh.pagedemo.co" { type master; notify no; file "null.zone.file"; };
 zone "hockian.com" { type master; notify no; file "null.zone.file"; };
 zone "holobeam.000webhostapp.com" { type master; notify no; file "null.zone.file"; };
 zone "home.ei1ns.de" { type master; notify no; file "null.zone.file"; };
 zone "home.myfairpoint.net" { type master; notify no; file "null.zone.file"; };
 zone "homepichilinea2.webcindario.com" { type master; notify no; file "null.zone.file"; };
 zone "homesinlogin.com" { type master; notify no; file "null.zone.file"; };
-zone "homestaylongho.com" { type master; notify no; file "null.zone.file"; };
 zone "hostnix.net" { type master; notify no; file "null.zone.file"; };
 zone "hostpoint.ch.17a902ef.tcorner.fr" { type master; notify no; file "null.zone.file"; };
 zone "hotbrooks.com" { type master; notify no; file "null.zone.file"; };
@@ -2151,6 +1952,7 @@ zone "hpplotters.in" { type master; notify no; file "null.zone.file"; };
 zone "hs-giveaways.ca" { type master; notify no; file "null.zone.file"; };
 zone "ht-cargo.com.vn" { type master; notify no; file "null.zone.file"; };
 zone "htlgroup.com.my" { type master; notify no; file "null.zone.file"; };
+zone "httpcom-0d4tol437.isiolo.go.ke" { type master; notify no; file "null.zone.file"; };
 zone "httpeugnerally-wixsite-com.filesusr.com" { type master; notify no; file "null.zone.file"; };
 zone "https-scert-con04.xyz" { type master; notify no; file "null.zone.file"; };
 zone "https-scert-srv02.xyz" { type master; notify no; file "null.zone.file"; };
@@ -2175,7 +1977,6 @@ zone "i.violationspage.validationspege.workers.dev" { type master; notify no; fi
 zone "ialvkqkadlmcdltczoqpwoociz-dot-gl44393333333.rj.r.appspot.com" { type master; notify no; file "null.zone.file"; };
 zone "ibpm.ru" { type master; notify no; file "null.zone.file"; };
 zone "icloud-map-live.com" { type master; notify no; file "null.zone.file"; };
-zone "icloudstatus.com.ng" { type master; notify no; file "null.zone.file"; };
 zone "icy.martulangbelulalng.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "idappswallets.com" { type master; notify no; file "null.zone.file"; };
 zone "identifiez-vous-avec-votre-compte.yolasite.com" { type master; notify no; file "null.zone.file"; };
@@ -2188,7 +1989,6 @@ zone "iframejld.avent-media.fr" { type master; notify no; file "null.zone.file";
 zone "ighk.umjlrs7uci2751.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "iipvit.by" { type master; notify no; file "null.zone.file"; };
 zone "ijcda.bukkats.cn" { type master; notify no; file "null.zone.file"; };
-zone "ijeioqhawdqioqho.weebly.com" { type master; notify no; file "null.zone.file"; };
 zone "ijhca.0gb0h7z.cn" { type master; notify no; file "null.zone.file"; };
 zone "ijjd.h8nmtcc.cn" { type master; notify no; file "null.zone.file"; };
 zone "ijmna.p2y00vd.cn" { type master; notify no; file "null.zone.file"; };
@@ -2199,23 +1999,25 @@ zone "ikcda.a2g5xvs.cn" { type master; notify no; file "null.zone.file"; };
 zone "ikcsa.ajiqvjf.cn" { type master; notify no; file "null.zone.file"; };
 zone "ikdff.jmo904i.cn" { type master; notify no; file "null.zone.file"; };
 zone "ikja.lbanwqp.cn" { type master; notify no; file "null.zone.file"; };
+zone "ikjcd.p1z98hl.cn" { type master; notify no; file "null.zone.file"; };
 zone "ikjd.uk0xnp8.cn" { type master; notify no; file "null.zone.file"; };
 zone "ikjgd.rg6bzk7.cn" { type master; notify no; file "null.zone.file"; };
 zone "ikmcd.u4jdbxm.cn" { type master; notify no; file "null.zone.file"; };
 zone "ikmxaa.qcqxlrq.cn" { type master; notify no; file "null.zone.file"; };
+zone "ilooksrare.com" { type master; notify no; file "null.zone.file"; };
 zone "iloveyourglasses.com" { type master; notify no; file "null.zone.file"; };
 zone "ilpconnect.org" { type master; notify no; file "null.zone.file"; };
+zone "image-pict-ig.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "imersao.impulseingles.com.br" { type master; notify no; file "null.zone.file"; };
 zone "imf0rm4t10nc3nt3r-1d3nt1tys.000webhostapp.com" { type master; notify no; file "null.zone.file"; };
-zone "imi-ksa.jajainfo.net" { type master; notify no; file "null.zone.file"; };
 zone "imobiliaria-cardinali-com-br.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "impostazionebper.000webhostapp.com" { type master; notify no; file "null.zone.file"; };
 zone "in.deraya.org" { type master; notify no; file "null.zone.file"; };
-zone "inaueab.com" { type master; notify no; file "null.zone.file"; };
 zone "indo-viral2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "info.lionnets.com" { type master; notify no; file "null.zone.file"; };
 zone "infohypesquad.com" { type master; notify no; file "null.zone.file"; };
 zone "infopichinchaweb.webcindario.com" { type master; notify no; file "null.zone.file"; };
+zone "information.safeamazoncardweb.cyou" { type master; notify no; file "null.zone.file"; };
 zone "informations.recovery.confiryourpage.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "infos00001.temp.swtest.ru" { type master; notify no; file "null.zone.file"; };
 zone "infosecplace.com" { type master; notify no; file "null.zone.file"; };
@@ -2228,16 +2030,16 @@ zone "inna.cedymll.cn" { type master; notify no; file "null.zone.file"; };
 zone "innca.ol90k56.cn" { type master; notify no; file "null.zone.file"; };
 zone "innovasjon.as" { type master; notify no; file "null.zone.file"; };
 zone "inps-ep.com" { type master; notify no; file "null.zone.file"; };
-zone "instagram-9.blogspot.com" { type master; notify no; file "null.zone.file"; };
-zone "instagramhelpp.agency" { type master; notify no; file "null.zone.file"; };
+zone "instahelppbaddge.ml" { type master; notify no; file "null.zone.file"; };
 zone "intellidata-analytica.com" { type master; notify no; file "null.zone.file"; };
-zone "interbankempresahome.rankforever.com" { type master; notify no; file "null.zone.file"; };
 zone "interbankempresas.pe-il.ru" { type master; notify no; file "null.zone.file"; };
+zone "interbankhomeweb.fullcircleteam.com" { type master; notify no; file "null.zone.file"; };
 zone "intern.unibas-com.ch" { type master; notify no; file "null.zone.file"; };
 zone "international-formulier.91-218-65-223.plesk.page" { type master; notify no; file "null.zone.file"; };
 zone "internetbanking-caixa-gov.xyz" { type master; notify no; file "null.zone.file"; };
 zone "internetbankinghelp.com" { type master; notify no; file "null.zone.file"; };
 zone "internetservicetech.com" { type master; notify no; file "null.zone.file"; };
+zone "intesalife.ie" { type master; notify no; file "null.zone.file"; };
 zone "intexargentina.com.ar" { type master; notify no; file "null.zone.file"; };
 zone "inthewildproductions.com" { type master; notify no; file "null.zone.file"; };
 zone "intoli.ru" { type master; notify no; file "null.zone.file"; };
@@ -2245,10 +2047,14 @@ zone "intrafloraplants.com" { type master; notify no; file "null.zone.file"; };
 zone "intranet.sztpe.info" { type master; notify no; file "null.zone.file"; };
 zone "investpl.work" { type master; notify no; file "null.zone.file"; };
 zone "iplogger.info" { type master; notify no; file "null.zone.file"; };
+zone "iqwea.soxr0u1.cn" { type master; notify no; file "null.zone.file"; };
 zone "ironmantech.shop" { type master; notify no; file "null.zone.file"; };
-zone "irs-gov.us-get-funds-assistance.com" { type master; notify no; file "null.zone.file"; };
+zone "irs-gov-supportcenters.com" { type master; notify no; file "null.zone.file"; };
+zone "irs.gov-coronavirus-pandemic-tax-refund-submission.com" { type master; notify no; file "null.zone.file"; };
+zone "ise.com.ar" { type master; notify no; file "null.zone.file"; };
 zone "isfirsatibul.com" { type master; notify no; file "null.zone.file"; };
 zone "ismamorlin.my-place.us" { type master; notify no; file "null.zone.file"; };
+zone "isntagranmeta.pagedemo.co" { type master; notify no; file "null.zone.file"; };
 zone "istudyalumni.com" { type master; notify no; file "null.zone.file"; };
 zone "it-europe564598-com.filesusr.com" { type master; notify no; file "null.zone.file"; };
 zone "it.melnikhotels.com" { type master; notify no; file "null.zone.file"; };
@@ -2260,6 +2066,12 @@ zone "iuhs.tyopfhn.cn" { type master; notify no; file "null.zone.file"; };
 zone "iujdas.yfwxlc9.cn" { type master; notify no; file "null.zone.file"; };
 zone "iuyydd.ebeg6uk.cn" { type master; notify no; file "null.zone.file"; };
 zone "j9w77d0.cn" { type master; notify no; file "null.zone.file"; };
+zone "jacco.co.jp-service-tranid-0001-00001m.jtlctj.cn" { type master; notify no; file "null.zone.file"; };
+zone "jacco.co.jp-service-tranid-0001-00001m.jxbehx.cn" { type master; notify no; file "null.zone.file"; };
+zone "jacco.co.jp-service-tranid-0001-00001m.qyb59bk.cn" { type master; notify no; file "null.zone.file"; };
+zone "jacco.co.jp-service-tranid-0001-00001m.v8vxqi.cn" { type master; notify no; file "null.zone.file"; };
+zone "jacco.co.jp-service-tranid-0001-00001m.v9iasv.cn" { type master; notify no; file "null.zone.file"; };
+zone "jacco.co.jp-service-tranid-0001-00001m.vjsj3y.cn" { type master; notify no; file "null.zone.file"; };
 zone "jacobliston.com" { type master; notify no; file "null.zone.file"; };
 zone "jadaart.org" { type master; notify no; file "null.zone.file"; };
 zone "jagex-rewards.com" { type master; notify no; file "null.zone.file"; };
@@ -2271,31 +2083,31 @@ zone "jbwbzta.alfens8.cc" { type master; notify no; file "null.zone.file"; };
 zone "jeanbaileyrobor.com" { type master; notify no; file "null.zone.file"; };
 zone "jendelajogja.com" { type master; notify no; file "null.zone.file"; };
 zone "jerinja.github.io" { type master; notify no; file "null.zone.file"; };
-zone "jessicasproul.com" { type master; notify no; file "null.zone.file"; };
 zone "jetser-electrical-supply.business.site" { type master; notify no; file "null.zone.file"; };
-zone "jetstoop.top" { type master; notify no; file "null.zone.file"; };
 zone "jett.gator.site" { type master; notify no; file "null.zone.file"; };
 zone "jflkp.csb.app" { type master; notify no; file "null.zone.file"; };
 zone "jfovukvysqnglcjghfxncklqih-dot-gl44393333333.rj.r.appspot.com" { type master; notify no; file "null.zone.file"; };
 zone "jhda.wfdyk9p.cn" { type master; notify no; file "null.zone.file"; };
 zone "jhdd.fjcslad.cn" { type master; notify no; file "null.zone.file"; };
 zone "jhff.93oe0u9.cn" { type master; notify no; file "null.zone.file"; };
+zone "jhnd.0drhnjk.cn" { type master; notify no; file "null.zone.file"; };
 zone "jiwanramchemical.com" { type master; notify no; file "null.zone.file"; };
 zone "jjhcd.27ke98i.cn" { type master; notify no; file "null.zone.file"; };
 zone "jk99j.sbs" { type master; notify no; file "null.zone.file"; };
-zone "jkhkjjkjk.pagedemo.co" { type master; notify no; file "null.zone.file"; };
 zone "jlogine.com" { type master; notify no; file "null.zone.file"; };
+zone "jmcna.jiwayjc.cn" { type master; notify no; file "null.zone.file"; };
+zone "jmfykd.cyou" { type master; notify no; file "null.zone.file"; };
+zone "jncba.diiqsmm.cn" { type master; notify no; file "null.zone.file"; };
 zone "jnlope.tangguakrapekpuik.link" { type master; notify no; file "null.zone.file"; };
 zone "jnnc.grnxkoj.cn" { type master; notify no; file "null.zone.file"; };
 zone "job-type.com" { type master; notify no; file "null.zone.file"; };
 zone "jobs.job.com.bd" { type master; notify no; file "null.zone.file"; };
 zone "joecamera.net" { type master; notify no; file "null.zone.file"; };
 zone "john-ashley.de" { type master; notify no; file "null.zone.file"; };
-zone "join-chat-whatssap-viral-2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "join-group-wa2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "join-grub-bokep-gratis.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "join-grubkienzy849.duckdns.org" { type master; notify no; file "null.zone.file"; };
-zone "join-whatsapp-tante-hot18.duckdns.org" { type master; notify no; file "null.zone.file"; };
+zone "join-group-1.duckdns.org" { type master; notify no; file "null.zone.file"; };
+zone "join-gruo-waku282.duckdns.org" { type master; notify no; file "null.zone.file"; };
+zone "joinedprice.com" { type master; notify no; file "null.zone.file"; };
+zone "joingrupku183.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "joingrupp-bkep156.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "joingrupterbaru-0.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "joinlinkviral729.duckdns.org" { type master; notify no; file "null.zone.file"; };
@@ -2303,12 +2115,14 @@ zone "joinssgropshot18.duckdns.org" { type master; notify no; file "null.zone.fi
 zone "joinssgropssney6.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "jow-japan.or.jp" { type master; notify no; file "null.zone.file"; };
 zone "joyeriajireh.com.mx" { type master; notify no; file "null.zone.file"; };
-zone "jp-bnnk.japappoit.asdwb.xyz" { type master; notify no; file "null.zone.file"; };
-zone "jp-bnnk.japappoit.asdwd.xyz" { type master; notify no; file "null.zone.file"; };
+zone "jp-auid.com" { type master; notify no; file "null.zone.file"; };
+zone "jp.mercari.omany.buzz" { type master; notify no; file "null.zone.file"; };
 zone "jptechdocsign.net" { type master; notify no; file "null.zone.file"; };
 zone "jrhayley.plus.com" { type master; notify no; file "null.zone.file"; };
 zone "juandfar.github.io" { type master; notify no; file "null.zone.file"; };
+zone "jurisgeneral.com" { type master; notify no; file "null.zone.file"; };
 zone "jurlebedev.ru" { type master; notify no; file "null.zone.file"; };
+zone "juscook.com" { type master; notify no; file "null.zone.file"; };
 zone "justgot.gonevis.com" { type master; notify no; file "null.zone.file"; };
 zone "justsayingbro.com" { type master; notify no; file "null.zone.file"; };
 zone "jvk.zultifarza.workers.dev" { type master; notify no; file "null.zone.file"; };
@@ -2316,6 +2130,7 @@ zone "jyeue43rm95p.clickfunnels.com" { type master; notify no; file "null.zone.f
 zone "jz2bab.webwave.dev" { type master; notify no; file "null.zone.file"; };
 zone "k3ja6d.webwave.dev" { type master; notify no; file "null.zone.file"; };
 zone "kaamwalibais.co.in" { type master; notify no; file "null.zone.file"; };
+zone "kachinas.be" { type master; notify no; file "null.zone.file"; };
 zone "kamdhenurealities.com" { type master; notify no; file "null.zone.file"; };
 zone "kargonova.com" { type master; notify no; file "null.zone.file"; };
 zone "kartaltepespor.com" { type master; notify no; file "null.zone.file"; };
@@ -2327,9 +2142,11 @@ zone "kdhdf34j6dfh.dealerwebsite.com" { type master; notify no; file "null.zone.
 zone "kdlscaffolding.co.uk" { type master; notify no; file "null.zone.file"; };
 zone "kecc.com" { type master; notify no; file "null.zone.file"; };
 zone "kecmanijada.com" { type master; notify no; file "null.zone.file"; };
+zone "kedai-gamers.com" { type master; notify no; file "null.zone.file"; };
 zone "keep-passw0rd-supp0rt20211129-0106.supp0rtaaqkadq2zgnizte3ltbly2etnge5yi05ntm3lty2yjcwyzywzdjhmwa.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "keepactive-8k98-l9k8-98j8-98j78u-d3d3-fr3d34d-2.pages.dev" { type master; notify no; file "null.zone.file"; };
 zone "keepboxactive-msoe3e3-osd2rrf432-d342f4-3f34e32edetferef.pages.dev" { type master; notify no; file "null.zone.file"; };
+zone "kenanhusovic.com" { type master; notify no; file "null.zone.file"; };
 zone "kevinsmovingservice.com" { type master; notify no; file "null.zone.file"; };
 zone "kex81.sbs" { type master; notify no; file "null.zone.file"; };
 zone "key-drcp.com" { type master; notify no; file "null.zone.file"; };
@@ -2353,12 +2170,12 @@ zone "konfirmasi-identitas-2022.webnode.page" { type master; notify no; file "nu
 zone "konnect2kamadhenu.com" { type master; notify no; file "null.zone.file"; };
 zone "koteng.odoo.com" { type master; notify no; file "null.zone.file"; };
 zone "kr-bithumb.web.app" { type master; notify no; file "null.zone.file"; };
-zone "kraftongame.net" { type master; notify no; file "null.zone.file"; };
 zone "krupije.com" { type master; notify no; file "null.zone.file"; };
 zone "krx887.com" { type master; notify no; file "null.zone.file"; };
 zone "ksschool.org.in" { type master; notify no; file "null.zone.file"; };
 zone "kuchkuchnights.com" { type master; notify no; file "null.zone.file"; };
 zone "kurortnoye.com.ua" { type master; notify no; file "null.zone.file"; };
+zone "ky79.com" { type master; notify no; file "null.zone.file"; };
 zone "l-abe.com" { type master; notify no; file "null.zone.file"; };
 zone "l-q.in" { type master; notify no; file "null.zone.file"; };
 zone "lambdaweb.info" { type master; notify no; file "null.zone.file"; };
@@ -2380,16 +2197,17 @@ zone "leadershipmail.org" { type master; notify no; file "null.zone.file"; };
 zone "learningimpactmodel.com" { type master; notify no; file "null.zone.file"; };
 zone "leboncoiinlbc.000webhostapp.com" { type master; notify no; file "null.zone.file"; };
 zone "leboncoin.delivery01588.icu" { type master; notify no; file "null.zone.file"; };
+zone "lefaf77683.temp.swtest.ru" { type master; notify no; file "null.zone.file"; };
 zone "lemeiesta.com" { type master; notify no; file "null.zone.file"; };
 zone "lenagruessdich.net" { type master; notify no; file "null.zone.file"; };
 zone "leroycu.ca" { type master; notify no; file "null.zone.file"; };
+zone "letoptuswebmail-9b69f0.ingress-comporellon.easywp.com" { type master; notify no; file "null.zone.file"; };
 zone "lettertracing4kids.com" { type master; notify no; file "null.zone.file"; };
 zone "lexnotes.com.ng" { type master; notify no; file "null.zone.file"; };
-zone "lg-bluebadgecenter.ml" { type master; notify no; file "null.zone.file"; };
 zone "lg-onecom-io.web.app" { type master; notify no; file "null.zone.file"; };
 zone "liberasrl.it" { type master; notify no; file "null.zone.file"; };
 zone "lihi3.cc" { type master; notify no; file "null.zone.file"; };
-zone "linkcontract.tech" { type master; notify no; file "null.zone.file"; };
+zone "linkgrupkakak-disini.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "liongear.com" { type master; notify no; file "null.zone.file"; };
 zone "lirc.cep.edu.vn" { type master; notify no; file "null.zone.file"; };
 zone "little-frost-1a15.chrisc11004842.workers.dev" { type master; notify no; file "null.zone.file"; };
@@ -2413,28 +2231,33 @@ zone "lloydsbank.secure-online-deregister.com" { type master; notify no; file "n
 zone "lloydsbank.secure-personal-device-login.com" { type master; notify no; file "null.zone.file"; };
 zone "lloyduk-newdevice-registered-online.com" { type master; notify no; file "null.zone.file"; };
 zone "llsckhuhskcamuqwbonsrhwpvk-dot-gl44393333333.rj.r.appspot.com" { type master; notify no; file "null.zone.file"; };
+zone "lmbanang.pgryuangbtusngka.link" { type master; notify no; file "null.zone.file"; };
 zone "lnkd.dev" { type master; notify no; file "null.zone.file"; };
 zone "lnterbancape-lbk.com" { type master; notify no; file "null.zone.file"; };
 zone "lnterbank.pe.starneonsignsug.com" { type master; notify no; file "null.zone.file"; };
+zone "local-postoffice-deliver.com" { type master; notify no; file "null.zone.file"; };
 zone "localwithg.com" { type master; notify no; file "null.zone.file"; };
 zone "lockpichincha.webcindario.com" { type master; notify no; file "null.zone.file"; };
 zone "loengregkuetngferu.live" { type master; notify no; file "null.zone.file"; };
 zone "lofon-add.firebaseapp.com" { type master; notify no; file "null.zone.file"; };
 zone "loftywallet.com" { type master; notify no; file "null.zone.file"; };
+zone "logfuliz.web.app" { type master; notify no; file "null.zone.file"; };
 zone "login-a5x1ir9bkd0dfo9nrbe2akijf3ux35u2gard0djpitipusxxc8.website.yandexcloud.net" { type master; notify no; file "null.zone.file"; };
 zone "login-facebook18.webnode.page" { type master; notify no; file "null.zone.file"; };
 zone "login-live.com-s02.net" { type master; notify no; file "null.zone.file"; };
 zone "login-np6hh1hdf6csg7hcskopd44b7e7z4clqa8lput68g5abukevka.website.yandexcloud.net" { type master; notify no; file "null.zone.file"; };
 zone "login-postfinance.com" { type master; notify no; file "null.zone.file"; };
+zone "login-singaporee.apply-now-online-digital.com" { type master; notify no; file "null.zone.file"; };
 zone "login.dbs.webdbslistinonline.com" { type master; notify no; file "null.zone.file"; };
 zone "login.privategold.uytrtyuhij987.gowithapex.com" { type master; notify no; file "null.zone.file"; };
-zone "login.smbc.weddirecttop.com" { type master; notify no; file "null.zone.file"; };
 zone "logindhlaccess.dhlupdatelogin.workers.dev" { type master; notify no; file "null.zone.file"; };
+zone "loginnewatt.weebly.com" { type master; notify no; file "null.zone.file"; };
 zone "logverify-df12e-verify-1230-eu.web.app" { type master; notify no; file "null.zone.file"; };
 zone "loinesports.com" { type master; notify no; file "null.zone.file"; };
 zone "lomadesarrollos.mx" { type master; notify no; file "null.zone.file"; };
 zone "lombard11.eu" { type master; notify no; file "null.zone.file"; };
 zone "lot-lp-x.web.app" { type master; notify no; file "null.zone.file"; };
+zone "love.gos-box.com" { type master; notify no; file "null.zone.file"; };
 zone "lp.vp4.me" { type master; notify no; file "null.zone.file"; };
 zone "lrs.financial" { type master; notify no; file "null.zone.file"; };
 zone "lrs.foundation" { type master; notify no; file "null.zone.file"; };
@@ -2454,13 +2277,10 @@ zone "m.protc.safty-pege.workers.dev" { type master; notify no; file "null.zone.
 zone "m.recovery.safetyacount.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "m.recovery.saftypageupdate.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "m.salsomascard.top" { type master; notify no; file "null.zone.file"; };
-zone "m4-appcaixia.com" { type master; notify no; file "null.zone.file"; };
 zone "m42club.com" { type master; notify no; file "null.zone.file"; };
-zone "m5bundle.com" { type master; notify no; file "null.zone.file"; };
 zone "machineryzoneservice.com" { type master; notify no; file "null.zone.file"; };
 zone "macjakarta.com" { type master; notify no; file "null.zone.file"; };
 zone "macst.cc" { type master; notify no; file "null.zone.file"; };
-zone "madamailru.temp.swtest.ru" { type master; notify no; file "null.zone.file"; };
 zone "madens.com.pl" { type master; notify no; file "null.zone.file"; };
 zone "madrhinoconsulting.com" { type master; notify no; file "null.zone.file"; };
 zone "maestro.my.prod.dfg152.ru" { type master; notify no; file "null.zone.file"; };
@@ -2472,15 +2292,15 @@ zone "mail-account-verify-f4723.web.app" { type master; notify no; file "null.zo
 zone "mail-gmxaktualisierung.yolasite.com" { type master; notify no; file "null.zone.file"; };
 zone "mail-ovhcloud.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mail-ssocloud-srvr67yhguh.pages.dev" { type master; notify no; file "null.zone.file"; };
+zone "mail.atlanticeconcrete.com" { type master; notify no; file "null.zone.file"; };
 zone "mail.enrollmoreclientsbootcamp.com" { type master; notify no; file "null.zone.file"; };
-zone "mail.gov-taxid.completofyours.info" { type master; notify no; file "null.zone.file"; };
-zone "mail.grup-dwsa-indomesia845.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "mail.ims-fe.com" { type master; notify no; file "null.zone.file"; };
+zone "mail.kenanhusovic.com" { type master; notify no; file "null.zone.file"; };
 zone "mail.kuttabalfatih.com" { type master; notify no; file "null.zone.file"; };
 zone "mail.santepluspharma.com" { type master; notify no; file "null.zone.file"; };
 zone "mail.sweetshopspecialtycoffee.com.au" { type master; notify no; file "null.zone.file"; };
-zone "mail.tariqalaraimi.com" { type master; notify no; file "null.zone.file"; };
 zone "mail.updateinfo-billingo2.com" { type master; notify no; file "null.zone.file"; };
+zone "mail.wellsfargous.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "mail.wheel1factory.net" { type master; notify no; file "null.zone.file"; };
 zone "mail.zenstream.com" { type master; notify no; file "null.zone.file"; };
 zone "maildomaiincheck1.web.app" { type master; notify no; file "null.zone.file"; };
@@ -2508,60 +2328,56 @@ zone "mailserver7656566.blob.core.windows.net" { type master; notify no; file "n
 zone "mailupdattee10.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee11.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee12.web.app" { type master; notify no; file "null.zone.file"; };
-zone "mailupdattee13.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee14.web.app" { type master; notify no; file "null.zone.file"; };
-zone "mailupdattee15.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee16.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee17.web.app" { type master; notify no; file "null.zone.file"; };
-zone "mailupdattee18.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee19.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee20.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee21.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee22.web.app" { type master; notify no; file "null.zone.file"; };
-zone "mailupdattee23.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee24.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee26.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee27.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee28.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee29.web.app" { type master; notify no; file "null.zone.file"; };
-zone "mailupdattee32.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee34.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee35.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee40.web.app" { type master; notify no; file "null.zone.file"; };
-zone "mailupdattee5.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee6.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee7.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mailupdattee8.web.app" { type master; notify no; file "null.zone.file"; };
-zone "mailupdattee9.web.app" { type master; notify no; file "null.zone.file"; };
+zone "mainbugerrorfixing.com" { type master; notify no; file "null.zone.file"; };
+zone "mainmobilerectify.live" { type master; notify no; file "null.zone.file"; };
+zone "mainsbscrestore.com" { type master; notify no; file "null.zone.file"; };
 zone "maintoken.org" { type master; notify no; file "null.zone.file"; };
-zone "mainwalletappconnect.com" { type master; notify no; file "null.zone.file"; };
 zone "makcts-go.ru" { type master; notify no; file "null.zone.file"; };
 zone "make-anon-keep-past.rvsla.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "mala-riba.com" { type master; notify no; file "null.zone.file"; };
 zone "malaprontaargentina.com.br" { type master; notify no; file "null.zone.file"; };
 zone "malehaenterprises.com" { type master; notify no; file "null.zone.file"; };
 zone "malukutenggarakab.go.id" { type master; notify no; file "null.zone.file"; };
+zone "mamasitasont.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "mandirilivinlinksystem.brizy.site" { type master; notify no; file "null.zone.file"; };
-zone "mandirilivinlinksystem2.brizy.site" { type master; notify no; file "null.zone.file"; };
 zone "mandirilivinlinksystem3.brizy.site" { type master; notify no; file "null.zone.file"; };
-zone "manthsedty.live" { type master; notify no; file "null.zone.file"; };
 zone "manualsync.com" { type master; notify no; file "null.zone.file"; };
+zone "maotun.xyz" { type master; notify no; file "null.zone.file"; };
 zone "mapsa.com.pe" { type master; notify no; file "null.zone.file"; };
+zone "marifilmines.ca" { type master; notify no; file "null.zone.file"; };
 zone "marinthe.poingaitongamlm.link" { type master; notify no; file "null.zone.file"; };
 zone "marketplace-axieinfinity.io" { type master; notify no; file "null.zone.file"; };
 zone "marketplace-axlelnfiniity.com" { type master; notify no; file "null.zone.file"; };
 zone "marketplace.facebook.com-1b6x8r3ep.isiolo.go.ke" { type master; notify no; file "null.zone.file"; };
 zone "marketplace.facebook.com-29ta3qbv.isiolo.go.ke" { type master; notify no; file "null.zone.file"; };
 zone "marketplace.facebook.com-hzup1bae.isiolo.go.ke" { type master; notify no; file "null.zone.file"; };
+zone "marketplace.facebook.com-izkbuxmx.isiolo.go.ke" { type master; notify no; file "null.zone.file"; };
 zone "marketplace.facebook.com-kq1oh2ae.isiolo.go.ke" { type master; notify no; file "null.zone.file"; };
+zone "marketplace.facebook.com-milt5ssm.isiolo.go.ke" { type master; notify no; file "null.zone.file"; };
 zone "marketplace.facebook.com-qze9zt75vm.isiolo.go.ke" { type master; notify no; file "null.zone.file"; };
 zone "marketplace.facebook.com-sauuvazpjo.isiolo.go.ke" { type master; notify no; file "null.zone.file"; };
 zone "marketplace.facebook.com-tyeuieb7.isiolo.go.ke" { type master; notify no; file "null.zone.file"; };
 zone "marketplace.facebook.com-wd5sulr0f5.isiolo.go.ke" { type master; notify no; file "null.zone.file"; };
 zone "marketplace.facebook.com-z1au8cxghl.isiolo.go.ke" { type master; notify no; file "null.zone.file"; };
 zone "marketplaceaxieinfiniity.com" { type master; notify no; file "null.zone.file"; };
-zone "marmardian.co.vu" { type master; notify no; file "null.zone.file"; };
-zone "marylkmatzenger.com" { type master; notify no; file "null.zone.file"; };
 zone "masdas0932.co.vu" { type master; notify no; file "null.zone.file"; };
 zone "masum.lawyer" { type master; notify no; file "null.zone.file"; };
 zone "match.lookatmynewphotos.com" { type master; notify no; file "null.zone.file"; };
@@ -2589,22 +2405,28 @@ zone "mercani.pomyt.info" { type master; notify no; file "null.zone.file"; };
 zone "mercariz.xyz" { type master; notify no; file "null.zone.file"; };
 zone "meremanovegabana.website2.me" { type master; notify no; file "null.zone.file"; };
 zone "mericarir.mbudeu.cn" { type master; notify no; file "null.zone.file"; };
-zone "mericarir.mg0gbo1.cn" { type master; notify no; file "null.zone.file"; };
+zone "mericarir.mednljn.cn" { type master; notify no; file "null.zone.file"; };
 zone "mericarir.mgeukpx.cn" { type master; notify no; file "null.zone.file"; };
 zone "mericarir.mglsffs.cn" { type master; notify no; file "null.zone.file"; };
-zone "mericarir.mksydb.cn" { type master; notify no; file "null.zone.file"; };
+zone "mericarir.mglxyul.cn" { type master; notify no; file "null.zone.file"; };
+zone "mericarir.mhgqdtv.cn" { type master; notify no; file "null.zone.file"; };
+zone "mericarir.mjrsrfo.cn" { type master; notify no; file "null.zone.file"; };
 zone "mericarir.mktbbr.cn" { type master; notify no; file "null.zone.file"; };
+zone "mericarir.mkxbqnu.cn" { type master; notify no; file "null.zone.file"; };
 zone "mericarir.mlyffa.cn" { type master; notify no; file "null.zone.file"; };
+zone "mericarir.mmsfzys.cn" { type master; notify no; file "null.zone.file"; };
 zone "mericarir.mnfjwy.cn" { type master; notify no; file "null.zone.file"; };
 zone "mericarir.mnheijt.cn" { type master; notify no; file "null.zone.file"; };
-zone "mericarir.mrzcafk.cn" { type master; notify no; file "null.zone.file"; };
 zone "mericarir.msnygk.cn" { type master; notify no; file "null.zone.file"; };
-zone "mericorci-logining.sfhs26r.lyb6srb.cn" { type master; notify no; file "null.zone.file"; };
+zone "mericarir.mtlrnzu.cn" { type master; notify no; file "null.zone.file"; };
+zone "mericarir.mukkwvc.cn" { type master; notify no; file "null.zone.file"; };
+zone "mericarir.mxsoecl.cn" { type master; notify no; file "null.zone.file"; };
 zone "meriocori-logining.2y3uio.pyqbas.cn" { type master; notify no; file "null.zone.file"; };
 zone "mestertignseekjet4.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "mestertignseekjet5.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "mestertignseekjet6.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "mestredaobra.com" { type master; notify no; file "null.zone.file"; };
+zone "meta-support-centers.ml" { type master; notify no; file "null.zone.file"; };
 zone "metalurgicagiom.com.br" { type master; notify no; file "null.zone.file"; };
 zone "metamasc.club" { type master; notify no; file "null.zone.file"; };
 zone "metamask-connect.com" { type master; notify no; file "null.zone.file"; };
@@ -2615,11 +2437,13 @@ zone "metamask-wallets.yahoosites.com" { type master; notify no; file "null.zone
 zone "metamask.cam" { type master; notify no; file "null.zone.file"; };
 zone "metamask.io-php.com" { type master; notify no; file "null.zone.file"; };
 zone "metamask.kiwi" { type master; notify no; file "null.zone.file"; };
+zone "metamask.loan" { type master; notify no; file "null.zone.file"; };
 zone "metamask.protocol-process.me" { type master; notify no; file "null.zone.file"; };
 zone "metamask.security-information.cc" { type master; notify no; file "null.zone.file"; };
 zone "metamask.social" { type master; notify no; file "null.zone.file"; };
 zone "metamask.wallets-reauth.net" { type master; notify no; file "null.zone.file"; };
 zone "metamaskdownloadandroid.xyz" { type master; notify no; file "null.zone.file"; };
+zone "metamaskextension.xyz" { type master; notify no; file "null.zone.file"; };
 zone "metamassklogins-us.tumblr.com" { type master; notify no; file "null.zone.file"; };
 zone "metaversepadapp.com" { type master; notify no; file "null.zone.file"; };
 zone "meusabor.com.br" { type master; notify no; file "null.zone.file"; };
@@ -2627,19 +2451,20 @@ zone "mfacebook.blogspot.com.cy" { type master; notify no; file "null.zone.file"
 zone "mfacebook.blogspot.lt" { type master; notify no; file "null.zone.file"; };
 zone "mfacebook.blogspot.rs" { type master; notify no; file "null.zone.file"; };
 zone "mgpskartarpur.com" { type master; notify no; file "null.zone.file"; };
+zone "mgrandroyale.com" { type master; notify no; file "null.zone.file"; };
 zone "mibancocrece.com.co" { type master; notify no; file "null.zone.file"; };
 zone "micacd.elshov.com" { type master; notify no; file "null.zone.file"; };
-zone "michaelxrandazzo.com" { type master; notify no; file "null.zone.file"; };
 zone "michiyado.com" { type master; notify no; file "null.zone.file"; };
 zone "microcav.square.site" { type master; notify no; file "null.zone.file"; };
 zone "microsoftonline.pages.dev" { type master; notify no; file "null.zone.file"; };
 zone "microsoftwebserver.mfs.gg" { type master; notify no; file "null.zone.file"; };
 zone "micuenta01.github.io" { type master; notify no; file "null.zone.file"; };
+zone "midasbuy1st.com" { type master; notify no; file "null.zone.file"; };
+zone "midsposc2.com" { type master; notify no; file "null.zone.file"; };
 zone "mijnics-actualisatie.185-236-231-64.plesk.page" { type master; notify no; file "null.zone.file"; };
-zone "mikhali.com" { type master; notify no; file "null.zone.file"; };
+zone "mikayelxhovakimyan.com" { type master; notify no; file "null.zone.file"; };
 zone "milanobet301.com" { type master; notify no; file "null.zone.file"; };
 zone "militarybikers.org" { type master; notify no; file "null.zone.file"; };
-zone "minamikaga.or.jp" { type master; notify no; file "null.zone.file"; };
 zone "mingming20160152.github.io" { type master; notify no; file "null.zone.file"; };
 zone "miozpro.com" { type master; notify no; file "null.zone.file"; };
 zone "miracdoviz.com" { type master; notify no; file "null.zone.file"; };
@@ -2669,16 +2494,17 @@ zone "mjaymvnlchrlbwjlcjizmxn0.filesusr.com" { type master; notify no; file "nul
 zone "mk2.ge" { type master; notify no; file "null.zone.file"; };
 zone "mkjiool.weebly.com" { type master; notify no; file "null.zone.file"; };
 zone "mnbxa.73kfer9.cn" { type master; notify no; file "null.zone.file"; };
+zone "mnbxcas.zm7wwar.cn" { type master; notify no; file "null.zone.file"; };
 zone "mncxx.qbeepor.cn" { type master; notify no; file "null.zone.file"; };
 zone "mnnbx.r1rpj09.cn" { type master; notify no; file "null.zone.file"; };
+zone "mnncxa.fwffsyt.cn" { type master; notify no; file "null.zone.file"; };
 zone "mobiile.systemredirect-pages.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link" { type master; notify no; file "null.zone.file"; };
-zone "mobil-singaporre.digital-online-login-opportunity.com" { type master; notify no; file "null.zone.file"; };
 zone "mobile-orange-forever.yolasite.com" { type master; notify no; file "null.zone.file"; };
 zone "mobile-portail.live" { type master; notify no; file "null.zone.file"; };
 zone "mobile.hedgesportst.me" { type master; notify no; file "null.zone.file"; };
-zone "moccasinyellowbetatest--josekkk.repl.co" { type master; notify no; file "null.zone.file"; };
 zone "moccasinyellowbetatest.josekkk.repl.co" { type master; notify no; file "null.zone.file"; };
 zone "modest-hertz.45-81-232-15.plesk.page" { type master; notify no; file "null.zone.file"; };
+zone "moiksys.com" { type master; notify no; file "null.zone.file"; };
 zone "mon-token.com" { type master; notify no; file "null.zone.file"; };
 zone "mon.espace.lcl.fr.certosini.info" { type master; notify no; file "null.zone.file"; };
 zone "monbudri.xyz" { type master; notify no; file "null.zone.file"; };
@@ -2693,6 +2519,7 @@ zone "montrealidiomas.com.br" { type master; notify no; file "null.zone.file"; }
 zone "monyeward.com" { type master; notify no; file "null.zone.file"; };
 zone "morcario.xyz" { type master; notify no; file "null.zone.file"; };
 zone "morfybox.com" { type master; notify no; file "null.zone.file"; };
+zone "movil.particulares-secure.com" { type master; notify no; file "null.zone.file"; };
 zone "mqzlsim.mindlogicinfotech.com" { type master; notify no; file "null.zone.file"; };
 zone "mrpitchman.com" { type master; notify no; file "null.zone.file"; };
 zone "msc-doelsach.at" { type master; notify no; file "null.zone.file"; };
@@ -2713,16 +2540,14 @@ zone "my-site219.yolasite.com" { type master; notify no; file "null.zone.file";
 zone "my.jcpwb.com" { type master; notify no; file "null.zone.file"; };
 zone "my.nhs-get-pass.com" { type master; notify no; file "null.zone.file"; };
 zone "my.paydi.login-index-home.x4typfc.cn" { type master; notify no; file "null.zone.file"; };
-zone "my.paydi.logining-nexy-home.en6cnm.asia" { type master; notify no; file "null.zone.file"; };
 zone "my02billing-login.com" { type master; notify no; file "null.zone.file"; };
-zone "myaccount.aol.wallat-billing.com.authlog.gq" { type master; notify no; file "null.zone.file"; };
+zone "mybeii.live" { type master; notify no; file "null.zone.file"; };
 zone "mycoerver.es" { type master; notify no; file "null.zone.file"; };
 zone "mygoogleaccount.stantrade.xyz" { type master; notify no; file "null.zone.file"; };
 zone "myjcb.cyyptoi.cn" { type master; notify no; file "null.zone.file"; };
 zone "myjcb.thxpj.cn" { type master; notify no; file "null.zone.file"; };
 zone "mymbg-aa2e2.web.app" { type master; notify no; file "null.zone.file"; };
 zone "mymeta-securearea.plesk07.zap-webspace.com" { type master; notify no; file "null.zone.file"; };
-zone "mymetamask-clientarea.185-236-231-227.plesk.page" { type master; notify no; file "null.zone.file"; };
 zone "mymweb-owner.at.ua" { type master; notify no; file "null.zone.file"; };
 zone "mypo-delivery.com" { type master; notify no; file "null.zone.file"; };
 zone "mypsm.psm.edu.mm" { type master; notify no; file "null.zone.file"; };
@@ -2734,7 +2559,6 @@ zone "mzqualitycleaning.com" { type master; notify no; file "null.zone.file"; };
 zone "n-naoko-0319.github.io" { type master; notify no; file "null.zone.file"; };
 zone "n.salsomascard.top" { type master; notify no; file "null.zone.file"; };
 zone "n26.sa-france.fr" { type master; notify no; file "null.zone.file"; };
-zone "n26servicetechnique.click" { type master; notify no; file "null.zone.file"; };
 zone "n7orton.com" { type master; notify no; file "null.zone.file"; };
 zone "nab-access-breach.com" { type master; notify no; file "null.zone.file"; };
 zone "nab-alert.mobi" { type master; notify no; file "null.zone.file"; };
@@ -2742,7 +2566,6 @@ zone "nab-www.303.si" { type master; notify no; file "null.zone.file"; };
 zone "naderkhani.ir" { type master; notify no; file "null.zone.file"; };
 zone "najboljeuslugezavas.betterservicesforyou.com" { type master; notify no; file "null.zone.file"; };
 zone "nalandaias.com" { type master; notify no; file "null.zone.file"; };
-zone "nalodke.com.ua" { type master; notify no; file "null.zone.file"; };
 zone "nanjing.itud167.cn" { type master; notify no; file "null.zone.file"; };
 zone "napgamelienquan.net" { type master; notify no; file "null.zone.file"; };
 zone "naranja-users.auth0.com" { type master; notify no; file "null.zone.file"; };
@@ -2757,8 +2580,10 @@ zone "natwest.secured-personal-verify.com" { type master; notify no; file "null.
 zone "nayablabs.com" { type master; notify no; file "null.zone.file"; };
 zone "nayameehomes.com" { type master; notify no; file "null.zone.file"; };
 zone "nbcc.0bit08a.cn" { type master; notify no; file "null.zone.file"; };
+zone "nbcd.xiu58rl.cn" { type master; notify no; file "null.zone.file"; };
 zone "nbcvs.gd65y69.cn" { type master; notify no; file "null.zone.file"; };
 zone "nbcxa.lctlfdq.cn" { type master; notify no; file "null.zone.file"; };
+zone "nbcxas.551awvr.cn" { type master; notify no; file "null.zone.file"; };
 zone "nbhjxa.hblhi96.cn" { type master; notify no; file "null.zone.file"; };
 zone "nbnonres.com" { type master; notify no; file "null.zone.file"; };
 zone "nbxaa.b1b6nac.cn" { type master; notify no; file "null.zone.file"; };
@@ -2770,12 +2595,9 @@ zone "ncgroup.club" { type master; notify no; file "null.zone.file"; };
 zone "necessitymag.com" { type master; notify no; file "null.zone.file"; };
 zone "nedbankqa.flowblocks.com" { type master; notify no; file "null.zone.file"; };
 zone "nedriw.xyz" { type master; notify no; file "null.zone.file"; };
-zone "neftlexi.com" { type master; notify no; file "null.zone.file"; };
 zone "negociebra.com.br" { type master; notify no; file "null.zone.file"; };
 zone "neptuneinnovations.com" { type master; notify no; file "null.zone.file"; };
 zone "netciti.id" { type master; notify no; file "null.zone.file"; };
-zone "netf1ix.us-891691712-local-781652.airalgeriecanada.ca" { type master; notify no; file "null.zone.file"; };
-zone "netfl-lixids938mailmealkas.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "netflix-techarmy.me" { type master; notify no; file "null.zone.file"; };
 zone "netflixus-uwm-916726-sbi-917827.kamaliakhaddar.pk" { type master; notify no; file "null.zone.file"; };
 zone "networksol-f35e7.web.app" { type master; notify no; file "null.zone.file"; };
@@ -2799,9 +2621,8 @@ zone "nhri.net" { type master; notify no; file "null.zone.file"; };
 zone "nhs.my-vaccine-status.com" { type master; notify no; file "null.zone.file"; };
 zone "niagarapower.com" { type master; notify no; file "null.zone.file"; };
 zone "nic-home.com" { type master; notify no; file "null.zone.file"; };
-zone "nisuper.com" { type master; notify no; file "null.zone.file"; };
 zone "nizotchauffage.bilty.be" { type master; notify no; file "null.zone.file"; };
-zone "nontonvidioviral2022nohoax.duckdns.org" { type master; notify no; file "null.zone.file"; };
+zone "nodesconnection.com" { type master; notify no; file "null.zone.file"; };
 zone "northlane.esy.es" { type master; notify no; file "null.zone.file"; };
 zone "notife.help.institutepages.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "notification-fb.secure-pages.workers.dev" { type master; notify no; file "null.zone.file"; };
@@ -2842,23 +2663,22 @@ zone "oidda.5s2iamp.cn" { type master; notify no; file "null.zone.file"; };
 zone "oijcd.qvjcddv.cn" { type master; notify no; file "null.zone.file"; };
 zone "oikca.smwceku.cn" { type master; notify no; file "null.zone.file"; };
 zone "oikcas.6b914ty.cn" { type master; notify no; file "null.zone.file"; };
+zone "oikcd.uf27ce8.cn" { type master; notify no; file "null.zone.file"; };
 zone "oikcxa.zvvx01z.cn" { type master; notify no; file "null.zone.file"; };
 zone "oivac.com" { type master; notify no; file "null.zone.file"; };
 zone "okcs.qj8yua.cn" { type master; notify no; file "null.zone.file"; };
 zone "okds.bbtlcve.cn" { type master; notify no; file "null.zone.file"; };
-zone "okep-terbaru-viral-2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
+zone "okep-viral-terbaru-terhist-2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "okmca.8xcrn6w.cn" { type master; notify no; file "null.zone.file"; };
 zone "okmca.bxkfham.cn" { type master; notify no; file "null.zone.file"; };
 zone "okmca.uwudagu.cn" { type master; notify no; file "null.zone.file"; };
 zone "okmxa.lfgpror.cn" { type master; notify no; file "null.zone.file"; };
 zone "okpwtu.webwave.dev" { type master; notify no; file "null.zone.file"; };
+zone "ol-run1.online" { type master; notify no; file "null.zone.file"; };
 zone "olidooo.waca.tw" { type master; notify no; file "null.zone.file"; };
 zone "olk.us7apye.cn" { type master; notify no; file "null.zone.file"; };
 zone "olmnxa.wc2ikux.cn" { type master; notify no; file "null.zone.file"; };
-zone "olx-pay-pl.pay-id22343.top" { type master; notify no; file "null.zone.file"; };
-zone "olx.saferegulatory.com" { type master; notify no; file "null.zone.file"; };
 zone "omesqiwines.de" { type master; notify no; file "null.zone.file"; };
-zone "omicronvariat.pagedemo.co" { type master; notify no; file "null.zone.file"; };
 zone "oncopharma-ae.com" { type master; notify no; file "null.zone.file"; };
 zone "onecreator.info" { type master; notify no; file "null.zone.file"; };
 zone "onedrive.zhaoge.workers.dev" { type master; notify no; file "null.zone.file"; };
@@ -2868,13 +2688,16 @@ zone "oneone-19cd8.web.app" { type master; notify no; file "null.zone.file"; };
 zone "oneone-a38ef.web.app" { type master; notify no; file "null.zone.file"; };
 zone "online-sistem.com" { type master; notify no; file "null.zone.file"; };
 zone "onlineasesor01.hostfree.pw" { type master; notify no; file "null.zone.file"; };
+zone "onlinebanking.unrecognised-new-payee.com" { type master; notify no; file "null.zone.file"; };
 zone "onlineffn2.temp.swtest.ru" { type master; notify no; file "null.zone.file"; };
+zone "onlineislemlersayfasivkfgirisicom.tk" { type master; notify no; file "null.zone.file"; };
+zone "onlinsfuco.temp.swtest.ru" { type master; notify no; file "null.zone.file"; };
 zone "onlysportplus.com" { type master; notify no; file "null.zone.file"; };
 zone "ooxvocalor.yolasite.com" { type master; notify no; file "null.zone.file"; };
 zone "opansea.live" { type master; notify no; file "null.zone.file"; };
 zone "open24.ie-tsb.email" { type master; notify no; file "null.zone.file"; };
+zone "operationroofingllc3.com" { type master; notify no; file "null.zone.file"; };
 zone "opticabattilana.com.ar" { type master; notify no; file "null.zone.file"; };
-zone "optika-anda.hr" { type master; notify no; file "null.zone.file"; };
 zone "ora-n.yolasite.com" { type master; notify no; file "null.zone.file"; };
 zone "orabu.it" { type master; notify no; file "null.zone.file"; };
 zone "orange-dcr.fr" { type master; notify no; file "null.zone.file"; };
@@ -2885,11 +2708,8 @@ zone "orange2k22.wixsite.com" { type master; notify no; file "null.zone.file"; }
 zone "orangeb191.temp.swtest.ru" { type master; notify no; file "null.zone.file"; };
 zone "orangess.contactin.bio" { type master; notify no; file "null.zone.file"; };
 zone "org-nr.yolasite.com" { type master; notify no; file "null.zone.file"; };
-zone "orlen-inwe.web.app" { type master; notify no; file "null.zone.file"; };
-zone "orlen-x.web.app" { type master; notify no; file "null.zone.file"; };
 zone "orlen.digital" { type master; notify no; file "null.zone.file"; };
 zone "ormantencs112.odoo.com" { type master; notify no; file "null.zone.file"; };
-zone "oryxcaracalsecurity.com" { type master; notify no; file "null.zone.file"; };
 zone "osis.world" { type master; notify no; file "null.zone.file"; };
 zone "otomoto-h229.net" { type master; notify no; file "null.zone.file"; };
 zone "otomoto3452.com" { type master; notify no; file "null.zone.file"; };
@@ -2898,6 +2718,7 @@ zone "oudczfbniitcqdsrmaapdztwqo-dot-gl44393333333.rj.r.appspot.com" { type mast
 zone "ourgarden.us" { type master; notify no; file "null.zone.file"; };
 zone "outlook1541489.webcindario.com" { type master; notify no; file "null.zone.file"; };
 zone "outlookcom119.yolasite.com" { type master; notify no; file "null.zone.file"; };
+zone "ouverturecompte.lbp-eer.fr" { type master; notify no; file "null.zone.file"; };
 zone "oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com" { type master; notify no; file "null.zone.file"; };
 zone "p1c.servleboncoinser.com" { type master; notify no; file "null.zone.file"; };
 zone "package2021.blogspot.ba" { type master; notify no; file "null.zone.file"; };
@@ -2905,7 +2726,6 @@ zone "package2021.blogspot.bg" { type master; notify no; file "null.zone.file";
 zone "package2021.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "page-restrict-case22456548.help" { type master; notify no; file "null.zone.file"; };
 zone "pages-1008009999700022199021.com" { type master; notify no; file "null.zone.file"; };
-zone "pages-1008097555214021.com" { type master; notify no; file "null.zone.file"; };
 zone "pages-alert-facebook.ezyro.com" { type master; notify no; file "null.zone.file"; };
 zone "pages-community-standart-2022.co" { type master; notify no; file "null.zone.file"; };
 zone "pages-marvelous-project.webflow.io" { type master; notify no; file "null.zone.file"; };
@@ -2914,11 +2734,11 @@ zone "pages-support-office-2021.tk" { type master; notify no; file "null.zone.fi
 zone "pages.secure-accts.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "pagesdetectscopyrightpostingactivitiesreported.co.vu" { type master; notify no; file "null.zone.file"; };
 zone "pagos.sinpemovil.cr" { type master; notify no; file "null.zone.file"; };
+zone "paidpapers.net" { type master; notify no; file "null.zone.file"; };
 zone "paleyeer.com" { type master; notify no; file "null.zone.file"; };
 zone "palmm.ps" { type master; notify no; file "null.zone.file"; };
 zone "pancaakesvap.com" { type master; notify no; file "null.zone.file"; };
 zone "pancake-sawp.com" { type master; notify no; file "null.zone.file"; };
-zone "pancake.ellipsis.finance" { type master; notify no; file "null.zone.file"; };
 zone "pancake7wop.com" { type master; notify no; file "null.zone.file"; };
 zone "pancakesawpes.com" { type master; notify no; file "null.zone.file"; };
 zone "pancakesfinances.info" { type master; notify no; file "null.zone.file"; };
@@ -2928,7 +2748,6 @@ zone "pancakeswap.men" { type master; notify no; file "null.zone.file"; };
 zone "pancakeswap.multi-wallet.info" { type master; notify no; file "null.zone.file"; };
 zone "pancakeswap.salsasourcing.com" { type master; notify no; file "null.zone.file"; };
 zone "pancakeswapes.company" { type master; notify no; file "null.zone.file"; };
-zone "pancakeswapex.com" { type master; notify no; file "null.zone.file"; };
 zone "pancakeswapexcgn.com" { type master; notify no; file "null.zone.file"; };
 zone "pancakeswapexch.com" { type master; notify no; file "null.zone.file"; };
 zone "pancakeswapexchage.com" { type master; notify no; file "null.zone.file"; };
@@ -2936,17 +2755,15 @@ zone "pancakeswapexchg.com" { type master; notify no; file "null.zone.file"; };
 zone "pancakeswappshop.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "pancaku-swap.com" { type master; notify no; file "null.zone.file"; };
 zone "pancalteswap.finance" { type master; notify no; file "null.zone.file"; };
+zone "panccakesswap.org" { type master; notify no; file "null.zone.file"; };
 zone "panckaceswap.finance" { type master; notify no; file "null.zone.file"; };
-zone "pancoke.com" { type master; notify no; file "null.zone.file"; };
 zone "pandaskin.ru.com" { type master; notify no; file "null.zone.file"; };
 zone "panelweb-4cae2.web.app" { type master; notify no; file "null.zone.file"; };
 zone "pankaceeswap.com" { type master; notify no; file "null.zone.file"; };
 zone "pankaceswapes.finance" { type master; notify no; file "null.zone.file"; };
 zone "pankakeswap.ledgity.com" { type master; notify no; file "null.zone.file"; };
 zone "pannelpub-benin.com" { type master; notify no; file "null.zone.file"; };
-zone "pansccakeswap.finance" { type master; notify no; file "null.zone.file"; };
 zone "pantazisezopiiuurmail1.web.app" { type master; notify no; file "null.zone.file"; };
-zone "pantekkalisakitkepalaku.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "parcel-support018.com" { type master; notify no; file "null.zone.file"; };
 zone "pardot.assemblecommunities.com" { type master; notify no; file "null.zone.file"; };
 zone "pasarbta.info" { type master; notify no; file "null.zone.file"; };
@@ -2957,6 +2774,7 @@ zone "pathospitals.com" { type master; notify no; file "null.zone.file"; };
 zone "patient-cell-40f5.updatedlogmylogin.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "patwise.co.in" { type master; notify no; file "null.zone.file"; };
 zone "paws.org.au" { type master; notify no; file "null.zone.file"; };
+zone "paxfulacct.com" { type master; notify no; file "null.zone.file"; };
 zone "paxfulmenu.com" { type master; notify no; file "null.zone.file"; };
 zone "pay-sera.web.app" { type master; notify no; file "null.zone.file"; };
 zone "pay16-olx.pl" { type master; notify no; file "null.zone.file"; };
@@ -2964,13 +2782,16 @@ zone "paymentnotificationnow.blogspot.com" { type master; notify no; file "null.
 zone "paypal-online-2deposits-paymentaccept.tk" { type master; notify no; file "null.zone.file"; };
 zone "paypal-opladen.be" { type master; notify no; file "null.zone.file"; };
 zone "paypalforex.co.ke" { type master; notify no; file "null.zone.file"; };
+zone "pbemail.youxiangdashui.com" { type master; notify no; file "null.zone.file"; };
 zone "pdf-cloud-document.weeblysite.com" { type master; notify no; file "null.zone.file"; };
 zone "pdf-sharefile-doc.weeblysite.com" { type master; notify no; file "null.zone.file"; };
 zone "pdflogincnvwo.app.link" { type master; notify no; file "null.zone.file"; };
 zone "pdfsecured.mystrikingly.com" { type master; notify no; file "null.zone.file"; };
 zone "peaceful-black.193-70-50-31.plesk.page" { type master; notify no; file "null.zone.file"; };
+zone "pedih.001www.com" { type master; notify no; file "null.zone.file"; };
 zone "pembatalanakundinonaktifkan.weebly.com" { type master; notify no; file "null.zone.file"; };
 zone "pencakecwap.com" { type master; notify no; file "null.zone.file"; };
+zone "pensive-payne-505e1a.netlify.app" { type master; notify no; file "null.zone.file"; };
 zone "perfectliker.net" { type master; notify no; file "null.zone.file"; };
 zone "peringatanakunfb2k214.webnode.com" { type master; notify no; file "null.zone.file"; };
 zone "phantom-walletweb.app" { type master; notify no; file "null.zone.file"; };
@@ -2996,7 +2817,8 @@ zone "pikay13.github.io" { type master; notify no; file "null.zone.file"; };
 zone "pilmezorda.temp.swtest.ru" { type master; notify no; file "null.zone.file"; };
 zone "pinchinchaverify.webcindario.com" { type master; notify no; file "null.zone.file"; };
 zone "pirana.co.rs" { type master; notify no; file "null.zone.file"; };
-zone "pl-swiatowe-wiadomosci.pl" { type master; notify no; file "null.zone.file"; };
+zone "pkobp.pl.justns.ru" { type master; notify no; file "null.zone.file"; };
+zone "pl-wiadomosciswiatowe.pl" { type master; notify no; file "null.zone.file"; };
 zone "pla1060604.nichost.ru" { type master; notify no; file "null.zone.file"; };
 zone "plan-o2-monthlypayments.com" { type master; notify no; file "null.zone.file"; };
 zone "planetaamor.org" { type master; notify no; file "null.zone.file"; };
@@ -3005,8 +2827,6 @@ zone "platinumserviceac.com" { type master; notify no; file "null.zone.file"; };
 zone "playgirlgold.com" { type master; notify no; file "null.zone.file"; };
 zone "ploferta.com" { type master; notify no; file "null.zone.file"; };
 zone "plugmailextraexpiredoldpolicynotificationscenter.pages.dev" { type master; notify no; file "null.zone.file"; };
-zone "plwiadomosciwszystkie.pl" { type master; notify no; file "null.zone.file"; };
-zone "po-deliver-fees.com" { type master; notify no; file "null.zone.file"; };
 zone "po-service-page.com" { type master; notify no; file "null.zone.file"; };
 zone "poc-rewards-program-c2dfc.web.app" { type master; notify no; file "null.zone.file"; };
 zone "podpiska-darom.ru" { type master; notify no; file "null.zone.file"; };
@@ -3023,6 +2843,7 @@ zone "poligrafiapias.com" { type master; notify no; file "null.zone.file"; };
 zone "polkadot-france.fr" { type master; notify no; file "null.zone.file"; };
 zone "polkastarter.app" { type master; notify no; file "null.zone.file"; };
 zone "polsd.pa0cpof.cn" { type master; notify no; file "null.zone.file"; };
+zone "polska-informacyjna.pl" { type master; notify no; file "null.zone.file"; };
 zone "polxa.uh8dg67.cn" { type master; notify no; file "null.zone.file"; };
 zone "polygon-pro.com" { type master; notify no; file "null.zone.file"; };
 zone "polygon-secure.com" { type master; notify no; file "null.zone.file"; };
@@ -3040,7 +2861,6 @@ zone "postch9192.cargo.site" { type master; notify no; file "null.zone.file"; };
 zone "postechsuivre.ileanamlaw.com" { type master; notify no; file "null.zone.file"; };
 zone "postnl.post-tracking-delivery.etelinfra.com" { type master; notify no; file "null.zone.file"; };
 zone "poww.6hkjmb.cn" { type master; notify no; file "null.zone.file"; };
-zone "ppkllp.com" { type master; notify no; file "null.zone.file"; };
 zone "ppnnttcc.ppcnthsc.me" { type master; notify no; file "null.zone.file"; };
 zone "precisionimpex.com" { type master; notify no; file "null.zone.file"; };
 zone "preg.dspearhead.com" { type master; notify no; file "null.zone.file"; };
@@ -3057,11 +2877,13 @@ zone "primecentral.jixinggaozhao2.shop" { type master; notify no; file "null.zon
 zone "primecentral.qiourn.shop" { type master; notify no; file "null.zone.file"; };
 zone "primeone.org" { type master; notify no; file "null.zone.file"; };
 zone "printtoner.com.mx" { type master; notify no; file "null.zone.file"; };
+zone "prism.net.in" { type master; notify no; file "null.zone.file"; };
 zone "privacy-update-page-prtections-association-recovry-secu.web.id" { type master; notify no; file "null.zone.file"; };
 zone "privacy-update-secu-recovry-page-protection-4565544.web.id" { type master; notify no; file "null.zone.file"; };
 zone "privacy-update-secu-recovry-page-protection-comunity-45.web.id" { type master; notify no; file "null.zone.file"; };
 zone "priyankasandokar1606.github.io" { type master; notify no; file "null.zone.file"; };
 zone "pro.icloudremovaltool.com" { type master; notify no; file "null.zone.file"; };
+zone "pro.systemine.xyz" { type master; notify no; file "null.zone.file"; };
 zone "procservautomatizacion.com" { type master; notify no; file "null.zone.file"; };
 zone "production.anon-rest-keep-reset.sales18130.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "production.anon-step-keep-object.sales18130.workers.dev" { type master; notify no; file "null.zone.file"; };
@@ -3075,6 +2897,7 @@ zone "production.try-murpheos-keep.sales18130.workers.dev" { type master; notify
 zone "production.twilight-darkness-9e4b.updatelogaccountprogramedrfwerwrdhscsw.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "project1-df3e9.web.app" { type master; notify no; file "null.zone.file"; };
 zone "projectlovewell.com" { type master; notify no; file "null.zone.file"; };
+zone "promashoppe.com" { type master; notify no; file "null.zone.file"; };
 zone "promehedinti.ro" { type master; notify no; file "null.zone.file"; };
 zone "promerica-sv.webcindario.com" { type master; notify no; file "null.zone.file"; };
 zone "promericalinea01.webcindario.com" { type master; notify no; file "null.zone.file"; };
@@ -3083,8 +2906,6 @@ zone "prosmate.com" { type master; notify no; file "null.zone.file"; };
 zone "prosxsiuser.myfreesites.net" { type master; notify no; file "null.zone.file"; };
 zone "prosys.poweredbygravit-e.co.uk" { type master; notify no; file "null.zone.file"; };
 zone "protect-4d56vca.surge.sh" { type master; notify no; file "null.zone.file"; };
-zone "proteczzguuaaardzzzpagess.000webhostapp.com" { type master; notify no; file "null.zone.file"; };
-zone "proteczzpagezzguarddzzz.000webhostapp.com" { type master; notify no; file "null.zone.file"; };
 zone "provodi.com" { type master; notify no; file "null.zone.file"; };
 zone "proximus-account.azurewebsites.net" { type master; notify no; file "null.zone.file"; };
 zone "ptxx.cc" { type master; notify no; file "null.zone.file"; };
@@ -3104,13 +2925,13 @@ zone "qhmqhgnfqbcoxkwamsioilhdmv-dot-gl44393333333.rj.r.appspot.com" { type mast
 zone "qsh74pekkv5e8.clickfunnels.com" { type master; notify no; file "null.zone.file"; };
 zone "qssa.x5yrlr.cn" { type master; notify no; file "null.zone.file"; };
 zone "quinaroja.com" { type master; notify no; file "null.zone.file"; };
+zone "quirky-jones.172-245-159-112.plesk.page" { type master; notify no; file "null.zone.file"; };
 zone "quotex-qx.com" { type master; notify no; file "null.zone.file"; };
 zone "qwas.nfi71vw.cn" { type master; notify no; file "null.zone.file"; };
 zone "qwea.wvhee0w.cn" { type master; notify no; file "null.zone.file"; };
 zone "qweas.hi5g95r.cn" { type master; notify no; file "null.zone.file"; };
 zone "qweas.p6rhddj.cn" { type master; notify no; file "null.zone.file"; };
 zone "qweas.zwfaclq.cn" { type master; notify no; file "null.zone.file"; };
-zone "qxluatbght.cfolks.pl" { type master; notify no; file "null.zone.file"; };
 zone "r3c31v30n3-1d3nt1ty.000webhostapp.com" { type master; notify no; file "null.zone.file"; };
 zone "rabellartz.de" { type master; notify no; file "null.zone.file"; };
 zone "rabofree.blogspot.com" { type master; notify no; file "null.zone.file"; };
@@ -3118,6 +2939,7 @@ zone "rabofree.blogspot.li" { type master; notify no; file "null.zone.file"; };
 zone "rackenfordlabs.com" { type master; notify no; file "null.zone.file"; };
 zone "racuten.nuef.info" { type master; notify no; file "null.zone.file"; };
 zone "radhikamd.github.io" { type master; notify no; file "null.zone.file"; };
+zone "rafbbmx.ga" { type master; notify no; file "null.zone.file"; };
 zone "rafbbmx.ml" { type master; notify no; file "null.zone.file"; };
 zone "raipurrussianescorts.com" { type master; notify no; file "null.zone.file"; };
 zone "rakoten-card.buogfbizkugf.gq" { type master; notify no; file "null.zone.file"; };
@@ -3128,17 +2950,12 @@ zone "raktuen.laobanlocker.com" { type master; notify no; file "null.zone.file";
 zone "rakuitan-card.info" { type master; notify no; file "null.zone.file"; };
 zone "rakuten.awjoadc.cn" { type master; notify no; file "null.zone.file"; };
 zone "rakuten.card.nuosreaoms.com" { type master; notify no; file "null.zone.file"; };
-zone "rakuten.card.uosmcoua.com" { type master; notify no; file "null.zone.file"; };
-zone "rakuthn.shop" { type master; notify no; file "null.zone.file"; };
-zone "rakuttm.shop" { type master; notify no; file "null.zone.file"; };
+zone "rakuten.co.jp.rakutenajp.xyz" { type master; notify no; file "null.zone.file"; };
 zone "ramgarhiamatrimonial.ca" { type master; notify no; file "null.zone.file"; };
 zone "rareelements.io" { type master; notify no; file "null.zone.file"; };
-zone "rasmer.fi" { type master; notify no; file "null.zone.file"; };
 zone "ratewatch.net" { type master; notify no; file "null.zone.file"; };
 zone "raycargo.com" { type master; notify no; file "null.zone.file"; };
 zone "raydiom.io" { type master; notify no; file "null.zone.file"; };
-zone "razcjjf.ga" { type master; notify no; file "null.zone.file"; };
-zone "razcjjf.ml" { type master; notify no; file "null.zone.file"; };
 zone "rbcmontgomery.com" { type master; notify no; file "null.zone.file"; };
 zone "rd8um.app.link" { type master; notify no; file "null.zone.file"; };
 zone "rdirtfuo6t.vov.ru" { type master; notify no; file "null.zone.file"; };
@@ -3147,9 +2964,9 @@ zone "re-redirection-acc-id923872635122.blogspot.com" { type master; notify no;
 zone "real-anon-keep-passing-word.rvsla.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "realestate-page-10843446024.expresspestcontrol.co.nz" { type master; notify no; file "null.zone.file"; };
 zone "realindiatravel.com" { type master; notify no; file "null.zone.file"; };
+zone "recibeya.tufacilmoneyonline.online" { type master; notify no; file "null.zone.file"; };
 zone "reconfirmpost287846656.us" { type master; notify no; file "null.zone.file"; };
 zone "recover-pages-media-problems-secur-782.web.id" { type master; notify no; file "null.zone.file"; };
-zone "recover-pages-secur-media-problems-393.web.id" { type master; notify no; file "null.zone.file"; };
 zone "recover-pages-secur-media-problems-397.web.id" { type master; notify no; file "null.zone.file"; };
 zone "recovery-chain.com" { type master; notify no; file "null.zone.file"; };
 zone "recovery-fb.secure-acct.workers.dev" { type master; notify no; file "null.zone.file"; };
@@ -3167,12 +2984,12 @@ zone "reglic.in" { type master; notify no; file "null.zone.file"; };
 zone "regularsweeps.xyz" { type master; notify no; file "null.zone.file"; };
 zone "reignbike.com" { type master; notify no; file "null.zone.file"; };
 zone "reikisadhna.com" { type master; notify no; file "null.zone.file"; };
+zone "rekoution.bcszxcd.shop" { type master; notify no; file "null.zone.file"; };
 zone "relevant.systems" { type master; notify no; file "null.zone.file"; };
 zone "remittance369297292749.goshly.com" { type master; notify no; file "null.zone.file"; };
 zone "renovkonstruksi.com" { type master; notify no; file "null.zone.file"; };
 zone "repl-mess.myfreesites.net" { type master; notify no; file "null.zone.file"; };
 zone "restore.exodusapp.ru" { type master; notify no; file "null.zone.file"; };
-zone "restoredabefore-com.filesusr.com" { type master; notify no; file "null.zone.file"; };
 zone "restorewallet-activation.net" { type master; notify no; file "null.zone.file"; };
 zone "retiro-extracash.com" { type master; notify no; file "null.zone.file"; };
 zone "retiro.cl" { type master; notify no; file "null.zone.file"; };
@@ -3200,7 +3017,6 @@ zone "roccobonheur1-my-cheetah-website-copy.cheetah.builderall.com" { type maste
 zone "roisnoob.github.io" { type master; notify no; file "null.zone.file"; };
 zone "rokulinktechnology.com" { type master; notify no; file "null.zone.file"; };
 zone "rolinadd.surveysparrow.com" { type master; notify no; file "null.zone.file"; };
-zone "romanceify.com" { type master; notify no; file "null.zone.file"; };
 zone "rondalowa.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "rondelbarrilito.com" { type master; notify no; file "null.zone.file"; };
 zone "ronin-help.com" { type master; notify no; file "null.zone.file"; };
@@ -3216,10 +3032,10 @@ zone "rplg.co" { type master; notify no; file "null.zone.file"; };
 zone "rrakutenn.co.jp.azii.cn" { type master; notify no; file "null.zone.file"; };
 zone "rrakutenn.co.jp.nanofresh.cn" { type master; notify no; file "null.zone.file"; };
 zone "rsujkblokqlyqfonpzgztejdji-dot-gl44393333333.rj.r.appspot.com" { type master; notify no; file "null.zone.file"; };
-zone "rufoxxy.com" { type master; notify no; file "null.zone.file"; };
 zone "runescape-info.com" { type master; notify no; file "null.zone.file"; };
+zone "runescapebonds.com" { type master; notify no; file "null.zone.file"; };
+zone "runescapeevents.com" { type master; notify no; file "null.zone.file"; };
 zone "ruth.martulangbelulalng.workers.dev" { type master; notify no; file "null.zone.file"; };
-zone "ryanicolehoward.com" { type master; notify no; file "null.zone.file"; };
 zone "rymproducciones.com" { type master; notify no; file "null.zone.file"; };
 zone "s-sarfati.co.il" { type master; notify no; file "null.zone.file"; };
 zone "s.macecri.com" { type master; notify no; file "null.zone.file"; };
@@ -3244,7 +3060,6 @@ zone "sanjilkumar.com" { type master; notify no; file "null.zone.file"; };
 zone "sankyo-rz.com" { type master; notify no; file "null.zone.file"; };
 zone "sanru.cd" { type master; notify no; file "null.zone.file"; };
 zone "santander.secured-auth-login.com" { type master; notify no; file "null.zone.file"; };
-zone "santanverifyfunction.com" { type master; notify no; file "null.zone.file"; };
 zone "santepluspharma.eclatmediasolution.website" { type master; notify no; file "null.zone.file"; };
 zone "santoshdangi.com.np" { type master; notify no; file "null.zone.file"; };
 zone "saritapariyar.com.np" { type master; notify no; file "null.zone.file"; };
@@ -3266,16 +3081,16 @@ zone "secure-boncoincontrol.net" { type master; notify no; file "null.zone.file"
 zone "secure-halifax-device.com" { type master; notify no; file "null.zone.file"; };
 zone "secure-mynew-devices.com" { type master; notify no; file "null.zone.file"; };
 zone "secure-runescape.xgm.rnp.mybluehost.me" { type master; notify no; file "null.zone.file"; };
-zone "secure-service-gateway.com" { type master; notify no; file "null.zone.file"; };
 zone "secure-zirox.s3.ap-southeast-2.amazonaws.com" { type master; notify no; file "null.zone.file"; };
 zone "secure.legalmetric.com" { type master; notify no; file "null.zone.file"; };
 zone "secure.oldschool.com-cl.ru" { type master; notify no; file "null.zone.file"; };
 zone "secure.oldschool.com-cu.ru" { type master; notify no; file "null.zone.file"; };
-zone "secure.oldschool.com-cv.ru" { type master; notify no; file "null.zone.file"; };
 zone "secure.oldschool.com-oz.ru" { type master; notify no; file "null.zone.file"; };
 zone "secure.oldschool.com-rsu.ru" { type master; notify no; file "null.zone.file"; };
+zone "secure.runescape.com-ak.ru" { type master; notify no; file "null.zone.file"; };
 zone "secure.runescape.com-as.cz" { type master; notify no; file "null.zone.file"; };
 zone "secure.runescape.com-az.ru" { type master; notify no; file "null.zone.file"; };
+zone "secure.runescape.com-ca.ru" { type master; notify no; file "null.zone.file"; };
 zone "secure.runescape.com-cl.ru" { type master; notify no; file "null.zone.file"; };
 zone "secure.runescape.com-co.ru" { type master; notify no; file "null.zone.file"; };
 zone "secure.runescape.com-cu.ru" { type master; notify no; file "null.zone.file"; };
@@ -3288,13 +3103,13 @@ zone "secure.runescape.com-vs.ru" { type master; notify no; file "null.zone.file
 zone "secure300.inmotionhosting.com" { type master; notify no; file "null.zone.file"; };
 zone "secure303.inmotionhosting.com" { type master; notify no; file "null.zone.file"; };
 zone "secure55.webhostinghub.com" { type master; notify no; file "null.zone.file"; };
-zone "secure7-servr01-log-in.4nmn.com" { type master; notify no; file "null.zone.file"; };
-zone "securee37-authen21.duckdns.org" { type master; notify no; file "null.zone.file"; };
+zone "secureaccount.ntflxauth.co" { type master; notify no; file "null.zone.file"; };
 zone "securegateway-ovhcloud.csl-sl.de" { type master; notify no; file "null.zone.file"; };
 zone "securelloyd-help-app.com" { type master; notify no; file "null.zone.file"; };
+zone "securewalletprotocol.online" { type master; notify no; file "null.zone.file"; };
 zone "security-page-community-standards.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "seguridad-oca.webcindario.com" { type master; notify no; file "null.zone.file"; };
-zone "seleb-indo.duckdns.org" { type master; notify no; file "null.zone.file"; };
+zone "seleccionperfil.xyz" { type master; notify no; file "null.zone.file"; };
 zone "selector26.gg" { type master; notify no; file "null.zone.file"; };
 zone "selector28.gg" { type master; notify no; file "null.zone.file"; };
 zone "sem.my-drs.co.uk" { type master; notify no; file "null.zone.file"; };
@@ -3304,7 +3119,7 @@ zone "sendung.eyecatch.ch" { type master; notify no; file "null.zone.file"; };
 zone "sergebubnin.space" { type master; notify no; file "null.zone.file"; };
 zone "sertyxese.myfreesites.net" { type master; notify no; file "null.zone.file"; };
 zone "server-networksolutions.web.app" { type master; notify no; file "null.zone.file"; };
-zone "serverprotocols.com" { type master; notify no; file "null.zone.file"; };
+zone "server221.security.coinbase.com.gdone.co.ke" { type master; notify no; file "null.zone.file"; };
 zone "servervalidationcheck103.web.app" { type master; notify no; file "null.zone.file"; };
 zone "servervalidationcheck104.web.app" { type master; notify no; file "null.zone.file"; };
 zone "servervalidationcheck105.web.app" { type master; notify no; file "null.zone.file"; };
@@ -3359,7 +3174,6 @@ zone "serviceinfo-securehost.duckdns.org" { type master; notify no; file "null.z
 zone "servicepage.service-page.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "servicepichincha.webcindario.com" { type master; notify no; file "null.zone.file"; };
 zone "services.runescape.com-as.cz" { type master; notify no; file "null.zone.file"; };
-zone "services.runescape.com-oc.ru" { type master; notify no; file "null.zone.file"; };
 zone "services.runescape.com-rse.ru" { type master; notify no; file "null.zone.file"; };
 zone "services.runescape.com-rsu.ru" { type master; notify no; file "null.zone.file"; };
 zone "servicesbancaire.com" { type master; notify no; file "null.zone.file"; };
@@ -3387,6 +3201,7 @@ zone "sharedtris.com" { type master; notify no; file "null.zone.file"; };
 zone "sharelink.sn.am" { type master; notify no; file "null.zone.file"; };
 zone "shayvardphoto.ir" { type master; notify no; file "null.zone.file"; };
 zone "shinex.lk" { type master; notify no; file "null.zone.file"; };
+zone "shippment2.temp.swtest.ru" { type master; notify no; file "null.zone.file"; };
 zone "shirhokos-mhalskbsiaoutfew43535.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "shirtshanger.com" { type master; notify no; file "null.zone.file"; };
 zone "shiye666.cn" { type master; notify no; file "null.zone.file"; };
@@ -3398,11 +3213,9 @@ zone "sidneyfcuorg.freshy.site" { type master; notify no; file "null.zone.file";
 zone "sign-trk.empressmd.com" { type master; notify no; file "null.zone.file"; };
 zone "signin-gcq7uwojrw58brcckylebjuy39nk2ivt65ol39k6ut6ura94zk.website.yandexcloud.net" { type master; notify no; file "null.zone.file"; };
 zone "signin-payeer.com" { type master; notify no; file "null.zone.file"; };
-zone "signin.eday.ed.ws.eday.ispi.dll.signin.using.ssl.hors-stade.com" { type master; notify no; file "null.zone.file"; };
-zone "silkroadwines.com" { type master; notify no; file "null.zone.file"; };
 zone "silpovsatb-ua.online" { type master; notify no; file "null.zone.file"; };
 zone "silverberrygroup.com" { type master; notify no; file "null.zone.file"; };
-zone "sim0nt0k-viral-terbaru-2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
+zone "simonecamposshop.com.br" { type master; notify no; file "null.zone.file"; };
 zone "simpkk.karanganyarkab.go.id" { type master; notify no; file "null.zone.file"; };
 zone "sindarspen.org.br" { type master; notify no; file "null.zone.file"; };
 zone "siporados15585.blogspot.com" { type master; notify no; file "null.zone.file"; };
@@ -3435,12 +3248,11 @@ zone "slavamel.github.io" { type master; notify no; file "null.zone.file"; };
 zone "sleepmaskz.com" { type master; notify no; file "null.zone.file"; };
 zone "slickparties.com" { type master; notify no; file "null.zone.file"; };
 zone "slmkufeckf.jon-jensen.workers.dev" { type master; notify no; file "null.zone.file"; };
-zone "slovenska-posta.sytes.net" { type master; notify no; file "null.zone.file"; };
 zone "slowlinebag.jp" { type master; notify no; file "null.zone.file"; };
 zone "sm.scicemecod.com" { type master; notify no; file "null.zone.file"; };
 zone "sm777.csb.app" { type master; notify no; file "null.zone.file"; };
+zone "smartfixconnect.live" { type master; notify no; file "null.zone.file"; };
 zone "smbc-accout.com" { type master; notify no; file "null.zone.file"; };
-zone "smbc-credit.shop" { type master; notify no; file "null.zone.file"; };
 zone "smbc-veaiana.com" { type master; notify no; file "null.zone.file"; };
 zone "smbcbc.com" { type master; notify no; file "null.zone.file"; };
 zone "smbccjp.shop" { type master; notify no; file "null.zone.file"; };
@@ -3448,10 +3260,11 @@ zone "smbcr.mrtka.info" { type master; notify no; file "null.zone.file"; };
 zone "smbcwodeqingguoshoujicojp.top" { type master; notify no; file "null.zone.file"; };
 zone "smeo.org.mx" { type master; notify no; file "null.zone.file"; };
 zone "smgolamalif.github.io" { type master; notify no; file "null.zone.file"; };
-zone "smirl.org" { type master; notify no; file "null.zone.file"; };
 zone "smkkesehatanjember.sch.id" { type master; notify no; file "null.zone.file"; };
 zone "smmsvocal.yolasite.com" { type master; notify no; file "null.zone.file"; };
+zone "smpn2jeruklegi.sch.id" { type master; notify no; file "null.zone.file"; };
 zone "sms-check.sc-q.top" { type master; notify no; file "null.zone.file"; };
+zone "sms-infos.d2tt.co" { type master; notify no; file "null.zone.file"; };
 zone "sms-shorter.com" { type master; notify no; file "null.zone.file"; };
 zone "smsbc-info5.com" { type master; notify no; file "null.zone.file"; };
 zone "smsenligne.myfreesites.net" { type master; notify no; file "null.zone.file"; };
@@ -3459,6 +3272,7 @@ zone "smsorangephonemail.myfreesites.net" { type master; notify no; file "null.z
 zone "smsorangesmsmessage.myfreesites.net" { type master; notify no; file "null.zone.file"; };
 zone "smss-mms.yolasite.com" { type master; notify no; file "null.zone.file"; };
 zone "smsverificationmms.myfreesites.net" { type master; notify no; file "null.zone.file"; };
+zone "smvbc-info.com" { type master; notify no; file "null.zone.file"; };
 zone "smwam.coms.cso.gov.tt" { type master; notify no; file "null.zone.file"; };
 zone "so.macecri.com" { type master; notify no; file "null.zone.file"; };
 zone "soaringskiesrentals.com" { type master; notify no; file "null.zone.file"; };
@@ -3471,7 +3285,6 @@ zone "sognointerno.com" { type master; notify no; file "null.zone.file"; };
 zone "solicitarfirmaelectronica-sv.com" { type master; notify no; file "null.zone.file"; };
 zone "solyanayakomnata.ru" { type master; notify no; file "null.zone.file"; };
 zone "sopac.org.py" { type master; notify no; file "null.zone.file"; };
-zone "soracoes.xyz" { type master; notify no; file "null.zone.file"; };
 zone "souaxwaoh.myfreesites.net" { type master; notify no; file "null.zone.file"; };
 zone "soude-masi.firebaseapp.com" { type master; notify no; file "null.zone.file"; };
 zone "soufsont.blogspot.com" { type master; notify no; file "null.zone.file"; };
@@ -3497,6 +3310,7 @@ zone "spirit.gtwozone.com" { type master; notify no; file "null.zone.file"; };
 zone "spk-entsperren.de" { type master; notify no; file "null.zone.file"; };
 zone "spk-jahreswechsel.com" { type master; notify no; file "null.zone.file"; };
 zone "spk-secure-de.com" { type master; notify no; file "null.zone.file"; };
+zone "spkfod.coms.cso.gov.tt" { type master; notify no; file "null.zone.file"; };
 zone "sport.protected-secur.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "sportshoes.top" { type master; notify no; file "null.zone.file"; };
 zone "sportybetpremium.wapka.co" { type master; notify no; file "null.zone.file"; };
@@ -3513,8 +3327,10 @@ zone "ssia.org.sg" { type master; notify no; file "null.zone.file"; };
 zone "ssl.dsl.isl.mll.aqmst6.stockestan.ir" { type master; notify no; file "null.zone.file"; };
 zone "sso-garena.com" { type master; notify no; file "null.zone.file"; };
 zone "sswebmail-4w5twsr.web.app" { type master; notify no; file "null.zone.file"; };
+zone "staffportal.uoz.edu.krd" { type master; notify no; file "null.zone.file"; };
 zone "stage.vannaryfowler.com" { type master; notify no; file "null.zone.file"; };
 zone "staging.eliteautomotive.com.au" { type master; notify no; file "null.zone.file"; };
+zone "standardcapbnk.com" { type master; notify no; file "null.zone.file"; };
 zone "standardupdatesupportandhelpcenter2021.ga" { type master; notify no; file "null.zone.file"; };
 zone "starforsure.com" { type master; notify no; file "null.zone.file"; };
 zone "starliker.net" { type master; notify no; file "null.zone.file"; };
@@ -3524,11 +3340,10 @@ zone "static-ak-fbcdn.atspace.com" { type master; notify no; file "null.zone.fil
 zone "static-dev.o2alerts.com" { type master; notify no; file "null.zone.file"; };
 zone "static-promote.weebly.com" { type master; notify no; file "null.zone.file"; };
 zone "status-dev.o2alerts.com" { type master; notify no; file "null.zone.file"; };
-zone "stbkcoltria.atwebpages.com" { type master; notify no; file "null.zone.file"; };
 zone "stclarechurch.net" { type master; notify no; file "null.zone.file"; };
 zone "steamcommunites.com" { type master; notify no; file "null.zone.file"; };
 zone "steamcommunitj.com" { type master; notify no; file "null.zone.file"; };
-zone "steamnitrof.com" { type master; notify no; file "null.zone.file"; };
+zone "steamcommunityk.com" { type master; notify no; file "null.zone.file"; };
 zone "steampoweredtrade.org" { type master; notify no; file "null.zone.file"; };
 zone "steampoweredtrades.org" { type master; notify no; file "null.zone.file"; };
 zone "stevemadden-sverige.com" { type master; notify no; file "null.zone.file"; };
@@ -3544,6 +3359,7 @@ zone "stjohnmarol.com" { type master; notify no; file "null.zone.file"; };
 zone "stjudes.in" { type master; notify no; file "null.zone.file"; };
 zone "stolizaparketa.ru" { type master; notify no; file "null.zone.file"; };
 zone "stollgroup.coms.cso.gov.tt" { type master; notify no; file "null.zone.file"; };
+zone "stomkinscommercial.com.aus.cso.gov.tt" { type master; notify no; file "null.zone.file"; };
 zone "storage.yandexcloud.net" { type master; notify no; file "null.zone.file"; };
 zone "storenike365.top" { type master; notify no; file "null.zone.file"; };
 zone "studio-lol.com" { type master; notify no; file "null.zone.file"; };
@@ -3558,13 +3374,11 @@ zone "suiviticket.co" { type master; notify no; file "null.zone.file"; };
 zone "sukien-pubgmoblevng.ga" { type master; notify no; file "null.zone.file"; };
 zone "sultan-raza.github.io" { type master; notify no; file "null.zone.file"; };
 zone "sumpandtankcleaners.in" { type master; notify no; file "null.zone.file"; };
-zone "sunami.pagedemo.co" { type master; notify no; file "null.zone.file"; };
 zone "sunbeltmembers.com" { type master; notify no; file "null.zone.file"; };
 zone "sunge-ode.firebaseapp.com" { type master; notify no; file "null.zone.file"; };
 zone "sunshineteam.in" { type master; notify no; file "null.zone.file"; };
 zone "super-dawn-3035.ddahluwalia.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "supermilhas.com" { type master; notify no; file "null.zone.file"; };
-zone "suportecxacesso2020.com" { type master; notify no; file "null.zone.file"; };
 zone "supotsstunes.servehttp.com" { type master; notify no; file "null.zone.file"; };
 zone "suppliers.bitshepherd.org" { type master; notify no; file "null.zone.file"; };
 zone "support-auwebaccessjpnaikpanggung.com" { type master; notify no; file "null.zone.file"; };
@@ -3596,6 +3410,7 @@ zone "sysm5rn.cn" { type master; notify no; file "null.zone.file"; };
 zone "system-fassil-net-2-3242353453453--12344443.repl.co" { type master; notify no; file "null.zone.file"; };
 zone "t0nline0de0login-001-site1.itempurl.com" { type master; notify no; file "null.zone.file"; };
 zone "taher-mohamed-ahmed-saad.github.io" { type master; notify no; file "null.zone.file"; };
+zone "take-free-2022.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "taoistw345ie.co" { type master; notify no; file "null.zone.file"; };
 zone "tarik-fitness.com" { type master; notify no; file "null.zone.file"; };
 zone "taxcare.page.link" { type master; notify no; file "null.zone.file"; };
@@ -3617,11 +3432,13 @@ zone "tellmeliu.github.io" { type master; notify no; file "null.zone.file"; };
 zone "templat65sldh.myfreesites.net" { type master; notify no; file "null.zone.file"; };
 zone "temporary-url.com" { type master; notify no; file "null.zone.file"; };
 zone "terpelsicumple.com" { type master; notify no; file "null.zone.file"; };
-zone "terracontiles.com" { type master; notify no; file "null.zone.file"; };
+zone "tesladrive-event.com" { type master; notify no; file "null.zone.file"; };
 zone "test.bayoucitybadges.org" { type master; notify no; file "null.zone.file"; };
 zone "test.bitflye87.com" { type master; notify no; file "null.zone.file"; };
 zone "test.dxbproductions.com" { type master; notify no; file "null.zone.file"; };
+zone "test.myshopclub.ru" { type master; notify no; file "null.zone.file"; };
 zone "test.webclient4.de" { type master; notify no; file "null.zone.file"; };
+zone "testing-domain.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "texasfreedomrun.com" { type master; notify no; file "null.zone.file"; };
 zone "tgpafasfsakkk.pages.dev" { type master; notify no; file "null.zone.file"; };
 zone "theaceofspaeder.com" { type master; notify no; file "null.zone.file"; };
@@ -3643,8 +3460,6 @@ zone "tieganford.ca" { type master; notify no; file "null.zone.file"; };
 zone "tighi.creatorlink.net" { type master; notify no; file "null.zone.file"; };
 zone "tight-samiuboc.co" { type master; notify no; file "null.zone.file"; };
 zone "tikitaps.com" { type master; notify no; file "null.zone.file"; };
-zone "tinhtrangdon.com" { type master; notify no; file "null.zone.file"; };
-zone "tinyurl.mobi" { type master; notify no; file "null.zone.file"; };
 zone "tipografieonline.ro" { type master; notify no; file "null.zone.file"; };
 zone "tirozhjewelry.com" { type master; notify no; file "null.zone.file"; };
 zone "titelinedrillingintl.yolasite.com" { type master; notify no; file "null.zone.file"; };
@@ -3663,7 +3478,6 @@ zone "topskills.ru" { type master; notify no; file "null.zone.file"; };
 zone "torccolborrachas.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "torrinwine.com" { type master; notify no; file "null.zone.file"; };
 zone "touchidea.top" { type master; notify no; file "null.zone.file"; };
-zone "touronline2022.com" { type master; notify no; file "null.zone.file"; };
 zone "tovowhuqeojweawmubmaqmqlv.hofferflow.icu" { type master; notify no; file "null.zone.file"; };
 zone "tpayleboncoin.com" { type master; notify no; file "null.zone.file"; };
 zone "traders-joesxyz.com" { type master; notify no; file "null.zone.file"; };
@@ -3674,23 +3488,18 @@ zone "triangarena-membership.ga" { type master; notify no; file "null.zone.file"
 zone "tribratanewsbondowoso.com" { type master; notify no; file "null.zone.file"; };
 zone "tribunbalikpapan.com" { type master; notify no; file "null.zone.file"; };
 zone "truegrip.com" { type master; notify no; file "null.zone.file"; };
-zone "trust-wallet.com.cn" { type master; notify no; file "null.zone.file"; };
 zone "trustinpichincha.webcindario.com" { type master; notify no; file "null.zone.file"; };
 zone "trustpress.gr" { type master; notify no; file "null.zone.file"; };
 zone "trustypichincha.webcindario.com" { type master; notify no; file "null.zone.file"; };
-zone "ts3cacd.jhfshm.com" { type master; notify no; file "null.zone.file"; };
 zone "ts3cacd.rzjxbv.com" { type master; notify no; file "null.zone.file"; };
 zone "turntekcnc.com" { type master; notify no; file "null.zone.file"; };
-zone "twoje-zdjecia-622.herokuapp.com" { type master; notify no; file "null.zone.file"; };
 zone "tx.vc" { type master; notify no; file "null.zone.file"; };
 zone "txwnmdsbqghviqxpglgzjrgbzv-dot-gl44393333333.rj.r.appspot.com" { type master; notify no; file "null.zone.file"; };
 zone "typedream.site" { type master; notify no; file "null.zone.file"; };
 zone "typesmartlyocr.com" { type master; notify no; file "null.zone.file"; };
 zone "tyrecentre.ru" { type master; notify no; file "null.zone.file"; };
 zone "u08qv44zu5h.typeform.com" { type master; notify no; file "null.zone.file"; };
-zone "u1571226.cp.regruhosting.ru" { type master; notify no; file "null.zone.file"; };
-zone "u1571630.cp.regruhosting.ru" { type master; notify no; file "null.zone.file"; };
-zone "u1571652.cp.regruhosting.ru" { type master; notify no; file "null.zone.file"; };
+zone "u1565723.plsk.regruhosting.ru" { type master; notify no; file "null.zone.file"; };
 zone "u18741649.ct.sendgrid.net" { type master; notify no; file "null.zone.file"; };
 zone "u827857uw6.ha004.t.justns.ru" { type master; notify no; file "null.zone.file"; };
 zone "uabaiieo.com" { type master; notify no; file "null.zone.file"; };
@@ -3713,7 +3522,6 @@ zone "uhnsa.sdmpo0s.cn" { type master; notify no; file "null.zone.file"; };
 zone "uhnxa.d23xsru.cn" { type master; notify no; file "null.zone.file"; };
 zone "uhnxa.q83itv9.cn" { type master; notify no; file "null.zone.file"; };
 zone "uhnxas.rvw56l.cn" { type master; notify no; file "null.zone.file"; };
-zone "uiuui.pagedemo.co" { type master; notify no; file "null.zone.file"; };
 zone "ujcd.um2nlru.cn" { type master; notify no; file "null.zone.file"; };
 zone "ujdaa.fn3m4en.cn" { type master; notify no; file "null.zone.file"; };
 zone "ujds.5e8tn13.cn" { type master; notify no; file "null.zone.file"; };
@@ -3734,6 +3542,7 @@ zone "ujnca.wxuqxb7.cn" { type master; notify no; file "null.zone.file"; };
 zone "ujnca.zgbo0g.cn" { type master; notify no; file "null.zone.file"; };
 zone "ujncd.kzi68ra.cn" { type master; notify no; file "null.zone.file"; };
 zone "ujncd.lw2djbm.cn" { type master; notify no; file "null.zone.file"; };
+zone "ujnxas.vj135ih.cn" { type master; notify no; file "null.zone.file"; };
 zone "ukcare.in" { type master; notify no; file "null.zone.file"; };
 zone "umbrellaclubla.com" { type master; notify no; file "null.zone.file"; };
 zone "unam.myfreesites.net" { type master; notify no; file "null.zone.file"; };
@@ -3744,9 +3553,8 @@ zone "uniassessoria.com.br" { type master; notify no; file "null.zone.file"; };
 zone "unicreditaustria.ucs.info" { type master; notify no; file "null.zone.file"; };
 zone "unifacema.edu.br" { type master; notify no; file "null.zone.file"; };
 zone "unifacvest.net" { type master; notify no; file "null.zone.file"; };
-zone "unillantas.com.sv" { type master; notify no; file "null.zone.file"; };
+zone "unifiedsmartsync.live" { type master; notify no; file "null.zone.file"; };
 zone "unionheightsresidental.com" { type master; notify no; file "null.zone.file"; };
-zone "unipo-a.web.app" { type master; notify no; file "null.zone.file"; };
 zone "unisons.store" { type master; notify no; file "null.zone.file"; };
 zone "unisonsouthayr.org.uk" { type master; notify no; file "null.zone.file"; };
 zone "uniswap.ch" { type master; notify no; file "null.zone.file"; };
@@ -3756,7 +3564,6 @@ zone "uniswap.pages.dev" { type master; notify no; file "null.zone.file"; };
 zone "uniswap.seal.finance" { type master; notify no; file "null.zone.file"; };
 zone "uniswap.token.im" { type master; notify no; file "null.zone.file"; };
 zone "uniswap.trading" { type master; notify no; file "null.zone.file"; };
-zone "uniswap.vn" { type master; notify no; file "null.zone.file"; };
 zone "uniswapfinancing.info" { type master; notify no; file "null.zone.file"; };
 zone "uniswaps.net" { type master; notify no; file "null.zone.file"; };
 zone "unitedalliance-online.000webhostapp.com" { type master; notify no; file "null.zone.file"; };
@@ -3767,24 +3574,21 @@ zone "unnxa.pqpchqo.cn" { type master; notify no; file "null.zone.file"; };
 zone "unpocodearte.cl" { type master; notify no; file "null.zone.file"; };
 zone "unregpayee-lb.com" { type master; notify no; file "null.zone.file"; };
 zone "unsub.listhandlr.com" { type master; notify no; file "null.zone.file"; };
-zone "upbeat-dhawan.179-43-173-14.plesk.page" { type master; notify no; file "null.zone.file"; };
 zone "updateinfo-billingo2.com" { type master; notify no; file "null.zone.file"; };
+zone "updatemy.software" { type master; notify no; file "null.zone.file"; };
 zone "updateseason.com" { type master; notify no; file "null.zone.file"; };
 zone "updatestory2022.co.vu" { type master; notify no; file "null.zone.file"; };
 zone "updatevoda-billing.com" { type master; notify no; file "null.zone.file"; };
 zone "upgrade-25gb-email.thecornerstudio.com.au" { type master; notify no; file "null.zone.file"; };
 zone "upgradedserver.online" { type master; notify no; file "null.zone.file"; };
-zone "upgradingattonlinee.weebly.com" { type master; notify no; file "null.zone.file"; };
 zone "uploadpichincha.webcindario.com" { type master; notify no; file "null.zone.file"; };
 zone "uploads.codesandbox.io" { type master; notify no; file "null.zone.file"; };
-zone "upnew.site" { type master; notify no; file "null.zone.file"; };
 zone "uppledpichincha.webcindario.com" { type master; notify no; file "null.zone.file"; };
 zone "urbenorte.com" { type master; notify no; file "null.zone.file"; };
 zone "urgent-halifaxlogin.com" { type master; notify no; file "null.zone.file"; };
 zone "userboitevocalweb.flazio.com" { type master; notify no; file "null.zone.file"; };
 zone "userinformationstoreupdatesmail.pages.dev" { type master; notify no; file "null.zone.file"; };
 zone "usfn.net" { type master; notify no; file "null.zone.file"; };
-zone "uspsconfirm.iconoomikert.com" { type master; notify no; file "null.zone.file"; };
 zone "uspsexpressdeliveryline.com" { type master; notify no; file "null.zone.file"; };
 zone "uswowgame.net" { type master; notify no; file "null.zone.file"; };
 zone "uueer.7jgy5xe.cn" { type master; notify no; file "null.zone.file"; };
@@ -3794,6 +3598,7 @@ zone "uyhnxx.urpzkva.cn" { type master; notify no; file "null.zone.file"; };
 zone "uyqw.dykowec.cn" { type master; notify no; file "null.zone.file"; };
 zone "uz154.sbs" { type master; notify no; file "null.zone.file"; };
 zone "v.macecri.com" { type master; notify no; file "null.zone.file"; };
+zone "v3r1f1c4t10ns-1d3nt1tys.000webhostapp.com" { type master; notify no; file "null.zone.file"; };
 zone "v3r1f1c4t10ns-c3nt3rp4g3.000webhostapp.com" { type master; notify no; file "null.zone.file"; };
 zone "vaccine-status-info.com" { type master; notify no; file "null.zone.file"; };
 zone "vakif.albay-arnold.com" { type master; notify no; file "null.zone.file"; };
@@ -3801,45 +3606,45 @@ zone "valax-wallet.com" { type master; notify no; file "null.zone.file"; };
 zone "valenciaoptometry.com" { type master; notify no; file "null.zone.file"; };
 zone "valenteplay.com.br" { type master; notify no; file "null.zone.file"; };
 zone "validacionpichincha.odoo.com" { type master; notify no; file "null.zone.file"; };
+zone "validate-chain.com" { type master; notify no; file "null.zone.file"; };
 zone "validate-solana.com" { type master; notify no; file "null.zone.file"; };
 zone "validator-fzkiy.run-us-west2.goorm.io" { type master; notify no; file "null.zone.file"; };
 zone "vallion.motiffliterature.me" { type master; notify no; file "null.zone.file"; };
 zone "vcz.gmoqkzu.cn" { type master; notify no; file "null.zone.file"; };
 zone "velvish.com" { type master; notify no; file "null.zone.file"; };
 zone "ventas.lnterbarnk.pe.jifad.org" { type master; notify no; file "null.zone.file"; };
-zone "verfybadgeappform.com" { type master; notify no; file "null.zone.file"; };
 zone "veri-pichincha.webcindario.com" { type master; notify no; file "null.zone.file"; };
-zone "verificaciondeprioridad.com" { type master; notify no; file "null.zone.file"; };
 zone "verification-trustwallet.4bl-eg.com" { type master; notify no; file "null.zone.file"; };
 zone "verification.fb-page.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "verificationmessage.blob.core.windows.net" { type master; notify no; file "null.zone.file"; };
+zone "verifications-zones.com" { type master; notify no; file "null.zone.file"; };
 zone "verififacebookid.wixsite.com" { type master; notify no; file "null.zone.file"; };
 zone "verifiikasi-accounts.weebly.com" { type master; notify no; file "null.zone.file"; };
 zone "verifikasi-akun-anda0011.weeblysite.com" { type master; notify no; file "null.zone.file"; };
 zone "verifikasi-akun-facebook0022.weeblysite.com" { type master; notify no; file "null.zone.file"; };
 zone "verifikasi-identitas47.weebly.com" { type master; notify no; file "null.zone.file"; };
 zone "verifocaoffa.webcindario.com" { type master; notify no; file "null.zone.file"; };
+zone "verifymywallets.com" { type master; notify no; file "null.zone.file"; };
 zone "vgiuhkjnm.b9u6vh5l7g1797.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "victorarath99.github.io" { type master; notify no; file "null.zone.file"; };
 zone "videobigo.com" { type master; notify no; file "null.zone.file"; };
 zone "vietlime.vn" { type master; notify no; file "null.zone.file"; };
 zone "vietschi.de" { type master; notify no; file "null.zone.file"; };
 zone "viettel-com-dot-c2c01-531c7.uc.r.appspot.com" { type master; notify no; file "null.zone.file"; };
-zone "vigortech.com.np" { type master; notify no; file "null.zone.file"; };
+zone "vigilant-murdock.45-81-232-15.plesk.page" { type master; notify no; file "null.zone.file"; };
 zone "viguohilkasdsd.izwe6g6lyc.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "vilaanimalviana.pt" { type master; notify no; file "null.zone.file"; };
 zone "vinbpcfatfnkjftetwwkucfqsi-dot-gl44393333333.rj.r.appspot.com" { type master; notify no; file "null.zone.file"; };
 zone "vinivet.mk" { type master; notify no; file "null.zone.file"; };
 zone "vipfbtools.com" { type master; notify no; file "null.zone.file"; };
-zone "vipprofessional.net" { type master; notify no; file "null.zone.file"; };
 zone "viral-groub.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "virginia-spi.com" { type master; notify no; file "null.zone.file"; };
 zone "virtual1dattss.com" { type master; notify no; file "null.zone.file"; };
 zone "vis-stort.github.io" { type master; notify no; file "null.zone.file"; };
-zone "visa-band.com" { type master; notify no; file "null.zone.file"; };
 zone "vishaljangale01.github.io" { type master; notify no; file "null.zone.file"; };
 zone "visione.co.id" { type master; notify no; file "null.zone.file"; };
 zone "visionproperty.in" { type master; notify no; file "null.zone.file"; };
+zone "vk-money.xyz" { type master; notify no; file "null.zone.file"; };
 zone "vk-posters.ru" { type master; notify no; file "null.zone.file"; };
 zone "vk-vhods.co" { type master; notify no; file "null.zone.file"; };
 zone "vkjbm.4nt4nb464e6113.workers.dev" { type master; notify no; file "null.zone.file"; };
@@ -3858,25 +3663,30 @@ zone "vugik.mecil33784.workers.dev" { type master; notify no; file "null.zone.fi
 zone "vv.macecri.com" { type master; notify no; file "null.zone.file"; };
 zone "vvjde0h0ttttf9hay.com" { type master; notify no; file "null.zone.file"; };
 zone "vvpaes-me-index.egvtpp.cn" { type master; notify no; file "null.zone.file"; };
+zone "vws.co.in" { type master; notify no; file "null.zone.file"; };
+zone "vxcas.a35570.cn" { type master; notify no; file "null.zone.file"; };
 zone "vxdse.myfreesites.net" { type master; notify no; file "null.zone.file"; };
 zone "w2.deraya.org" { type master; notify no; file "null.zone.file"; };
 zone "w5aproject.s3.us-east.cloud-object-storage.appdomain.cloud" { type master; notify no; file "null.zone.file"; };
-zone "w5czf.csb.app" { type master; notify no; file "null.zone.file"; };
 zone "wahed-koudsi2001.github.io" { type master; notify no; file "null.zone.file"; };
 zone "walkers-dot-composite-store-326315.uk.r.appspot.com" { type master; notify no; file "null.zone.file"; };
 zone "wallcertifyonmesh.com" { type master; notify no; file "null.zone.file"; };
 zone "walldesign.com.tr" { type master; notify no; file "null.zone.file"; };
 zone "wallet-connect012.web.app" { type master; notify no; file "null.zone.file"; };
 zone "wallet-reconnection.xyz" { type master; notify no; file "null.zone.file"; };
+zone "wallet-verified.com" { type master; notify no; file "null.zone.file"; };
 zone "wallet.silesiacoin.com" { type master; notify no; file "null.zone.file"; };
 zone "wallet22.000webhostapp.com" { type master; notify no; file "null.zone.file"; };
+zone "walletconnect-tool.net" { type master; notify no; file "null.zone.file"; };
+zone "walletconnect-tools.xyz" { type master; notify no; file "null.zone.file"; };
 zone "walletconnectonline.pages.dev" { type master; notify no; file "null.zone.file"; };
 zone "walletconnectors.com" { type master; notify no; file "null.zone.file"; };
 zone "walleterrorsupport.com" { type master; notify no; file "null.zone.file"; };
+zone "walletokenvalidation.com" { type master; notify no; file "null.zone.file"; };
+zone "walletsconect.live" { type master; notify no; file "null.zone.file"; };
 zone "walletsconnex.com" { type master; notify no; file "null.zone.file"; };
 zone "walletsliveconnects.net" { type master; notify no; file "null.zone.file"; };
 zone "walletsreauth.org" { type master; notify no; file "null.zone.file"; };
-zone "walletsvalidator.org" { type master; notify no; file "null.zone.file"; };
 zone "walletsynclive.com" { type master; notify no; file "null.zone.file"; };
 zone "walletvalidation.me" { type master; notify no; file "null.zone.file"; };
 zone "walletvalidators.com" { type master; notify no; file "null.zone.file"; };
@@ -3892,6 +3702,7 @@ zone "warbonus.ru" { type master; notify no; file "null.zone.file"; };
 zone "warningshadows.org" { type master; notify no; file "null.zone.file"; };
 zone "warsa.bandungkab.go.id" { type master; notify no; file "null.zone.file"; };
 zone "wasites.000webhostapp.com" { type master; notify no; file "null.zone.file"; };
+zone "waterproofingengineer.com" { type master; notify no; file "null.zone.file"; };
 zone "we-exodus-wallet.yahoosites.com" { type master; notify no; file "null.zone.file"; };
 zone "web-armas.royale-freefire1garena-bonus.com" { type master; notify no; file "null.zone.file"; };
 zone "web-b4119.web.app" { type master; notify no; file "null.zone.file"; };
@@ -3909,13 +3720,15 @@ zone "web-verifi05.webcindario.com" { type master; notify no; file "null.zone.fi
 zone "web-verifi06.webcindario.com" { type master; notify no; file "null.zone.file"; };
 zone "web.bredbanque.trans.sylog.co" { type master; notify no; file "null.zone.file"; };
 zone "web.royale-freefire1garena-bonus.com" { type master; notify no; file "null.zone.file"; };
-zone "web7320.web07.bero-webspace.de" { type master; notify no; file "null.zone.file"; };
 zone "webbbb.yolasite.com" { type master; notify no; file "null.zone.file"; };
 zone "webbl.yolasite.com" { type master; notify no; file "null.zone.file"; };
+zone "webdappsconnection.com" { type master; notify no; file "null.zone.file"; };
 zone "webdatamltrainingdiag842.blob.core.windows.net" { type master; notify no; file "null.zone.file"; };
 zone "webdesecure.clickfunnels.com" { type master; notify no; file "null.zone.file"; };
+zone "webhost-verify.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "webip.yolasite.com" { type master; notify no; file "null.zone.file"; };
 zone "webmail-2aaa0.web.app" { type master; notify no; file "null.zone.file"; };
+zone "webmail-optusnet-com-au-sign1.weebly.com" { type master; notify no; file "null.zone.file"; };
 zone "webmail-sso8uyg.web.app" { type master; notify no; file "null.zone.file"; };
 zone "webmail.gourmer.co.in" { type master; notify no; file "null.zone.file"; };
 zone "webmail.login.access.docs67.live" { type master; notify no; file "null.zone.file"; };
@@ -3925,20 +3738,17 @@ zone "webpres.000webhostapp.com" { type master; notify no; file "null.zone.file"
 zone "webregular.xyz" { type master; notify no; file "null.zone.file"; };
 zone "webservice-verify.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "websitefun.club" { type master; notify no; file "null.zone.file"; };
-zone "websiteorange.wixsite.com" { type master; notify no; file "null.zone.file"; };
 zone "webstories.eu" { type master; notify no; file "null.zone.file"; };
 zone "webvalidity.com" { type master; notify no; file "null.zone.file"; };
 zone "well-42d74.web.app" { type master; notify no; file "null.zone.file"; };
-zone "wellsfargo-online06.herokuapp.com" { type master; notify no; file "null.zone.file"; };
-zone "weryfikacja-facebookowa-27.herokuapp.com" { type master; notify no; file "null.zone.file"; };
 zone "weryfikacja-facebookowa-28.herokuapp.com" { type master; notify no; file "null.zone.file"; };
 zone "weteachbh.com" { type master; notify no; file "null.zone.file"; };
 zone "whare.100webspace.net" { type master; notify no; file "null.zone.file"; };
+zone "whatsapp-grub99zyc.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "wheelsofmercy.org" { type master; notify no; file "null.zone.file"; };
 zone "whitelist-network.com" { type master; notify no; file "null.zone.file"; };
 zone "widadkamillah.github.io" { type master; notify no; file "null.zone.file"; };
 zone "wiki.oceanreeflifegame.com" { type master; notify no; file "null.zone.file"; };
-zone "wildcard.isiolo.go.ke" { type master; notify no; file "null.zone.file"; };
 zone "windstream-net.firebaseapp.com" { type master; notify no; file "null.zone.file"; };
 zone "winville.biz" { type master; notify no; file "null.zone.file"; };
 zone "wireconfirmation68c10a25442a3e13.blogspot.com" { type master; notify no; file "null.zone.file"; };
@@ -3955,12 +3765,15 @@ zone "wpsoar.com" { type master; notify no; file "null.zone.file"; };
 zone "wqass-index.chobqu.cn" { type master; notify no; file "null.zone.file"; };
 zone "wqass-index.dccigq.cn" { type master; notify no; file "null.zone.file"; };
 zone "wqass-index.gbswz.cn" { type master; notify no; file "null.zone.file"; };
-zone "wqass-index.jeewiki.cn" { type master; notify no; file "null.zone.file"; };
 zone "wqass-index.pygbw.cn" { type master; notify no; file "null.zone.file"; };
 zone "wrww-roblox.com" { type master; notify no; file "null.zone.file"; };
+zone "wsertyzx.gq" { type master; notify no; file "null.zone.file"; };
 zone "wteeoq.pfinanceiro.com.de" { type master; notify no; file "null.zone.file"; };
+zone "ww.lnterbank.pe.personas.aaseguros.mx" { type master; notify no; file "null.zone.file"; };
 zone "ww.lnterbank.pe.personas.onlinesocket.in" { type master; notify no; file "null.zone.file"; };
+zone "ww.lnterbank.pe.personas.t-class.org" { type master; notify no; file "null.zone.file"; };
 zone "ww16.inpost-pl-3dsecure.clear-id.xyz" { type master; notify no; file "null.zone.file"; };
+zone "wwedealershipon.000webhostapp.com" { type master; notify no; file "null.zone.file"; };
 zone "www-cursosdigitalesmx-com.filesusr.com" { type master; notify no; file "null.zone.file"; };
 zone "www-degelyehuda-org-il.filesusr.com" { type master; notify no; file "null.zone.file"; };
 zone "www-europe564598-com.filesusr.com" { type master; notify no; file "null.zone.file"; };
@@ -3968,10 +3781,9 @@ zone "www-europessign-com.filesusr.com" { type master; notify no; file "null.zon
 zone "www-key-com.test.edgekey.net" { type master; notify no; file "null.zone.file"; };
 zone "www-mufg-jp.handicraft.ltd" { type master; notify no; file "null.zone.file"; };
 zone "www-mufg-jp.kaiqi.ink" { type master; notify no; file "null.zone.file"; };
-zone "www-wattsapcom.duckdns.org" { type master; notify no; file "null.zone.file"; };
+zone "www.facebook.com-sauuvazpjo.isiolo.go.ke" { type master; notify no; file "null.zone.file"; };
 zone "www2.rakutan.co.jploginffd9dfg7.carwork.cn" { type master; notify no; file "null.zone.file"; };
 zone "www2.rakutan.co.jploginffd9dfg7h.iotbaas.cn" { type master; notify no; file "null.zone.file"; };
-zone "www2.rakutan.co.jploginvcx8ds.nanoart.cn" { type master; notify no; file "null.zone.file"; };
 zone "www2.rakuten-card.co.jp.wzsrc.cn" { type master; notify no; file "null.zone.file"; };
 zone "www2.rakutenn.co.jp.nanopark.cn" { type master; notify no; file "null.zone.file"; };
 zone "www2.rakutenn.co.jp.zgyo.cn" { type master; notify no; file "null.zone.file"; };
@@ -3983,6 +3795,7 @@ zone "x.scicemecod.com" { type master; notify no; file "null.zone.file"; };
 zone "xcas.xoh29oz.cn" { type master; notify no; file "null.zone.file"; };
 zone "xcasd.7vo6bt.cn" { type master; notify no; file "null.zone.file"; };
 zone "xcasd.b204uje.cn" { type master; notify no; file "null.zone.file"; };
+zone "xcasd.tcbjnhq.cn" { type master; notify no; file "null.zone.file"; };
 zone "xcasd.yikn2gd.cn" { type master; notify no; file "null.zone.file"; };
 zone "xcryptocars.blogspot.com" { type master; notify no; file "null.zone.file"; };
 zone "xcvdsd.page.link" { type master; notify no; file "null.zone.file"; };
@@ -4001,10 +3814,10 @@ zone "xjmr7.mjt.lu" { type master; notify no; file "null.zone.file"; };
 zone "xjpyyds.pem4yp3.cn" { type master; notify no; file "null.zone.file"; };
 zone "xkljfg.ml" { type master; notify no; file "null.zone.file"; };
 zone "xn--gmal-sya.com" { type master; notify no; file "null.zone.file"; };
-zone "xn--instagam-sf0d.com" { type master; notify no; file "null.zone.file"; };
 zone "xn--ltappen-80a.se" { type master; notify no; file "null.zone.file"; };
 zone "xn--metamsk-lwa.link" { type master; notify no; file "null.zone.file"; };
 zone "xn--rpondeur-sfr2-bhb.yolasite.com" { type master; notify no; file "null.zone.file"; };
+zone "xpubgfrozen.tk" { type master; notify no; file "null.zone.file"; };
 zone "xqr3i.mjt.lu" { type master; notify no; file "null.zone.file"; };
 zone "xqr3n.mjt.lu" { type master; notify no; file "null.zone.file"; };
 zone "xqr3u.mjt.lu" { type master; notify no; file "null.zone.file"; };
@@ -4013,14 +3826,16 @@ zone "xrxh1.mjt.lu" { type master; notify no; file "null.zone.file"; };
 zone "xrxh2.mjt.lu" { type master; notify no; file "null.zone.file"; };
 zone "xrxhl.mjt.lu" { type master; notify no; file "null.zone.file"; };
 zone "xsbrookshhjx.top" { type master; notify no; file "null.zone.file"; };
+zone "xspin.cawnibos.com" { type master; notify no; file "null.zone.file"; };
 zone "xtio.ch" { type master; notify no; file "null.zone.file"; };
 zone "xtw42.mjt.lu" { type master; notify no; file "null.zone.file"; };
+zone "xvideokoreanwifesister18.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "xx.macecri.com" { type master; notify no; file "null.zone.file"; };
 zone "xxaas.tp00jv9.cn" { type master; notify no; file "null.zone.file"; };
 zone "xxasd.sf29hrg.cn" { type master; notify no; file "null.zone.file"; };
 zone "xxx-com-dot-c2c01-531c7.uc.r.appspot.com" { type master; notify no; file "null.zone.file"; };
-zone "xyproject.xtensio.com" { type master; notify no; file "null.zone.file"; };
 zone "xzasd.uz64g3.cn" { type master; notify no; file "null.zone.file"; };
+zone "yahoo%2eco%2ejp@asdxa.p2x11pi.cn" { type master; notify no; file "null.zone.file"; };
 zone "yahoo%2eco%2ejp@bghgcd.psuxscm.cn" { type master; notify no; file "null.zone.file"; };
 zone "yahoo%2eco%2ejp@bhgxa.eo76sni.cn" { type master; notify no; file "null.zone.file"; };
 zone "yahoo%2eco%2ejp@cdas.nxzigco.cn" { type master; notify no; file "null.zone.file"; };
@@ -4042,12 +3857,11 @@ zone "yahoo%2eco%2ejp@ujhdca.mdwclcb.cn" { type master; notify no; file "null.zo
 zone "yahoo%2eco%2ejp@uyhnxx.urpzkva.cn" { type master; notify no; file "null.zone.file"; };
 zone "yahoo%2eco%2ejp@zxas.2nd0g8.cn" { type master; notify no; file "null.zone.file"; };
 zone "yahoo%2eco%2ejp@zxass.jbkyj0o.cn" { type master; notify no; file "null.zone.file"; };
-zone "yahoopoweredservice.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "yahuomall.square.site" { type master; notify no; file "null.zone.file"; };
 zone "yairix.github.io" { type master; notify no; file "null.zone.file"; };
 zone "yalena.me" { type master; notify no; file "null.zone.file"; };
+zone "yandex-viral.duckdns.org" { type master; notify no; file "null.zone.file"; };
 zone "yaqoobi.org" { type master; notify no; file "null.zone.file"; };
-zone "yaranfayez.com" { type master; notify no; file "null.zone.file"; };
 zone "yayanti.com" { type master; notify no; file "null.zone.file"; };
 zone "ybdaa.oqsgm9r.cn" { type master; notify no; file "null.zone.file"; };
 zone "ybggd.fjgjoux.cn" { type master; notify no; file "null.zone.file"; };
@@ -4067,11 +3881,13 @@ zone "yma1ll0g0n.odoo.com" { type master; notify no; file "null.zone.file"; };
 zone "ynbgdc.woprkzp.cn" { type master; notify no; file "null.zone.file"; };
 zone "ynbxa.pvgulkz.cn" { type master; notify no; file "null.zone.file"; };
 zone "yndda.m117s1s.cn" { type master; notify no; file "null.zone.file"; };
+zone "yo7ka-anna.com" { type master; notify no; file "null.zone.file"; };
 zone "yogeshwarwiremesh.com" { type master; notify no; file "null.zone.file"; };
 zone "youknowar.com" { type master; notify no; file "null.zone.file"; };
 zone "young-snow-7447.tcheviron5269.workers.dev" { type master; notify no; file "null.zone.file"; };
 zone "youreasygoing2022.co.vu" { type master; notify no; file "null.zone.file"; };
 zone "yqlpeitost.duckdns.org" { type master; notify no; file "null.zone.file"; };
+zone "ytdjhstej.tk" { type master; notify no; file "null.zone.file"; };
 zone "yuhjjkss.web.app" { type master; notify no; file "null.zone.file"; };
 zone "yumpai.cn" { type master; notify no; file "null.zone.file"; };
 zone "z.macecri.com" { type master; notify no; file "null.zone.file"; };
@@ -4079,10 +3895,12 @@ zone "z.scicemecod.com" { type master; notify no; file "null.zone.file"; };
 zone "z0massegurabclp1.shreeramwoodindustries.com" { type master; notify no; file "null.zone.file"; };
 zone "z2qje.codesandbox.io" { type master; notify no; file "null.zone.file"; };
 zone "z3voicrxxvs.typeform.com" { type master; notify no; file "null.zone.file"; };
+zone "zacharytlasko.com" { type master; notify no; file "null.zone.file"; };
 zone "zackselectronics.co.zw" { type master; notify no; file "null.zone.file"; };
 zone "zaktualizacja-platnosci.netfxtv.co.pl" { type master; notify no; file "null.zone.file"; };
 zone "zasd.yhxmd30.cn" { type master; notify no; file "null.zone.file"; };
 zone "zb2-home.web.app" { type master; notify no; file "null.zone.file"; };
+zone "zen-minsky-ef5931.netlify.app" { type master; notify no; file "null.zone.file"; };
 zone "zenvinyl.com" { type master; notify no; file "null.zone.file"; };
 zone "zepe.io" { type master; notify no; file "null.zone.file"; };
 zone "zeroquiz.com" { type master; notify no; file "null.zone.file"; };
@@ -4095,10 +3913,8 @@ zone "zmpcoacu.cyou" { type master; notify no; file "null.zone.file"; };
 zone "zmpcoado.cyou" { type master; notify no; file "null.zone.file"; };
 zone "zoho-online.web.app" { type master; notify no; file "null.zone.file"; };
 zone "zoho-validationserv.web.app" { type master; notify no; file "null.zone.file"; };
-zone "zonalnterbank.com" { type master; notify no; file "null.zone.file"; };
 zone "zonmca.hxljatvw.cn" { type master; notify no; file "null.zone.file"; };
 zone "zshrvvo.cn" { type master; notify no; file "null.zone.file"; };
-zone "zuiunsya.com" { type master; notify no; file "null.zone.file"; };
 zone "zxas.2nd0g8.cn" { type master; notify no; file "null.zone.file"; };
 zone "zxas.hs0rgq8.cn" { type master; notify no; file "null.zone.file"; };
 zone "zxass.jbkyj0o.cn" { type master; notify no; file "null.zone.file"; };
@@ -4107,6 +3923,5 @@ zone "zxcaspx.aghwlup.cn" { type master; notify no; file "null.zone.file"; };
 zone "zxcnash.seufhsk.cn" { type master; notify no; file "null.zone.file"; };
 zone "zxcod.01l241.cn" { type master; notify no; file "null.zone.file"; };
 zone "zxcuashs.e0n0gh5.cn" { type master; notify no; file "null.zone.file"; };
-zone "zxdlbny.cn" { type master; notify no; file "null.zone.file"; };
 zone "zxnahs.3cze6ri.cn" { type master; notify no; file "null.zone.file"; };
 zone "zz.macecri.com" { type master; notify no; file "null.zone.file"; };
diff --git a/dist/phishing-filter-dnscrypt-blocked-ips.txt b/dist/phishing-filter-dnscrypt-blocked-ips.txt
index 1b4b8329..1dd69820 100644
--- a/dist/phishing-filter-dnscrypt-blocked-ips.txt
+++ b/dist/phishing-filter-dnscrypt-blocked-ips.txt
@@ -1,5 +1,5 @@
 # Title: Phishing IPs Blocklist
-# Updated: Sun, 16 Jan 2022 12:01:44 +0000
+# Updated: Mon, 17 Jan 2022 00:01:35 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/phishing-filter
 # License: https://gitlab.com/curben/phishing-filter#license
@@ -15,6 +15,7 @@
 138.68.69.90
 14.98.234.77
 149.210.143.165
+154.222.224.81
 161.35.142.2
 165.227.122.125
 173.82.154.253
@@ -23,6 +24,7 @@
 18.217.56.169
 182.73.136.210
 2.136.95.251
+205.185.113.221
 208.82.115.230
 35.192.38.184
 35.199.84.117
diff --git a/dist/phishing-filter-dnscrypt-blocked-names.txt b/dist/phishing-filter-dnscrypt-blocked-names.txt
index 6638cb0c..6f2c9839 100644
--- a/dist/phishing-filter-dnscrypt-blocked-names.txt
+++ b/dist/phishing-filter-dnscrypt-blocked-names.txt
@@ -1,5 +1,5 @@
 # Title: Phishing Names Blocklist
-# Updated: Sun, 16 Jan 2022 12:01:44 +0000
+# Updated: Mon, 17 Jan 2022 00:01:35 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/phishing-filter
 # License: https://gitlab.com/curben/phishing-filter#license
@@ -13,9 +13,6 @@
 02-billing-support.org
 08863299.sso-secure-mail0454etr.pages.dev
 0bs.de
-0gjvj7a8eydbjz3au8anbg-on.drv.tw
-1000000000347789523698541.tk
-1000000000347789523698545.tk
 1000000000347789523698546.tk
 1000000000347789523698547.tk
 109edc5b.ssdtfgyb09.pages.dev
@@ -25,6 +22,7 @@
 15004083383734.data-store-company.com
 154.30.211.130.bc.googleusercontent.com
 16park.cn
+1727365.com
 178.128.108.233.dsl.dyn.forthnet.gr
 1800poolservice.com
 185-46-10-159.cloudvps.regruhosting.ru
@@ -39,7 +37,6 @@
 2022-girobanken-sparkassen.xyz
 2022.intrebrkprsonas.xyz
 217651.8b.io
-2247317.verifyinguser426128734570198363.com
 228.94.92.rev.sfr.net.gghost.ru
 24611250.sibforms.com
 2482689012.yolasite.com
@@ -48,12 +45,16 @@
 2fa.bthei.com
 2pil.ru
 2rakuten.co.jp.happyyear.cn
+2yfh.short.gy
 3-139-75-158.cprapid.com
 343i.org
 343t3dv9qdufp.clickfunnels.com
 3568365.com
+365unfreezesecurity.com
+3782365.com
 3a10a178.s6t6sj4s46tu4sys54y5.pages.dev
 3bvjh.sbs
+3c5.com
 3ck.me
 3dprintersupplies.com.au
 3dsecure-update-service-info-live.duckdns.org
@@ -77,18 +78,19 @@
 613707.selcdn.ru
 61da8ae6.6u6566hrrthsh45.pages.dev
 638ca12d-ba2f-451c-8418-faf56b7de7ff.htmlcomponentservice.com
-65451440241544.hyperphp.com
-664876.verifyinguser426128734570198363.com
+6734365.com
 67lksxgjd.bttmassage-thai-tanger.com
 6a7zu9he6mqh.clickfunnels.com
 6c7f0acc.sibforms.com
+6stupefacentevideo2022.pagedemo.co
+754675377.xyz
 7837365.com
 7a4298b9.sso-mail-secure234ds23d23wd1.pages.dev
 7wr4u.csb.app
 7yu3v.csb.app
-8010361370310234068010361370310234.blogspot.be
 859411.icu
 8760365.com
+885211.icu
 889381.icu
 8899.jp
 89ix7y0.cn
@@ -116,15 +118,18 @@ absaonline2021.website2.me
 absolute-containers-sip.business.site
 absolutepleasure.com.my
 acacia.webdevonline.net
+account-recovery.org
 account.herephyshy.info
 account.verifications.help-page.workers.dev
 accounts-autoscout24.de
 acessobradesco.digital
 ach111.xyz
 activate-hulu-com-activate.sitey.me
+activatingmymainnet.com
 adamfeber.com
 adcloudserver.com
 admin-formserviceupdates.weeblysite.com
+administer-708aa.web.app
 administraciondefincaspereznovo.com
 adorablepomskyhome.net
 adpunemploymentclaims.sharefile.com
@@ -134,14 +139,13 @@ affixsports.net
 afreemart.xyz
 africansecrets.ca
 agora.imb.br
-agricolefr-99f918.ingress-erytho.easywp.com
 agrimetiersmartinique.fr
 agurimu-nagoya.com
 ahhhh.pe.kr
 ai.macecri.com
-aib-unauthorized-access.com
 aid-validation-human.run-us-west2.goorm.io
 aimekidya-recpag.web.id
+airbnb.book-space-b851927.live
 airportprescreening.com
 aitsidihamh.my-place.us
 akanksha3012.github.io
@@ -162,8 +166,10 @@ aliciabot.azurewebsites.net
 alkhalilgraphics.com
 allegrolokalnie-pl-3dsafe.id-43051.xyz
 allegrolokalnie-pl-3dsafe.id-91501.xyz
+allegrolokalnie-pl-3dseif.id-43051.xyz
 allegrolokalnie-pl-safe.id-43051.xyz
 alliancesuper.com
+almarjantours.com
 almighty.edu.np
 alnajahh.com
 aloun.ps
@@ -171,6 +177,7 @@ alphabnkgre.com
 alqadi.ps
 alquilervillora.net
 alsofft.com
+alupi-frey.shop
 amacez.jyrtery4.top
 amacredit.amacardpkey.xyz
 amaenv.fgasdfw6.xyz
@@ -181,21 +188,20 @@ amazom.supwwe.xyz
 amazomsse.shop
 amazon-gcatech.com
 amazon-interruption.com
-amazon.co.ip.jlig.cn
 amazon.co.jp.abaiaccounting.cn
 amazon.gousana.casa
-amazon.jp-m.win
+amazon.logins-co.jp
 amazon.works.ga
 amazonhome.sfrmobiles.com
 amazonjapsne.cf
+amazonses.authflows.com
 amazoon.co.op.o4j.top
-ambil-hadiah-gratis-resmi-dari-freefire.duckdns.org
 amc-training.com
-amcgardiennage.com
+amecmasmerd.ga
 ameozom.jp.onaworks.com
 americanexpress-auth.azurewebsites.net
-americanexpress.heiwakai.com
 amguevara.com
+amhsd.com
 amidabuli.com
 amlnov7.web.app
 amnzma-jp.top
@@ -206,7 +212,6 @@ amnzmsn3-jp.shop
 amoazom.rm82j6-t8.cn
 amonzau_co_take.ktbf.shop
 amosleh.com
-amozom.co.ip.taxhod.club
 amreeth.github.io
 amusebouche-bg.com
 amzcredit.dearva.xyz
@@ -222,24 +227,21 @@ angryezgames.com
 anhduongjsc.com
 anj-azakp.run.goorm.io
 anjalijha167.github.io
-anjayredit.duckdns.org
 annacatania.com.mt
 anon-keep-admin-keep.rvsla.workers.dev
 ansr.ro
 aolmailukhelplinecustomerservice.blogspot.com
 aolmailukhelplinecustomerservice.blogspot.com.au
-aolpoweredservice.duckdns.org
 aolverixon11dfd.weebly.com
 aolxperience.com
+api-saisoncard-co-jp.md160.net
 api-saisoncard-co-jp.o4ay8.net
 api.florense.com.br
 api.redirect-bentobot199.com
 api.redirect-safebrowser-online.com
-api.safe-directmail.com
 aplintec.com.mx
 app-928e4a31-5ecb-44ae-8c1e-5a710ac73f9f.cleverapps.io
 app-bombcrypto-io-login-ab.blogspot.com
-app-panckswp.xyz
 app.bydn217.club
 app.duel.network
 app.fiiber.ca
@@ -249,10 +251,11 @@ app.sugarsync.com
 appatualizecef.com
 appibsolicitud.com
 appleid-check.info
+applekra.com
 applepichincha.webcindario.com
 apply.aua.am
 apps.mobile-form-verification40124572700208277579.xjzsg0tqkl-ewl6ngk8w352.p.runcloud.link
-appttech.com
+aprilgagenesh.com
 aquaqualitas.com
 arafathrumman.github.io
 arcacg.com
@@ -260,15 +263,18 @@ archivio-supporto.sitoper.it
 are.scicemecod.com
 areueaom.gtpzcve.cn
 areueaom.gtva.cn
+arif.com.bd
 aromatic.webenliven.in
 arthamahotels.com
 artlux.com.pl
 arub-service.org
 aruba.fatt.ids-sys.com
 as.macecri.com
+as.scicemecod.com
 asaipestcontrol.com
 ascom.co.tz
 asd.9sw53wk.cn
+asdxa.p2x11pi.cn
 asgard-ampqy.run-us-west2.goorm.io
 asimpwsh.com
 asistentetramitadordigitalda.com
@@ -278,19 +284,24 @@ at-t-support-service1.sitey.me
 at-t-yahoo.sitey.me
 atento-fdi.plusoftomni.com.br
 ativacao-online73681.com
+atlanticeconcrete.com
 atnr76dxku336szy.clickfunnels.com
-attcustomdesk.weebly.com
+att556.weebly.com
+att87.weebly.com
 attinfoser.weebly.com
 attonlinemanagementpage.weebly.com
+attonlineuserverification.weebly.com
 attpage1121.weebly.com
 atualizacao-online547864.com
 atualizarmodolo.com
 atulrathore-dev.github.io
+auid-japan.com
 aurumship.com
-aushfew.tokyo
 aushotel.es
 auth-task1-m.web.app
 auth-webmailakeonetcom.yolasite.com
+auth.topgamers.cn
+authent54-sedure32.duckdns.org
 authorize-trustvallet-protocol.com
 authorizewallet.app
 authuxeehmutconjxmailssocl.web.app
@@ -300,16 +311,15 @@ autoexprs.com
 autoranplususeremailprocessingupdate.pages.dev
 autoscurt24.de
 autumn-sun-4a21.paqesads-scure.workers.dev
+avelocidad.com
 avrorganics.com
 awesome-gates-8bdd6f.netlify.app
 ax.xiguw.workers.dev
-axieinfinity-meta.com
 axieinfinity-supportwallet.com
 axlr.in
-ayguru.com
+ayushenterprise.in
 az.macecri.com
 azb3s.cf
-azmnsaz.000webhostapp.com
 azmznonos_co_long.akys.shop
 b.com.0cdb6084fc320a42a6418192753f5960.laremolonarestaurante.com
 b059c86968a6427389952025bcee9886.svc.dynamics.com
@@ -317,7 +327,6 @@ b4e921f0.sso-mailsrvr-4344e5teed.pages.dev
 b96f7f93.sibforms.com
 b97bca39.srvr-cloudmail-srvr6754e5rte.pages.dev
 bacteralia.com
-badnewswegewroighgserhhg.xyz
 bag-macben.eu
 bakhai.vn
 balajihospital.net
@@ -337,7 +346,6 @@ bancaporlnternetlnterbarnk.jifad.org
 bancaporlnternetlnterbarnk.libertycanais.com.br
 bancoiinng.site44.com
 bancooccidentalb.com
-bank-id.pl
 bankapolska.com
 banki0wa.us
 bankocaoffo.webcindario.com
@@ -345,8 +353,8 @@ bankofamer86.ddns.net
 bannerbank.control-inc.com
 bannerchampnyc.com
 banproseguridadasistenteenlineanic.webnode.es
-banqsuepoy.temp.swtest.ru
 baradua.it
+barbecuef.top
 battlelastmont.cyou
 bc1.paiementervice.com
 bconclutmjy.ru
@@ -355,7 +363,7 @@ bcpzonaseguirabeta.com
 be-home.web.do
 bearmybrand.com
 beast-blog.com
-beibys.com.br
+beccu07.zzux.com
 beijing.vfzfy1v.cn
 belovedaroma.com
 bendmytrend.com
@@ -421,18 +429,19 @@ bnconacional.odoo.com
 bncre.odoo.com
 bncxz.9wx9b27.cn
 bndigitalpersonas.com
-bnpparibas-pl.mob-app.xyz
 boaupdate.bfaoscr.com
 bogdonovlerer.com
 bogged-finance.com
+boi.365online-replacement.com
+boke4-indonesia-2022a7whatsapp.duckdns.org
+bokep-virall-sange33.duckdns.org
 bokgabanesolutions.co.za
+bold-lichterman.45-81-232-15.plesk.page
 bookfbs.evangsamuelministries.com
 boxes.com.py
 br4.in
 br622.teste.website
-brave-knuth-96d329.netlify.app
 breople.com
-brigida_cossette.gitlab.io
 brooks-forrunning.top
 brooks-justforjogging.top
 brooks-move.top
@@ -471,7 +480,6 @@ builmon.xyz
 bujikena.web.app
 bundel-cobragratis2022.duckdns.org
 busanopen.org
-business-action-copyright11022.web.app
 business-action-page129591.web.app
 business-appeal-copyright8211.web.app
 business-appeal-form-18222.web.app
@@ -479,24 +487,22 @@ business-copyright-alert100821.web.app
 business-copyright-alert198082.web.app
 business-copyright-alert19882.web.app
 business-copyright-detected920.web.app
-business-page-content125882.web.app
 business-required-helpcenter82.web.app
 business-required-info188221.web.app
 businessemailss.biz
-bussines.messages-redirect-to-page.e37uezyquk-rz83y0rwz4d7.p.runcloud.link
 buyelectronicsnyc.com
 c.curiousmorty.be
 c.jardindemiedo.es
 c.loveawaits.be
 c.mail.com
 c0m-r51znzlh8i.isiolo.go.ke
-c10012022j.temp.swtest.ru
 c1christine.tjelmeland2e.cso.gov.tt
 c2dc5b99.chgmar.pages.dev
 c6ebv708.caspio.com
 cabsiler.com
 cache.nebula.phx3.secureserver.net
 cadeau-orange.fr
+caixabanki.temp.swtest.ru
 caixaseguradora.quadientcloud.com
 cakesbyannemotha.com
 cammymiller.com
@@ -506,7 +512,6 @@ cannellandcoflooring.co.uk
 capservice.online
 caracasmateriais.blogspot.com
 carpediemxp.com
-carry.reduxservices.com
 carservicessaupdate.xyz
 cartamorin-geometres.fr
 carwash.tv
@@ -519,6 +524,7 @@ caycos.beispielseite-wmka.de
 caymanreno.com
 cbmonlinegroups.com
 cc.scicemecod.com
+cc23674.tmweb.ru
 ccjrlaw.com
 cdas.nxzigco.cn
 cdsoa.wuefyta.cn
@@ -531,14 +537,13 @@ centralconsulta.link
 centre1.bubbleapps.io
 ceresgulf.com
 certifica-montepaschii.com
-chalokradocallkakuch.azurewebsites.net
-changenotification.pricesamazonlogincard.monster
+charitascb.com
 charperimagedesign.com
 chat-whatasapp.com
 chat-whatsaap99.duckdns.org
 chat-whatsapp-com-go8i7q-qregrabc-ibuxub.duckdns.org
-chat-whatsapp-group-2022.duckdns.org
 chat-whatsapp-grupo-invitacion.blogspot.com
+chat-whatsapp-gscfghjsgsu.duckdns.org
 chckmaill1.web.app
 chckmaill10.web.app
 chckmaill11.web.app
@@ -572,9 +577,9 @@ chiragrajoria.github.io
 chois.jp
 christienstudystl.wixsite.com
 christmas-dhl-express-delvr.hopekosmos.com
+chronopostaws.com
 chtbnk.uk
 chutomen.com
-ciiusea.com
 cinemaleftech.com
 citagestionenlineabn.com
 city-of-jazz.de
@@ -582,13 +587,11 @@ ckwgruppe.service-now.com
 claiimdiamondgratis84.duckdns.org
 claim-event-freefire-garena-oldfree-a4.duckdns.org
 claim-skingratis-mobailegends161.duckdns.org
-claimgratisff2022.duckdns.org
 claims-funds-enczj.run-us-west2.goorm.io
 claimseventmlbb.duckdns.org
 claimshopee.yolasite.com
 claro-link.brsafe.com.br
 claus.bz
-clefman.cl
 click-here-help.in
 client-support-page.com
 clientid-h5p8n7f9e6fbmkhbr3i4gbnia7e9zpts4nbk3ebk0zj625t2ol.website.yandexcloud.net
@@ -627,7 +630,9 @@ co.jp.rukbcga.cn
 co.jp.sefdvsi.cn
 co.jp.tezkkbp.cn
 co.jp.ztxzzup.cn
+cobaincurlduluom.duckdns.org
 codwarzonemobile.com
+coindappsync.online
 cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev
 collab-land.net
 collabland.info
@@ -642,23 +647,24 @@ com-mm2ai86orr.isiolo.go.ke
 com-r51znzlh8i.isiolo.go.ke
 com-sauuvazpjo.isiolo.go.ke
 com-ugsyk69nqb.isiolo.go.ke
-comefuck.co
 community.fb-pages-01138913366342885284.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
 community.fb-pages-28202553629866144006.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
 community.fb-pages-44883444930165123303.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
 completeegali.webcindario.com
+completeyorcorp.lunsrgovert.net
 comunicazione-europe.net
 comunity-isue-ideent-andromeda-29.web.id
 comunity-isue-ideent-andromeda-33.web.id
-comunity-isue-ideent-andromeda-88.web.id
 con-firma.firebaseapp.com
-confirming-pages-idntitysupport.web.id
 congresosba.com.ar
 conhecaonlinedigital.com.br
 connect.au-login.0662smt.com
+connect.auone.jp-login.kddi-sys.com
+connect.myauone.jp-auid.jp-auid.com
+connect.myauone.jp-auid.kddi-mail.com
+connectlivewallet.io
 connectwallet.me
 conoscofaturahiiiper.com
-consultavirtuai.bieah.com
 contabilidaderabello.com.br
 contact2acceptpoilcyverifingyouracceptancemailfullinbox.pages.dev
 contapessoal.digital
@@ -669,7 +675,7 @@ continentepecas.com
 contratodeparceria.com.br
 controlpichincha.webcindario.com
 copyright-center-live.ml
-corl-inv.web.app
+coroplastusa.com
 correosdemexico-web.com
 corta.ai
 cosemu.com
@@ -689,7 +695,6 @@ credicorp-capital.net
 credicorpfiduciariasa.com
 credifinanciera.didacsis.com
 crediserfinanza.com
-credita302.temp.swtest.ru
 creditagricole-sudrhonealpes.blogspot.ba
 creditagricole-sudrhonealpes.blogspot.com
 creditagricole-sudrhonealpes.blogspot.ro
@@ -697,13 +702,18 @@ creditinternationalbank.com
 creditiperhabbogratissicuro100.blogspot.it
 cresvin.com
 criticalcarevizag.com
+crrdxwjap7t.typeform.com
 cryptocars-plays.buzz
 cryptocarsme.com
 cryptscars-logs.com
 cryqtocars.me
 cuans.bkaamiv.cn
 currentlyupgrade.mystrikingly.com
+cusnas.366wuv.cn
+cxas.bvd2q18.cn
+cxas.zk6w4dt.cn
 cxasd.easghbl.cn
+cxmnsa.04frh0w.cn
 cxnbas.nmkbmqk.cn
 cxuahs.1wc9bxm.cn
 cyna.rkpmage.cn
@@ -716,8 +726,10 @@ d18gc1ytkdv37u.cloudfront.net
 d2aae6a6.srvr-cloudmail-srvr675eu6r.pages.dev
 d3ncuwwrr82.typeform.com
 daatahomes.com
+dadafa88.com
 damp-f43e.recovery-page-secur.workers.dev
 danitraseoexperts.com
+dappconnecttvalidator.net
 dapponlines.com
 dappscoins.com
 dappsiconnect.com
@@ -733,8 +745,8 @@ daycoval.facildepagar.com.br
 db-web-client.com
 dbesmdcjzturhizszllesbthsn-dot-gl44393333333.rj.r.appspot.com
 dbkuzwes.online
-dbs-interrnet.online
 dbs.limited
+dbs.online.webdbslistinonline.com
 dbs.webdbslistinonline.com
 dbw.gr
 dcm1.ae.iwc.static.tungmung.co.id
@@ -767,6 +779,7 @@ deutsche-post.apurvathespygenesh.com
 dev-nadaj.orlenpaczka.ce5.pl
 dev-secu-credit-union.pantheonsite.io
 dev-www.orlenpaczka.ce5.pl
+dev.massageliabilityinsurancegroup.com
 dev.shivaxi.com
 devicepichincha.webcindario.com
 devops.help
@@ -779,15 +792,17 @@ dhl-event.app
 dhl.recruitmentplatform.com
 diamondplate.us
 die-post-swiss-id-19782635812.psd2any.com
+diepost-paketevhost207932.lowhost.ru
 diginto.org
-dilscord.gift
+diligentverify.com
 directqpuprozaakp.weebly.com
 dirtyez.com
 disccrdapp.com
 disckord.club
 discoord-nittro.com
-discorc.gift
 discordbugs.com
+discordnitroos.com
+discrods.gift
 dispositivoapp.azurewebsites.net
 distinctivei.com
 distrial.ec
@@ -800,7 +815,6 @@ dkglobaljobs.com
 dl.9xu.com
 dlink.me
 dmaxpesca.com.es
-dminer.cloud
 doclab-console-auth.firebaseapp.com
 docs-verify-c671.thajetiase.workers.dev
 docs.revv.so
@@ -826,12 +840,9 @@ domainserverlawa116.web.app
 domainserverlawa117.web.app
 domainserverlawa118.web.app
 domainserverlawa119.web.app
-domainserverlawa120.web.app
-domainserverlawa121.web.app
 domainserverlawa122.web.app
 domainserverlawa123.web.app
 domainserverlawa124.web.app
-domainserverlawa125.web.app
 domainserverlawa126.web.app
 domainserverlawa127.web.app
 domainserverlawa128.web.app
@@ -840,32 +851,24 @@ domainserverlawa13.web.app
 domainserverlawa130.web.app
 domainserverlawa131.web.app
 domainserverlawa132.web.app
-domainserverlawa133.web.app
 domainserverlawa134.web.app
 domainserverlawa135.web.app
 domainserverlawa136.web.app
 domainserverlawa137.web.app
-domainserverlawa138.web.app
 domainserverlawa139.web.app
 domainserverlawa14.web.app
-domainserverlawa140.web.app
-domainserverlawa141.web.app
 domainserverlawa142.web.app
 domainserverlawa143.web.app
 domainserverlawa144.web.app
 domainserverlawa145.web.app
 domainserverlawa146.web.app
-domainserverlawa147.web.app
 domainserverlawa148.web.app
 domainserverlawa149.web.app
 domainserverlawa150.web.app
-domainserverlawa151.web.app
 domainserverlawa152.web.app
 domainserverlawa153.web.app
-domainserverlawa154.web.app
 domainserverlawa155.web.app
 domainserverlawa156.web.app
-domainserverlawa157.web.app
 domainserverlawa158.web.app
 domainserverlawa159.web.app
 domainserverlawa160.web.app
@@ -873,20 +876,15 @@ domainserverlawa161.web.app
 domainserverlawa162.web.app
 domainserverlawa163.web.app
 domainserverlawa164.web.app
-domainserverlawa165.web.app
 domainserverlawa166.web.app
 domainserverlawa167.web.app
 domainserverlawa168.web.app
 domainserverlawa169.web.app
-domainserverlawa17.web.app
-domainserverlawa170.web.app
 domainserverlawa171.web.app
 domainserverlawa172.web.app
 domainserverlawa173.web.app
 domainserverlawa174.web.app
-domainserverlawa175.web.app
 domainserverlawa176.web.app
-domainserverlawa177.web.app
 domainserverlawa178.web.app
 domainserverlawa179.web.app
 domainserverlawa18.web.app
@@ -895,34 +893,25 @@ domainserverlawa181.web.app
 domainserverlawa182.web.app
 domainserverlawa183.web.app
 domainserverlawa184.web.app
-domainserverlawa185.web.app
 domainserverlawa186.web.app
 domainserverlawa187.web.app
 domainserverlawa188.web.app
 domainserverlawa189.web.app
 domainserverlawa19.web.app
-domainserverlawa190.web.app
 domainserverlawa191.web.app
 domainserverlawa193.web.app
 domainserverlawa194.web.app
 domainserverlawa195.web.app
-domainserverlawa196.web.app
-domainserverlawa197.web.app
 domainserverlawa198.web.app
-domainserverlawa199.web.app
 domainserverlawa20.web.app
-domainserverlawa200.web.app
 domainserverlawa201.web.app
 domainserverlawa202.web.app
-domainserverlawa203.web.app
 domainserverlawa204.web.app
 domainserverlawa205.web.app
 domainserverlawa206.web.app
-domainserverlawa207.web.app
 domainserverlawa208.web.app
 domainserverlawa209.web.app
 domainserverlawa21.web.app
-domainserverlawa210.web.app
 domainserverlawa211.web.app
 domainserverlawa212.web.app
 domainserverlawa213.web.app
@@ -936,7 +925,6 @@ domainserverlawa220.web.app
 domainserverlawa221.web.app
 domainserverlawa222.web.app
 domainserverlawa223.web.app
-domainserverlawa224.web.app
 domainserverlawa225.web.app
 domainserverlawa226.web.app
 domainserverlawa227.web.app
@@ -949,12 +937,10 @@ domainserverlawa233.web.app
 domainserverlawa234.web.app
 domainserverlawa235.web.app
 domainserverlawa237.web.app
-domainserverlawa238.web.app
 domainserverlawa239.web.app
 domainserverlawa240.web.app
 domainserverlawa241.web.app
 domainserverlawa242.web.app
-domainserverlawa243.web.app
 domainserverlawa244.web.app
 domainserverlawa245.web.app
 domainserverlawa246.web.app
@@ -962,35 +948,23 @@ domainserverlawa247.web.app
 domainserverlawa248.web.app
 domainserverlawa249.web.app
 domainserverlawa25.web.app
-domainserverlawa250.web.app
 domainserverlawa251.web.app
 domainserverlawa252.web.app
 domainserverlawa253.web.app
-domainserverlawa254.web.app
-domainserverlawa255.web.app
 domainserverlawa256.web.app
 domainserverlawa257.web.app
 domainserverlawa258.web.app
-domainserverlawa259.web.app
-domainserverlawa26.web.app
 domainserverlawa260.web.app
-domainserverlawa261.web.app
-domainserverlawa262.web.app
 domainserverlawa263.web.app
 domainserverlawa264.web.app
 domainserverlawa265.web.app
 domainserverlawa266.web.app
 domainserverlawa267.web.app
-domainserverlawa268.web.app
 domainserverlawa269.web.app
 domainserverlawa270.web.app
-domainserverlawa271.web.app
-domainserverlawa272.web.app
 domainserverlawa273.web.app
 domainserverlawa274.web.app
-domainserverlawa275.web.app
 domainserverlawa276.web.app
-domainserverlawa277.web.app
 domainserverlawa278.web.app
 domainserverlawa279.web.app
 domainserverlawa280.web.app
@@ -999,9 +973,7 @@ domainserverlawa282.web.app
 domainserverlawa283.web.app
 domainserverlawa284.web.app
 domainserverlawa285.web.app
-domainserverlawa286.web.app
 domainserverlawa287.web.app
-domainserverlawa289.web.app
 domainserverlawa29.web.app
 domainserverlawa290.web.app
 domainserverlawa292.web.app
@@ -1010,28 +982,20 @@ domainserverlawa294.web.app
 domainserverlawa295.web.app
 domainserverlawa296.web.app
 domainserverlawa297.web.app
-domainserverlawa298.web.app
 domainserverlawa299.web.app
-domainserverlawa30.web.app
 domainserverlawa300.web.app
 domainserverlawa301.web.app
 domainserverlawa302.web.app
 domainserverlawa303.web.app
 domainserverlawa304.web.app
 domainserverlawa305.web.app
-domainserverlawa306.web.app
 domainserverlawa307.web.app
 domainserverlawa308.web.app
-domainserverlawa309.web.app
-domainserverlawa31.web.app
 domainserverlawa310.web.app
 domainserverlawa311.web.app
 domainserverlawa312.web.app
 domainserverlawa313.web.app
-domainserverlawa314.web.app
 domainserverlawa315.web.app
-domainserverlawa316.web.app
-domainserverlawa317.web.app
 domainserverlawa318.web.app
 domainserverlawa319.web.app
 domainserverlawa32.web.app
@@ -1039,13 +1003,11 @@ domainserverlawa320.web.app
 domainserverlawa321.web.app
 domainserverlawa322.web.app
 domainserverlawa323.web.app
-domainserverlawa324.web.app
 domainserverlawa325.web.app
 domainserverlawa326.web.app
 domainserverlawa327.web.app
 domainserverlawa328.web.app
 domainserverlawa329.web.app
-domainserverlawa33.web.app
 domainserverlawa330.web.app
 domainserverlawa331.web.app
 domainserverlawa332.web.app
@@ -1056,17 +1018,14 @@ domainserverlawa336.web.app
 domainserverlawa337.web.app
 domainserverlawa338.web.app
 domainserverlawa339.web.app
-domainserverlawa34.web.app
 domainserverlawa340.web.app
 domainserverlawa341.web.app
 domainserverlawa342.web.app
 domainserverlawa343.web.app
 domainserverlawa344.web.app
-domainserverlawa345.web.app
 domainserverlawa346.web.app
 domainserverlawa347.web.app
 domainserverlawa348.web.app
-domainserverlawa35.web.app
 domainserverlawa350.web.app
 domainserverlawa351.web.app
 domainserverlawa352.web.app
@@ -1080,7 +1039,6 @@ domainserverlawa359.web.app
 domainserverlawa36.web.app
 domainserverlawa360.web.app
 domainserverlawa361.web.app
-domainserverlawa362.web.app
 domainserverlawa363.web.app
 domainserverlawa364.web.app
 domainserverlawa365.web.app
@@ -1091,7 +1049,6 @@ domainserverlawa37.web.app
 domainserverlawa370.web.app
 domainserverlawa371.web.app
 domainserverlawa372.web.app
-domainserverlawa373.web.app
 domainserverlawa374.web.app
 domainserverlawa375.web.app
 domainserverlawa376.web.app
@@ -1107,11 +1064,7 @@ domainserverlawa384.web.app
 domainserverlawa385.web.app
 domainserverlawa386.web.app
 domainserverlawa387.web.app
-domainserverlawa388.web.app
-domainserverlawa389.web.app
-domainserverlawa39.web.app
 domainserverlawa390.web.app
-domainserverlawa391.web.app
 domainserverlawa392.web.app
 domainserverlawa393.web.app
 domainserverlawa394.web.app
@@ -1122,11 +1075,8 @@ domainserverlawa398.web.app
 domainserverlawa40.web.app
 domainserverlawa400.web.app
 domainserverlawa401.web.app
-domainserverlawa402.web.app
 domainserverlawa403.web.app
-domainserverlawa404.web.app
 domainserverlawa405.web.app
-domainserverlawa406.web.app
 domainserverlawa407.web.app
 domainserverlawa408.web.app
 domainserverlawa409.web.app
@@ -1137,7 +1087,6 @@ domainserverlawa412.web.app
 domainserverlawa413.web.app
 domainserverlawa414.web.app
 domainserverlawa415.web.app
-domainserverlawa416.web.app
 domainserverlawa417.web.app
 domainserverlawa418.web.app
 domainserverlawa419.web.app
@@ -1150,12 +1099,10 @@ domainserverlawa424.web.app
 domainserverlawa425.web.app
 domainserverlawa426.web.app
 domainserverlawa427.web.app
-domainserverlawa428.web.app
 domainserverlawa429.web.app
 domainserverlawa43.web.app
 domainserverlawa430.web.app
 domainserverlawa431.web.app
-domainserverlawa432.web.app
 domainserverlawa433.web.app
 domainserverlawa434.web.app
 domainserverlawa435.web.app
@@ -1165,36 +1112,27 @@ domainserverlawa438.web.app
 domainserverlawa439.web.app
 domainserverlawa44.web.app
 domainserverlawa440.web.app
-domainserverlawa441.web.app
 domainserverlawa442.web.app
 domainserverlawa443.web.app
 domainserverlawa444.web.app
 domainserverlawa445.web.app
 domainserverlawa446.web.app
 domainserverlawa447.web.app
-domainserverlawa448.web.app
 domainserverlawa449.web.app
-domainserverlawa45.web.app
 domainserverlawa450.web.app
 domainserverlawa451.web.app
 domainserverlawa452.web.app
 domainserverlawa453.web.app
-domainserverlawa454.web.app
 domainserverlawa455.web.app
 domainserverlawa456.web.app
-domainserverlawa457.web.app
-domainserverlawa458.web.app
 domainserverlawa459.web.app
 domainserverlawa46.web.app
 domainserverlawa460.web.app
-domainserverlawa461.web.app
 domainserverlawa462.web.app
 domainserverlawa463.web.app
 domainserverlawa464.web.app
 domainserverlawa465.web.app
 domainserverlawa466.web.app
-domainserverlawa467.web.app
-domainserverlawa468.web.app
 domainserverlawa469.web.app
 domainserverlawa47.web.app
 domainserverlawa470.web.app
@@ -1205,18 +1143,14 @@ domainserverlawa474.web.app
 domainserverlawa475.web.app
 domainserverlawa476.web.app
 domainserverlawa477.web.app
-domainserverlawa478.web.app
 domainserverlawa479.web.app
 domainserverlawa480.web.app
 domainserverlawa481.web.app
-domainserverlawa482.web.app
 domainserverlawa483.web.app
 domainserverlawa484.web.app
 domainserverlawa485.web.app
 domainserverlawa486.web.app
 domainserverlawa487.web.app
-domainserverlawa488.web.app
-domainserverlawa489.web.app
 domainserverlawa49.web.app
 domainserverlawa490.web.app
 domainserverlawa491.web.app
@@ -1227,22 +1161,15 @@ domainserverlawa495.web.app
 domainserverlawa496.web.app
 domainserverlawa497.web.app
 domainserverlawa498.web.app
-domainserverlawa499.web.app
 domainserverlawa50.web.app
 domainserverlawa500.web.app
-domainserverlawa501.web.app
 domainserverlawa502.web.app
-domainserverlawa503.web.app
-domainserverlawa504.web.app
-domainserverlawa505.web.app
 domainserverlawa506.web.app
 domainserverlawa507.web.app
 domainserverlawa508.web.app
 domainserverlawa509.web.app
 domainserverlawa51.web.app
-domainserverlawa510.web.app
 domainserverlawa511.web.app
-domainserverlawa513.web.app
 domainserverlawa514.web.app
 domainserverlawa515.web.app
 domainserverlawa516.web.app
@@ -1251,10 +1178,8 @@ domainserverlawa518.web.app
 domainserverlawa519.web.app
 domainserverlawa52.web.app
 domainserverlawa520.web.app
-domainserverlawa521.web.app
 domainserverlawa522.web.app
 domainserverlawa523.web.app
-domainserverlawa524.web.app
 domainserverlawa525.web.app
 domainserverlawa526.web.app
 domainserverlawa527.web.app
@@ -1265,28 +1190,21 @@ domainserverlawa530.web.app
 domainserverlawa531.web.app
 domainserverlawa532.web.app
 domainserverlawa533.web.app
-domainserverlawa534.web.app
-domainserverlawa535.web.app
 domainserverlawa536.web.app
 domainserverlawa537.web.app
 domainserverlawa538.web.app
 domainserverlawa539.web.app
 domainserverlawa54.web.app
-domainserverlawa540.web.app
 domainserverlawa541.web.app
 domainserverlawa542.web.app
 domainserverlawa543.web.app
-domainserverlawa544.web.app
 domainserverlawa545.web.app
 domainserverlawa546.web.app
 domainserverlawa547.web.app
-domainserverlawa548.web.app
 domainserverlawa549.web.app
 domainserverlawa550.web.app
 domainserverlawa551.web.app
-domainserverlawa552.web.app
 domainserverlawa553.web.app
-domainserverlawa554.web.app
 domainserverlawa555.web.app
 domainserverlawa556.web.app
 domainserverlawa557.web.app
@@ -1296,9 +1214,7 @@ domainserverlawa56.web.app
 domainserverlawa560.web.app
 domainserverlawa561.web.app
 domainserverlawa562.web.app
-domainserverlawa563.web.app
 domainserverlawa564.web.app
-domainserverlawa565.web.app
 domainserverlawa566.web.app
 domainserverlawa567.web.app
 domainserverlawa568.web.app
@@ -1307,35 +1223,24 @@ domainserverlawa57.web.app
 domainserverlawa570.web.app
 domainserverlawa571.web.app
 domainserverlawa572.web.app
-domainserverlawa573.web.app
 domainserverlawa574.web.app
 domainserverlawa575.web.app
 domainserverlawa576.web.app
 domainserverlawa577.web.app
 domainserverlawa578.web.app
 domainserverlawa579.web.app
-domainserverlawa58.web.app
-domainserverlawa580.web.app
 domainserverlawa581.web.app
 domainserverlawa582.web.app
 domainserverlawa583.web.app
-domainserverlawa584.web.app
-domainserverlawa585.web.app
 domainserverlawa586.web.app
 domainserverlawa587.web.app
 domainserverlawa588.web.app
 domainserverlawa589.web.app
 domainserverlawa59.web.app
-domainserverlawa590.web.app
-domainserverlawa591.web.app
 domainserverlawa592.web.app
 domainserverlawa593.web.app
-domainserverlawa594.web.app
-domainserverlawa595.web.app
-domainserverlawa596.web.app
 domainserverlawa597.web.app
 domainserverlawa598.web.app
-domainserverlawa599.web.app
 domainserverlawa60.web.app
 domainserverlawa600.web.app
 domainserverlawa601.web.app
@@ -1343,25 +1248,18 @@ domainserverlawa602.web.app
 domainserverlawa603.web.app
 domainserverlawa604.web.app
 domainserverlawa605.web.app
-domainserverlawa606.web.app
 domainserverlawa607.web.app
 domainserverlawa608.web.app
 domainserverlawa609.web.app
-domainserverlawa61.web.app
 domainserverlawa610.web.app
-domainserverlawa611.web.app
 domainserverlawa612.web.app
 domainserverlawa613.web.app
 domainserverlawa614.web.app
-domainserverlawa615.web.app
-domainserverlawa616.web.app
-domainserverlawa617.web.app
 domainserverlawa618.web.app
 domainserverlawa619.web.app
 domainserverlawa62.web.app
 domainserverlawa620.web.app
 domainserverlawa621.web.app
-domainserverlawa622.web.app
 domainserverlawa623.web.app
 domainserverlawa624.web.app
 domainserverlawa625.web.app
@@ -1382,7 +1280,6 @@ domainserverlawa638.web.app
 domainserverlawa639.web.app
 domainserverlawa64.web.app
 domainserverlawa640.web.app
-domainserverlawa641.web.app
 domainserverlawa642.web.app
 domainserverlawa643.web.app
 domainserverlawa644.web.app
@@ -1398,11 +1295,6 @@ domainserverlawa652.web.app
 domainserverlawa653.web.app
 domainserverlawa654.web.app
 domainserverlawa655.web.app
-domainserverlawa656.web.app
-domainserverlawa657.web.app
-domainserverlawa658.web.app
-domainserverlawa659.web.app
-domainserverlawa66.web.app
 domainserverlawa660.web.app
 domainserverlawa661.web.app
 domainserverlawa662.web.app
@@ -1413,14 +1305,10 @@ domainserverlawa666.web.app
 domainserverlawa667.web.app
 domainserverlawa668.web.app
 domainserverlawa669.web.app
-domainserverlawa67.web.app
-domainserverlawa670.web.app
 domainserverlawa671.web.app
 domainserverlawa672.web.app
 domainserverlawa673.web.app
-domainserverlawa674.web.app
 domainserverlawa675.web.app
-domainserverlawa676.web.app
 domainserverlawa677.web.app
 domainserverlawa678.web.app
 domainserverlawa679.web.app
@@ -1428,12 +1316,8 @@ domainserverlawa68.web.app
 domainserverlawa680.web.app
 domainserverlawa681.web.app
 domainserverlawa682.web.app
-domainserverlawa683.web.app
 domainserverlawa684.web.app
 domainserverlawa685.web.app
-domainserverlawa686.web.app
-domainserverlawa687.web.app
-domainserverlawa688.web.app
 domainserverlawa689.web.app
 domainserverlawa69.web.app
 domainserverlawa690.web.app
@@ -1441,7 +1325,6 @@ domainserverlawa691.web.app
 domainserverlawa692.web.app
 domainserverlawa693.web.app
 domainserverlawa694.web.app
-domainserverlawa695.web.app
 domainserverlawa696.web.app
 domainserverlawa697.web.app
 domainserverlawa698.web.app
@@ -1452,15 +1335,11 @@ domainserverlawa701.web.app
 domainserverlawa702.web.app
 domainserverlawa703.web.app
 domainserverlawa704.web.app
-domainserverlawa705.web.app
 domainserverlawa706.web.app
-domainserverlawa707.web.app
 domainserverlawa708.web.app
 domainserverlawa709.web.app
 domainserverlawa71.web.app
-domainserverlawa710.web.app
 domainserverlawa711.web.app
-domainserverlawa712.web.app
 domainserverlawa713.web.app
 domainserverlawa714.web.app
 domainserverlawa715.web.app
@@ -1469,17 +1348,13 @@ domainserverlawa717.web.app
 domainserverlawa718.web.app
 domainserverlawa719.web.app
 domainserverlawa72.web.app
-domainserverlawa720.web.app
 domainserverlawa721.web.app
 domainserverlawa722.web.app
-domainserverlawa723.web.app
 domainserverlawa724.web.app
 domainserverlawa725.web.app
 domainserverlawa726.web.app
 domainserverlawa727.web.app
-domainserverlawa728.web.app
 domainserverlawa729.web.app
-domainserverlawa73.web.app
 domainserverlawa730.web.app
 domainserverlawa731.web.app
 domainserverlawa732.web.app
@@ -1492,31 +1367,22 @@ domainserverlawa738.web.app
 domainserverlawa739.web.app
 domainserverlawa74.web.app
 domainserverlawa740.web.app
-domainserverlawa741.web.app
 domainserverlawa742.web.app
 domainserverlawa743.web.app
 domainserverlawa744.web.app
-domainserverlawa745.web.app
 domainserverlawa746.web.app
-domainserverlawa747.web.app
-domainserverlawa748.web.app
 domainserverlawa749.web.app
 domainserverlawa75.web.app
 domainserverlawa750.web.app
-domainserverlawa751.web.app
 domainserverlawa752.web.app
 domainserverlawa753.web.app
 domainserverlawa754.web.app
 domainserverlawa755.web.app
-domainserverlawa756.web.app
 domainserverlawa757.web.app
 domainserverlawa758.web.app
 domainserverlawa759.web.app
-domainserverlawa76.web.app
-domainserverlawa760.web.app
 domainserverlawa761.web.app
 domainserverlawa762.web.app
-domainserverlawa763.web.app
 domainserverlawa764.web.app
 domainserverlawa765.web.app
 domainserverlawa766.web.app
@@ -1536,22 +1402,17 @@ domainserverlawa778.web.app
 domainserverlawa779.web.app
 domainserverlawa78.web.app
 domainserverlawa780.web.app
-domainserverlawa781.web.app
 domainserverlawa782.web.app
 domainserverlawa783.web.app
 domainserverlawa784.web.app
 domainserverlawa785.web.app
 domainserverlawa786.web.app
-domainserverlawa787.web.app
 domainserverlawa788.web.app
 domainserverlawa789.web.app
 domainserverlawa79.web.app
 domainserverlawa790.web.app
-domainserverlawa791.web.app
-domainserverlawa792.web.app
 domainserverlawa793.web.app
 domainserverlawa794.web.app
-domainserverlawa795.web.app
 domainserverlawa796.web.app
 domainserverlawa797.web.app
 domainserverlawa798.web.app
@@ -1560,7 +1421,6 @@ domainserverlawa80.web.app
 domainserverlawa800.web.app
 domainserverlawa801.web.app
 domainserverlawa802.web.app
-domainserverlawa803.web.app
 domainserverlawa804.web.app
 domainserverlawa806.web.app
 domainserverlawa807.web.app
@@ -1568,8 +1428,6 @@ domainserverlawa808.web.app
 domainserverlawa809.web.app
 domainserverlawa81.web.app
 domainserverlawa810.web.app
-domainserverlawa811.web.app
-domainserverlawa812.web.app
 domainserverlawa813.web.app
 domainserverlawa814.web.app
 domainserverlawa815.web.app
@@ -1583,7 +1441,6 @@ domainserverlawa821.web.app
 domainserverlawa822.web.app
 domainserverlawa823.web.app
 domainserverlawa824.web.app
-domainserverlawa825.web.app
 domainserverlawa826.web.app
 domainserverlawa827.web.app
 domainserverlawa828.web.app
@@ -1595,9 +1452,7 @@ domainserverlawa832.web.app
 domainserverlawa833.web.app
 domainserverlawa834.web.app
 domainserverlawa835.web.app
-domainserverlawa836.web.app
 domainserverlawa837.web.app
-domainserverlawa838.web.app
 domainserverlawa839.web.app
 domainserverlawa84.web.app
 domainserverlawa840.web.app
@@ -1605,29 +1460,21 @@ domainserverlawa841.web.app
 domainserverlawa842.web.app
 domainserverlawa843.web.app
 domainserverlawa844.web.app
-domainserverlawa845.web.app
 domainserverlawa846.web.app
-domainserverlawa847.web.app
-domainserverlawa848.web.app
-domainserverlawa849.web.app
 domainserverlawa85.web.app
-domainserverlawa850.web.app
 domainserverlawa851.web.app
 domainserverlawa852.web.app
 domainserverlawa853.web.app
-domainserverlawa854.web.app
 domainserverlawa855.web.app
 domainserverlawa856.web.app
 domainserverlawa857.web.app
 domainserverlawa858.web.app
-domainserverlawa859.web.app
 domainserverlawa86.web.app
 domainserverlawa860.web.app
 domainserverlawa861.web.app
 domainserverlawa862.web.app
 domainserverlawa863.web.app
 domainserverlawa864.web.app
-domainserverlawa865.web.app
 domainserverlawa866.web.app
 domainserverlawa867.web.app
 domainserverlawa868.web.app
@@ -1638,7 +1485,6 @@ domainserverlawa871.web.app
 domainserverlawa872.web.app
 domainserverlawa873.web.app
 domainserverlawa874.web.app
-domainserverlawa875.web.app
 domainserverlawa877.web.app
 domainserverlawa878.web.app
 domainserverlawa879.web.app
@@ -1646,9 +1492,7 @@ domainserverlawa88.web.app
 domainserverlawa880.web.app
 domainserverlawa881.web.app
 domainserverlawa882.web.app
-domainserverlawa883.web.app
 domainserverlawa884.web.app
-domainserverlawa885.web.app
 domainserverlawa886.web.app
 domainserverlawa888.web.app
 domainserverlawa889.web.app
@@ -1668,19 +1512,14 @@ domainserverlawa901.web.app
 domainserverlawa902.web.app
 domainserverlawa903.web.app
 domainserverlawa904.web.app
-domainserverlawa905.web.app
 domainserverlawa906.web.app
 domainserverlawa907.web.app
 domainserverlawa908.web.app
 domainserverlawa909.web.app
 domainserverlawa91.web.app
 domainserverlawa910.web.app
-domainserverlawa911.web.app
 domainserverlawa912.web.app
 domainserverlawa913.web.app
-domainserverlawa914.web.app
-domainserverlawa915.web.app
-domainserverlawa916.web.app
 domainserverlawa917.web.app
 domainserverlawa918.web.app
 domainserverlawa92.web.app
@@ -1689,22 +1528,14 @@ domainserverlawa921.web.app
 domainserverlawa922.web.app
 domainserverlawa923.web.app
 domainserverlawa924.web.app
-domainserverlawa925.web.app
 domainserverlawa926.web.app
 domainserverlawa927.web.app
 domainserverlawa929.web.app
-domainserverlawa93.web.app
 domainserverlawa930.web.app
-domainserverlawa931.web.app
 domainserverlawa932.web.app
-domainserverlawa933.web.app
-domainserverlawa934.web.app
 domainserverlawa935.web.app
-domainserverlawa936.web.app
 domainserverlawa937.web.app
 domainserverlawa938.web.app
-domainserverlawa939.web.app
-domainserverlawa94.web.app
 domainserverlawa940.web.app
 domainserverlawa941.web.app
 domainserverlawa942.web.app
@@ -1713,45 +1544,33 @@ domainserverlawa944.web.app
 domainserverlawa945.web.app
 domainserverlawa946.web.app
 domainserverlawa947.web.app
-domainserverlawa948.web.app
 domainserverlawa949.web.app
 domainserverlawa95.web.app
 domainserverlawa950.web.app
-domainserverlawa951.web.app
 domainserverlawa952.web.app
 domainserverlawa953.web.app
 domainserverlawa954.web.app
 domainserverlawa955.web.app
-domainserverlawa957.web.app
 domainserverlawa958.web.app
 domainserverlawa959.web.app
 domainserverlawa96.web.app
-domainserverlawa960.web.app
 domainserverlawa961.web.app
 domainserverlawa962.web.app
 domainserverlawa963.web.app
 domainserverlawa964.web.app
-domainserverlawa965.web.app
 domainserverlawa966.web.app
 domainserverlawa967.web.app
-domainserverlawa968.web.app
-domainserverlawa969.web.app
 domainserverlawa97.web.app
 domainserverlawa970.web.app
-domainserverlawa971.web.app
-domainserverlawa972.web.app
 domainserverlawa973.web.app
 domainserverlawa974.web.app
 domainserverlawa975.web.app
 domainserverlawa976.web.app
 domainserverlawa977.web.app
-domainserverlawa978.web.app
 domainserverlawa979.web.app
 domainserverlawa98.web.app
 domainserverlawa980.web.app
-domainserverlawa981.web.app
 domainserverlawa982.web.app
-domainserverlawa983.web.app
 domainserverlawa984.web.app
 domainserverlawa985.web.app
 domainserverlawa986.web.app
@@ -1761,14 +1580,11 @@ domainserverlawa989.web.app
 domainserverlawa99.web.app
 domainserverlawa990.web.app
 domainserverlawa991.web.app
-domainserverlawa992.web.app
 domainserverlawa993.web.app
-domainserverlawa994.web.app
 domainserverlawa995.web.app
 domainserverlawa996.web.app
-domainserverlawa997.web.app
-domainserverlawa998.web.app
 domainserverlawa999.web.app
+donaidrsilcio.com
 doooog.cn
 dopeydog.co.nz
 dorouscom.com
@@ -1776,20 +1592,20 @@ douuodwoman.com
 dowaba-s2dhl.blogspot.com
 doz.tode.cz
 dpasdasfasfasfas.pages.dev
+dpd-pl.566868.space
 dpd-redelivery-uk.com
 dpmasdaskj.pages.dev
 dr-joannepeeler.com
 dr3aq.byethost32.com
+dreamhacker.pro
 dreamotion-jp.com
 drivingschoolglasgow.co.uk
 drmarciovaleriano.com.br
-dsadsadsa.diskstation.eu
 dsgcbeonline.com
+dskedirekt.web.app
 dsp2codemdp.t.justns.ru
-dswboot.cc
 dtpprtmwbtudyquwgytcqcthzc-dot-gl44393333333.rj.r.appspot.com
 dtrpsystasfasgas.pages.dev
-duanemanor.tk
 dukhovnist.in.ua
 durecorpperu.com
 dwrat.andalous.org
@@ -1803,7 +1619,6 @@ e4ra.byethost8.com
 e63q45f9h5fr.clickfunnels.com
 eagleeyeapparel.com
 earth01.info
-easy-webtdapp.com
 easywalletfix.net
 easywalletsfix.com
 eba0200d0c.nxcli.net
@@ -1812,15 +1627,12 @@ ebay.com.dashboard-seller.center
 eberhardtedwige.wixsite.com
 ebuddynews.com
 ec.snadc-oecddo.com
-ecloanmoney.com
 ecogreenjanitorial.com
 ecomcrew.staging.wpengine.com
 ecosteelsolution.ro
-editpdfonline.tk
 edje.com
 edukickmexico.com
 ee-sms.co.uk
-ee.mseocri.com
 ee.scicemecod.com
 efarms.com.ng
 eharmonyservice.com
@@ -1843,7 +1655,6 @@ emojis.dels.bar
 emsi-lobo.firebaseapp.com
 en-template-solicito-16414253314897.onepage.website
 enbolivia.com
-enchanting-guiltless-suede.glitch.me
 encryptdrive.booogle.net
 engcamp.org
 enoman.fqzsdgtg.cn
@@ -1869,20 +1680,18 @@ eth-coinwallet.net
 eth.coinscout.cc
 ethnictrendz.com
 ets.jwr.pa-fakfak.go.id
-etwtny.cf
 eucriomeumundo.com
 eugnerally-wixsite-com.filesusr.com
-euraby.com
 eusa-lombo.firebaseapp.com
 evashoes.com.ua
+even-besar-banget.duckdns.org
 even-ff-gratisterbaru2022.duckdns.org
-even-ff-terbarugratis2022.duckdns.org
+event-ff-bundle-baru.duckdns.org
 event-freefire728.duckdns.org
+event-freeskkinmlbb.duckdns.org
 event-garenafreefire263.duckdns.org
-event-skin-resmi-2022.duckdns.org
-eventclaimfreefiregratis2022.duckdns.org
 eventclaimsff0.duckdns.org
-eventgarenafreefiremax2022.duckdns.org
+eventspinfreefire2022.duckdns.org
 everestmotors.com.np
 evo-revolutioncups.com
 evolbithman.web.app
@@ -1891,6 +1700,7 @@ excelhana.com
 exchange-pancakeswaps.com
 exchangedictionary.com
 exodlus.net
+exodus-2022.com
 exodus.com-wallet-signin.com
 exodus.com-web-wallet-online.com
 exodus.com.tccaponline.com
@@ -1902,6 +1712,7 @@ extracash-interlbankonline.com
 extracloud.com.au
 ezblox.site
 ezssausage.com
+f2f.co.jp
 f6fr7.codesandbox.io
 f9w1lned0ruqblxi6jahwotak.filesusr.com
 faccebook.azurewebsites.net
@@ -1916,7 +1727,10 @@ facebook.com-r51znzih8i.isiolo.go.ke
 facebook.com-zxsrf038k.isiolo.go.ke
 facebook.eventspinff.wtf
 facebook.kingstopup.com
+facebook.whcserverbox.com
+facebook8facebook.blogspot.com
 facebookk.azurewebsites.net
+facebookphisher.herokuapp.com
 facebooks.azurewebsites.net
 faic.in
 faizankhan0408.github.io
@@ -1930,20 +1744,21 @@ fassilnet5.ultimatefreehost.in
 fax.gruppobiesse.it
 fb-case-id-28031803-fcdc-48af.web.app
 fb-pages.proteksion-help.workers.dev
+fb.10004682.review
 fb.expressturkeyi.com
 fb7927.bget.ru
 fdasd.2e4jept.cn
 fdhgf.xyz
-feceboolk.blogspot.com
 federalaccesscredit.com
 fedner.net
 fer-brooks.top
 feriadempleos.com
 ferienhof-gempel.de
 ff-anivesary225.duckdns.org
+ff-member-ganena.com
 ff-membership-garena.com
 ff-membershipz-garena.ga
-ff.membership.garenaj.vn
+ff.members.garera.vn
 ffim-event-2022.duckdns.org
 fghjr74rhudfguhtfguji.blogspot.com
 fi.uy
@@ -1952,7 +1767,6 @@ fidelitybank-mn.net
 fighting40s.com
 fikir.id
 fileundelete.net
-filmkenner.com
 filtrosmil.com.br
 finalfantasyguide.co.uk
 finiiishingedgex.tk
@@ -1967,13 +1781,14 @@ fluksrv.mycpanel.rs
 fmwebapp.azurewebsites.net
 foliar.pl
 foma-ura-lote.firebaseapp.com
+foor1.com
+for-pakage-delevry.tragaroleary.com
 foresta-mod.firebaseapp.com
 forhimself9999.co.vu
 formbuddy.com
 forms.formium.io
 formtools.com
 forum-dofus.com.co
-foryour.gov-information.info
 fpalpha.myportfolio.com
 fpmaam.org
 fr-europe564598-com.filesusr.com
@@ -1986,6 +1801,7 @@ freefiredot-comerhadiah.duckdns.org
 freefireevent-codashop2022.duckdns.org
 freeitemff-allreward.duckdns.org
 freeliker.net
+freereward-ff.duckdns.org
 frefire-membership-garena.sukienfreefire2021.top
 freg-nine.pt
 friendsofnechockey.com
@@ -2001,21 +1817,22 @@ ftx.com.vn
 ftx.cool
 ftxbonus.site
 funiswap.exchange
+furgonetka-1.pl
 fusionrestobar.cl
+futurebits.in
+fwztmgr.cn
 fxhalifax.com
 fxxmpavktyihgyqitmuaimubui-dot-gl44393333333.rj.r.appspot.com
 g-mtcc.com
 g.greatsubstance.com.my
 ga.teesmith.shop
 gabrielamims.com
-gabung-grubnew1342.duckdns.org
 gagaclinic.com
 gakrvwufrvhxjaabezdbltlhff-dot-gl44393333333.rj.r.appspot.com
 gallciaonllne.webcindario.com
 garena-xacminhtaikhoan.com
-garenafreefire728.duckdns.org
-gastronomiarobertos.com
 gasunige.mfs.gg
+gbunggrup-pmrsatu13.duckdns.org
 gedfdfsd.eu
 geg.li
 generali-italia-ag.hrweb.it
@@ -2041,7 +1858,6 @@ goldenlasgidi10.web.app
 golkondaresorts.com
 goo-gl.me
 good12345.tripod.com
-goofy-wozniak.192-210-226-164.plesk.page
 gorol-cost.web.app
 gorol-investor.web.app
 gosafes.com
@@ -2051,39 +1867,28 @@ gramarcales.com.br
 greekinfra.com
 greenclasses.in
 grosshandel-mevida.de
-group-mantap-seger.duckdns.org
 group-wa-1.duckdns.org
-groupbkep-vral15.duckdns.org
 groworldinternational.com
 grp02.member.mycld-rakuten.info
-grub-sangex.wikaba.com
-grubgabung.duckdns.org
 grubnatajadeh12.duckdns.org
+grubterbarukk037.duckdns.org
 grubviralterbaru65c.duckdns.org
-grup-bokephot-terbaru2022.duckdns.org
-grup-bokepviral4.duckdns.org
-grup-dwsa-indomesia845.duckdns.org
-grup-viral-seleb.duckdns.org
-grup-viralbokep111.myftp.org
-grup-viralbokep2.ddns.net
+gruo-wa-okep-dewasa-2022.duckdns.org
+grup-bokep-terbaru555.duckdns.org
 grup-whatsapp121.duckdns.org
 grup-whatsappbokep1.duckdns.org
 grup-whatsappbokep2.duckdns.org
-grupbokeppadacantik.duckdns.org
+grup2022ssx.duckdns.org
 grupofsp.com.br
 gruposanpio.com
-gruptiktok.wikaba.com
-grupviral-xx.duckdns.org
-grupviral109.duckdns.org
-grupviralterbaru.duckdns.org
+grupwhatsaap-viral-2022.duckdns.org
 grupwhatsappnobar-2022.duckdns.org
 gscommunityspirit.greenschool.org
 gstsolutions.online
+gtw420.com
 gunatanahku.perkimtan.sumbarprov.go.id
 gurukanth.com
 gwenet.org
-gyfnqyk.cn
-gymjaokhanakho.azurewebsites.net
 habbocreditosparati.blogspot.com
 haftteam.ir
 hahdaeupdate.es.tl
@@ -2100,19 +1905,18 @@ hasseanhannitybeenwaterboarded.com
 haunlimited.org
 hcnprdvz.azureedge.net
 hdmediahub.club
-hdss-stream.org
 heinthu1.github.io
 hellenic-postbank.com
-helloparis.co.uk
 help-account-bxsfe.ondigitalocean.app
+help-identity-recoveri-support-center.web.id
 help-notice-center-identity-6532.web.id
 help.insecur.saftyalert.workers.dev
 help.validation-page.workers.dev
+helpingcentere.com
 henan.vxim58i.cn
 hermes.parcel-tracker.com
 hetershaven.net
 heuristic-gagarin.45-88-108-231.plesk.page
-hfemail.ntneancns.com
 hgda.db0u4hs.cn
 hgdaa.lfoxcct.cn
 hghgda.erjl0hx.cn
@@ -2127,18 +1931,15 @@ hifly38926.top
 hifly39091.top
 hifly61215.top
 hifly71191.top
-hikaheal.com
 himalayansherpa.com.au
 himbauane.blogspot.com
 hitman71hd-wixsite-com.filesusr.com
-hjhjjhjhjh.pagedemo.co
 hockian.com
 holobeam.000webhostapp.com
 home.ei1ns.de
 home.myfairpoint.net
 homepichilinea2.webcindario.com
 homesinlogin.com
-homestaylongho.com
 hostnix.net
 hostpoint.ch.17a902ef.tcorner.fr
 hotbrooks.com
@@ -2151,6 +1952,7 @@ hpplotters.in
 hs-giveaways.ca
 ht-cargo.com.vn
 htlgroup.com.my
+httpcom-0d4tol437.isiolo.go.ke
 httpeugnerally-wixsite-com.filesusr.com
 https-scert-con04.xyz
 https-scert-srv02.xyz
@@ -2175,7 +1977,6 @@ i.violationspage.validationspege.workers.dev
 ialvkqkadlmcdltczoqpwoociz-dot-gl44393333333.rj.r.appspot.com
 ibpm.ru
 icloud-map-live.com
-icloudstatus.com.ng
 icy.martulangbelulalng.workers.dev
 idappswallets.com
 identifiez-vous-avec-votre-compte.yolasite.com
@@ -2188,7 +1989,6 @@ iframejld.avent-media.fr
 ighk.umjlrs7uci2751.workers.dev
 iipvit.by
 ijcda.bukkats.cn
-ijeioqhawdqioqho.weebly.com
 ijhca.0gb0h7z.cn
 ijjd.h8nmtcc.cn
 ijmna.p2y00vd.cn
@@ -2199,23 +1999,25 @@ ikcda.a2g5xvs.cn
 ikcsa.ajiqvjf.cn
 ikdff.jmo904i.cn
 ikja.lbanwqp.cn
+ikjcd.p1z98hl.cn
 ikjd.uk0xnp8.cn
 ikjgd.rg6bzk7.cn
 ikmcd.u4jdbxm.cn
 ikmxaa.qcqxlrq.cn
+ilooksrare.com
 iloveyourglasses.com
 ilpconnect.org
+image-pict-ig.duckdns.org
 imersao.impulseingles.com.br
 imf0rm4t10nc3nt3r-1d3nt1tys.000webhostapp.com
-imi-ksa.jajainfo.net
 imobiliaria-cardinali-com-br.blogspot.com
 impostazionebper.000webhostapp.com
 in.deraya.org
-inaueab.com
 indo-viral2022.duckdns.org
 info.lionnets.com
 infohypesquad.com
 infopichinchaweb.webcindario.com
+information.safeamazoncardweb.cyou
 informations.recovery.confiryourpage.workers.dev
 infos00001.temp.swtest.ru
 infosecplace.com
@@ -2228,16 +2030,16 @@ inna.cedymll.cn
 innca.ol90k56.cn
 innovasjon.as
 inps-ep.com
-instagram-9.blogspot.com
-instagramhelpp.agency
+instahelppbaddge.ml
 intellidata-analytica.com
-interbankempresahome.rankforever.com
 interbankempresas.pe-il.ru
+interbankhomeweb.fullcircleteam.com
 intern.unibas-com.ch
 international-formulier.91-218-65-223.plesk.page
 internetbanking-caixa-gov.xyz
 internetbankinghelp.com
 internetservicetech.com
+intesalife.ie
 intexargentina.com.ar
 inthewildproductions.com
 intoli.ru
@@ -2245,10 +2047,14 @@ intrafloraplants.com
 intranet.sztpe.info
 investpl.work
 iplogger.info
+iqwea.soxr0u1.cn
 ironmantech.shop
-irs-gov.us-get-funds-assistance.com
+irs-gov-supportcenters.com
+irs.gov-coronavirus-pandemic-tax-refund-submission.com
+ise.com.ar
 isfirsatibul.com
 ismamorlin.my-place.us
+isntagranmeta.pagedemo.co
 istudyalumni.com
 it-europe564598-com.filesusr.com
 it.melnikhotels.com
@@ -2260,6 +2066,12 @@ iuhs.tyopfhn.cn
 iujdas.yfwxlc9.cn
 iuyydd.ebeg6uk.cn
 j9w77d0.cn
+jacco.co.jp-service-tranid-0001-00001m.jtlctj.cn
+jacco.co.jp-service-tranid-0001-00001m.jxbehx.cn
+jacco.co.jp-service-tranid-0001-00001m.qyb59bk.cn
+jacco.co.jp-service-tranid-0001-00001m.v8vxqi.cn
+jacco.co.jp-service-tranid-0001-00001m.v9iasv.cn
+jacco.co.jp-service-tranid-0001-00001m.vjsj3y.cn
 jacobliston.com
 jadaart.org
 jagex-rewards.com
@@ -2271,31 +2083,31 @@ jbwbzta.alfens8.cc
 jeanbaileyrobor.com
 jendelajogja.com
 jerinja.github.io
-jessicasproul.com
 jetser-electrical-supply.business.site
-jetstoop.top
 jett.gator.site
 jflkp.csb.app
 jfovukvysqnglcjghfxncklqih-dot-gl44393333333.rj.r.appspot.com
 jhda.wfdyk9p.cn
 jhdd.fjcslad.cn
 jhff.93oe0u9.cn
+jhnd.0drhnjk.cn
 jiwanramchemical.com
 jjhcd.27ke98i.cn
 jk99j.sbs
-jkhkjjkjk.pagedemo.co
 jlogine.com
+jmcna.jiwayjc.cn
+jmfykd.cyou
+jncba.diiqsmm.cn
 jnlope.tangguakrapekpuik.link
 jnnc.grnxkoj.cn
 job-type.com
 jobs.job.com.bd
 joecamera.net
 john-ashley.de
-join-chat-whatssap-viral-2022.duckdns.org
-join-group-wa2022.duckdns.org
-join-grub-bokep-gratis.duckdns.org
-join-grubkienzy849.duckdns.org
-join-whatsapp-tante-hot18.duckdns.org
+join-group-1.duckdns.org
+join-gruo-waku282.duckdns.org
+joinedprice.com
+joingrupku183.duckdns.org
 joingrupp-bkep156.duckdns.org
 joingrupterbaru-0.duckdns.org
 joinlinkviral729.duckdns.org
@@ -2303,12 +2115,14 @@ joinssgropshot18.duckdns.org
 joinssgropssney6.duckdns.org
 jow-japan.or.jp
 joyeriajireh.com.mx
-jp-bnnk.japappoit.asdwb.xyz
-jp-bnnk.japappoit.asdwd.xyz
+jp-auid.com
+jp.mercari.omany.buzz
 jptechdocsign.net
 jrhayley.plus.com
 juandfar.github.io
+jurisgeneral.com
 jurlebedev.ru
+juscook.com
 justgot.gonevis.com
 justsayingbro.com
 jvk.zultifarza.workers.dev
@@ -2316,6 +2130,7 @@ jyeue43rm95p.clickfunnels.com
 jz2bab.webwave.dev
 k3ja6d.webwave.dev
 kaamwalibais.co.in
+kachinas.be
 kamdhenurealities.com
 kargonova.com
 kartaltepespor.com
@@ -2327,9 +2142,11 @@ kdhdf34j6dfh.dealerwebsite.com
 kdlscaffolding.co.uk
 kecc.com
 kecmanijada.com
+kedai-gamers.com
 keep-passw0rd-supp0rt20211129-0106.supp0rtaaqkadq2zgnizte3ltbly2etnge5yi05ntm3lty2yjcwyzywzdjhmwa.workers.dev
 keepactive-8k98-l9k8-98j8-98j78u-d3d3-fr3d34d-2.pages.dev
 keepboxactive-msoe3e3-osd2rrf432-d342f4-3f34e32edetferef.pages.dev
+kenanhusovic.com
 kevinsmovingservice.com
 kex81.sbs
 key-drcp.com
@@ -2353,12 +2170,12 @@ konfirmasi-identitas-2022.webnode.page
 konnect2kamadhenu.com
 koteng.odoo.com
 kr-bithumb.web.app
-kraftongame.net
 krupije.com
 krx887.com
 ksschool.org.in
 kuchkuchnights.com
 kurortnoye.com.ua
+ky79.com
 l-abe.com
 l-q.in
 lambdaweb.info
@@ -2380,16 +2197,17 @@ leadershipmail.org
 learningimpactmodel.com
 leboncoiinlbc.000webhostapp.com
 leboncoin.delivery01588.icu
+lefaf77683.temp.swtest.ru
 lemeiesta.com
 lenagruessdich.net
 leroycu.ca
+letoptuswebmail-9b69f0.ingress-comporellon.easywp.com
 lettertracing4kids.com
 lexnotes.com.ng
-lg-bluebadgecenter.ml
 lg-onecom-io.web.app
 liberasrl.it
 lihi3.cc
-linkcontract.tech
+linkgrupkakak-disini.duckdns.org
 liongear.com
 lirc.cep.edu.vn
 little-frost-1a15.chrisc11004842.workers.dev
@@ -2413,28 +2231,33 @@ lloydsbank.secure-online-deregister.com
 lloydsbank.secure-personal-device-login.com
 lloyduk-newdevice-registered-online.com
 llsckhuhskcamuqwbonsrhwpvk-dot-gl44393333333.rj.r.appspot.com
+lmbanang.pgryuangbtusngka.link
 lnkd.dev
 lnterbancape-lbk.com
 lnterbank.pe.starneonsignsug.com
+local-postoffice-deliver.com
 localwithg.com
 lockpichincha.webcindario.com
 loengregkuetngferu.live
 lofon-add.firebaseapp.com
 loftywallet.com
+logfuliz.web.app
 login-a5x1ir9bkd0dfo9nrbe2akijf3ux35u2gard0djpitipusxxc8.website.yandexcloud.net
 login-facebook18.webnode.page
 login-live.com-s02.net
 login-np6hh1hdf6csg7hcskopd44b7e7z4clqa8lput68g5abukevka.website.yandexcloud.net
 login-postfinance.com
+login-singaporee.apply-now-online-digital.com
 login.dbs.webdbslistinonline.com
 login.privategold.uytrtyuhij987.gowithapex.com
-login.smbc.weddirecttop.com
 logindhlaccess.dhlupdatelogin.workers.dev
+loginnewatt.weebly.com
 logverify-df12e-verify-1230-eu.web.app
 loinesports.com
 lomadesarrollos.mx
 lombard11.eu
 lot-lp-x.web.app
+love.gos-box.com
 lp.vp4.me
 lrs.financial
 lrs.foundation
@@ -2454,13 +2277,10 @@ m.protc.safty-pege.workers.dev
 m.recovery.safetyacount.workers.dev
 m.recovery.saftypageupdate.workers.dev
 m.salsomascard.top
-m4-appcaixia.com
 m42club.com
-m5bundle.com
 machineryzoneservice.com
 macjakarta.com
 macst.cc
-madamailru.temp.swtest.ru
 madens.com.pl
 madrhinoconsulting.com
 maestro.my.prod.dfg152.ru
@@ -2472,15 +2292,15 @@ mail-account-verify-f4723.web.app
 mail-gmxaktualisierung.yolasite.com
 mail-ovhcloud.web.app
 mail-ssocloud-srvr67yhguh.pages.dev
+mail.atlanticeconcrete.com
 mail.enrollmoreclientsbootcamp.com
-mail.gov-taxid.completofyours.info
-mail.grup-dwsa-indomesia845.duckdns.org
 mail.ims-fe.com
+mail.kenanhusovic.com
 mail.kuttabalfatih.com
 mail.santepluspharma.com
 mail.sweetshopspecialtycoffee.com.au
-mail.tariqalaraimi.com
 mail.updateinfo-billingo2.com
+mail.wellsfargous.duckdns.org
 mail.wheel1factory.net
 mail.zenstream.com
 maildomaiincheck1.web.app
@@ -2508,60 +2328,56 @@ mailserver7656566.blob.core.windows.net
 mailupdattee10.web.app
 mailupdattee11.web.app
 mailupdattee12.web.app
-mailupdattee13.web.app
 mailupdattee14.web.app
-mailupdattee15.web.app
 mailupdattee16.web.app
 mailupdattee17.web.app
-mailupdattee18.web.app
 mailupdattee19.web.app
 mailupdattee20.web.app
 mailupdattee21.web.app
 mailupdattee22.web.app
-mailupdattee23.web.app
 mailupdattee24.web.app
 mailupdattee26.web.app
 mailupdattee27.web.app
 mailupdattee28.web.app
 mailupdattee29.web.app
-mailupdattee32.web.app
 mailupdattee34.web.app
 mailupdattee35.web.app
 mailupdattee40.web.app
-mailupdattee5.web.app
 mailupdattee6.web.app
 mailupdattee7.web.app
 mailupdattee8.web.app
-mailupdattee9.web.app
+mainbugerrorfixing.com
+mainmobilerectify.live
+mainsbscrestore.com
 maintoken.org
-mainwalletappconnect.com
 makcts-go.ru
 make-anon-keep-past.rvsla.workers.dev
 mala-riba.com
 malaprontaargentina.com.br
 malehaenterprises.com
 malukutenggarakab.go.id
+mamasitasont.blogspot.com
 mandirilivinlinksystem.brizy.site
-mandirilivinlinksystem2.brizy.site
 mandirilivinlinksystem3.brizy.site
-manthsedty.live
 manualsync.com
+maotun.xyz
 mapsa.com.pe
+marifilmines.ca
 marinthe.poingaitongamlm.link
 marketplace-axieinfinity.io
 marketplace-axlelnfiniity.com
 marketplace.facebook.com-1b6x8r3ep.isiolo.go.ke
 marketplace.facebook.com-29ta3qbv.isiolo.go.ke
 marketplace.facebook.com-hzup1bae.isiolo.go.ke
+marketplace.facebook.com-izkbuxmx.isiolo.go.ke
 marketplace.facebook.com-kq1oh2ae.isiolo.go.ke
+marketplace.facebook.com-milt5ssm.isiolo.go.ke
 marketplace.facebook.com-qze9zt75vm.isiolo.go.ke
 marketplace.facebook.com-sauuvazpjo.isiolo.go.ke
 marketplace.facebook.com-tyeuieb7.isiolo.go.ke
 marketplace.facebook.com-wd5sulr0f5.isiolo.go.ke
 marketplace.facebook.com-z1au8cxghl.isiolo.go.ke
 marketplaceaxieinfiniity.com
-marmardian.co.vu
-marylkmatzenger.com
 masdas0932.co.vu
 masum.lawyer
 match.lookatmynewphotos.com
@@ -2589,22 +2405,28 @@ mercani.pomyt.info
 mercariz.xyz
 meremanovegabana.website2.me
 mericarir.mbudeu.cn
-mericarir.mg0gbo1.cn
+mericarir.mednljn.cn
 mericarir.mgeukpx.cn
 mericarir.mglsffs.cn
-mericarir.mksydb.cn
+mericarir.mglxyul.cn
+mericarir.mhgqdtv.cn
+mericarir.mjrsrfo.cn
 mericarir.mktbbr.cn
+mericarir.mkxbqnu.cn
 mericarir.mlyffa.cn
+mericarir.mmsfzys.cn
 mericarir.mnfjwy.cn
 mericarir.mnheijt.cn
-mericarir.mrzcafk.cn
 mericarir.msnygk.cn
-mericorci-logining.sfhs26r.lyb6srb.cn
+mericarir.mtlrnzu.cn
+mericarir.mukkwvc.cn
+mericarir.mxsoecl.cn
 meriocori-logining.2y3uio.pyqbas.cn
 mestertignseekjet4.blogspot.com
 mestertignseekjet5.blogspot.com
 mestertignseekjet6.blogspot.com
 mestredaobra.com
+meta-support-centers.ml
 metalurgicagiom.com.br
 metamasc.club
 metamask-connect.com
@@ -2615,11 +2437,13 @@ metamask-wallets.yahoosites.com
 metamask.cam
 metamask.io-php.com
 metamask.kiwi
+metamask.loan
 metamask.protocol-process.me
 metamask.security-information.cc
 metamask.social
 metamask.wallets-reauth.net
 metamaskdownloadandroid.xyz
+metamaskextension.xyz
 metamassklogins-us.tumblr.com
 metaversepadapp.com
 meusabor.com.br
@@ -2627,19 +2451,20 @@ mfacebook.blogspot.com.cy
 mfacebook.blogspot.lt
 mfacebook.blogspot.rs
 mgpskartarpur.com
+mgrandroyale.com
 mibancocrece.com.co
 micacd.elshov.com
-michaelxrandazzo.com
 michiyado.com
 microcav.square.site
 microsoftonline.pages.dev
 microsoftwebserver.mfs.gg
 micuenta01.github.io
+midasbuy1st.com
+midsposc2.com
 mijnics-actualisatie.185-236-231-64.plesk.page
-mikhali.com
+mikayelxhovakimyan.com
 milanobet301.com
 militarybikers.org
-minamikaga.or.jp
 mingming20160152.github.io
 miozpro.com
 miracdoviz.com
@@ -2669,16 +2494,17 @@ mjaymvnlchrlbwjlcjizmxn0.filesusr.com
 mk2.ge
 mkjiool.weebly.com
 mnbxa.73kfer9.cn
+mnbxcas.zm7wwar.cn
 mncxx.qbeepor.cn
 mnnbx.r1rpj09.cn
+mnncxa.fwffsyt.cn
 mobiile.systemredirect-pages.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
-mobil-singaporre.digital-online-login-opportunity.com
 mobile-orange-forever.yolasite.com
 mobile-portail.live
 mobile.hedgesportst.me
-moccasinyellowbetatest--josekkk.repl.co
 moccasinyellowbetatest.josekkk.repl.co
 modest-hertz.45-81-232-15.plesk.page
+moiksys.com
 mon-token.com
 mon.espace.lcl.fr.certosini.info
 monbudri.xyz
@@ -2693,6 +2519,7 @@ montrealidiomas.com.br
 monyeward.com
 morcario.xyz
 morfybox.com
+movil.particulares-secure.com
 mqzlsim.mindlogicinfotech.com
 mrpitchman.com
 msc-doelsach.at
@@ -2713,16 +2540,14 @@ my-site219.yolasite.com
 my.jcpwb.com
 my.nhs-get-pass.com
 my.paydi.login-index-home.x4typfc.cn
-my.paydi.logining-nexy-home.en6cnm.asia
 my02billing-login.com
-myaccount.aol.wallat-billing.com.authlog.gq
+mybeii.live
 mycoerver.es
 mygoogleaccount.stantrade.xyz
 myjcb.cyyptoi.cn
 myjcb.thxpj.cn
 mymbg-aa2e2.web.app
 mymeta-securearea.plesk07.zap-webspace.com
-mymetamask-clientarea.185-236-231-227.plesk.page
 mymweb-owner.at.ua
 mypo-delivery.com
 mypsm.psm.edu.mm
@@ -2734,7 +2559,6 @@ mzqualitycleaning.com
 n-naoko-0319.github.io
 n.salsomascard.top
 n26.sa-france.fr
-n26servicetechnique.click
 n7orton.com
 nab-access-breach.com
 nab-alert.mobi
@@ -2742,7 +2566,6 @@ nab-www.303.si
 naderkhani.ir
 najboljeuslugezavas.betterservicesforyou.com
 nalandaias.com
-nalodke.com.ua
 nanjing.itud167.cn
 napgamelienquan.net
 naranja-users.auth0.com
@@ -2757,8 +2580,10 @@ natwest.secured-personal-verify.com
 nayablabs.com
 nayameehomes.com
 nbcc.0bit08a.cn
+nbcd.xiu58rl.cn
 nbcvs.gd65y69.cn
 nbcxa.lctlfdq.cn
+nbcxas.551awvr.cn
 nbhjxa.hblhi96.cn
 nbnonres.com
 nbxaa.b1b6nac.cn
@@ -2770,12 +2595,9 @@ ncgroup.club
 necessitymag.com
 nedbankqa.flowblocks.com
 nedriw.xyz
-neftlexi.com
 negociebra.com.br
 neptuneinnovations.com
 netciti.id
-netf1ix.us-891691712-local-781652.airalgeriecanada.ca
-netfl-lixids938mailmealkas.duckdns.org
 netflix-techarmy.me
 netflixus-uwm-916726-sbi-917827.kamaliakhaddar.pk
 networksol-f35e7.web.app
@@ -2799,9 +2621,8 @@ nhri.net
 nhs.my-vaccine-status.com
 niagarapower.com
 nic-home.com
-nisuper.com
 nizotchauffage.bilty.be
-nontonvidioviral2022nohoax.duckdns.org
+nodesconnection.com
 northlane.esy.es
 notife.help.institutepages.workers.dev
 notification-fb.secure-pages.workers.dev
@@ -2842,23 +2663,22 @@ oidda.5s2iamp.cn
 oijcd.qvjcddv.cn
 oikca.smwceku.cn
 oikcas.6b914ty.cn
+oikcd.uf27ce8.cn
 oikcxa.zvvx01z.cn
 oivac.com
 okcs.qj8yua.cn
 okds.bbtlcve.cn
-okep-terbaru-viral-2022.duckdns.org
+okep-viral-terbaru-terhist-2022.duckdns.org
 okmca.8xcrn6w.cn
 okmca.bxkfham.cn
 okmca.uwudagu.cn
 okmxa.lfgpror.cn
 okpwtu.webwave.dev
+ol-run1.online
 olidooo.waca.tw
 olk.us7apye.cn
 olmnxa.wc2ikux.cn
-olx-pay-pl.pay-id22343.top
-olx.saferegulatory.com
 omesqiwines.de
-omicronvariat.pagedemo.co
 oncopharma-ae.com
 onecreator.info
 onedrive.zhaoge.workers.dev
@@ -2868,13 +2688,16 @@ oneone-19cd8.web.app
 oneone-a38ef.web.app
 online-sistem.com
 onlineasesor01.hostfree.pw
+onlinebanking.unrecognised-new-payee.com
 onlineffn2.temp.swtest.ru
+onlineislemlersayfasivkfgirisicom.tk
+onlinsfuco.temp.swtest.ru
 onlysportplus.com
 ooxvocalor.yolasite.com
 opansea.live
 open24.ie-tsb.email
+operationroofingllc3.com
 opticabattilana.com.ar
-optika-anda.hr
 ora-n.yolasite.com
 orabu.it
 orange-dcr.fr
@@ -2885,11 +2708,8 @@ orange2k22.wixsite.com
 orangeb191.temp.swtest.ru
 orangess.contactin.bio
 org-nr.yolasite.com
-orlen-inwe.web.app
-orlen-x.web.app
 orlen.digital
 ormantencs112.odoo.com
-oryxcaracalsecurity.com
 osis.world
 otomoto-h229.net
 otomoto3452.com
@@ -2898,6 +2718,7 @@ oudczfbniitcqdsrmaapdztwqo-dot-gl44393333333.rj.r.appspot.com
 ourgarden.us
 outlook1541489.webcindario.com
 outlookcom119.yolasite.com
+ouverturecompte.lbp-eer.fr
 oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com
 p1c.servleboncoinser.com
 package2021.blogspot.ba
@@ -2905,7 +2726,6 @@ package2021.blogspot.bg
 package2021.blogspot.com
 page-restrict-case22456548.help
 pages-1008009999700022199021.com
-pages-1008097555214021.com
 pages-alert-facebook.ezyro.com
 pages-community-standart-2022.co
 pages-marvelous-project.webflow.io
@@ -2914,11 +2734,11 @@ pages-support-office-2021.tk
 pages.secure-accts.workers.dev
 pagesdetectscopyrightpostingactivitiesreported.co.vu
 pagos.sinpemovil.cr
+paidpapers.net
 paleyeer.com
 palmm.ps
 pancaakesvap.com
 pancake-sawp.com
-pancake.ellipsis.finance
 pancake7wop.com
 pancakesawpes.com
 pancakesfinances.info
@@ -2928,7 +2748,6 @@ pancakeswap.men
 pancakeswap.multi-wallet.info
 pancakeswap.salsasourcing.com
 pancakeswapes.company
-pancakeswapex.com
 pancakeswapexcgn.com
 pancakeswapexch.com
 pancakeswapexchage.com
@@ -2936,17 +2755,15 @@ pancakeswapexchg.com
 pancakeswappshop.blogspot.com
 pancaku-swap.com
 pancalteswap.finance
+panccakesswap.org
 panckaceswap.finance
-pancoke.com
 pandaskin.ru.com
 panelweb-4cae2.web.app
 pankaceeswap.com
 pankaceswapes.finance
 pankakeswap.ledgity.com
 pannelpub-benin.com
-pansccakeswap.finance
 pantazisezopiiuurmail1.web.app
-pantekkalisakitkepalaku.blogspot.com
 parcel-support018.com
 pardot.assemblecommunities.com
 pasarbta.info
@@ -2957,6 +2774,7 @@ pathospitals.com
 patient-cell-40f5.updatedlogmylogin.workers.dev
 patwise.co.in
 paws.org.au
+paxfulacct.com
 paxfulmenu.com
 pay-sera.web.app
 pay16-olx.pl
@@ -2964,13 +2782,16 @@ paymentnotificationnow.blogspot.com
 paypal-online-2deposits-paymentaccept.tk
 paypal-opladen.be
 paypalforex.co.ke
+pbemail.youxiangdashui.com
 pdf-cloud-document.weeblysite.com
 pdf-sharefile-doc.weeblysite.com
 pdflogincnvwo.app.link
 pdfsecured.mystrikingly.com
 peaceful-black.193-70-50-31.plesk.page
+pedih.001www.com
 pembatalanakundinonaktifkan.weebly.com
 pencakecwap.com
+pensive-payne-505e1a.netlify.app
 perfectliker.net
 peringatanakunfb2k214.webnode.com
 phantom-walletweb.app
@@ -2996,7 +2817,8 @@ pikay13.github.io
 pilmezorda.temp.swtest.ru
 pinchinchaverify.webcindario.com
 pirana.co.rs
-pl-swiatowe-wiadomosci.pl
+pkobp.pl.justns.ru
+pl-wiadomosciswiatowe.pl
 pla1060604.nichost.ru
 plan-o2-monthlypayments.com
 planetaamor.org
@@ -3005,8 +2827,6 @@ platinumserviceac.com
 playgirlgold.com
 ploferta.com
 plugmailextraexpiredoldpolicynotificationscenter.pages.dev
-plwiadomosciwszystkie.pl
-po-deliver-fees.com
 po-service-page.com
 poc-rewards-program-c2dfc.web.app
 podpiska-darom.ru
@@ -3023,6 +2843,7 @@ poligrafiapias.com
 polkadot-france.fr
 polkastarter.app
 polsd.pa0cpof.cn
+polska-informacyjna.pl
 polxa.uh8dg67.cn
 polygon-pro.com
 polygon-secure.com
@@ -3040,7 +2861,6 @@ postch9192.cargo.site
 postechsuivre.ileanamlaw.com
 postnl.post-tracking-delivery.etelinfra.com
 poww.6hkjmb.cn
-ppkllp.com
 ppnnttcc.ppcnthsc.me
 precisionimpex.com
 preg.dspearhead.com
@@ -3057,11 +2877,13 @@ primecentral.jixinggaozhao2.shop
 primecentral.qiourn.shop
 primeone.org
 printtoner.com.mx
+prism.net.in
 privacy-update-page-prtections-association-recovry-secu.web.id
 privacy-update-secu-recovry-page-protection-4565544.web.id
 privacy-update-secu-recovry-page-protection-comunity-45.web.id
 priyankasandokar1606.github.io
 pro.icloudremovaltool.com
+pro.systemine.xyz
 procservautomatizacion.com
 production.anon-rest-keep-reset.sales18130.workers.dev
 production.anon-step-keep-object.sales18130.workers.dev
@@ -3075,6 +2897,7 @@ production.try-murpheos-keep.sales18130.workers.dev
 production.twilight-darkness-9e4b.updatelogaccountprogramedrfwerwrdhscsw.workers.dev
 project1-df3e9.web.app
 projectlovewell.com
+promashoppe.com
 promehedinti.ro
 promerica-sv.webcindario.com
 promericalinea01.webcindario.com
@@ -3083,8 +2906,6 @@ prosmate.com
 prosxsiuser.myfreesites.net
 prosys.poweredbygravit-e.co.uk
 protect-4d56vca.surge.sh
-proteczzguuaaardzzzpagess.000webhostapp.com
-proteczzpagezzguarddzzz.000webhostapp.com
 provodi.com
 proximus-account.azurewebsites.net
 ptxx.cc
@@ -3104,13 +2925,13 @@ qhmqhgnfqbcoxkwamsioilhdmv-dot-gl44393333333.rj.r.appspot.com
 qsh74pekkv5e8.clickfunnels.com
 qssa.x5yrlr.cn
 quinaroja.com
+quirky-jones.172-245-159-112.plesk.page
 quotex-qx.com
 qwas.nfi71vw.cn
 qwea.wvhee0w.cn
 qweas.hi5g95r.cn
 qweas.p6rhddj.cn
 qweas.zwfaclq.cn
-qxluatbght.cfolks.pl
 r3c31v30n3-1d3nt1ty.000webhostapp.com
 rabellartz.de
 rabofree.blogspot.com
@@ -3118,6 +2939,7 @@ rabofree.blogspot.li
 rackenfordlabs.com
 racuten.nuef.info
 radhikamd.github.io
+rafbbmx.ga
 rafbbmx.ml
 raipurrussianescorts.com
 rakoten-card.buogfbizkugf.gq
@@ -3128,17 +2950,12 @@ raktuen.laobanlocker.com
 rakuitan-card.info
 rakuten.awjoadc.cn
 rakuten.card.nuosreaoms.com
-rakuten.card.uosmcoua.com
-rakuthn.shop
-rakuttm.shop
+rakuten.co.jp.rakutenajp.xyz
 ramgarhiamatrimonial.ca
 rareelements.io
-rasmer.fi
 ratewatch.net
 raycargo.com
 raydiom.io
-razcjjf.ga
-razcjjf.ml
 rbcmontgomery.com
 rd8um.app.link
 rdirtfuo6t.vov.ru
@@ -3147,9 +2964,9 @@ re-redirection-acc-id923872635122.blogspot.com
 real-anon-keep-passing-word.rvsla.workers.dev
 realestate-page-10843446024.expresspestcontrol.co.nz
 realindiatravel.com
+recibeya.tufacilmoneyonline.online
 reconfirmpost287846656.us
 recover-pages-media-problems-secur-782.web.id
-recover-pages-secur-media-problems-393.web.id
 recover-pages-secur-media-problems-397.web.id
 recovery-chain.com
 recovery-fb.secure-acct.workers.dev
@@ -3167,12 +2984,12 @@ reglic.in
 regularsweeps.xyz
 reignbike.com
 reikisadhna.com
+rekoution.bcszxcd.shop
 relevant.systems
 remittance369297292749.goshly.com
 renovkonstruksi.com
 repl-mess.myfreesites.net
 restore.exodusapp.ru
-restoredabefore-com.filesusr.com
 restorewallet-activation.net
 retiro-extracash.com
 retiro.cl
@@ -3200,7 +3017,6 @@ roccobonheur1-my-cheetah-website-copy.cheetah.builderall.com
 roisnoob.github.io
 rokulinktechnology.com
 rolinadd.surveysparrow.com
-romanceify.com
 rondalowa.blogspot.com
 rondelbarrilito.com
 ronin-help.com
@@ -3216,10 +3032,10 @@ rplg.co
 rrakutenn.co.jp.azii.cn
 rrakutenn.co.jp.nanofresh.cn
 rsujkblokqlyqfonpzgztejdji-dot-gl44393333333.rj.r.appspot.com
-rufoxxy.com
 runescape-info.com
+runescapebonds.com
+runescapeevents.com
 ruth.martulangbelulalng.workers.dev
-ryanicolehoward.com
 rymproducciones.com
 s-sarfati.co.il
 s.macecri.com
@@ -3244,7 +3060,6 @@ sanjilkumar.com
 sankyo-rz.com
 sanru.cd
 santander.secured-auth-login.com
-santanverifyfunction.com
 santepluspharma.eclatmediasolution.website
 santoshdangi.com.np
 saritapariyar.com.np
@@ -3266,16 +3081,16 @@ secure-boncoincontrol.net
 secure-halifax-device.com
 secure-mynew-devices.com
 secure-runescape.xgm.rnp.mybluehost.me
-secure-service-gateway.com
 secure-zirox.s3.ap-southeast-2.amazonaws.com
 secure.legalmetric.com
 secure.oldschool.com-cl.ru
 secure.oldschool.com-cu.ru
-secure.oldschool.com-cv.ru
 secure.oldschool.com-oz.ru
 secure.oldschool.com-rsu.ru
+secure.runescape.com-ak.ru
 secure.runescape.com-as.cz
 secure.runescape.com-az.ru
+secure.runescape.com-ca.ru
 secure.runescape.com-cl.ru
 secure.runescape.com-co.ru
 secure.runescape.com-cu.ru
@@ -3288,13 +3103,13 @@ secure.runescape.com-vs.ru
 secure300.inmotionhosting.com
 secure303.inmotionhosting.com
 secure55.webhostinghub.com
-secure7-servr01-log-in.4nmn.com
-securee37-authen21.duckdns.org
+secureaccount.ntflxauth.co
 securegateway-ovhcloud.csl-sl.de
 securelloyd-help-app.com
+securewalletprotocol.online
 security-page-community-standards.blogspot.com
 seguridad-oca.webcindario.com
-seleb-indo.duckdns.org
+seleccionperfil.xyz
 selector26.gg
 selector28.gg
 sem.my-drs.co.uk
@@ -3304,7 +3119,7 @@ sendung.eyecatch.ch
 sergebubnin.space
 sertyxese.myfreesites.net
 server-networksolutions.web.app
-serverprotocols.com
+server221.security.coinbase.com.gdone.co.ke
 servervalidationcheck103.web.app
 servervalidationcheck104.web.app
 servervalidationcheck105.web.app
@@ -3359,7 +3174,6 @@ serviceinfo-securehost.duckdns.org
 servicepage.service-page.workers.dev
 servicepichincha.webcindario.com
 services.runescape.com-as.cz
-services.runescape.com-oc.ru
 services.runescape.com-rse.ru
 services.runescape.com-rsu.ru
 servicesbancaire.com
@@ -3387,6 +3201,7 @@ sharedtris.com
 sharelink.sn.am
 shayvardphoto.ir
 shinex.lk
+shippment2.temp.swtest.ru
 shirhokos-mhalskbsiaoutfew43535.duckdns.org
 shirtshanger.com
 shiye666.cn
@@ -3398,11 +3213,9 @@ sidneyfcuorg.freshy.site
 sign-trk.empressmd.com
 signin-gcq7uwojrw58brcckylebjuy39nk2ivt65ol39k6ut6ura94zk.website.yandexcloud.net
 signin-payeer.com
-signin.eday.ed.ws.eday.ispi.dll.signin.using.ssl.hors-stade.com
-silkroadwines.com
 silpovsatb-ua.online
 silverberrygroup.com
-sim0nt0k-viral-terbaru-2022.duckdns.org
+simonecamposshop.com.br
 simpkk.karanganyarkab.go.id
 sindarspen.org.br
 siporados15585.blogspot.com
@@ -3435,12 +3248,11 @@ slavamel.github.io
 sleepmaskz.com
 slickparties.com
 slmkufeckf.jon-jensen.workers.dev
-slovenska-posta.sytes.net
 slowlinebag.jp
 sm.scicemecod.com
 sm777.csb.app
+smartfixconnect.live
 smbc-accout.com
-smbc-credit.shop
 smbc-veaiana.com
 smbcbc.com
 smbccjp.shop
@@ -3448,10 +3260,11 @@ smbcr.mrtka.info
 smbcwodeqingguoshoujicojp.top
 smeo.org.mx
 smgolamalif.github.io
-smirl.org
 smkkesehatanjember.sch.id
 smmsvocal.yolasite.com
+smpn2jeruklegi.sch.id
 sms-check.sc-q.top
+sms-infos.d2tt.co
 sms-shorter.com
 smsbc-info5.com
 smsenligne.myfreesites.net
@@ -3459,6 +3272,7 @@ smsorangephonemail.myfreesites.net
 smsorangesmsmessage.myfreesites.net
 smss-mms.yolasite.com
 smsverificationmms.myfreesites.net
+smvbc-info.com
 smwam.coms.cso.gov.tt
 so.macecri.com
 soaringskiesrentals.com
@@ -3471,7 +3285,6 @@ sognointerno.com
 solicitarfirmaelectronica-sv.com
 solyanayakomnata.ru
 sopac.org.py
-soracoes.xyz
 souaxwaoh.myfreesites.net
 soude-masi.firebaseapp.com
 soufsont.blogspot.com
@@ -3497,6 +3310,7 @@ spirit.gtwozone.com
 spk-entsperren.de
 spk-jahreswechsel.com
 spk-secure-de.com
+spkfod.coms.cso.gov.tt
 sport.protected-secur.workers.dev
 sportshoes.top
 sportybetpremium.wapka.co
@@ -3513,8 +3327,10 @@ ssia.org.sg
 ssl.dsl.isl.mll.aqmst6.stockestan.ir
 sso-garena.com
 sswebmail-4w5twsr.web.app
+staffportal.uoz.edu.krd
 stage.vannaryfowler.com
 staging.eliteautomotive.com.au
+standardcapbnk.com
 standardupdatesupportandhelpcenter2021.ga
 starforsure.com
 starliker.net
@@ -3524,11 +3340,10 @@ static-ak-fbcdn.atspace.com
 static-dev.o2alerts.com
 static-promote.weebly.com
 status-dev.o2alerts.com
-stbkcoltria.atwebpages.com
 stclarechurch.net
 steamcommunites.com
 steamcommunitj.com
-steamnitrof.com
+steamcommunityk.com
 steampoweredtrade.org
 steampoweredtrades.org
 stevemadden-sverige.com
@@ -3544,6 +3359,7 @@ stjohnmarol.com
 stjudes.in
 stolizaparketa.ru
 stollgroup.coms.cso.gov.tt
+stomkinscommercial.com.aus.cso.gov.tt
 storage.yandexcloud.net
 storenike365.top
 studio-lol.com
@@ -3558,13 +3374,11 @@ suiviticket.co
 sukien-pubgmoblevng.ga
 sultan-raza.github.io
 sumpandtankcleaners.in
-sunami.pagedemo.co
 sunbeltmembers.com
 sunge-ode.firebaseapp.com
 sunshineteam.in
 super-dawn-3035.ddahluwalia.workers.dev
 supermilhas.com
-suportecxacesso2020.com
 supotsstunes.servehttp.com
 suppliers.bitshepherd.org
 support-auwebaccessjpnaikpanggung.com
@@ -3596,6 +3410,7 @@ sysm5rn.cn
 system-fassil-net-2-3242353453453--12344443.repl.co
 t0nline0de0login-001-site1.itempurl.com
 taher-mohamed-ahmed-saad.github.io
+take-free-2022.duckdns.org
 taoistw345ie.co
 tarik-fitness.com
 taxcare.page.link
@@ -3617,11 +3432,13 @@ tellmeliu.github.io
 templat65sldh.myfreesites.net
 temporary-url.com
 terpelsicumple.com
-terracontiles.com
+tesladrive-event.com
 test.bayoucitybadges.org
 test.bitflye87.com
 test.dxbproductions.com
+test.myshopclub.ru
 test.webclient4.de
+testing-domain.duckdns.org
 texasfreedomrun.com
 tgpafasfsakkk.pages.dev
 theaceofspaeder.com
@@ -3643,8 +3460,6 @@ tieganford.ca
 tighi.creatorlink.net
 tight-samiuboc.co
 tikitaps.com
-tinhtrangdon.com
-tinyurl.mobi
 tipografieonline.ro
 tirozhjewelry.com
 titelinedrillingintl.yolasite.com
@@ -3663,7 +3478,6 @@ topskills.ru
 torccolborrachas.blogspot.com
 torrinwine.com
 touchidea.top
-touronline2022.com
 tovowhuqeojweawmubmaqmqlv.hofferflow.icu
 tpayleboncoin.com
 traders-joesxyz.com
@@ -3674,23 +3488,18 @@ triangarena-membership.ga
 tribratanewsbondowoso.com
 tribunbalikpapan.com
 truegrip.com
-trust-wallet.com.cn
 trustinpichincha.webcindario.com
 trustpress.gr
 trustypichincha.webcindario.com
-ts3cacd.jhfshm.com
 ts3cacd.rzjxbv.com
 turntekcnc.com
-twoje-zdjecia-622.herokuapp.com
 tx.vc
 txwnmdsbqghviqxpglgzjrgbzv-dot-gl44393333333.rj.r.appspot.com
 typedream.site
 typesmartlyocr.com
 tyrecentre.ru
 u08qv44zu5h.typeform.com
-u1571226.cp.regruhosting.ru
-u1571630.cp.regruhosting.ru
-u1571652.cp.regruhosting.ru
+u1565723.plsk.regruhosting.ru
 u18741649.ct.sendgrid.net
 u827857uw6.ha004.t.justns.ru
 uabaiieo.com
@@ -3713,7 +3522,6 @@ uhnsa.sdmpo0s.cn
 uhnxa.d23xsru.cn
 uhnxa.q83itv9.cn
 uhnxas.rvw56l.cn
-uiuui.pagedemo.co
 ujcd.um2nlru.cn
 ujdaa.fn3m4en.cn
 ujds.5e8tn13.cn
@@ -3734,6 +3542,7 @@ ujnca.wxuqxb7.cn
 ujnca.zgbo0g.cn
 ujncd.kzi68ra.cn
 ujncd.lw2djbm.cn
+ujnxas.vj135ih.cn
 ukcare.in
 umbrellaclubla.com
 unam.myfreesites.net
@@ -3744,9 +3553,8 @@ uniassessoria.com.br
 unicreditaustria.ucs.info
 unifacema.edu.br
 unifacvest.net
-unillantas.com.sv
+unifiedsmartsync.live
 unionheightsresidental.com
-unipo-a.web.app
 unisons.store
 unisonsouthayr.org.uk
 uniswap.ch
@@ -3756,7 +3564,6 @@ uniswap.pages.dev
 uniswap.seal.finance
 uniswap.token.im
 uniswap.trading
-uniswap.vn
 uniswapfinancing.info
 uniswaps.net
 unitedalliance-online.000webhostapp.com
@@ -3767,24 +3574,21 @@ unnxa.pqpchqo.cn
 unpocodearte.cl
 unregpayee-lb.com
 unsub.listhandlr.com
-upbeat-dhawan.179-43-173-14.plesk.page
 updateinfo-billingo2.com
+updatemy.software
 updateseason.com
 updatestory2022.co.vu
 updatevoda-billing.com
 upgrade-25gb-email.thecornerstudio.com.au
 upgradedserver.online
-upgradingattonlinee.weebly.com
 uploadpichincha.webcindario.com
 uploads.codesandbox.io
-upnew.site
 uppledpichincha.webcindario.com
 urbenorte.com
 urgent-halifaxlogin.com
 userboitevocalweb.flazio.com
 userinformationstoreupdatesmail.pages.dev
 usfn.net
-uspsconfirm.iconoomikert.com
 uspsexpressdeliveryline.com
 uswowgame.net
 uueer.7jgy5xe.cn
@@ -3794,6 +3598,7 @@ uyhnxx.urpzkva.cn
 uyqw.dykowec.cn
 uz154.sbs
 v.macecri.com
+v3r1f1c4t10ns-1d3nt1tys.000webhostapp.com
 v3r1f1c4t10ns-c3nt3rp4g3.000webhostapp.com
 vaccine-status-info.com
 vakif.albay-arnold.com
@@ -3801,45 +3606,45 @@ valax-wallet.com
 valenciaoptometry.com
 valenteplay.com.br
 validacionpichincha.odoo.com
+validate-chain.com
 validate-solana.com
 validator-fzkiy.run-us-west2.goorm.io
 vallion.motiffliterature.me
 vcz.gmoqkzu.cn
 velvish.com
 ventas.lnterbarnk.pe.jifad.org
-verfybadgeappform.com
 veri-pichincha.webcindario.com
-verificaciondeprioridad.com
 verification-trustwallet.4bl-eg.com
 verification.fb-page.workers.dev
 verificationmessage.blob.core.windows.net
+verifications-zones.com
 verififacebookid.wixsite.com
 verifiikasi-accounts.weebly.com
 verifikasi-akun-anda0011.weeblysite.com
 verifikasi-akun-facebook0022.weeblysite.com
 verifikasi-identitas47.weebly.com
 verifocaoffa.webcindario.com
+verifymywallets.com
 vgiuhkjnm.b9u6vh5l7g1797.workers.dev
 victorarath99.github.io
 videobigo.com
 vietlime.vn
 vietschi.de
 viettel-com-dot-c2c01-531c7.uc.r.appspot.com
-vigortech.com.np
+vigilant-murdock.45-81-232-15.plesk.page
 viguohilkasdsd.izwe6g6lyc.workers.dev
 vilaanimalviana.pt
 vinbpcfatfnkjftetwwkucfqsi-dot-gl44393333333.rj.r.appspot.com
 vinivet.mk
 vipfbtools.com
-vipprofessional.net
 viral-groub.duckdns.org
 virginia-spi.com
 virtual1dattss.com
 vis-stort.github.io
-visa-band.com
 vishaljangale01.github.io
 visione.co.id
 visionproperty.in
+vk-money.xyz
 vk-posters.ru
 vk-vhods.co
 vkjbm.4nt4nb464e6113.workers.dev
@@ -3858,25 +3663,30 @@ vugik.mecil33784.workers.dev
 vv.macecri.com
 vvjde0h0ttttf9hay.com
 vvpaes-me-index.egvtpp.cn
+vws.co.in
+vxcas.a35570.cn
 vxdse.myfreesites.net
 w2.deraya.org
 w5aproject.s3.us-east.cloud-object-storage.appdomain.cloud
-w5czf.csb.app
 wahed-koudsi2001.github.io
 walkers-dot-composite-store-326315.uk.r.appspot.com
 wallcertifyonmesh.com
 walldesign.com.tr
 wallet-connect012.web.app
 wallet-reconnection.xyz
+wallet-verified.com
 wallet.silesiacoin.com
 wallet22.000webhostapp.com
+walletconnect-tool.net
+walletconnect-tools.xyz
 walletconnectonline.pages.dev
 walletconnectors.com
 walleterrorsupport.com
+walletokenvalidation.com
+walletsconect.live
 walletsconnex.com
 walletsliveconnects.net
 walletsreauth.org
-walletsvalidator.org
 walletsynclive.com
 walletvalidation.me
 walletvalidators.com
@@ -3892,6 +3702,7 @@ warbonus.ru
 warningshadows.org
 warsa.bandungkab.go.id
 wasites.000webhostapp.com
+waterproofingengineer.com
 we-exodus-wallet.yahoosites.com
 web-armas.royale-freefire1garena-bonus.com
 web-b4119.web.app
@@ -3909,13 +3720,15 @@ web-verifi05.webcindario.com
 web-verifi06.webcindario.com
 web.bredbanque.trans.sylog.co
 web.royale-freefire1garena-bonus.com
-web7320.web07.bero-webspace.de
 webbbb.yolasite.com
 webbl.yolasite.com
+webdappsconnection.com
 webdatamltrainingdiag842.blob.core.windows.net
 webdesecure.clickfunnels.com
+webhost-verify.duckdns.org
 webip.yolasite.com
 webmail-2aaa0.web.app
+webmail-optusnet-com-au-sign1.weebly.com
 webmail-sso8uyg.web.app
 webmail.gourmer.co.in
 webmail.login.access.docs67.live
@@ -3925,20 +3738,17 @@ webpres.000webhostapp.com
 webregular.xyz
 webservice-verify.duckdns.org
 websitefun.club
-websiteorange.wixsite.com
 webstories.eu
 webvalidity.com
 well-42d74.web.app
-wellsfargo-online06.herokuapp.com
-weryfikacja-facebookowa-27.herokuapp.com
 weryfikacja-facebookowa-28.herokuapp.com
 weteachbh.com
 whare.100webspace.net
+whatsapp-grub99zyc.duckdns.org
 wheelsofmercy.org
 whitelist-network.com
 widadkamillah.github.io
 wiki.oceanreeflifegame.com
-wildcard.isiolo.go.ke
 windstream-net.firebaseapp.com
 winville.biz
 wireconfirmation68c10a25442a3e13.blogspot.com
@@ -3955,12 +3765,15 @@ wpsoar.com
 wqass-index.chobqu.cn
 wqass-index.dccigq.cn
 wqass-index.gbswz.cn
-wqass-index.jeewiki.cn
 wqass-index.pygbw.cn
 wrww-roblox.com
+wsertyzx.gq
 wteeoq.pfinanceiro.com.de
+ww.lnterbank.pe.personas.aaseguros.mx
 ww.lnterbank.pe.personas.onlinesocket.in
+ww.lnterbank.pe.personas.t-class.org
 ww16.inpost-pl-3dsecure.clear-id.xyz
+wwedealershipon.000webhostapp.com
 www-cursosdigitalesmx-com.filesusr.com
 www-degelyehuda-org-il.filesusr.com
 www-europe564598-com.filesusr.com
@@ -3968,10 +3781,9 @@ www-europessign-com.filesusr.com
 www-key-com.test.edgekey.net
 www-mufg-jp.handicraft.ltd
 www-mufg-jp.kaiqi.ink
-www-wattsapcom.duckdns.org
+www.facebook.com-sauuvazpjo.isiolo.go.ke
 www2.rakutan.co.jploginffd9dfg7.carwork.cn
 www2.rakutan.co.jploginffd9dfg7h.iotbaas.cn
-www2.rakutan.co.jploginvcx8ds.nanoart.cn
 www2.rakuten-card.co.jp.wzsrc.cn
 www2.rakutenn.co.jp.nanopark.cn
 www2.rakutenn.co.jp.zgyo.cn
@@ -3983,6 +3795,7 @@ x.scicemecod.com
 xcas.xoh29oz.cn
 xcasd.7vo6bt.cn
 xcasd.b204uje.cn
+xcasd.tcbjnhq.cn
 xcasd.yikn2gd.cn
 xcryptocars.blogspot.com
 xcvdsd.page.link
@@ -4001,10 +3814,10 @@ xjmr7.mjt.lu
 xjpyyds.pem4yp3.cn
 xkljfg.ml
 xn--gmal-sya.com
-xn--instagam-sf0d.com
 xn--ltappen-80a.se
 xn--metamsk-lwa.link
 xn--rpondeur-sfr2-bhb.yolasite.com
+xpubgfrozen.tk
 xqr3i.mjt.lu
 xqr3n.mjt.lu
 xqr3u.mjt.lu
@@ -4013,14 +3826,16 @@ xrxh1.mjt.lu
 xrxh2.mjt.lu
 xrxhl.mjt.lu
 xsbrookshhjx.top
+xspin.cawnibos.com
 xtio.ch
 xtw42.mjt.lu
+xvideokoreanwifesister18.duckdns.org
 xx.macecri.com
 xxaas.tp00jv9.cn
 xxasd.sf29hrg.cn
 xxx-com-dot-c2c01-531c7.uc.r.appspot.com
-xyproject.xtensio.com
 xzasd.uz64g3.cn
+yahoo%2eco%2ejp@asdxa.p2x11pi.cn
 yahoo%2eco%2ejp@bghgcd.psuxscm.cn
 yahoo%2eco%2ejp@bhgxa.eo76sni.cn
 yahoo%2eco%2ejp@cdas.nxzigco.cn
@@ -4042,12 +3857,11 @@ yahoo%2eco%2ejp@ujhdca.mdwclcb.cn
 yahoo%2eco%2ejp@uyhnxx.urpzkva.cn
 yahoo%2eco%2ejp@zxas.2nd0g8.cn
 yahoo%2eco%2ejp@zxass.jbkyj0o.cn
-yahoopoweredservice.duckdns.org
 yahuomall.square.site
 yairix.github.io
 yalena.me
+yandex-viral.duckdns.org
 yaqoobi.org
-yaranfayez.com
 yayanti.com
 ybdaa.oqsgm9r.cn
 ybggd.fjgjoux.cn
@@ -4067,11 +3881,13 @@ yma1ll0g0n.odoo.com
 ynbgdc.woprkzp.cn
 ynbxa.pvgulkz.cn
 yndda.m117s1s.cn
+yo7ka-anna.com
 yogeshwarwiremesh.com
 youknowar.com
 young-snow-7447.tcheviron5269.workers.dev
 youreasygoing2022.co.vu
 yqlpeitost.duckdns.org
+ytdjhstej.tk
 yuhjjkss.web.app
 yumpai.cn
 z.macecri.com
@@ -4079,10 +3895,12 @@ z.scicemecod.com
 z0massegurabclp1.shreeramwoodindustries.com
 z2qje.codesandbox.io
 z3voicrxxvs.typeform.com
+zacharytlasko.com
 zackselectronics.co.zw
 zaktualizacja-platnosci.netfxtv.co.pl
 zasd.yhxmd30.cn
 zb2-home.web.app
+zen-minsky-ef5931.netlify.app
 zenvinyl.com
 zepe.io
 zeroquiz.com
@@ -4095,10 +3913,8 @@ zmpcoacu.cyou
 zmpcoado.cyou
 zoho-online.web.app
 zoho-validationserv.web.app
-zonalnterbank.com
 zonmca.hxljatvw.cn
 zshrvvo.cn
-zuiunsya.com
 zxas.2nd0g8.cn
 zxas.hs0rgq8.cn
 zxass.jbkyj0o.cn
@@ -4107,6 +3923,5 @@ zxcaspx.aghwlup.cn
 zxcnash.seufhsk.cn
 zxcod.01l241.cn
 zxcuashs.e0n0gh5.cn
-zxdlbny.cn
 zxnahs.3cze6ri.cn
 zz.macecri.com
diff --git a/dist/phishing-filter-dnsmasq.conf b/dist/phishing-filter-dnsmasq.conf
index d34acc30..add98d5e 100644
--- a/dist/phishing-filter-dnsmasq.conf
+++ b/dist/phishing-filter-dnsmasq.conf
@@ -1,5 +1,5 @@
 # Title: Phishing Domains dnsmasq Blocklist
-# Updated: Sun, 16 Jan 2022 12:01:44 +0000
+# Updated: Mon, 17 Jan 2022 00:01:35 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/phishing-filter
 # License: https://gitlab.com/curben/phishing-filter#license
@@ -13,9 +13,6 @@ address=/00oeady.cn/0.0.0.0
 address=/02-billing-support.org/0.0.0.0
 address=/08863299.sso-secure-mail0454etr.pages.dev/0.0.0.0
 address=/0bs.de/0.0.0.0
-address=/0gjvj7a8eydbjz3au8anbg-on.drv.tw/0.0.0.0
-address=/1000000000347789523698541.tk/0.0.0.0
-address=/1000000000347789523698545.tk/0.0.0.0
 address=/1000000000347789523698546.tk/0.0.0.0
 address=/1000000000347789523698547.tk/0.0.0.0
 address=/109edc5b.ssdtfgyb09.pages.dev/0.0.0.0
@@ -25,6 +22,7 @@ address=/149-210-143-165.colo.transip.net/0.0.0.0
 address=/15004083383734.data-store-company.com/0.0.0.0
 address=/154.30.211.130.bc.googleusercontent.com/0.0.0.0
 address=/16park.cn/0.0.0.0
+address=/1727365.com/0.0.0.0
 address=/178.128.108.233.dsl.dyn.forthnet.gr/0.0.0.0
 address=/1800poolservice.com/0.0.0.0
 address=/185-46-10-159.cloudvps.regruhosting.ru/0.0.0.0
@@ -39,7 +37,6 @@ address=/2022-exodus.com/0.0.0.0
 address=/2022-girobanken-sparkassen.xyz/0.0.0.0
 address=/2022.intrebrkprsonas.xyz/0.0.0.0
 address=/217651.8b.io/0.0.0.0
-address=/2247317.verifyinguser426128734570198363.com/0.0.0.0
 address=/228.94.92.rev.sfr.net.gghost.ru/0.0.0.0
 address=/24611250.sibforms.com/0.0.0.0
 address=/2482689012.yolasite.com/0.0.0.0
@@ -48,12 +45,16 @@ address=/2ex2cfu.cn/0.0.0.0
 address=/2fa.bthei.com/0.0.0.0
 address=/2pil.ru/0.0.0.0
 address=/2rakuten.co.jp.happyyear.cn/0.0.0.0
+address=/2yfh.short.gy/0.0.0.0
 address=/3-139-75-158.cprapid.com/0.0.0.0
 address=/343i.org/0.0.0.0
 address=/343t3dv9qdufp.clickfunnels.com/0.0.0.0
 address=/3568365.com/0.0.0.0
+address=/365unfreezesecurity.com/0.0.0.0
+address=/3782365.com/0.0.0.0
 address=/3a10a178.s6t6sj4s46tu4sys54y5.pages.dev/0.0.0.0
 address=/3bvjh.sbs/0.0.0.0
+address=/3c5.com/0.0.0.0
 address=/3ck.me/0.0.0.0
 address=/3dprintersupplies.com.au/0.0.0.0
 address=/3dsecure-update-service-info-live.duckdns.org/0.0.0.0
@@ -77,18 +78,19 @@ address=/5e841ae2.srvr-cloudmail-srvr6765e7tg.pages.dev/0.0.0.0
 address=/613707.selcdn.ru/0.0.0.0
 address=/61da8ae6.6u6566hrrthsh45.pages.dev/0.0.0.0
 address=/638ca12d-ba2f-451c-8418-faf56b7de7ff.htmlcomponentservice.com/0.0.0.0
-address=/65451440241544.hyperphp.com/0.0.0.0
-address=/664876.verifyinguser426128734570198363.com/0.0.0.0
+address=/6734365.com/0.0.0.0
 address=/67lksxgjd.bttmassage-thai-tanger.com/0.0.0.0
 address=/6a7zu9he6mqh.clickfunnels.com/0.0.0.0
 address=/6c7f0acc.sibforms.com/0.0.0.0
+address=/6stupefacentevideo2022.pagedemo.co/0.0.0.0
+address=/754675377.xyz/0.0.0.0
 address=/7837365.com/0.0.0.0
 address=/7a4298b9.sso-mail-secure234ds23d23wd1.pages.dev/0.0.0.0
 address=/7wr4u.csb.app/0.0.0.0
 address=/7yu3v.csb.app/0.0.0.0
-address=/8010361370310234068010361370310234.blogspot.be/0.0.0.0
 address=/859411.icu/0.0.0.0
 address=/8760365.com/0.0.0.0
+address=/885211.icu/0.0.0.0
 address=/889381.icu/0.0.0.0
 address=/8899.jp/0.0.0.0
 address=/89ix7y0.cn/0.0.0.0
@@ -116,15 +118,18 @@ address=/absaonline2021.website2.me/0.0.0.0
 address=/absolute-containers-sip.business.site/0.0.0.0
 address=/absolutepleasure.com.my/0.0.0.0
 address=/acacia.webdevonline.net/0.0.0.0
+address=/account-recovery.org/0.0.0.0
 address=/account.herephyshy.info/0.0.0.0
 address=/account.verifications.help-page.workers.dev/0.0.0.0
 address=/accounts-autoscout24.de/0.0.0.0
 address=/acessobradesco.digital/0.0.0.0
 address=/ach111.xyz/0.0.0.0
 address=/activate-hulu-com-activate.sitey.me/0.0.0.0
+address=/activatingmymainnet.com/0.0.0.0
 address=/adamfeber.com/0.0.0.0
 address=/adcloudserver.com/0.0.0.0
 address=/admin-formserviceupdates.weeblysite.com/0.0.0.0
+address=/administer-708aa.web.app/0.0.0.0
 address=/administraciondefincaspereznovo.com/0.0.0.0
 address=/adorablepomskyhome.net/0.0.0.0
 address=/adpunemploymentclaims.sharefile.com/0.0.0.0
@@ -134,14 +139,13 @@ address=/affixsports.net/0.0.0.0
 address=/afreemart.xyz/0.0.0.0
 address=/africansecrets.ca/0.0.0.0
 address=/agora.imb.br/0.0.0.0
-address=/agricolefr-99f918.ingress-erytho.easywp.com/0.0.0.0
 address=/agrimetiersmartinique.fr/0.0.0.0
 address=/agurimu-nagoya.com/0.0.0.0
 address=/ahhhh.pe.kr/0.0.0.0
 address=/ai.macecri.com/0.0.0.0
-address=/aib-unauthorized-access.com/0.0.0.0
 address=/aid-validation-human.run-us-west2.goorm.io/0.0.0.0
 address=/aimekidya-recpag.web.id/0.0.0.0
+address=/airbnb.book-space-b851927.live/0.0.0.0
 address=/airportprescreening.com/0.0.0.0
 address=/aitsidihamh.my-place.us/0.0.0.0
 address=/akanksha3012.github.io/0.0.0.0
@@ -162,8 +166,10 @@ address=/aliciabot.azurewebsites.net/0.0.0.0
 address=/alkhalilgraphics.com/0.0.0.0
 address=/allegrolokalnie-pl-3dsafe.id-43051.xyz/0.0.0.0
 address=/allegrolokalnie-pl-3dsafe.id-91501.xyz/0.0.0.0
+address=/allegrolokalnie-pl-3dseif.id-43051.xyz/0.0.0.0
 address=/allegrolokalnie-pl-safe.id-43051.xyz/0.0.0.0
 address=/alliancesuper.com/0.0.0.0
+address=/almarjantours.com/0.0.0.0
 address=/almighty.edu.np/0.0.0.0
 address=/alnajahh.com/0.0.0.0
 address=/aloun.ps/0.0.0.0
@@ -171,6 +177,7 @@ address=/alphabnkgre.com/0.0.0.0
 address=/alqadi.ps/0.0.0.0
 address=/alquilervillora.net/0.0.0.0
 address=/alsofft.com/0.0.0.0
+address=/alupi-frey.shop/0.0.0.0
 address=/amacez.jyrtery4.top/0.0.0.0
 address=/amacredit.amacardpkey.xyz/0.0.0.0
 address=/amaenv.fgasdfw6.xyz/0.0.0.0
@@ -181,21 +188,20 @@ address=/amazom.supwwe.xyz/0.0.0.0
 address=/amazomsse.shop/0.0.0.0
 address=/amazon-gcatech.com/0.0.0.0
 address=/amazon-interruption.com/0.0.0.0
-address=/amazon.co.ip.jlig.cn/0.0.0.0
 address=/amazon.co.jp.abaiaccounting.cn/0.0.0.0
 address=/amazon.gousana.casa/0.0.0.0
-address=/amazon.jp-m.win/0.0.0.0
+address=/amazon.logins-co.jp/0.0.0.0
 address=/amazon.works.ga/0.0.0.0
 address=/amazonhome.sfrmobiles.com/0.0.0.0
 address=/amazonjapsne.cf/0.0.0.0
+address=/amazonses.authflows.com/0.0.0.0
 address=/amazoon.co.op.o4j.top/0.0.0.0
-address=/ambil-hadiah-gratis-resmi-dari-freefire.duckdns.org/0.0.0.0
 address=/amc-training.com/0.0.0.0
-address=/amcgardiennage.com/0.0.0.0
+address=/amecmasmerd.ga/0.0.0.0
 address=/ameozom.jp.onaworks.com/0.0.0.0
 address=/americanexpress-auth.azurewebsites.net/0.0.0.0
-address=/americanexpress.heiwakai.com/0.0.0.0
 address=/amguevara.com/0.0.0.0
+address=/amhsd.com/0.0.0.0
 address=/amidabuli.com/0.0.0.0
 address=/amlnov7.web.app/0.0.0.0
 address=/amnzma-jp.top/0.0.0.0
@@ -206,7 +212,6 @@ address=/amnzmsn3-jp.shop/0.0.0.0
 address=/amoazom.rm82j6-t8.cn/0.0.0.0
 address=/amonzau_co_take.ktbf.shop/0.0.0.0
 address=/amosleh.com/0.0.0.0
-address=/amozom.co.ip.taxhod.club/0.0.0.0
 address=/amreeth.github.io/0.0.0.0
 address=/amusebouche-bg.com/0.0.0.0
 address=/amzcredit.dearva.xyz/0.0.0.0
@@ -222,24 +227,21 @@ address=/angryezgames.com/0.0.0.0
 address=/anhduongjsc.com/0.0.0.0
 address=/anj-azakp.run.goorm.io/0.0.0.0
 address=/anjalijha167.github.io/0.0.0.0
-address=/anjayredit.duckdns.org/0.0.0.0
 address=/annacatania.com.mt/0.0.0.0
 address=/anon-keep-admin-keep.rvsla.workers.dev/0.0.0.0
 address=/ansr.ro/0.0.0.0
 address=/aolmailukhelplinecustomerservice.blogspot.com/0.0.0.0
 address=/aolmailukhelplinecustomerservice.blogspot.com.au/0.0.0.0
-address=/aolpoweredservice.duckdns.org/0.0.0.0
 address=/aolverixon11dfd.weebly.com/0.0.0.0
 address=/aolxperience.com/0.0.0.0
+address=/api-saisoncard-co-jp.md160.net/0.0.0.0
 address=/api-saisoncard-co-jp.o4ay8.net/0.0.0.0
 address=/api.florense.com.br/0.0.0.0
 address=/api.redirect-bentobot199.com/0.0.0.0
 address=/api.redirect-safebrowser-online.com/0.0.0.0
-address=/api.safe-directmail.com/0.0.0.0
 address=/aplintec.com.mx/0.0.0.0
 address=/app-928e4a31-5ecb-44ae-8c1e-5a710ac73f9f.cleverapps.io/0.0.0.0
 address=/app-bombcrypto-io-login-ab.blogspot.com/0.0.0.0
-address=/app-panckswp.xyz/0.0.0.0
 address=/app.bydn217.club/0.0.0.0
 address=/app.duel.network/0.0.0.0
 address=/app.fiiber.ca/0.0.0.0
@@ -249,10 +251,11 @@ address=/app.sugarsync.com/0.0.0.0
 address=/appatualizecef.com/0.0.0.0
 address=/appibsolicitud.com/0.0.0.0
 address=/appleid-check.info/0.0.0.0
+address=/applekra.com/0.0.0.0
 address=/applepichincha.webcindario.com/0.0.0.0
 address=/apply.aua.am/0.0.0.0
 address=/apps.mobile-form-verification40124572700208277579.xjzsg0tqkl-ewl6ngk8w352.p.runcloud.link/0.0.0.0
-address=/appttech.com/0.0.0.0
+address=/aprilgagenesh.com/0.0.0.0
 address=/aquaqualitas.com/0.0.0.0
 address=/arafathrumman.github.io/0.0.0.0
 address=/arcacg.com/0.0.0.0
@@ -260,15 +263,18 @@ address=/archivio-supporto.sitoper.it/0.0.0.0
 address=/are.scicemecod.com/0.0.0.0
 address=/areueaom.gtpzcve.cn/0.0.0.0
 address=/areueaom.gtva.cn/0.0.0.0
+address=/arif.com.bd/0.0.0.0
 address=/aromatic.webenliven.in/0.0.0.0
 address=/arthamahotels.com/0.0.0.0
 address=/artlux.com.pl/0.0.0.0
 address=/arub-service.org/0.0.0.0
 address=/aruba.fatt.ids-sys.com/0.0.0.0
 address=/as.macecri.com/0.0.0.0
+address=/as.scicemecod.com/0.0.0.0
 address=/asaipestcontrol.com/0.0.0.0
 address=/ascom.co.tz/0.0.0.0
 address=/asd.9sw53wk.cn/0.0.0.0
+address=/asdxa.p2x11pi.cn/0.0.0.0
 address=/asgard-ampqy.run-us-west2.goorm.io/0.0.0.0
 address=/asimpwsh.com/0.0.0.0
 address=/asistentetramitadordigitalda.com/0.0.0.0
@@ -278,19 +284,24 @@ address=/at-t-support-service1.sitey.me/0.0.0.0
 address=/at-t-yahoo.sitey.me/0.0.0.0
 address=/atento-fdi.plusoftomni.com.br/0.0.0.0
 address=/ativacao-online73681.com/0.0.0.0
+address=/atlanticeconcrete.com/0.0.0.0
 address=/atnr76dxku336szy.clickfunnels.com/0.0.0.0
-address=/attcustomdesk.weebly.com/0.0.0.0
+address=/att556.weebly.com/0.0.0.0
+address=/att87.weebly.com/0.0.0.0
 address=/attinfoser.weebly.com/0.0.0.0
 address=/attonlinemanagementpage.weebly.com/0.0.0.0
+address=/attonlineuserverification.weebly.com/0.0.0.0
 address=/attpage1121.weebly.com/0.0.0.0
 address=/atualizacao-online547864.com/0.0.0.0
 address=/atualizarmodolo.com/0.0.0.0
 address=/atulrathore-dev.github.io/0.0.0.0
+address=/auid-japan.com/0.0.0.0
 address=/aurumship.com/0.0.0.0
-address=/aushfew.tokyo/0.0.0.0
 address=/aushotel.es/0.0.0.0
 address=/auth-task1-m.web.app/0.0.0.0
 address=/auth-webmailakeonetcom.yolasite.com/0.0.0.0
+address=/auth.topgamers.cn/0.0.0.0
+address=/authent54-sedure32.duckdns.org/0.0.0.0
 address=/authorize-trustvallet-protocol.com/0.0.0.0
 address=/authorizewallet.app/0.0.0.0
 address=/authuxeehmutconjxmailssocl.web.app/0.0.0.0
@@ -300,16 +311,15 @@ address=/autoexprs.com/0.0.0.0
 address=/autoranplususeremailprocessingupdate.pages.dev/0.0.0.0
 address=/autoscurt24.de/0.0.0.0
 address=/autumn-sun-4a21.paqesads-scure.workers.dev/0.0.0.0
+address=/avelocidad.com/0.0.0.0
 address=/avrorganics.com/0.0.0.0
 address=/awesome-gates-8bdd6f.netlify.app/0.0.0.0
 address=/ax.xiguw.workers.dev/0.0.0.0
-address=/axieinfinity-meta.com/0.0.0.0
 address=/axieinfinity-supportwallet.com/0.0.0.0
 address=/axlr.in/0.0.0.0
-address=/ayguru.com/0.0.0.0
+address=/ayushenterprise.in/0.0.0.0
 address=/az.macecri.com/0.0.0.0
 address=/azb3s.cf/0.0.0.0
-address=/azmnsaz.000webhostapp.com/0.0.0.0
 address=/azmznonos_co_long.akys.shop/0.0.0.0
 address=/b.com.0cdb6084fc320a42a6418192753f5960.laremolonarestaurante.com/0.0.0.0
 address=/b059c86968a6427389952025bcee9886.svc.dynamics.com/0.0.0.0
@@ -317,7 +327,6 @@ address=/b4e921f0.sso-mailsrvr-4344e5teed.pages.dev/0.0.0.0
 address=/b96f7f93.sibforms.com/0.0.0.0
 address=/b97bca39.srvr-cloudmail-srvr6754e5rte.pages.dev/0.0.0.0
 address=/bacteralia.com/0.0.0.0
-address=/badnewswegewroighgserhhg.xyz/0.0.0.0
 address=/bag-macben.eu/0.0.0.0
 address=/bakhai.vn/0.0.0.0
 address=/balajihospital.net/0.0.0.0
@@ -337,7 +346,6 @@ address=/bancaporlnternetlnterbarnk.jifad.org/0.0.0.0
 address=/bancaporlnternetlnterbarnk.libertycanais.com.br/0.0.0.0
 address=/bancoiinng.site44.com/0.0.0.0
 address=/bancooccidentalb.com/0.0.0.0
-address=/bank-id.pl/0.0.0.0
 address=/bankapolska.com/0.0.0.0
 address=/banki0wa.us/0.0.0.0
 address=/bankocaoffo.webcindario.com/0.0.0.0
@@ -345,8 +353,8 @@ address=/bankofamer86.ddns.net/0.0.0.0
 address=/bannerbank.control-inc.com/0.0.0.0
 address=/bannerchampnyc.com/0.0.0.0
 address=/banproseguridadasistenteenlineanic.webnode.es/0.0.0.0
-address=/banqsuepoy.temp.swtest.ru/0.0.0.0
 address=/baradua.it/0.0.0.0
+address=/barbecuef.top/0.0.0.0
 address=/battlelastmont.cyou/0.0.0.0
 address=/bc1.paiementervice.com/0.0.0.0
 address=/bconclutmjy.ru/0.0.0.0
@@ -355,7 +363,7 @@ address=/bcpzonaseguirabeta.com/0.0.0.0
 address=/be-home.web.do/0.0.0.0
 address=/bearmybrand.com/0.0.0.0
 address=/beast-blog.com/0.0.0.0
-address=/beibys.com.br/0.0.0.0
+address=/beccu07.zzux.com/0.0.0.0
 address=/beijing.vfzfy1v.cn/0.0.0.0
 address=/belovedaroma.com/0.0.0.0
 address=/bendmytrend.com/0.0.0.0
@@ -421,18 +429,19 @@ address=/bnconacional.odoo.com/0.0.0.0
 address=/bncre.odoo.com/0.0.0.0
 address=/bncxz.9wx9b27.cn/0.0.0.0
 address=/bndigitalpersonas.com/0.0.0.0
-address=/bnpparibas-pl.mob-app.xyz/0.0.0.0
 address=/boaupdate.bfaoscr.com/0.0.0.0
 address=/bogdonovlerer.com/0.0.0.0
 address=/bogged-finance.com/0.0.0.0
+address=/boi.365online-replacement.com/0.0.0.0
+address=/boke4-indonesia-2022a7whatsapp.duckdns.org/0.0.0.0
+address=/bokep-virall-sange33.duckdns.org/0.0.0.0
 address=/bokgabanesolutions.co.za/0.0.0.0
+address=/bold-lichterman.45-81-232-15.plesk.page/0.0.0.0
 address=/bookfbs.evangsamuelministries.com/0.0.0.0
 address=/boxes.com.py/0.0.0.0
 address=/br4.in/0.0.0.0
 address=/br622.teste.website/0.0.0.0
-address=/brave-knuth-96d329.netlify.app/0.0.0.0
 address=/breople.com/0.0.0.0
-address=/brigida_cossette.gitlab.io/0.0.0.0
 address=/brooks-forrunning.top/0.0.0.0
 address=/brooks-justforjogging.top/0.0.0.0
 address=/brooks-move.top/0.0.0.0
@@ -471,7 +480,6 @@ address=/builmon.xyz/0.0.0.0
 address=/bujikena.web.app/0.0.0.0
 address=/bundel-cobragratis2022.duckdns.org/0.0.0.0
 address=/busanopen.org/0.0.0.0
-address=/business-action-copyright11022.web.app/0.0.0.0
 address=/business-action-page129591.web.app/0.0.0.0
 address=/business-appeal-copyright8211.web.app/0.0.0.0
 address=/business-appeal-form-18222.web.app/0.0.0.0
@@ -479,24 +487,22 @@ address=/business-copyright-alert100821.web.app/0.0.0.0
 address=/business-copyright-alert198082.web.app/0.0.0.0
 address=/business-copyright-alert19882.web.app/0.0.0.0
 address=/business-copyright-detected920.web.app/0.0.0.0
-address=/business-page-content125882.web.app/0.0.0.0
 address=/business-required-helpcenter82.web.app/0.0.0.0
 address=/business-required-info188221.web.app/0.0.0.0
 address=/businessemailss.biz/0.0.0.0
-address=/bussines.messages-redirect-to-page.e37uezyquk-rz83y0rwz4d7.p.runcloud.link/0.0.0.0
 address=/buyelectronicsnyc.com/0.0.0.0
 address=/c.curiousmorty.be/0.0.0.0
 address=/c.jardindemiedo.es/0.0.0.0
 address=/c.loveawaits.be/0.0.0.0
 address=/c.mail.com/0.0.0.0
 address=/c0m-r51znzlh8i.isiolo.go.ke/0.0.0.0
-address=/c10012022j.temp.swtest.ru/0.0.0.0
 address=/c1christine.tjelmeland2e.cso.gov.tt/0.0.0.0
 address=/c2dc5b99.chgmar.pages.dev/0.0.0.0
 address=/c6ebv708.caspio.com/0.0.0.0
 address=/cabsiler.com/0.0.0.0
 address=/cache.nebula.phx3.secureserver.net/0.0.0.0
 address=/cadeau-orange.fr/0.0.0.0
+address=/caixabanki.temp.swtest.ru/0.0.0.0
 address=/caixaseguradora.quadientcloud.com/0.0.0.0
 address=/cakesbyannemotha.com/0.0.0.0
 address=/cammymiller.com/0.0.0.0
@@ -506,7 +512,6 @@ address=/cannellandcoflooring.co.uk/0.0.0.0
 address=/capservice.online/0.0.0.0
 address=/caracasmateriais.blogspot.com/0.0.0.0
 address=/carpediemxp.com/0.0.0.0
-address=/carry.reduxservices.com/0.0.0.0
 address=/carservicessaupdate.xyz/0.0.0.0
 address=/cartamorin-geometres.fr/0.0.0.0
 address=/carwash.tv/0.0.0.0
@@ -519,6 +524,7 @@ address=/caycos.beispielseite-wmka.de/0.0.0.0
 address=/caymanreno.com/0.0.0.0
 address=/cbmonlinegroups.com/0.0.0.0
 address=/cc.scicemecod.com/0.0.0.0
+address=/cc23674.tmweb.ru/0.0.0.0
 address=/ccjrlaw.com/0.0.0.0
 address=/cdas.nxzigco.cn/0.0.0.0
 address=/cdsoa.wuefyta.cn/0.0.0.0
@@ -531,14 +537,13 @@ address=/centralconsulta.link/0.0.0.0
 address=/centre1.bubbleapps.io/0.0.0.0
 address=/ceresgulf.com/0.0.0.0
 address=/certifica-montepaschii.com/0.0.0.0
-address=/chalokradocallkakuch.azurewebsites.net/0.0.0.0
-address=/changenotification.pricesamazonlogincard.monster/0.0.0.0
+address=/charitascb.com/0.0.0.0
 address=/charperimagedesign.com/0.0.0.0
 address=/chat-whatasapp.com/0.0.0.0
 address=/chat-whatsaap99.duckdns.org/0.0.0.0
 address=/chat-whatsapp-com-go8i7q-qregrabc-ibuxub.duckdns.org/0.0.0.0
-address=/chat-whatsapp-group-2022.duckdns.org/0.0.0.0
 address=/chat-whatsapp-grupo-invitacion.blogspot.com/0.0.0.0
+address=/chat-whatsapp-gscfghjsgsu.duckdns.org/0.0.0.0
 address=/chckmaill1.web.app/0.0.0.0
 address=/chckmaill10.web.app/0.0.0.0
 address=/chckmaill11.web.app/0.0.0.0
@@ -572,9 +577,9 @@ address=/chiragrajoria.github.io/0.0.0.0
 address=/chois.jp/0.0.0.0
 address=/christienstudystl.wixsite.com/0.0.0.0
 address=/christmas-dhl-express-delvr.hopekosmos.com/0.0.0.0
+address=/chronopostaws.com/0.0.0.0
 address=/chtbnk.uk/0.0.0.0
 address=/chutomen.com/0.0.0.0
-address=/ciiusea.com/0.0.0.0
 address=/cinemaleftech.com/0.0.0.0
 address=/citagestionenlineabn.com/0.0.0.0
 address=/city-of-jazz.de/0.0.0.0
@@ -582,13 +587,11 @@ address=/ckwgruppe.service-now.com/0.0.0.0
 address=/claiimdiamondgratis84.duckdns.org/0.0.0.0
 address=/claim-event-freefire-garena-oldfree-a4.duckdns.org/0.0.0.0
 address=/claim-skingratis-mobailegends161.duckdns.org/0.0.0.0
-address=/claimgratisff2022.duckdns.org/0.0.0.0
 address=/claims-funds-enczj.run-us-west2.goorm.io/0.0.0.0
 address=/claimseventmlbb.duckdns.org/0.0.0.0
 address=/claimshopee.yolasite.com/0.0.0.0
 address=/claro-link.brsafe.com.br/0.0.0.0
 address=/claus.bz/0.0.0.0
-address=/clefman.cl/0.0.0.0
 address=/click-here-help.in/0.0.0.0
 address=/client-support-page.com/0.0.0.0
 address=/clientid-h5p8n7f9e6fbmkhbr3i4gbnia7e9zpts4nbk3ebk0zj625t2ol.website.yandexcloud.net/0.0.0.0
@@ -627,7 +630,9 @@ address=/co.jp.rukbcga.cn/0.0.0.0
 address=/co.jp.sefdvsi.cn/0.0.0.0
 address=/co.jp.tezkkbp.cn/0.0.0.0
 address=/co.jp.ztxzzup.cn/0.0.0.0
+address=/cobaincurlduluom.duckdns.org/0.0.0.0
 address=/codwarzonemobile.com/0.0.0.0
+address=/coindappsync.online/0.0.0.0
 address=/cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev/0.0.0.0
 address=/collab-land.net/0.0.0.0
 address=/collabland.info/0.0.0.0
@@ -642,23 +647,24 @@ address=/com-mm2ai86orr.isiolo.go.ke/0.0.0.0
 address=/com-r51znzlh8i.isiolo.go.ke/0.0.0.0
 address=/com-sauuvazpjo.isiolo.go.ke/0.0.0.0
 address=/com-ugsyk69nqb.isiolo.go.ke/0.0.0.0
-address=/comefuck.co/0.0.0.0
 address=/community.fb-pages-01138913366342885284.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link/0.0.0.0
 address=/community.fb-pages-28202553629866144006.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link/0.0.0.0
 address=/community.fb-pages-44883444930165123303.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link/0.0.0.0
 address=/completeegali.webcindario.com/0.0.0.0
+address=/completeyorcorp.lunsrgovert.net/0.0.0.0
 address=/comunicazione-europe.net/0.0.0.0
 address=/comunity-isue-ideent-andromeda-29.web.id/0.0.0.0
 address=/comunity-isue-ideent-andromeda-33.web.id/0.0.0.0
-address=/comunity-isue-ideent-andromeda-88.web.id/0.0.0.0
 address=/con-firma.firebaseapp.com/0.0.0.0
-address=/confirming-pages-idntitysupport.web.id/0.0.0.0
 address=/congresosba.com.ar/0.0.0.0
 address=/conhecaonlinedigital.com.br/0.0.0.0
 address=/connect.au-login.0662smt.com/0.0.0.0
+address=/connect.auone.jp-login.kddi-sys.com/0.0.0.0
+address=/connect.myauone.jp-auid.jp-auid.com/0.0.0.0
+address=/connect.myauone.jp-auid.kddi-mail.com/0.0.0.0
+address=/connectlivewallet.io/0.0.0.0
 address=/connectwallet.me/0.0.0.0
 address=/conoscofaturahiiiper.com/0.0.0.0
-address=/consultavirtuai.bieah.com/0.0.0.0
 address=/contabilidaderabello.com.br/0.0.0.0
 address=/contact2acceptpoilcyverifingyouracceptancemailfullinbox.pages.dev/0.0.0.0
 address=/contapessoal.digital/0.0.0.0
@@ -669,7 +675,7 @@ address=/continentepecas.com/0.0.0.0
 address=/contratodeparceria.com.br/0.0.0.0
 address=/controlpichincha.webcindario.com/0.0.0.0
 address=/copyright-center-live.ml/0.0.0.0
-address=/corl-inv.web.app/0.0.0.0
+address=/coroplastusa.com/0.0.0.0
 address=/correosdemexico-web.com/0.0.0.0
 address=/corta.ai/0.0.0.0
 address=/cosemu.com/0.0.0.0
@@ -689,7 +695,6 @@ address=/credicorp-capital.net/0.0.0.0
 address=/credicorpfiduciariasa.com/0.0.0.0
 address=/credifinanciera.didacsis.com/0.0.0.0
 address=/crediserfinanza.com/0.0.0.0
-address=/credita302.temp.swtest.ru/0.0.0.0
 address=/creditagricole-sudrhonealpes.blogspot.ba/0.0.0.0
 address=/creditagricole-sudrhonealpes.blogspot.com/0.0.0.0
 address=/creditagricole-sudrhonealpes.blogspot.ro/0.0.0.0
@@ -697,13 +702,18 @@ address=/creditinternationalbank.com/0.0.0.0
 address=/creditiperhabbogratissicuro100.blogspot.it/0.0.0.0
 address=/cresvin.com/0.0.0.0
 address=/criticalcarevizag.com/0.0.0.0
+address=/crrdxwjap7t.typeform.com/0.0.0.0
 address=/cryptocars-plays.buzz/0.0.0.0
 address=/cryptocarsme.com/0.0.0.0
 address=/cryptscars-logs.com/0.0.0.0
 address=/cryqtocars.me/0.0.0.0
 address=/cuans.bkaamiv.cn/0.0.0.0
 address=/currentlyupgrade.mystrikingly.com/0.0.0.0
+address=/cusnas.366wuv.cn/0.0.0.0
+address=/cxas.bvd2q18.cn/0.0.0.0
+address=/cxas.zk6w4dt.cn/0.0.0.0
 address=/cxasd.easghbl.cn/0.0.0.0
+address=/cxmnsa.04frh0w.cn/0.0.0.0
 address=/cxnbas.nmkbmqk.cn/0.0.0.0
 address=/cxuahs.1wc9bxm.cn/0.0.0.0
 address=/cyna.rkpmage.cn/0.0.0.0
@@ -716,8 +726,10 @@ address=/d18gc1ytkdv37u.cloudfront.net/0.0.0.0
 address=/d2aae6a6.srvr-cloudmail-srvr675eu6r.pages.dev/0.0.0.0
 address=/d3ncuwwrr82.typeform.com/0.0.0.0
 address=/daatahomes.com/0.0.0.0
+address=/dadafa88.com/0.0.0.0
 address=/damp-f43e.recovery-page-secur.workers.dev/0.0.0.0
 address=/danitraseoexperts.com/0.0.0.0
+address=/dappconnecttvalidator.net/0.0.0.0
 address=/dapponlines.com/0.0.0.0
 address=/dappscoins.com/0.0.0.0
 address=/dappsiconnect.com/0.0.0.0
@@ -733,8 +745,8 @@ address=/daycoval.facildepagar.com.br/0.0.0.0
 address=/db-web-client.com/0.0.0.0
 address=/dbesmdcjzturhizszllesbthsn-dot-gl44393333333.rj.r.appspot.com/0.0.0.0
 address=/dbkuzwes.online/0.0.0.0
-address=/dbs-interrnet.online/0.0.0.0
 address=/dbs.limited/0.0.0.0
+address=/dbs.online.webdbslistinonline.com/0.0.0.0
 address=/dbs.webdbslistinonline.com/0.0.0.0
 address=/dbw.gr/0.0.0.0
 address=/dcm1.ae.iwc.static.tungmung.co.id/0.0.0.0
@@ -767,6 +779,7 @@ address=/deutsche-post.apurvathespygenesh.com/0.0.0.0
 address=/dev-nadaj.orlenpaczka.ce5.pl/0.0.0.0
 address=/dev-secu-credit-union.pantheonsite.io/0.0.0.0
 address=/dev-www.orlenpaczka.ce5.pl/0.0.0.0
+address=/dev.massageliabilityinsurancegroup.com/0.0.0.0
 address=/dev.shivaxi.com/0.0.0.0
 address=/devicepichincha.webcindario.com/0.0.0.0
 address=/devops.help/0.0.0.0
@@ -779,15 +792,17 @@ address=/dhl-event.app/0.0.0.0
 address=/dhl.recruitmentplatform.com/0.0.0.0
 address=/diamondplate.us/0.0.0.0
 address=/die-post-swiss-id-19782635812.psd2any.com/0.0.0.0
+address=/diepost-paketevhost207932.lowhost.ru/0.0.0.0
 address=/diginto.org/0.0.0.0
-address=/dilscord.gift/0.0.0.0
+address=/diligentverify.com/0.0.0.0
 address=/directqpuprozaakp.weebly.com/0.0.0.0
 address=/dirtyez.com/0.0.0.0
 address=/disccrdapp.com/0.0.0.0
 address=/disckord.club/0.0.0.0
 address=/discoord-nittro.com/0.0.0.0
-address=/discorc.gift/0.0.0.0
 address=/discordbugs.com/0.0.0.0
+address=/discordnitroos.com/0.0.0.0
+address=/discrods.gift/0.0.0.0
 address=/dispositivoapp.azurewebsites.net/0.0.0.0
 address=/distinctivei.com/0.0.0.0
 address=/distrial.ec/0.0.0.0
@@ -800,7 +815,6 @@ address=/dkglobaljobs.com/0.0.0.0
 address=/dl.9xu.com/0.0.0.0
 address=/dlink.me/0.0.0.0
 address=/dmaxpesca.com.es/0.0.0.0
-address=/dminer.cloud/0.0.0.0
 address=/doclab-console-auth.firebaseapp.com/0.0.0.0
 address=/docs-verify-c671.thajetiase.workers.dev/0.0.0.0
 address=/docs.revv.so/0.0.0.0
@@ -826,12 +840,9 @@ address=/domainserverlawa116.web.app/0.0.0.0
 address=/domainserverlawa117.web.app/0.0.0.0
 address=/domainserverlawa118.web.app/0.0.0.0
 address=/domainserverlawa119.web.app/0.0.0.0
-address=/domainserverlawa120.web.app/0.0.0.0
-address=/domainserverlawa121.web.app/0.0.0.0
 address=/domainserverlawa122.web.app/0.0.0.0
 address=/domainserverlawa123.web.app/0.0.0.0
 address=/domainserverlawa124.web.app/0.0.0.0
-address=/domainserverlawa125.web.app/0.0.0.0
 address=/domainserverlawa126.web.app/0.0.0.0
 address=/domainserverlawa127.web.app/0.0.0.0
 address=/domainserverlawa128.web.app/0.0.0.0
@@ -840,32 +851,24 @@ address=/domainserverlawa13.web.app/0.0.0.0
 address=/domainserverlawa130.web.app/0.0.0.0
 address=/domainserverlawa131.web.app/0.0.0.0
 address=/domainserverlawa132.web.app/0.0.0.0
-address=/domainserverlawa133.web.app/0.0.0.0
 address=/domainserverlawa134.web.app/0.0.0.0
 address=/domainserverlawa135.web.app/0.0.0.0
 address=/domainserverlawa136.web.app/0.0.0.0
 address=/domainserverlawa137.web.app/0.0.0.0
-address=/domainserverlawa138.web.app/0.0.0.0
 address=/domainserverlawa139.web.app/0.0.0.0
 address=/domainserverlawa14.web.app/0.0.0.0
-address=/domainserverlawa140.web.app/0.0.0.0
-address=/domainserverlawa141.web.app/0.0.0.0
 address=/domainserverlawa142.web.app/0.0.0.0
 address=/domainserverlawa143.web.app/0.0.0.0
 address=/domainserverlawa144.web.app/0.0.0.0
 address=/domainserverlawa145.web.app/0.0.0.0
 address=/domainserverlawa146.web.app/0.0.0.0
-address=/domainserverlawa147.web.app/0.0.0.0
 address=/domainserverlawa148.web.app/0.0.0.0
 address=/domainserverlawa149.web.app/0.0.0.0
 address=/domainserverlawa150.web.app/0.0.0.0
-address=/domainserverlawa151.web.app/0.0.0.0
 address=/domainserverlawa152.web.app/0.0.0.0
 address=/domainserverlawa153.web.app/0.0.0.0
-address=/domainserverlawa154.web.app/0.0.0.0
 address=/domainserverlawa155.web.app/0.0.0.0
 address=/domainserverlawa156.web.app/0.0.0.0
-address=/domainserverlawa157.web.app/0.0.0.0
 address=/domainserverlawa158.web.app/0.0.0.0
 address=/domainserverlawa159.web.app/0.0.0.0
 address=/domainserverlawa160.web.app/0.0.0.0
@@ -873,20 +876,15 @@ address=/domainserverlawa161.web.app/0.0.0.0
 address=/domainserverlawa162.web.app/0.0.0.0
 address=/domainserverlawa163.web.app/0.0.0.0
 address=/domainserverlawa164.web.app/0.0.0.0
-address=/domainserverlawa165.web.app/0.0.0.0
 address=/domainserverlawa166.web.app/0.0.0.0
 address=/domainserverlawa167.web.app/0.0.0.0
 address=/domainserverlawa168.web.app/0.0.0.0
 address=/domainserverlawa169.web.app/0.0.0.0
-address=/domainserverlawa17.web.app/0.0.0.0
-address=/domainserverlawa170.web.app/0.0.0.0
 address=/domainserverlawa171.web.app/0.0.0.0
 address=/domainserverlawa172.web.app/0.0.0.0
 address=/domainserverlawa173.web.app/0.0.0.0
 address=/domainserverlawa174.web.app/0.0.0.0
-address=/domainserverlawa175.web.app/0.0.0.0
 address=/domainserverlawa176.web.app/0.0.0.0
-address=/domainserverlawa177.web.app/0.0.0.0
 address=/domainserverlawa178.web.app/0.0.0.0
 address=/domainserverlawa179.web.app/0.0.0.0
 address=/domainserverlawa18.web.app/0.0.0.0
@@ -895,34 +893,25 @@ address=/domainserverlawa181.web.app/0.0.0.0
 address=/domainserverlawa182.web.app/0.0.0.0
 address=/domainserverlawa183.web.app/0.0.0.0
 address=/domainserverlawa184.web.app/0.0.0.0
-address=/domainserverlawa185.web.app/0.0.0.0
 address=/domainserverlawa186.web.app/0.0.0.0
 address=/domainserverlawa187.web.app/0.0.0.0
 address=/domainserverlawa188.web.app/0.0.0.0
 address=/domainserverlawa189.web.app/0.0.0.0
 address=/domainserverlawa19.web.app/0.0.0.0
-address=/domainserverlawa190.web.app/0.0.0.0
 address=/domainserverlawa191.web.app/0.0.0.0
 address=/domainserverlawa193.web.app/0.0.0.0
 address=/domainserverlawa194.web.app/0.0.0.0
 address=/domainserverlawa195.web.app/0.0.0.0
-address=/domainserverlawa196.web.app/0.0.0.0
-address=/domainserverlawa197.web.app/0.0.0.0
 address=/domainserverlawa198.web.app/0.0.0.0
-address=/domainserverlawa199.web.app/0.0.0.0
 address=/domainserverlawa20.web.app/0.0.0.0
-address=/domainserverlawa200.web.app/0.0.0.0
 address=/domainserverlawa201.web.app/0.0.0.0
 address=/domainserverlawa202.web.app/0.0.0.0
-address=/domainserverlawa203.web.app/0.0.0.0
 address=/domainserverlawa204.web.app/0.0.0.0
 address=/domainserverlawa205.web.app/0.0.0.0
 address=/domainserverlawa206.web.app/0.0.0.0
-address=/domainserverlawa207.web.app/0.0.0.0
 address=/domainserverlawa208.web.app/0.0.0.0
 address=/domainserverlawa209.web.app/0.0.0.0
 address=/domainserverlawa21.web.app/0.0.0.0
-address=/domainserverlawa210.web.app/0.0.0.0
 address=/domainserverlawa211.web.app/0.0.0.0
 address=/domainserverlawa212.web.app/0.0.0.0
 address=/domainserverlawa213.web.app/0.0.0.0
@@ -936,7 +925,6 @@ address=/domainserverlawa220.web.app/0.0.0.0
 address=/domainserverlawa221.web.app/0.0.0.0
 address=/domainserverlawa222.web.app/0.0.0.0
 address=/domainserverlawa223.web.app/0.0.0.0
-address=/domainserverlawa224.web.app/0.0.0.0
 address=/domainserverlawa225.web.app/0.0.0.0
 address=/domainserverlawa226.web.app/0.0.0.0
 address=/domainserverlawa227.web.app/0.0.0.0
@@ -949,12 +937,10 @@ address=/domainserverlawa233.web.app/0.0.0.0
 address=/domainserverlawa234.web.app/0.0.0.0
 address=/domainserverlawa235.web.app/0.0.0.0
 address=/domainserverlawa237.web.app/0.0.0.0
-address=/domainserverlawa238.web.app/0.0.0.0
 address=/domainserverlawa239.web.app/0.0.0.0
 address=/domainserverlawa240.web.app/0.0.0.0
 address=/domainserverlawa241.web.app/0.0.0.0
 address=/domainserverlawa242.web.app/0.0.0.0
-address=/domainserverlawa243.web.app/0.0.0.0
 address=/domainserverlawa244.web.app/0.0.0.0
 address=/domainserverlawa245.web.app/0.0.0.0
 address=/domainserverlawa246.web.app/0.0.0.0
@@ -962,35 +948,23 @@ address=/domainserverlawa247.web.app/0.0.0.0
 address=/domainserverlawa248.web.app/0.0.0.0
 address=/domainserverlawa249.web.app/0.0.0.0
 address=/domainserverlawa25.web.app/0.0.0.0
-address=/domainserverlawa250.web.app/0.0.0.0
 address=/domainserverlawa251.web.app/0.0.0.0
 address=/domainserverlawa252.web.app/0.0.0.0
 address=/domainserverlawa253.web.app/0.0.0.0
-address=/domainserverlawa254.web.app/0.0.0.0
-address=/domainserverlawa255.web.app/0.0.0.0
 address=/domainserverlawa256.web.app/0.0.0.0
 address=/domainserverlawa257.web.app/0.0.0.0
 address=/domainserverlawa258.web.app/0.0.0.0
-address=/domainserverlawa259.web.app/0.0.0.0
-address=/domainserverlawa26.web.app/0.0.0.0
 address=/domainserverlawa260.web.app/0.0.0.0
-address=/domainserverlawa261.web.app/0.0.0.0
-address=/domainserverlawa262.web.app/0.0.0.0
 address=/domainserverlawa263.web.app/0.0.0.0
 address=/domainserverlawa264.web.app/0.0.0.0
 address=/domainserverlawa265.web.app/0.0.0.0
 address=/domainserverlawa266.web.app/0.0.0.0
 address=/domainserverlawa267.web.app/0.0.0.0
-address=/domainserverlawa268.web.app/0.0.0.0
 address=/domainserverlawa269.web.app/0.0.0.0
 address=/domainserverlawa270.web.app/0.0.0.0
-address=/domainserverlawa271.web.app/0.0.0.0
-address=/domainserverlawa272.web.app/0.0.0.0
 address=/domainserverlawa273.web.app/0.0.0.0
 address=/domainserverlawa274.web.app/0.0.0.0
-address=/domainserverlawa275.web.app/0.0.0.0
 address=/domainserverlawa276.web.app/0.0.0.0
-address=/domainserverlawa277.web.app/0.0.0.0
 address=/domainserverlawa278.web.app/0.0.0.0
 address=/domainserverlawa279.web.app/0.0.0.0
 address=/domainserverlawa280.web.app/0.0.0.0
@@ -999,9 +973,7 @@ address=/domainserverlawa282.web.app/0.0.0.0
 address=/domainserverlawa283.web.app/0.0.0.0
 address=/domainserverlawa284.web.app/0.0.0.0
 address=/domainserverlawa285.web.app/0.0.0.0
-address=/domainserverlawa286.web.app/0.0.0.0
 address=/domainserverlawa287.web.app/0.0.0.0
-address=/domainserverlawa289.web.app/0.0.0.0
 address=/domainserverlawa29.web.app/0.0.0.0
 address=/domainserverlawa290.web.app/0.0.0.0
 address=/domainserverlawa292.web.app/0.0.0.0
@@ -1010,28 +982,20 @@ address=/domainserverlawa294.web.app/0.0.0.0
 address=/domainserverlawa295.web.app/0.0.0.0
 address=/domainserverlawa296.web.app/0.0.0.0
 address=/domainserverlawa297.web.app/0.0.0.0
-address=/domainserverlawa298.web.app/0.0.0.0
 address=/domainserverlawa299.web.app/0.0.0.0
-address=/domainserverlawa30.web.app/0.0.0.0
 address=/domainserverlawa300.web.app/0.0.0.0
 address=/domainserverlawa301.web.app/0.0.0.0
 address=/domainserverlawa302.web.app/0.0.0.0
 address=/domainserverlawa303.web.app/0.0.0.0
 address=/domainserverlawa304.web.app/0.0.0.0
 address=/domainserverlawa305.web.app/0.0.0.0
-address=/domainserverlawa306.web.app/0.0.0.0
 address=/domainserverlawa307.web.app/0.0.0.0
 address=/domainserverlawa308.web.app/0.0.0.0
-address=/domainserverlawa309.web.app/0.0.0.0
-address=/domainserverlawa31.web.app/0.0.0.0
 address=/domainserverlawa310.web.app/0.0.0.0
 address=/domainserverlawa311.web.app/0.0.0.0
 address=/domainserverlawa312.web.app/0.0.0.0
 address=/domainserverlawa313.web.app/0.0.0.0
-address=/domainserverlawa314.web.app/0.0.0.0
 address=/domainserverlawa315.web.app/0.0.0.0
-address=/domainserverlawa316.web.app/0.0.0.0
-address=/domainserverlawa317.web.app/0.0.0.0
 address=/domainserverlawa318.web.app/0.0.0.0
 address=/domainserverlawa319.web.app/0.0.0.0
 address=/domainserverlawa32.web.app/0.0.0.0
@@ -1039,13 +1003,11 @@ address=/domainserverlawa320.web.app/0.0.0.0
 address=/domainserverlawa321.web.app/0.0.0.0
 address=/domainserverlawa322.web.app/0.0.0.0
 address=/domainserverlawa323.web.app/0.0.0.0
-address=/domainserverlawa324.web.app/0.0.0.0
 address=/domainserverlawa325.web.app/0.0.0.0
 address=/domainserverlawa326.web.app/0.0.0.0
 address=/domainserverlawa327.web.app/0.0.0.0
 address=/domainserverlawa328.web.app/0.0.0.0
 address=/domainserverlawa329.web.app/0.0.0.0
-address=/domainserverlawa33.web.app/0.0.0.0
 address=/domainserverlawa330.web.app/0.0.0.0
 address=/domainserverlawa331.web.app/0.0.0.0
 address=/domainserverlawa332.web.app/0.0.0.0
@@ -1056,17 +1018,14 @@ address=/domainserverlawa336.web.app/0.0.0.0
 address=/domainserverlawa337.web.app/0.0.0.0
 address=/domainserverlawa338.web.app/0.0.0.0
 address=/domainserverlawa339.web.app/0.0.0.0
-address=/domainserverlawa34.web.app/0.0.0.0
 address=/domainserverlawa340.web.app/0.0.0.0
 address=/domainserverlawa341.web.app/0.0.0.0
 address=/domainserverlawa342.web.app/0.0.0.0
 address=/domainserverlawa343.web.app/0.0.0.0
 address=/domainserverlawa344.web.app/0.0.0.0
-address=/domainserverlawa345.web.app/0.0.0.0
 address=/domainserverlawa346.web.app/0.0.0.0
 address=/domainserverlawa347.web.app/0.0.0.0
 address=/domainserverlawa348.web.app/0.0.0.0
-address=/domainserverlawa35.web.app/0.0.0.0
 address=/domainserverlawa350.web.app/0.0.0.0
 address=/domainserverlawa351.web.app/0.0.0.0
 address=/domainserverlawa352.web.app/0.0.0.0
@@ -1080,7 +1039,6 @@ address=/domainserverlawa359.web.app/0.0.0.0
 address=/domainserverlawa36.web.app/0.0.0.0
 address=/domainserverlawa360.web.app/0.0.0.0
 address=/domainserverlawa361.web.app/0.0.0.0
-address=/domainserverlawa362.web.app/0.0.0.0
 address=/domainserverlawa363.web.app/0.0.0.0
 address=/domainserverlawa364.web.app/0.0.0.0
 address=/domainserverlawa365.web.app/0.0.0.0
@@ -1091,7 +1049,6 @@ address=/domainserverlawa37.web.app/0.0.0.0
 address=/domainserverlawa370.web.app/0.0.0.0
 address=/domainserverlawa371.web.app/0.0.0.0
 address=/domainserverlawa372.web.app/0.0.0.0
-address=/domainserverlawa373.web.app/0.0.0.0
 address=/domainserverlawa374.web.app/0.0.0.0
 address=/domainserverlawa375.web.app/0.0.0.0
 address=/domainserverlawa376.web.app/0.0.0.0
@@ -1107,11 +1064,7 @@ address=/domainserverlawa384.web.app/0.0.0.0
 address=/domainserverlawa385.web.app/0.0.0.0
 address=/domainserverlawa386.web.app/0.0.0.0
 address=/domainserverlawa387.web.app/0.0.0.0
-address=/domainserverlawa388.web.app/0.0.0.0
-address=/domainserverlawa389.web.app/0.0.0.0
-address=/domainserverlawa39.web.app/0.0.0.0
 address=/domainserverlawa390.web.app/0.0.0.0
-address=/domainserverlawa391.web.app/0.0.0.0
 address=/domainserverlawa392.web.app/0.0.0.0
 address=/domainserverlawa393.web.app/0.0.0.0
 address=/domainserverlawa394.web.app/0.0.0.0
@@ -1122,11 +1075,8 @@ address=/domainserverlawa398.web.app/0.0.0.0
 address=/domainserverlawa40.web.app/0.0.0.0
 address=/domainserverlawa400.web.app/0.0.0.0
 address=/domainserverlawa401.web.app/0.0.0.0
-address=/domainserverlawa402.web.app/0.0.0.0
 address=/domainserverlawa403.web.app/0.0.0.0
-address=/domainserverlawa404.web.app/0.0.0.0
 address=/domainserverlawa405.web.app/0.0.0.0
-address=/domainserverlawa406.web.app/0.0.0.0
 address=/domainserverlawa407.web.app/0.0.0.0
 address=/domainserverlawa408.web.app/0.0.0.0
 address=/domainserverlawa409.web.app/0.0.0.0
@@ -1137,7 +1087,6 @@ address=/domainserverlawa412.web.app/0.0.0.0
 address=/domainserverlawa413.web.app/0.0.0.0
 address=/domainserverlawa414.web.app/0.0.0.0
 address=/domainserverlawa415.web.app/0.0.0.0
-address=/domainserverlawa416.web.app/0.0.0.0
 address=/domainserverlawa417.web.app/0.0.0.0
 address=/domainserverlawa418.web.app/0.0.0.0
 address=/domainserverlawa419.web.app/0.0.0.0
@@ -1150,12 +1099,10 @@ address=/domainserverlawa424.web.app/0.0.0.0
 address=/domainserverlawa425.web.app/0.0.0.0
 address=/domainserverlawa426.web.app/0.0.0.0
 address=/domainserverlawa427.web.app/0.0.0.0
-address=/domainserverlawa428.web.app/0.0.0.0
 address=/domainserverlawa429.web.app/0.0.0.0
 address=/domainserverlawa43.web.app/0.0.0.0
 address=/domainserverlawa430.web.app/0.0.0.0
 address=/domainserverlawa431.web.app/0.0.0.0
-address=/domainserverlawa432.web.app/0.0.0.0
 address=/domainserverlawa433.web.app/0.0.0.0
 address=/domainserverlawa434.web.app/0.0.0.0
 address=/domainserverlawa435.web.app/0.0.0.0
@@ -1165,36 +1112,27 @@ address=/domainserverlawa438.web.app/0.0.0.0
 address=/domainserverlawa439.web.app/0.0.0.0
 address=/domainserverlawa44.web.app/0.0.0.0
 address=/domainserverlawa440.web.app/0.0.0.0
-address=/domainserverlawa441.web.app/0.0.0.0
 address=/domainserverlawa442.web.app/0.0.0.0
 address=/domainserverlawa443.web.app/0.0.0.0
 address=/domainserverlawa444.web.app/0.0.0.0
 address=/domainserverlawa445.web.app/0.0.0.0
 address=/domainserverlawa446.web.app/0.0.0.0
 address=/domainserverlawa447.web.app/0.0.0.0
-address=/domainserverlawa448.web.app/0.0.0.0
 address=/domainserverlawa449.web.app/0.0.0.0
-address=/domainserverlawa45.web.app/0.0.0.0
 address=/domainserverlawa450.web.app/0.0.0.0
 address=/domainserverlawa451.web.app/0.0.0.0
 address=/domainserverlawa452.web.app/0.0.0.0
 address=/domainserverlawa453.web.app/0.0.0.0
-address=/domainserverlawa454.web.app/0.0.0.0
 address=/domainserverlawa455.web.app/0.0.0.0
 address=/domainserverlawa456.web.app/0.0.0.0
-address=/domainserverlawa457.web.app/0.0.0.0
-address=/domainserverlawa458.web.app/0.0.0.0
 address=/domainserverlawa459.web.app/0.0.0.0
 address=/domainserverlawa46.web.app/0.0.0.0
 address=/domainserverlawa460.web.app/0.0.0.0
-address=/domainserverlawa461.web.app/0.0.0.0
 address=/domainserverlawa462.web.app/0.0.0.0
 address=/domainserverlawa463.web.app/0.0.0.0
 address=/domainserverlawa464.web.app/0.0.0.0
 address=/domainserverlawa465.web.app/0.0.0.0
 address=/domainserverlawa466.web.app/0.0.0.0
-address=/domainserverlawa467.web.app/0.0.0.0
-address=/domainserverlawa468.web.app/0.0.0.0
 address=/domainserverlawa469.web.app/0.0.0.0
 address=/domainserverlawa47.web.app/0.0.0.0
 address=/domainserverlawa470.web.app/0.0.0.0
@@ -1205,18 +1143,14 @@ address=/domainserverlawa474.web.app/0.0.0.0
 address=/domainserverlawa475.web.app/0.0.0.0
 address=/domainserverlawa476.web.app/0.0.0.0
 address=/domainserverlawa477.web.app/0.0.0.0
-address=/domainserverlawa478.web.app/0.0.0.0
 address=/domainserverlawa479.web.app/0.0.0.0
 address=/domainserverlawa480.web.app/0.0.0.0
 address=/domainserverlawa481.web.app/0.0.0.0
-address=/domainserverlawa482.web.app/0.0.0.0
 address=/domainserverlawa483.web.app/0.0.0.0
 address=/domainserverlawa484.web.app/0.0.0.0
 address=/domainserverlawa485.web.app/0.0.0.0
 address=/domainserverlawa486.web.app/0.0.0.0
 address=/domainserverlawa487.web.app/0.0.0.0
-address=/domainserverlawa488.web.app/0.0.0.0
-address=/domainserverlawa489.web.app/0.0.0.0
 address=/domainserverlawa49.web.app/0.0.0.0
 address=/domainserverlawa490.web.app/0.0.0.0
 address=/domainserverlawa491.web.app/0.0.0.0
@@ -1227,22 +1161,15 @@ address=/domainserverlawa495.web.app/0.0.0.0
 address=/domainserverlawa496.web.app/0.0.0.0
 address=/domainserverlawa497.web.app/0.0.0.0
 address=/domainserverlawa498.web.app/0.0.0.0
-address=/domainserverlawa499.web.app/0.0.0.0
 address=/domainserverlawa50.web.app/0.0.0.0
 address=/domainserverlawa500.web.app/0.0.0.0
-address=/domainserverlawa501.web.app/0.0.0.0
 address=/domainserverlawa502.web.app/0.0.0.0
-address=/domainserverlawa503.web.app/0.0.0.0
-address=/domainserverlawa504.web.app/0.0.0.0
-address=/domainserverlawa505.web.app/0.0.0.0
 address=/domainserverlawa506.web.app/0.0.0.0
 address=/domainserverlawa507.web.app/0.0.0.0
 address=/domainserverlawa508.web.app/0.0.0.0
 address=/domainserverlawa509.web.app/0.0.0.0
 address=/domainserverlawa51.web.app/0.0.0.0
-address=/domainserverlawa510.web.app/0.0.0.0
 address=/domainserverlawa511.web.app/0.0.0.0
-address=/domainserverlawa513.web.app/0.0.0.0
 address=/domainserverlawa514.web.app/0.0.0.0
 address=/domainserverlawa515.web.app/0.0.0.0
 address=/domainserverlawa516.web.app/0.0.0.0
@@ -1251,10 +1178,8 @@ address=/domainserverlawa518.web.app/0.0.0.0
 address=/domainserverlawa519.web.app/0.0.0.0
 address=/domainserverlawa52.web.app/0.0.0.0
 address=/domainserverlawa520.web.app/0.0.0.0
-address=/domainserverlawa521.web.app/0.0.0.0
 address=/domainserverlawa522.web.app/0.0.0.0
 address=/domainserverlawa523.web.app/0.0.0.0
-address=/domainserverlawa524.web.app/0.0.0.0
 address=/domainserverlawa525.web.app/0.0.0.0
 address=/domainserverlawa526.web.app/0.0.0.0
 address=/domainserverlawa527.web.app/0.0.0.0
@@ -1265,28 +1190,21 @@ address=/domainserverlawa530.web.app/0.0.0.0
 address=/domainserverlawa531.web.app/0.0.0.0
 address=/domainserverlawa532.web.app/0.0.0.0
 address=/domainserverlawa533.web.app/0.0.0.0
-address=/domainserverlawa534.web.app/0.0.0.0
-address=/domainserverlawa535.web.app/0.0.0.0
 address=/domainserverlawa536.web.app/0.0.0.0
 address=/domainserverlawa537.web.app/0.0.0.0
 address=/domainserverlawa538.web.app/0.0.0.0
 address=/domainserverlawa539.web.app/0.0.0.0
 address=/domainserverlawa54.web.app/0.0.0.0
-address=/domainserverlawa540.web.app/0.0.0.0
 address=/domainserverlawa541.web.app/0.0.0.0
 address=/domainserverlawa542.web.app/0.0.0.0
 address=/domainserverlawa543.web.app/0.0.0.0
-address=/domainserverlawa544.web.app/0.0.0.0
 address=/domainserverlawa545.web.app/0.0.0.0
 address=/domainserverlawa546.web.app/0.0.0.0
 address=/domainserverlawa547.web.app/0.0.0.0
-address=/domainserverlawa548.web.app/0.0.0.0
 address=/domainserverlawa549.web.app/0.0.0.0
 address=/domainserverlawa550.web.app/0.0.0.0
 address=/domainserverlawa551.web.app/0.0.0.0
-address=/domainserverlawa552.web.app/0.0.0.0
 address=/domainserverlawa553.web.app/0.0.0.0
-address=/domainserverlawa554.web.app/0.0.0.0
 address=/domainserverlawa555.web.app/0.0.0.0
 address=/domainserverlawa556.web.app/0.0.0.0
 address=/domainserverlawa557.web.app/0.0.0.0
@@ -1296,9 +1214,7 @@ address=/domainserverlawa56.web.app/0.0.0.0
 address=/domainserverlawa560.web.app/0.0.0.0
 address=/domainserverlawa561.web.app/0.0.0.0
 address=/domainserverlawa562.web.app/0.0.0.0
-address=/domainserverlawa563.web.app/0.0.0.0
 address=/domainserverlawa564.web.app/0.0.0.0
-address=/domainserverlawa565.web.app/0.0.0.0
 address=/domainserverlawa566.web.app/0.0.0.0
 address=/domainserverlawa567.web.app/0.0.0.0
 address=/domainserverlawa568.web.app/0.0.0.0
@@ -1307,35 +1223,24 @@ address=/domainserverlawa57.web.app/0.0.0.0
 address=/domainserverlawa570.web.app/0.0.0.0
 address=/domainserverlawa571.web.app/0.0.0.0
 address=/domainserverlawa572.web.app/0.0.0.0
-address=/domainserverlawa573.web.app/0.0.0.0
 address=/domainserverlawa574.web.app/0.0.0.0
 address=/domainserverlawa575.web.app/0.0.0.0
 address=/domainserverlawa576.web.app/0.0.0.0
 address=/domainserverlawa577.web.app/0.0.0.0
 address=/domainserverlawa578.web.app/0.0.0.0
 address=/domainserverlawa579.web.app/0.0.0.0
-address=/domainserverlawa58.web.app/0.0.0.0
-address=/domainserverlawa580.web.app/0.0.0.0
 address=/domainserverlawa581.web.app/0.0.0.0
 address=/domainserverlawa582.web.app/0.0.0.0
 address=/domainserverlawa583.web.app/0.0.0.0
-address=/domainserverlawa584.web.app/0.0.0.0
-address=/domainserverlawa585.web.app/0.0.0.0
 address=/domainserverlawa586.web.app/0.0.0.0
 address=/domainserverlawa587.web.app/0.0.0.0
 address=/domainserverlawa588.web.app/0.0.0.0
 address=/domainserverlawa589.web.app/0.0.0.0
 address=/domainserverlawa59.web.app/0.0.0.0
-address=/domainserverlawa590.web.app/0.0.0.0
-address=/domainserverlawa591.web.app/0.0.0.0
 address=/domainserverlawa592.web.app/0.0.0.0
 address=/domainserverlawa593.web.app/0.0.0.0
-address=/domainserverlawa594.web.app/0.0.0.0
-address=/domainserverlawa595.web.app/0.0.0.0
-address=/domainserverlawa596.web.app/0.0.0.0
 address=/domainserverlawa597.web.app/0.0.0.0
 address=/domainserverlawa598.web.app/0.0.0.0
-address=/domainserverlawa599.web.app/0.0.0.0
 address=/domainserverlawa60.web.app/0.0.0.0
 address=/domainserverlawa600.web.app/0.0.0.0
 address=/domainserverlawa601.web.app/0.0.0.0
@@ -1343,25 +1248,18 @@ address=/domainserverlawa602.web.app/0.0.0.0
 address=/domainserverlawa603.web.app/0.0.0.0
 address=/domainserverlawa604.web.app/0.0.0.0
 address=/domainserverlawa605.web.app/0.0.0.0
-address=/domainserverlawa606.web.app/0.0.0.0
 address=/domainserverlawa607.web.app/0.0.0.0
 address=/domainserverlawa608.web.app/0.0.0.0
 address=/domainserverlawa609.web.app/0.0.0.0
-address=/domainserverlawa61.web.app/0.0.0.0
 address=/domainserverlawa610.web.app/0.0.0.0
-address=/domainserverlawa611.web.app/0.0.0.0
 address=/domainserverlawa612.web.app/0.0.0.0
 address=/domainserverlawa613.web.app/0.0.0.0
 address=/domainserverlawa614.web.app/0.0.0.0
-address=/domainserverlawa615.web.app/0.0.0.0
-address=/domainserverlawa616.web.app/0.0.0.0
-address=/domainserverlawa617.web.app/0.0.0.0
 address=/domainserverlawa618.web.app/0.0.0.0
 address=/domainserverlawa619.web.app/0.0.0.0
 address=/domainserverlawa62.web.app/0.0.0.0
 address=/domainserverlawa620.web.app/0.0.0.0
 address=/domainserverlawa621.web.app/0.0.0.0
-address=/domainserverlawa622.web.app/0.0.0.0
 address=/domainserverlawa623.web.app/0.0.0.0
 address=/domainserverlawa624.web.app/0.0.0.0
 address=/domainserverlawa625.web.app/0.0.0.0
@@ -1382,7 +1280,6 @@ address=/domainserverlawa638.web.app/0.0.0.0
 address=/domainserverlawa639.web.app/0.0.0.0
 address=/domainserverlawa64.web.app/0.0.0.0
 address=/domainserverlawa640.web.app/0.0.0.0
-address=/domainserverlawa641.web.app/0.0.0.0
 address=/domainserverlawa642.web.app/0.0.0.0
 address=/domainserverlawa643.web.app/0.0.0.0
 address=/domainserverlawa644.web.app/0.0.0.0
@@ -1398,11 +1295,6 @@ address=/domainserverlawa652.web.app/0.0.0.0
 address=/domainserverlawa653.web.app/0.0.0.0
 address=/domainserverlawa654.web.app/0.0.0.0
 address=/domainserverlawa655.web.app/0.0.0.0
-address=/domainserverlawa656.web.app/0.0.0.0
-address=/domainserverlawa657.web.app/0.0.0.0
-address=/domainserverlawa658.web.app/0.0.0.0
-address=/domainserverlawa659.web.app/0.0.0.0
-address=/domainserverlawa66.web.app/0.0.0.0
 address=/domainserverlawa660.web.app/0.0.0.0
 address=/domainserverlawa661.web.app/0.0.0.0
 address=/domainserverlawa662.web.app/0.0.0.0
@@ -1413,14 +1305,10 @@ address=/domainserverlawa666.web.app/0.0.0.0
 address=/domainserverlawa667.web.app/0.0.0.0
 address=/domainserverlawa668.web.app/0.0.0.0
 address=/domainserverlawa669.web.app/0.0.0.0
-address=/domainserverlawa67.web.app/0.0.0.0
-address=/domainserverlawa670.web.app/0.0.0.0
 address=/domainserverlawa671.web.app/0.0.0.0
 address=/domainserverlawa672.web.app/0.0.0.0
 address=/domainserverlawa673.web.app/0.0.0.0
-address=/domainserverlawa674.web.app/0.0.0.0
 address=/domainserverlawa675.web.app/0.0.0.0
-address=/domainserverlawa676.web.app/0.0.0.0
 address=/domainserverlawa677.web.app/0.0.0.0
 address=/domainserverlawa678.web.app/0.0.0.0
 address=/domainserverlawa679.web.app/0.0.0.0
@@ -1428,12 +1316,8 @@ address=/domainserverlawa68.web.app/0.0.0.0
 address=/domainserverlawa680.web.app/0.0.0.0
 address=/domainserverlawa681.web.app/0.0.0.0
 address=/domainserverlawa682.web.app/0.0.0.0
-address=/domainserverlawa683.web.app/0.0.0.0
 address=/domainserverlawa684.web.app/0.0.0.0
 address=/domainserverlawa685.web.app/0.0.0.0
-address=/domainserverlawa686.web.app/0.0.0.0
-address=/domainserverlawa687.web.app/0.0.0.0
-address=/domainserverlawa688.web.app/0.0.0.0
 address=/domainserverlawa689.web.app/0.0.0.0
 address=/domainserverlawa69.web.app/0.0.0.0
 address=/domainserverlawa690.web.app/0.0.0.0
@@ -1441,7 +1325,6 @@ address=/domainserverlawa691.web.app/0.0.0.0
 address=/domainserverlawa692.web.app/0.0.0.0
 address=/domainserverlawa693.web.app/0.0.0.0
 address=/domainserverlawa694.web.app/0.0.0.0
-address=/domainserverlawa695.web.app/0.0.0.0
 address=/domainserverlawa696.web.app/0.0.0.0
 address=/domainserverlawa697.web.app/0.0.0.0
 address=/domainserverlawa698.web.app/0.0.0.0
@@ -1452,15 +1335,11 @@ address=/domainserverlawa701.web.app/0.0.0.0
 address=/domainserverlawa702.web.app/0.0.0.0
 address=/domainserverlawa703.web.app/0.0.0.0
 address=/domainserverlawa704.web.app/0.0.0.0
-address=/domainserverlawa705.web.app/0.0.0.0
 address=/domainserverlawa706.web.app/0.0.0.0
-address=/domainserverlawa707.web.app/0.0.0.0
 address=/domainserverlawa708.web.app/0.0.0.0
 address=/domainserverlawa709.web.app/0.0.0.0
 address=/domainserverlawa71.web.app/0.0.0.0
-address=/domainserverlawa710.web.app/0.0.0.0
 address=/domainserverlawa711.web.app/0.0.0.0
-address=/domainserverlawa712.web.app/0.0.0.0
 address=/domainserverlawa713.web.app/0.0.0.0
 address=/domainserverlawa714.web.app/0.0.0.0
 address=/domainserverlawa715.web.app/0.0.0.0
@@ -1469,17 +1348,13 @@ address=/domainserverlawa717.web.app/0.0.0.0
 address=/domainserverlawa718.web.app/0.0.0.0
 address=/domainserverlawa719.web.app/0.0.0.0
 address=/domainserverlawa72.web.app/0.0.0.0
-address=/domainserverlawa720.web.app/0.0.0.0
 address=/domainserverlawa721.web.app/0.0.0.0
 address=/domainserverlawa722.web.app/0.0.0.0
-address=/domainserverlawa723.web.app/0.0.0.0
 address=/domainserverlawa724.web.app/0.0.0.0
 address=/domainserverlawa725.web.app/0.0.0.0
 address=/domainserverlawa726.web.app/0.0.0.0
 address=/domainserverlawa727.web.app/0.0.0.0
-address=/domainserverlawa728.web.app/0.0.0.0
 address=/domainserverlawa729.web.app/0.0.0.0
-address=/domainserverlawa73.web.app/0.0.0.0
 address=/domainserverlawa730.web.app/0.0.0.0
 address=/domainserverlawa731.web.app/0.0.0.0
 address=/domainserverlawa732.web.app/0.0.0.0
@@ -1492,31 +1367,22 @@ address=/domainserverlawa738.web.app/0.0.0.0
 address=/domainserverlawa739.web.app/0.0.0.0
 address=/domainserverlawa74.web.app/0.0.0.0
 address=/domainserverlawa740.web.app/0.0.0.0
-address=/domainserverlawa741.web.app/0.0.0.0
 address=/domainserverlawa742.web.app/0.0.0.0
 address=/domainserverlawa743.web.app/0.0.0.0
 address=/domainserverlawa744.web.app/0.0.0.0
-address=/domainserverlawa745.web.app/0.0.0.0
 address=/domainserverlawa746.web.app/0.0.0.0
-address=/domainserverlawa747.web.app/0.0.0.0
-address=/domainserverlawa748.web.app/0.0.0.0
 address=/domainserverlawa749.web.app/0.0.0.0
 address=/domainserverlawa75.web.app/0.0.0.0
 address=/domainserverlawa750.web.app/0.0.0.0
-address=/domainserverlawa751.web.app/0.0.0.0
 address=/domainserverlawa752.web.app/0.0.0.0
 address=/domainserverlawa753.web.app/0.0.0.0
 address=/domainserverlawa754.web.app/0.0.0.0
 address=/domainserverlawa755.web.app/0.0.0.0
-address=/domainserverlawa756.web.app/0.0.0.0
 address=/domainserverlawa757.web.app/0.0.0.0
 address=/domainserverlawa758.web.app/0.0.0.0
 address=/domainserverlawa759.web.app/0.0.0.0
-address=/domainserverlawa76.web.app/0.0.0.0
-address=/domainserverlawa760.web.app/0.0.0.0
 address=/domainserverlawa761.web.app/0.0.0.0
 address=/domainserverlawa762.web.app/0.0.0.0
-address=/domainserverlawa763.web.app/0.0.0.0
 address=/domainserverlawa764.web.app/0.0.0.0
 address=/domainserverlawa765.web.app/0.0.0.0
 address=/domainserverlawa766.web.app/0.0.0.0
@@ -1536,22 +1402,17 @@ address=/domainserverlawa778.web.app/0.0.0.0
 address=/domainserverlawa779.web.app/0.0.0.0
 address=/domainserverlawa78.web.app/0.0.0.0
 address=/domainserverlawa780.web.app/0.0.0.0
-address=/domainserverlawa781.web.app/0.0.0.0
 address=/domainserverlawa782.web.app/0.0.0.0
 address=/domainserverlawa783.web.app/0.0.0.0
 address=/domainserverlawa784.web.app/0.0.0.0
 address=/domainserverlawa785.web.app/0.0.0.0
 address=/domainserverlawa786.web.app/0.0.0.0
-address=/domainserverlawa787.web.app/0.0.0.0
 address=/domainserverlawa788.web.app/0.0.0.0
 address=/domainserverlawa789.web.app/0.0.0.0
 address=/domainserverlawa79.web.app/0.0.0.0
 address=/domainserverlawa790.web.app/0.0.0.0
-address=/domainserverlawa791.web.app/0.0.0.0
-address=/domainserverlawa792.web.app/0.0.0.0
 address=/domainserverlawa793.web.app/0.0.0.0
 address=/domainserverlawa794.web.app/0.0.0.0
-address=/domainserverlawa795.web.app/0.0.0.0
 address=/domainserverlawa796.web.app/0.0.0.0
 address=/domainserverlawa797.web.app/0.0.0.0
 address=/domainserverlawa798.web.app/0.0.0.0
@@ -1560,7 +1421,6 @@ address=/domainserverlawa80.web.app/0.0.0.0
 address=/domainserverlawa800.web.app/0.0.0.0
 address=/domainserverlawa801.web.app/0.0.0.0
 address=/domainserverlawa802.web.app/0.0.0.0
-address=/domainserverlawa803.web.app/0.0.0.0
 address=/domainserverlawa804.web.app/0.0.0.0
 address=/domainserverlawa806.web.app/0.0.0.0
 address=/domainserverlawa807.web.app/0.0.0.0
@@ -1568,8 +1428,6 @@ address=/domainserverlawa808.web.app/0.0.0.0
 address=/domainserverlawa809.web.app/0.0.0.0
 address=/domainserverlawa81.web.app/0.0.0.0
 address=/domainserverlawa810.web.app/0.0.0.0
-address=/domainserverlawa811.web.app/0.0.0.0
-address=/domainserverlawa812.web.app/0.0.0.0
 address=/domainserverlawa813.web.app/0.0.0.0
 address=/domainserverlawa814.web.app/0.0.0.0
 address=/domainserverlawa815.web.app/0.0.0.0
@@ -1583,7 +1441,6 @@ address=/domainserverlawa821.web.app/0.0.0.0
 address=/domainserverlawa822.web.app/0.0.0.0
 address=/domainserverlawa823.web.app/0.0.0.0
 address=/domainserverlawa824.web.app/0.0.0.0
-address=/domainserverlawa825.web.app/0.0.0.0
 address=/domainserverlawa826.web.app/0.0.0.0
 address=/domainserverlawa827.web.app/0.0.0.0
 address=/domainserverlawa828.web.app/0.0.0.0
@@ -1595,9 +1452,7 @@ address=/domainserverlawa832.web.app/0.0.0.0
 address=/domainserverlawa833.web.app/0.0.0.0
 address=/domainserverlawa834.web.app/0.0.0.0
 address=/domainserverlawa835.web.app/0.0.0.0
-address=/domainserverlawa836.web.app/0.0.0.0
 address=/domainserverlawa837.web.app/0.0.0.0
-address=/domainserverlawa838.web.app/0.0.0.0
 address=/domainserverlawa839.web.app/0.0.0.0
 address=/domainserverlawa84.web.app/0.0.0.0
 address=/domainserverlawa840.web.app/0.0.0.0
@@ -1605,29 +1460,21 @@ address=/domainserverlawa841.web.app/0.0.0.0
 address=/domainserverlawa842.web.app/0.0.0.0
 address=/domainserverlawa843.web.app/0.0.0.0
 address=/domainserverlawa844.web.app/0.0.0.0
-address=/domainserverlawa845.web.app/0.0.0.0
 address=/domainserverlawa846.web.app/0.0.0.0
-address=/domainserverlawa847.web.app/0.0.0.0
-address=/domainserverlawa848.web.app/0.0.0.0
-address=/domainserverlawa849.web.app/0.0.0.0
 address=/domainserverlawa85.web.app/0.0.0.0
-address=/domainserverlawa850.web.app/0.0.0.0
 address=/domainserverlawa851.web.app/0.0.0.0
 address=/domainserverlawa852.web.app/0.0.0.0
 address=/domainserverlawa853.web.app/0.0.0.0
-address=/domainserverlawa854.web.app/0.0.0.0
 address=/domainserverlawa855.web.app/0.0.0.0
 address=/domainserverlawa856.web.app/0.0.0.0
 address=/domainserverlawa857.web.app/0.0.0.0
 address=/domainserverlawa858.web.app/0.0.0.0
-address=/domainserverlawa859.web.app/0.0.0.0
 address=/domainserverlawa86.web.app/0.0.0.0
 address=/domainserverlawa860.web.app/0.0.0.0
 address=/domainserverlawa861.web.app/0.0.0.0
 address=/domainserverlawa862.web.app/0.0.0.0
 address=/domainserverlawa863.web.app/0.0.0.0
 address=/domainserverlawa864.web.app/0.0.0.0
-address=/domainserverlawa865.web.app/0.0.0.0
 address=/domainserverlawa866.web.app/0.0.0.0
 address=/domainserverlawa867.web.app/0.0.0.0
 address=/domainserverlawa868.web.app/0.0.0.0
@@ -1638,7 +1485,6 @@ address=/domainserverlawa871.web.app/0.0.0.0
 address=/domainserverlawa872.web.app/0.0.0.0
 address=/domainserverlawa873.web.app/0.0.0.0
 address=/domainserverlawa874.web.app/0.0.0.0
-address=/domainserverlawa875.web.app/0.0.0.0
 address=/domainserverlawa877.web.app/0.0.0.0
 address=/domainserverlawa878.web.app/0.0.0.0
 address=/domainserverlawa879.web.app/0.0.0.0
@@ -1646,9 +1492,7 @@ address=/domainserverlawa88.web.app/0.0.0.0
 address=/domainserverlawa880.web.app/0.0.0.0
 address=/domainserverlawa881.web.app/0.0.0.0
 address=/domainserverlawa882.web.app/0.0.0.0
-address=/domainserverlawa883.web.app/0.0.0.0
 address=/domainserverlawa884.web.app/0.0.0.0
-address=/domainserverlawa885.web.app/0.0.0.0
 address=/domainserverlawa886.web.app/0.0.0.0
 address=/domainserverlawa888.web.app/0.0.0.0
 address=/domainserverlawa889.web.app/0.0.0.0
@@ -1668,19 +1512,14 @@ address=/domainserverlawa901.web.app/0.0.0.0
 address=/domainserverlawa902.web.app/0.0.0.0
 address=/domainserverlawa903.web.app/0.0.0.0
 address=/domainserverlawa904.web.app/0.0.0.0
-address=/domainserverlawa905.web.app/0.0.0.0
 address=/domainserverlawa906.web.app/0.0.0.0
 address=/domainserverlawa907.web.app/0.0.0.0
 address=/domainserverlawa908.web.app/0.0.0.0
 address=/domainserverlawa909.web.app/0.0.0.0
 address=/domainserverlawa91.web.app/0.0.0.0
 address=/domainserverlawa910.web.app/0.0.0.0
-address=/domainserverlawa911.web.app/0.0.0.0
 address=/domainserverlawa912.web.app/0.0.0.0
 address=/domainserverlawa913.web.app/0.0.0.0
-address=/domainserverlawa914.web.app/0.0.0.0
-address=/domainserverlawa915.web.app/0.0.0.0
-address=/domainserverlawa916.web.app/0.0.0.0
 address=/domainserverlawa917.web.app/0.0.0.0
 address=/domainserverlawa918.web.app/0.0.0.0
 address=/domainserverlawa92.web.app/0.0.0.0
@@ -1689,22 +1528,14 @@ address=/domainserverlawa921.web.app/0.0.0.0
 address=/domainserverlawa922.web.app/0.0.0.0
 address=/domainserverlawa923.web.app/0.0.0.0
 address=/domainserverlawa924.web.app/0.0.0.0
-address=/domainserverlawa925.web.app/0.0.0.0
 address=/domainserverlawa926.web.app/0.0.0.0
 address=/domainserverlawa927.web.app/0.0.0.0
 address=/domainserverlawa929.web.app/0.0.0.0
-address=/domainserverlawa93.web.app/0.0.0.0
 address=/domainserverlawa930.web.app/0.0.0.0
-address=/domainserverlawa931.web.app/0.0.0.0
 address=/domainserverlawa932.web.app/0.0.0.0
-address=/domainserverlawa933.web.app/0.0.0.0
-address=/domainserverlawa934.web.app/0.0.0.0
 address=/domainserverlawa935.web.app/0.0.0.0
-address=/domainserverlawa936.web.app/0.0.0.0
 address=/domainserverlawa937.web.app/0.0.0.0
 address=/domainserverlawa938.web.app/0.0.0.0
-address=/domainserverlawa939.web.app/0.0.0.0
-address=/domainserverlawa94.web.app/0.0.0.0
 address=/domainserverlawa940.web.app/0.0.0.0
 address=/domainserverlawa941.web.app/0.0.0.0
 address=/domainserverlawa942.web.app/0.0.0.0
@@ -1713,45 +1544,33 @@ address=/domainserverlawa944.web.app/0.0.0.0
 address=/domainserverlawa945.web.app/0.0.0.0
 address=/domainserverlawa946.web.app/0.0.0.0
 address=/domainserverlawa947.web.app/0.0.0.0
-address=/domainserverlawa948.web.app/0.0.0.0
 address=/domainserverlawa949.web.app/0.0.0.0
 address=/domainserverlawa95.web.app/0.0.0.0
 address=/domainserverlawa950.web.app/0.0.0.0
-address=/domainserverlawa951.web.app/0.0.0.0
 address=/domainserverlawa952.web.app/0.0.0.0
 address=/domainserverlawa953.web.app/0.0.0.0
 address=/domainserverlawa954.web.app/0.0.0.0
 address=/domainserverlawa955.web.app/0.0.0.0
-address=/domainserverlawa957.web.app/0.0.0.0
 address=/domainserverlawa958.web.app/0.0.0.0
 address=/domainserverlawa959.web.app/0.0.0.0
 address=/domainserverlawa96.web.app/0.0.0.0
-address=/domainserverlawa960.web.app/0.0.0.0
 address=/domainserverlawa961.web.app/0.0.0.0
 address=/domainserverlawa962.web.app/0.0.0.0
 address=/domainserverlawa963.web.app/0.0.0.0
 address=/domainserverlawa964.web.app/0.0.0.0
-address=/domainserverlawa965.web.app/0.0.0.0
 address=/domainserverlawa966.web.app/0.0.0.0
 address=/domainserverlawa967.web.app/0.0.0.0
-address=/domainserverlawa968.web.app/0.0.0.0
-address=/domainserverlawa969.web.app/0.0.0.0
 address=/domainserverlawa97.web.app/0.0.0.0
 address=/domainserverlawa970.web.app/0.0.0.0
-address=/domainserverlawa971.web.app/0.0.0.0
-address=/domainserverlawa972.web.app/0.0.0.0
 address=/domainserverlawa973.web.app/0.0.0.0
 address=/domainserverlawa974.web.app/0.0.0.0
 address=/domainserverlawa975.web.app/0.0.0.0
 address=/domainserverlawa976.web.app/0.0.0.0
 address=/domainserverlawa977.web.app/0.0.0.0
-address=/domainserverlawa978.web.app/0.0.0.0
 address=/domainserverlawa979.web.app/0.0.0.0
 address=/domainserverlawa98.web.app/0.0.0.0
 address=/domainserverlawa980.web.app/0.0.0.0
-address=/domainserverlawa981.web.app/0.0.0.0
 address=/domainserverlawa982.web.app/0.0.0.0
-address=/domainserverlawa983.web.app/0.0.0.0
 address=/domainserverlawa984.web.app/0.0.0.0
 address=/domainserverlawa985.web.app/0.0.0.0
 address=/domainserverlawa986.web.app/0.0.0.0
@@ -1761,14 +1580,11 @@ address=/domainserverlawa989.web.app/0.0.0.0
 address=/domainserverlawa99.web.app/0.0.0.0
 address=/domainserverlawa990.web.app/0.0.0.0
 address=/domainserverlawa991.web.app/0.0.0.0
-address=/domainserverlawa992.web.app/0.0.0.0
 address=/domainserverlawa993.web.app/0.0.0.0
-address=/domainserverlawa994.web.app/0.0.0.0
 address=/domainserverlawa995.web.app/0.0.0.0
 address=/domainserverlawa996.web.app/0.0.0.0
-address=/domainserverlawa997.web.app/0.0.0.0
-address=/domainserverlawa998.web.app/0.0.0.0
 address=/domainserverlawa999.web.app/0.0.0.0
+address=/donaidrsilcio.com/0.0.0.0
 address=/doooog.cn/0.0.0.0
 address=/dopeydog.co.nz/0.0.0.0
 address=/dorouscom.com/0.0.0.0
@@ -1776,20 +1592,20 @@ address=/douuodwoman.com/0.0.0.0
 address=/dowaba-s2dhl.blogspot.com/0.0.0.0
 address=/doz.tode.cz/0.0.0.0
 address=/dpasdasfasfasfas.pages.dev/0.0.0.0
+address=/dpd-pl.566868.space/0.0.0.0
 address=/dpd-redelivery-uk.com/0.0.0.0
 address=/dpmasdaskj.pages.dev/0.0.0.0
 address=/dr-joannepeeler.com/0.0.0.0
 address=/dr3aq.byethost32.com/0.0.0.0
+address=/dreamhacker.pro/0.0.0.0
 address=/dreamotion-jp.com/0.0.0.0
 address=/drivingschoolglasgow.co.uk/0.0.0.0
 address=/drmarciovaleriano.com.br/0.0.0.0
-address=/dsadsadsa.diskstation.eu/0.0.0.0
 address=/dsgcbeonline.com/0.0.0.0
+address=/dskedirekt.web.app/0.0.0.0
 address=/dsp2codemdp.t.justns.ru/0.0.0.0
-address=/dswboot.cc/0.0.0.0
 address=/dtpprtmwbtudyquwgytcqcthzc-dot-gl44393333333.rj.r.appspot.com/0.0.0.0
 address=/dtrpsystasfasgas.pages.dev/0.0.0.0
-address=/duanemanor.tk/0.0.0.0
 address=/dukhovnist.in.ua/0.0.0.0
 address=/durecorpperu.com/0.0.0.0
 address=/dwrat.andalous.org/0.0.0.0
@@ -1803,7 +1619,6 @@ address=/e4ra.byethost8.com/0.0.0.0
 address=/e63q45f9h5fr.clickfunnels.com/0.0.0.0
 address=/eagleeyeapparel.com/0.0.0.0
 address=/earth01.info/0.0.0.0
-address=/easy-webtdapp.com/0.0.0.0
 address=/easywalletfix.net/0.0.0.0
 address=/easywalletsfix.com/0.0.0.0
 address=/eba0200d0c.nxcli.net/0.0.0.0
@@ -1812,15 +1627,12 @@ address=/ebay.com.dashboard-seller.center/0.0.0.0
 address=/eberhardtedwige.wixsite.com/0.0.0.0
 address=/ebuddynews.com/0.0.0.0
 address=/ec.snadc-oecddo.com/0.0.0.0
-address=/ecloanmoney.com/0.0.0.0
 address=/ecogreenjanitorial.com/0.0.0.0
 address=/ecomcrew.staging.wpengine.com/0.0.0.0
 address=/ecosteelsolution.ro/0.0.0.0
-address=/editpdfonline.tk/0.0.0.0
 address=/edje.com/0.0.0.0
 address=/edukickmexico.com/0.0.0.0
 address=/ee-sms.co.uk/0.0.0.0
-address=/ee.mseocri.com/0.0.0.0
 address=/ee.scicemecod.com/0.0.0.0
 address=/efarms.com.ng/0.0.0.0
 address=/eharmonyservice.com/0.0.0.0
@@ -1843,7 +1655,6 @@ address=/emojis.dels.bar/0.0.0.0
 address=/emsi-lobo.firebaseapp.com/0.0.0.0
 address=/en-template-solicito-16414253314897.onepage.website/0.0.0.0
 address=/enbolivia.com/0.0.0.0
-address=/enchanting-guiltless-suede.glitch.me/0.0.0.0
 address=/encryptdrive.booogle.net/0.0.0.0
 address=/engcamp.org/0.0.0.0
 address=/enoman.fqzsdgtg.cn/0.0.0.0
@@ -1869,20 +1680,18 @@ address=/eth-coinwallet.net/0.0.0.0
 address=/eth.coinscout.cc/0.0.0.0
 address=/ethnictrendz.com/0.0.0.0
 address=/ets.jwr.pa-fakfak.go.id/0.0.0.0
-address=/etwtny.cf/0.0.0.0
 address=/eucriomeumundo.com/0.0.0.0
 address=/eugnerally-wixsite-com.filesusr.com/0.0.0.0
-address=/euraby.com/0.0.0.0
 address=/eusa-lombo.firebaseapp.com/0.0.0.0
 address=/evashoes.com.ua/0.0.0.0
+address=/even-besar-banget.duckdns.org/0.0.0.0
 address=/even-ff-gratisterbaru2022.duckdns.org/0.0.0.0
-address=/even-ff-terbarugratis2022.duckdns.org/0.0.0.0
+address=/event-ff-bundle-baru.duckdns.org/0.0.0.0
 address=/event-freefire728.duckdns.org/0.0.0.0
+address=/event-freeskkinmlbb.duckdns.org/0.0.0.0
 address=/event-garenafreefire263.duckdns.org/0.0.0.0
-address=/event-skin-resmi-2022.duckdns.org/0.0.0.0
-address=/eventclaimfreefiregratis2022.duckdns.org/0.0.0.0
 address=/eventclaimsff0.duckdns.org/0.0.0.0
-address=/eventgarenafreefiremax2022.duckdns.org/0.0.0.0
+address=/eventspinfreefire2022.duckdns.org/0.0.0.0
 address=/everestmotors.com.np/0.0.0.0
 address=/evo-revolutioncups.com/0.0.0.0
 address=/evolbithman.web.app/0.0.0.0
@@ -1891,6 +1700,7 @@ address=/excelhana.com/0.0.0.0
 address=/exchange-pancakeswaps.com/0.0.0.0
 address=/exchangedictionary.com/0.0.0.0
 address=/exodlus.net/0.0.0.0
+address=/exodus-2022.com/0.0.0.0
 address=/exodus.com-wallet-signin.com/0.0.0.0
 address=/exodus.com-web-wallet-online.com/0.0.0.0
 address=/exodus.com.tccaponline.com/0.0.0.0
@@ -1902,6 +1712,7 @@ address=/extracash-interlbankonline.com/0.0.0.0
 address=/extracloud.com.au/0.0.0.0
 address=/ezblox.site/0.0.0.0
 address=/ezssausage.com/0.0.0.0
+address=/f2f.co.jp/0.0.0.0
 address=/f6fr7.codesandbox.io/0.0.0.0
 address=/f9w1lned0ruqblxi6jahwotak.filesusr.com/0.0.0.0
 address=/faccebook.azurewebsites.net/0.0.0.0
@@ -1916,7 +1727,10 @@ address=/facebook.com-r51znzih8i.isiolo.go.ke/0.0.0.0
 address=/facebook.com-zxsrf038k.isiolo.go.ke/0.0.0.0
 address=/facebook.eventspinff.wtf/0.0.0.0
 address=/facebook.kingstopup.com/0.0.0.0
+address=/facebook.whcserverbox.com/0.0.0.0
+address=/facebook8facebook.blogspot.com/0.0.0.0
 address=/facebookk.azurewebsites.net/0.0.0.0
+address=/facebookphisher.herokuapp.com/0.0.0.0
 address=/facebooks.azurewebsites.net/0.0.0.0
 address=/faic.in/0.0.0.0
 address=/faizankhan0408.github.io/0.0.0.0
@@ -1930,20 +1744,21 @@ address=/fassilnet5.ultimatefreehost.in/0.0.0.0
 address=/fax.gruppobiesse.it/0.0.0.0
 address=/fb-case-id-28031803-fcdc-48af.web.app/0.0.0.0
 address=/fb-pages.proteksion-help.workers.dev/0.0.0.0
+address=/fb.10004682.review/0.0.0.0
 address=/fb.expressturkeyi.com/0.0.0.0
 address=/fb7927.bget.ru/0.0.0.0
 address=/fdasd.2e4jept.cn/0.0.0.0
 address=/fdhgf.xyz/0.0.0.0
-address=/feceboolk.blogspot.com/0.0.0.0
 address=/federalaccesscredit.com/0.0.0.0
 address=/fedner.net/0.0.0.0
 address=/fer-brooks.top/0.0.0.0
 address=/feriadempleos.com/0.0.0.0
 address=/ferienhof-gempel.de/0.0.0.0
 address=/ff-anivesary225.duckdns.org/0.0.0.0
+address=/ff-member-ganena.com/0.0.0.0
 address=/ff-membership-garena.com/0.0.0.0
 address=/ff-membershipz-garena.ga/0.0.0.0
-address=/ff.membership.garenaj.vn/0.0.0.0
+address=/ff.members.garera.vn/0.0.0.0
 address=/ffim-event-2022.duckdns.org/0.0.0.0
 address=/fghjr74rhudfguhtfguji.blogspot.com/0.0.0.0
 address=/fi.uy/0.0.0.0
@@ -1952,7 +1767,6 @@ address=/fidelitybank-mn.net/0.0.0.0
 address=/fighting40s.com/0.0.0.0
 address=/fikir.id/0.0.0.0
 address=/fileundelete.net/0.0.0.0
-address=/filmkenner.com/0.0.0.0
 address=/filtrosmil.com.br/0.0.0.0
 address=/finalfantasyguide.co.uk/0.0.0.0
 address=/finiiishingedgex.tk/0.0.0.0
@@ -1967,13 +1781,14 @@ address=/fluksrv.mycpanel.rs/0.0.0.0
 address=/fmwebapp.azurewebsites.net/0.0.0.0
 address=/foliar.pl/0.0.0.0
 address=/foma-ura-lote.firebaseapp.com/0.0.0.0
+address=/foor1.com/0.0.0.0
+address=/for-pakage-delevry.tragaroleary.com/0.0.0.0
 address=/foresta-mod.firebaseapp.com/0.0.0.0
 address=/forhimself9999.co.vu/0.0.0.0
 address=/formbuddy.com/0.0.0.0
 address=/forms.formium.io/0.0.0.0
 address=/formtools.com/0.0.0.0
 address=/forum-dofus.com.co/0.0.0.0
-address=/foryour.gov-information.info/0.0.0.0
 address=/fpalpha.myportfolio.com/0.0.0.0
 address=/fpmaam.org/0.0.0.0
 address=/fr-europe564598-com.filesusr.com/0.0.0.0
@@ -1986,6 +1801,7 @@ address=/freefiredot-comerhadiah.duckdns.org/0.0.0.0
 address=/freefireevent-codashop2022.duckdns.org/0.0.0.0
 address=/freeitemff-allreward.duckdns.org/0.0.0.0
 address=/freeliker.net/0.0.0.0
+address=/freereward-ff.duckdns.org/0.0.0.0
 address=/frefire-membership-garena.sukienfreefire2021.top/0.0.0.0
 address=/freg-nine.pt/0.0.0.0
 address=/friendsofnechockey.com/0.0.0.0
@@ -2001,21 +1817,22 @@ address=/ftx.com.vn/0.0.0.0
 address=/ftx.cool/0.0.0.0
 address=/ftxbonus.site/0.0.0.0
 address=/funiswap.exchange/0.0.0.0
+address=/furgonetka-1.pl/0.0.0.0
 address=/fusionrestobar.cl/0.0.0.0
+address=/futurebits.in/0.0.0.0
+address=/fwztmgr.cn/0.0.0.0
 address=/fxhalifax.com/0.0.0.0
 address=/fxxmpavktyihgyqitmuaimubui-dot-gl44393333333.rj.r.appspot.com/0.0.0.0
 address=/g-mtcc.com/0.0.0.0
 address=/g.greatsubstance.com.my/0.0.0.0
 address=/ga.teesmith.shop/0.0.0.0
 address=/gabrielamims.com/0.0.0.0
-address=/gabung-grubnew1342.duckdns.org/0.0.0.0
 address=/gagaclinic.com/0.0.0.0
 address=/gakrvwufrvhxjaabezdbltlhff-dot-gl44393333333.rj.r.appspot.com/0.0.0.0
 address=/gallciaonllne.webcindario.com/0.0.0.0
 address=/garena-xacminhtaikhoan.com/0.0.0.0
-address=/garenafreefire728.duckdns.org/0.0.0.0
-address=/gastronomiarobertos.com/0.0.0.0
 address=/gasunige.mfs.gg/0.0.0.0
+address=/gbunggrup-pmrsatu13.duckdns.org/0.0.0.0
 address=/gedfdfsd.eu/0.0.0.0
 address=/geg.li/0.0.0.0
 address=/generali-italia-ag.hrweb.it/0.0.0.0
@@ -2041,7 +1858,6 @@ address=/goldenlasgidi10.web.app/0.0.0.0
 address=/golkondaresorts.com/0.0.0.0
 address=/goo-gl.me/0.0.0.0
 address=/good12345.tripod.com/0.0.0.0
-address=/goofy-wozniak.192-210-226-164.plesk.page/0.0.0.0
 address=/gorol-cost.web.app/0.0.0.0
 address=/gorol-investor.web.app/0.0.0.0
 address=/gosafes.com/0.0.0.0
@@ -2051,39 +1867,28 @@ address=/gramarcales.com.br/0.0.0.0
 address=/greekinfra.com/0.0.0.0
 address=/greenclasses.in/0.0.0.0
 address=/grosshandel-mevida.de/0.0.0.0
-address=/group-mantap-seger.duckdns.org/0.0.0.0
 address=/group-wa-1.duckdns.org/0.0.0.0
-address=/groupbkep-vral15.duckdns.org/0.0.0.0
 address=/groworldinternational.com/0.0.0.0
 address=/grp02.member.mycld-rakuten.info/0.0.0.0
-address=/grub-sangex.wikaba.com/0.0.0.0
-address=/grubgabung.duckdns.org/0.0.0.0
 address=/grubnatajadeh12.duckdns.org/0.0.0.0
+address=/grubterbarukk037.duckdns.org/0.0.0.0
 address=/grubviralterbaru65c.duckdns.org/0.0.0.0
-address=/grup-bokephot-terbaru2022.duckdns.org/0.0.0.0
-address=/grup-bokepviral4.duckdns.org/0.0.0.0
-address=/grup-dwsa-indomesia845.duckdns.org/0.0.0.0
-address=/grup-viral-seleb.duckdns.org/0.0.0.0
-address=/grup-viralbokep111.myftp.org/0.0.0.0
-address=/grup-viralbokep2.ddns.net/0.0.0.0
+address=/gruo-wa-okep-dewasa-2022.duckdns.org/0.0.0.0
+address=/grup-bokep-terbaru555.duckdns.org/0.0.0.0
 address=/grup-whatsapp121.duckdns.org/0.0.0.0
 address=/grup-whatsappbokep1.duckdns.org/0.0.0.0
 address=/grup-whatsappbokep2.duckdns.org/0.0.0.0
-address=/grupbokeppadacantik.duckdns.org/0.0.0.0
+address=/grup2022ssx.duckdns.org/0.0.0.0
 address=/grupofsp.com.br/0.0.0.0
 address=/gruposanpio.com/0.0.0.0
-address=/gruptiktok.wikaba.com/0.0.0.0
-address=/grupviral-xx.duckdns.org/0.0.0.0
-address=/grupviral109.duckdns.org/0.0.0.0
-address=/grupviralterbaru.duckdns.org/0.0.0.0
+address=/grupwhatsaap-viral-2022.duckdns.org/0.0.0.0
 address=/grupwhatsappnobar-2022.duckdns.org/0.0.0.0
 address=/gscommunityspirit.greenschool.org/0.0.0.0
 address=/gstsolutions.online/0.0.0.0
+address=/gtw420.com/0.0.0.0
 address=/gunatanahku.perkimtan.sumbarprov.go.id/0.0.0.0
 address=/gurukanth.com/0.0.0.0
 address=/gwenet.org/0.0.0.0
-address=/gyfnqyk.cn/0.0.0.0
-address=/gymjaokhanakho.azurewebsites.net/0.0.0.0
 address=/habbocreditosparati.blogspot.com/0.0.0.0
 address=/haftteam.ir/0.0.0.0
 address=/hahdaeupdate.es.tl/0.0.0.0
@@ -2100,19 +1905,18 @@ address=/hasseanhannitybeenwaterboarded.com/0.0.0.0
 address=/haunlimited.org/0.0.0.0
 address=/hcnprdvz.azureedge.net/0.0.0.0
 address=/hdmediahub.club/0.0.0.0
-address=/hdss-stream.org/0.0.0.0
 address=/heinthu1.github.io/0.0.0.0
 address=/hellenic-postbank.com/0.0.0.0
-address=/helloparis.co.uk/0.0.0.0
 address=/help-account-bxsfe.ondigitalocean.app/0.0.0.0
+address=/help-identity-recoveri-support-center.web.id/0.0.0.0
 address=/help-notice-center-identity-6532.web.id/0.0.0.0
 address=/help.insecur.saftyalert.workers.dev/0.0.0.0
 address=/help.validation-page.workers.dev/0.0.0.0
+address=/helpingcentere.com/0.0.0.0
 address=/henan.vxim58i.cn/0.0.0.0
 address=/hermes.parcel-tracker.com/0.0.0.0
 address=/hetershaven.net/0.0.0.0
 address=/heuristic-gagarin.45-88-108-231.plesk.page/0.0.0.0
-address=/hfemail.ntneancns.com/0.0.0.0
 address=/hgda.db0u4hs.cn/0.0.0.0
 address=/hgdaa.lfoxcct.cn/0.0.0.0
 address=/hghgda.erjl0hx.cn/0.0.0.0
@@ -2127,18 +1931,15 @@ address=/hifly38926.top/0.0.0.0
 address=/hifly39091.top/0.0.0.0
 address=/hifly61215.top/0.0.0.0
 address=/hifly71191.top/0.0.0.0
-address=/hikaheal.com/0.0.0.0
 address=/himalayansherpa.com.au/0.0.0.0
 address=/himbauane.blogspot.com/0.0.0.0
 address=/hitman71hd-wixsite-com.filesusr.com/0.0.0.0
-address=/hjhjjhjhjh.pagedemo.co/0.0.0.0
 address=/hockian.com/0.0.0.0
 address=/holobeam.000webhostapp.com/0.0.0.0
 address=/home.ei1ns.de/0.0.0.0
 address=/home.myfairpoint.net/0.0.0.0
 address=/homepichilinea2.webcindario.com/0.0.0.0
 address=/homesinlogin.com/0.0.0.0
-address=/homestaylongho.com/0.0.0.0
 address=/hostnix.net/0.0.0.0
 address=/hostpoint.ch.17a902ef.tcorner.fr/0.0.0.0
 address=/hotbrooks.com/0.0.0.0
@@ -2151,6 +1952,7 @@ address=/hpplotters.in/0.0.0.0
 address=/hs-giveaways.ca/0.0.0.0
 address=/ht-cargo.com.vn/0.0.0.0
 address=/htlgroup.com.my/0.0.0.0
+address=/httpcom-0d4tol437.isiolo.go.ke/0.0.0.0
 address=/httpeugnerally-wixsite-com.filesusr.com/0.0.0.0
 address=/https-scert-con04.xyz/0.0.0.0
 address=/https-scert-srv02.xyz/0.0.0.0
@@ -2175,7 +1977,6 @@ address=/i.violationspage.validationspege.workers.dev/0.0.0.0
 address=/ialvkqkadlmcdltczoqpwoociz-dot-gl44393333333.rj.r.appspot.com/0.0.0.0
 address=/ibpm.ru/0.0.0.0
 address=/icloud-map-live.com/0.0.0.0
-address=/icloudstatus.com.ng/0.0.0.0
 address=/icy.martulangbelulalng.workers.dev/0.0.0.0
 address=/idappswallets.com/0.0.0.0
 address=/identifiez-vous-avec-votre-compte.yolasite.com/0.0.0.0
@@ -2188,7 +1989,6 @@ address=/iframejld.avent-media.fr/0.0.0.0
 address=/ighk.umjlrs7uci2751.workers.dev/0.0.0.0
 address=/iipvit.by/0.0.0.0
 address=/ijcda.bukkats.cn/0.0.0.0
-address=/ijeioqhawdqioqho.weebly.com/0.0.0.0
 address=/ijhca.0gb0h7z.cn/0.0.0.0
 address=/ijjd.h8nmtcc.cn/0.0.0.0
 address=/ijmna.p2y00vd.cn/0.0.0.0
@@ -2199,23 +1999,25 @@ address=/ikcda.a2g5xvs.cn/0.0.0.0
 address=/ikcsa.ajiqvjf.cn/0.0.0.0
 address=/ikdff.jmo904i.cn/0.0.0.0
 address=/ikja.lbanwqp.cn/0.0.0.0
+address=/ikjcd.p1z98hl.cn/0.0.0.0
 address=/ikjd.uk0xnp8.cn/0.0.0.0
 address=/ikjgd.rg6bzk7.cn/0.0.0.0
 address=/ikmcd.u4jdbxm.cn/0.0.0.0
 address=/ikmxaa.qcqxlrq.cn/0.0.0.0
+address=/ilooksrare.com/0.0.0.0
 address=/iloveyourglasses.com/0.0.0.0
 address=/ilpconnect.org/0.0.0.0
+address=/image-pict-ig.duckdns.org/0.0.0.0
 address=/imersao.impulseingles.com.br/0.0.0.0
 address=/imf0rm4t10nc3nt3r-1d3nt1tys.000webhostapp.com/0.0.0.0
-address=/imi-ksa.jajainfo.net/0.0.0.0
 address=/imobiliaria-cardinali-com-br.blogspot.com/0.0.0.0
 address=/impostazionebper.000webhostapp.com/0.0.0.0
 address=/in.deraya.org/0.0.0.0
-address=/inaueab.com/0.0.0.0
 address=/indo-viral2022.duckdns.org/0.0.0.0
 address=/info.lionnets.com/0.0.0.0
 address=/infohypesquad.com/0.0.0.0
 address=/infopichinchaweb.webcindario.com/0.0.0.0
+address=/information.safeamazoncardweb.cyou/0.0.0.0
 address=/informations.recovery.confiryourpage.workers.dev/0.0.0.0
 address=/infos00001.temp.swtest.ru/0.0.0.0
 address=/infosecplace.com/0.0.0.0
@@ -2228,16 +2030,16 @@ address=/inna.cedymll.cn/0.0.0.0
 address=/innca.ol90k56.cn/0.0.0.0
 address=/innovasjon.as/0.0.0.0
 address=/inps-ep.com/0.0.0.0
-address=/instagram-9.blogspot.com/0.0.0.0
-address=/instagramhelpp.agency/0.0.0.0
+address=/instahelppbaddge.ml/0.0.0.0
 address=/intellidata-analytica.com/0.0.0.0
-address=/interbankempresahome.rankforever.com/0.0.0.0
 address=/interbankempresas.pe-il.ru/0.0.0.0
+address=/interbankhomeweb.fullcircleteam.com/0.0.0.0
 address=/intern.unibas-com.ch/0.0.0.0
 address=/international-formulier.91-218-65-223.plesk.page/0.0.0.0
 address=/internetbanking-caixa-gov.xyz/0.0.0.0
 address=/internetbankinghelp.com/0.0.0.0
 address=/internetservicetech.com/0.0.0.0
+address=/intesalife.ie/0.0.0.0
 address=/intexargentina.com.ar/0.0.0.0
 address=/inthewildproductions.com/0.0.0.0
 address=/intoli.ru/0.0.0.0
@@ -2245,10 +2047,14 @@ address=/intrafloraplants.com/0.0.0.0
 address=/intranet.sztpe.info/0.0.0.0
 address=/investpl.work/0.0.0.0
 address=/iplogger.info/0.0.0.0
+address=/iqwea.soxr0u1.cn/0.0.0.0
 address=/ironmantech.shop/0.0.0.0
-address=/irs-gov.us-get-funds-assistance.com/0.0.0.0
+address=/irs-gov-supportcenters.com/0.0.0.0
+address=/irs.gov-coronavirus-pandemic-tax-refund-submission.com/0.0.0.0
+address=/ise.com.ar/0.0.0.0
 address=/isfirsatibul.com/0.0.0.0
 address=/ismamorlin.my-place.us/0.0.0.0
+address=/isntagranmeta.pagedemo.co/0.0.0.0
 address=/istudyalumni.com/0.0.0.0
 address=/it-europe564598-com.filesusr.com/0.0.0.0
 address=/it.melnikhotels.com/0.0.0.0
@@ -2260,6 +2066,12 @@ address=/iuhs.tyopfhn.cn/0.0.0.0
 address=/iujdas.yfwxlc9.cn/0.0.0.0
 address=/iuyydd.ebeg6uk.cn/0.0.0.0
 address=/j9w77d0.cn/0.0.0.0
+address=/jacco.co.jp-service-tranid-0001-00001m.jtlctj.cn/0.0.0.0
+address=/jacco.co.jp-service-tranid-0001-00001m.jxbehx.cn/0.0.0.0
+address=/jacco.co.jp-service-tranid-0001-00001m.qyb59bk.cn/0.0.0.0
+address=/jacco.co.jp-service-tranid-0001-00001m.v8vxqi.cn/0.0.0.0
+address=/jacco.co.jp-service-tranid-0001-00001m.v9iasv.cn/0.0.0.0
+address=/jacco.co.jp-service-tranid-0001-00001m.vjsj3y.cn/0.0.0.0
 address=/jacobliston.com/0.0.0.0
 address=/jadaart.org/0.0.0.0
 address=/jagex-rewards.com/0.0.0.0
@@ -2271,31 +2083,31 @@ address=/jbwbzta.alfens8.cc/0.0.0.0
 address=/jeanbaileyrobor.com/0.0.0.0
 address=/jendelajogja.com/0.0.0.0
 address=/jerinja.github.io/0.0.0.0
-address=/jessicasproul.com/0.0.0.0
 address=/jetser-electrical-supply.business.site/0.0.0.0
-address=/jetstoop.top/0.0.0.0
 address=/jett.gator.site/0.0.0.0
 address=/jflkp.csb.app/0.0.0.0
 address=/jfovukvysqnglcjghfxncklqih-dot-gl44393333333.rj.r.appspot.com/0.0.0.0
 address=/jhda.wfdyk9p.cn/0.0.0.0
 address=/jhdd.fjcslad.cn/0.0.0.0
 address=/jhff.93oe0u9.cn/0.0.0.0
+address=/jhnd.0drhnjk.cn/0.0.0.0
 address=/jiwanramchemical.com/0.0.0.0
 address=/jjhcd.27ke98i.cn/0.0.0.0
 address=/jk99j.sbs/0.0.0.0
-address=/jkhkjjkjk.pagedemo.co/0.0.0.0
 address=/jlogine.com/0.0.0.0
+address=/jmcna.jiwayjc.cn/0.0.0.0
+address=/jmfykd.cyou/0.0.0.0
+address=/jncba.diiqsmm.cn/0.0.0.0
 address=/jnlope.tangguakrapekpuik.link/0.0.0.0
 address=/jnnc.grnxkoj.cn/0.0.0.0
 address=/job-type.com/0.0.0.0
 address=/jobs.job.com.bd/0.0.0.0
 address=/joecamera.net/0.0.0.0
 address=/john-ashley.de/0.0.0.0
-address=/join-chat-whatssap-viral-2022.duckdns.org/0.0.0.0
-address=/join-group-wa2022.duckdns.org/0.0.0.0
-address=/join-grub-bokep-gratis.duckdns.org/0.0.0.0
-address=/join-grubkienzy849.duckdns.org/0.0.0.0
-address=/join-whatsapp-tante-hot18.duckdns.org/0.0.0.0
+address=/join-group-1.duckdns.org/0.0.0.0
+address=/join-gruo-waku282.duckdns.org/0.0.0.0
+address=/joinedprice.com/0.0.0.0
+address=/joingrupku183.duckdns.org/0.0.0.0
 address=/joingrupp-bkep156.duckdns.org/0.0.0.0
 address=/joingrupterbaru-0.duckdns.org/0.0.0.0
 address=/joinlinkviral729.duckdns.org/0.0.0.0
@@ -2303,12 +2115,14 @@ address=/joinssgropshot18.duckdns.org/0.0.0.0
 address=/joinssgropssney6.duckdns.org/0.0.0.0
 address=/jow-japan.or.jp/0.0.0.0
 address=/joyeriajireh.com.mx/0.0.0.0
-address=/jp-bnnk.japappoit.asdwb.xyz/0.0.0.0
-address=/jp-bnnk.japappoit.asdwd.xyz/0.0.0.0
+address=/jp-auid.com/0.0.0.0
+address=/jp.mercari.omany.buzz/0.0.0.0
 address=/jptechdocsign.net/0.0.0.0
 address=/jrhayley.plus.com/0.0.0.0
 address=/juandfar.github.io/0.0.0.0
+address=/jurisgeneral.com/0.0.0.0
 address=/jurlebedev.ru/0.0.0.0
+address=/juscook.com/0.0.0.0
 address=/justgot.gonevis.com/0.0.0.0
 address=/justsayingbro.com/0.0.0.0
 address=/jvk.zultifarza.workers.dev/0.0.0.0
@@ -2316,6 +2130,7 @@ address=/jyeue43rm95p.clickfunnels.com/0.0.0.0
 address=/jz2bab.webwave.dev/0.0.0.0
 address=/k3ja6d.webwave.dev/0.0.0.0
 address=/kaamwalibais.co.in/0.0.0.0
+address=/kachinas.be/0.0.0.0
 address=/kamdhenurealities.com/0.0.0.0
 address=/kargonova.com/0.0.0.0
 address=/kartaltepespor.com/0.0.0.0
@@ -2327,9 +2142,11 @@ address=/kdhdf34j6dfh.dealerwebsite.com/0.0.0.0
 address=/kdlscaffolding.co.uk/0.0.0.0
 address=/kecc.com/0.0.0.0
 address=/kecmanijada.com/0.0.0.0
+address=/kedai-gamers.com/0.0.0.0
 address=/keep-passw0rd-supp0rt20211129-0106.supp0rtaaqkadq2zgnizte3ltbly2etnge5yi05ntm3lty2yjcwyzywzdjhmwa.workers.dev/0.0.0.0
 address=/keepactive-8k98-l9k8-98j8-98j78u-d3d3-fr3d34d-2.pages.dev/0.0.0.0
 address=/keepboxactive-msoe3e3-osd2rrf432-d342f4-3f34e32edetferef.pages.dev/0.0.0.0
+address=/kenanhusovic.com/0.0.0.0
 address=/kevinsmovingservice.com/0.0.0.0
 address=/kex81.sbs/0.0.0.0
 address=/key-drcp.com/0.0.0.0
@@ -2353,12 +2170,12 @@ address=/konfirmasi-identitas-2022.webnode.page/0.0.0.0
 address=/konnect2kamadhenu.com/0.0.0.0
 address=/koteng.odoo.com/0.0.0.0
 address=/kr-bithumb.web.app/0.0.0.0
-address=/kraftongame.net/0.0.0.0
 address=/krupije.com/0.0.0.0
 address=/krx887.com/0.0.0.0
 address=/ksschool.org.in/0.0.0.0
 address=/kuchkuchnights.com/0.0.0.0
 address=/kurortnoye.com.ua/0.0.0.0
+address=/ky79.com/0.0.0.0
 address=/l-abe.com/0.0.0.0
 address=/l-q.in/0.0.0.0
 address=/lambdaweb.info/0.0.0.0
@@ -2380,16 +2197,17 @@ address=/leadershipmail.org/0.0.0.0
 address=/learningimpactmodel.com/0.0.0.0
 address=/leboncoiinlbc.000webhostapp.com/0.0.0.0
 address=/leboncoin.delivery01588.icu/0.0.0.0
+address=/lefaf77683.temp.swtest.ru/0.0.0.0
 address=/lemeiesta.com/0.0.0.0
 address=/lenagruessdich.net/0.0.0.0
 address=/leroycu.ca/0.0.0.0
+address=/letoptuswebmail-9b69f0.ingress-comporellon.easywp.com/0.0.0.0
 address=/lettertracing4kids.com/0.0.0.0
 address=/lexnotes.com.ng/0.0.0.0
-address=/lg-bluebadgecenter.ml/0.0.0.0
 address=/lg-onecom-io.web.app/0.0.0.0
 address=/liberasrl.it/0.0.0.0
 address=/lihi3.cc/0.0.0.0
-address=/linkcontract.tech/0.0.0.0
+address=/linkgrupkakak-disini.duckdns.org/0.0.0.0
 address=/liongear.com/0.0.0.0
 address=/lirc.cep.edu.vn/0.0.0.0
 address=/little-frost-1a15.chrisc11004842.workers.dev/0.0.0.0
@@ -2413,28 +2231,33 @@ address=/lloydsbank.secure-online-deregister.com/0.0.0.0
 address=/lloydsbank.secure-personal-device-login.com/0.0.0.0
 address=/lloyduk-newdevice-registered-online.com/0.0.0.0
 address=/llsckhuhskcamuqwbonsrhwpvk-dot-gl44393333333.rj.r.appspot.com/0.0.0.0
+address=/lmbanang.pgryuangbtusngka.link/0.0.0.0
 address=/lnkd.dev/0.0.0.0
 address=/lnterbancape-lbk.com/0.0.0.0
 address=/lnterbank.pe.starneonsignsug.com/0.0.0.0
+address=/local-postoffice-deliver.com/0.0.0.0
 address=/localwithg.com/0.0.0.0
 address=/lockpichincha.webcindario.com/0.0.0.0
 address=/loengregkuetngferu.live/0.0.0.0
 address=/lofon-add.firebaseapp.com/0.0.0.0
 address=/loftywallet.com/0.0.0.0
+address=/logfuliz.web.app/0.0.0.0
 address=/login-a5x1ir9bkd0dfo9nrbe2akijf3ux35u2gard0djpitipusxxc8.website.yandexcloud.net/0.0.0.0
 address=/login-facebook18.webnode.page/0.0.0.0
 address=/login-live.com-s02.net/0.0.0.0
 address=/login-np6hh1hdf6csg7hcskopd44b7e7z4clqa8lput68g5abukevka.website.yandexcloud.net/0.0.0.0
 address=/login-postfinance.com/0.0.0.0
+address=/login-singaporee.apply-now-online-digital.com/0.0.0.0
 address=/login.dbs.webdbslistinonline.com/0.0.0.0
 address=/login.privategold.uytrtyuhij987.gowithapex.com/0.0.0.0
-address=/login.smbc.weddirecttop.com/0.0.0.0
 address=/logindhlaccess.dhlupdatelogin.workers.dev/0.0.0.0
+address=/loginnewatt.weebly.com/0.0.0.0
 address=/logverify-df12e-verify-1230-eu.web.app/0.0.0.0
 address=/loinesports.com/0.0.0.0
 address=/lomadesarrollos.mx/0.0.0.0
 address=/lombard11.eu/0.0.0.0
 address=/lot-lp-x.web.app/0.0.0.0
+address=/love.gos-box.com/0.0.0.0
 address=/lp.vp4.me/0.0.0.0
 address=/lrs.financial/0.0.0.0
 address=/lrs.foundation/0.0.0.0
@@ -2454,13 +2277,10 @@ address=/m.protc.safty-pege.workers.dev/0.0.0.0
 address=/m.recovery.safetyacount.workers.dev/0.0.0.0
 address=/m.recovery.saftypageupdate.workers.dev/0.0.0.0
 address=/m.salsomascard.top/0.0.0.0
-address=/m4-appcaixia.com/0.0.0.0
 address=/m42club.com/0.0.0.0
-address=/m5bundle.com/0.0.0.0
 address=/machineryzoneservice.com/0.0.0.0
 address=/macjakarta.com/0.0.0.0
 address=/macst.cc/0.0.0.0
-address=/madamailru.temp.swtest.ru/0.0.0.0
 address=/madens.com.pl/0.0.0.0
 address=/madrhinoconsulting.com/0.0.0.0
 address=/maestro.my.prod.dfg152.ru/0.0.0.0
@@ -2472,15 +2292,15 @@ address=/mail-account-verify-f4723.web.app/0.0.0.0
 address=/mail-gmxaktualisierung.yolasite.com/0.0.0.0
 address=/mail-ovhcloud.web.app/0.0.0.0
 address=/mail-ssocloud-srvr67yhguh.pages.dev/0.0.0.0
+address=/mail.atlanticeconcrete.com/0.0.0.0
 address=/mail.enrollmoreclientsbootcamp.com/0.0.0.0
-address=/mail.gov-taxid.completofyours.info/0.0.0.0
-address=/mail.grup-dwsa-indomesia845.duckdns.org/0.0.0.0
 address=/mail.ims-fe.com/0.0.0.0
+address=/mail.kenanhusovic.com/0.0.0.0
 address=/mail.kuttabalfatih.com/0.0.0.0
 address=/mail.santepluspharma.com/0.0.0.0
 address=/mail.sweetshopspecialtycoffee.com.au/0.0.0.0
-address=/mail.tariqalaraimi.com/0.0.0.0
 address=/mail.updateinfo-billingo2.com/0.0.0.0
+address=/mail.wellsfargous.duckdns.org/0.0.0.0
 address=/mail.wheel1factory.net/0.0.0.0
 address=/mail.zenstream.com/0.0.0.0
 address=/maildomaiincheck1.web.app/0.0.0.0
@@ -2508,60 +2328,56 @@ address=/mailserver7656566.blob.core.windows.net/0.0.0.0
 address=/mailupdattee10.web.app/0.0.0.0
 address=/mailupdattee11.web.app/0.0.0.0
 address=/mailupdattee12.web.app/0.0.0.0
-address=/mailupdattee13.web.app/0.0.0.0
 address=/mailupdattee14.web.app/0.0.0.0
-address=/mailupdattee15.web.app/0.0.0.0
 address=/mailupdattee16.web.app/0.0.0.0
 address=/mailupdattee17.web.app/0.0.0.0
-address=/mailupdattee18.web.app/0.0.0.0
 address=/mailupdattee19.web.app/0.0.0.0
 address=/mailupdattee20.web.app/0.0.0.0
 address=/mailupdattee21.web.app/0.0.0.0
 address=/mailupdattee22.web.app/0.0.0.0
-address=/mailupdattee23.web.app/0.0.0.0
 address=/mailupdattee24.web.app/0.0.0.0
 address=/mailupdattee26.web.app/0.0.0.0
 address=/mailupdattee27.web.app/0.0.0.0
 address=/mailupdattee28.web.app/0.0.0.0
 address=/mailupdattee29.web.app/0.0.0.0
-address=/mailupdattee32.web.app/0.0.0.0
 address=/mailupdattee34.web.app/0.0.0.0
 address=/mailupdattee35.web.app/0.0.0.0
 address=/mailupdattee40.web.app/0.0.0.0
-address=/mailupdattee5.web.app/0.0.0.0
 address=/mailupdattee6.web.app/0.0.0.0
 address=/mailupdattee7.web.app/0.0.0.0
 address=/mailupdattee8.web.app/0.0.0.0
-address=/mailupdattee9.web.app/0.0.0.0
+address=/mainbugerrorfixing.com/0.0.0.0
+address=/mainmobilerectify.live/0.0.0.0
+address=/mainsbscrestore.com/0.0.0.0
 address=/maintoken.org/0.0.0.0
-address=/mainwalletappconnect.com/0.0.0.0
 address=/makcts-go.ru/0.0.0.0
 address=/make-anon-keep-past.rvsla.workers.dev/0.0.0.0
 address=/mala-riba.com/0.0.0.0
 address=/malaprontaargentina.com.br/0.0.0.0
 address=/malehaenterprises.com/0.0.0.0
 address=/malukutenggarakab.go.id/0.0.0.0
+address=/mamasitasont.blogspot.com/0.0.0.0
 address=/mandirilivinlinksystem.brizy.site/0.0.0.0
-address=/mandirilivinlinksystem2.brizy.site/0.0.0.0
 address=/mandirilivinlinksystem3.brizy.site/0.0.0.0
-address=/manthsedty.live/0.0.0.0
 address=/manualsync.com/0.0.0.0
+address=/maotun.xyz/0.0.0.0
 address=/mapsa.com.pe/0.0.0.0
+address=/marifilmines.ca/0.0.0.0
 address=/marinthe.poingaitongamlm.link/0.0.0.0
 address=/marketplace-axieinfinity.io/0.0.0.0
 address=/marketplace-axlelnfiniity.com/0.0.0.0
 address=/marketplace.facebook.com-1b6x8r3ep.isiolo.go.ke/0.0.0.0
 address=/marketplace.facebook.com-29ta3qbv.isiolo.go.ke/0.0.0.0
 address=/marketplace.facebook.com-hzup1bae.isiolo.go.ke/0.0.0.0
+address=/marketplace.facebook.com-izkbuxmx.isiolo.go.ke/0.0.0.0
 address=/marketplace.facebook.com-kq1oh2ae.isiolo.go.ke/0.0.0.0
+address=/marketplace.facebook.com-milt5ssm.isiolo.go.ke/0.0.0.0
 address=/marketplace.facebook.com-qze9zt75vm.isiolo.go.ke/0.0.0.0
 address=/marketplace.facebook.com-sauuvazpjo.isiolo.go.ke/0.0.0.0
 address=/marketplace.facebook.com-tyeuieb7.isiolo.go.ke/0.0.0.0
 address=/marketplace.facebook.com-wd5sulr0f5.isiolo.go.ke/0.0.0.0
 address=/marketplace.facebook.com-z1au8cxghl.isiolo.go.ke/0.0.0.0
 address=/marketplaceaxieinfiniity.com/0.0.0.0
-address=/marmardian.co.vu/0.0.0.0
-address=/marylkmatzenger.com/0.0.0.0
 address=/masdas0932.co.vu/0.0.0.0
 address=/masum.lawyer/0.0.0.0
 address=/match.lookatmynewphotos.com/0.0.0.0
@@ -2589,22 +2405,28 @@ address=/mercani.pomyt.info/0.0.0.0
 address=/mercariz.xyz/0.0.0.0
 address=/meremanovegabana.website2.me/0.0.0.0
 address=/mericarir.mbudeu.cn/0.0.0.0
-address=/mericarir.mg0gbo1.cn/0.0.0.0
+address=/mericarir.mednljn.cn/0.0.0.0
 address=/mericarir.mgeukpx.cn/0.0.0.0
 address=/mericarir.mglsffs.cn/0.0.0.0
-address=/mericarir.mksydb.cn/0.0.0.0
+address=/mericarir.mglxyul.cn/0.0.0.0
+address=/mericarir.mhgqdtv.cn/0.0.0.0
+address=/mericarir.mjrsrfo.cn/0.0.0.0
 address=/mericarir.mktbbr.cn/0.0.0.0
+address=/mericarir.mkxbqnu.cn/0.0.0.0
 address=/mericarir.mlyffa.cn/0.0.0.0
+address=/mericarir.mmsfzys.cn/0.0.0.0
 address=/mericarir.mnfjwy.cn/0.0.0.0
 address=/mericarir.mnheijt.cn/0.0.0.0
-address=/mericarir.mrzcafk.cn/0.0.0.0
 address=/mericarir.msnygk.cn/0.0.0.0
-address=/mericorci-logining.sfhs26r.lyb6srb.cn/0.0.0.0
+address=/mericarir.mtlrnzu.cn/0.0.0.0
+address=/mericarir.mukkwvc.cn/0.0.0.0
+address=/mericarir.mxsoecl.cn/0.0.0.0
 address=/meriocori-logining.2y3uio.pyqbas.cn/0.0.0.0
 address=/mestertignseekjet4.blogspot.com/0.0.0.0
 address=/mestertignseekjet5.blogspot.com/0.0.0.0
 address=/mestertignseekjet6.blogspot.com/0.0.0.0
 address=/mestredaobra.com/0.0.0.0
+address=/meta-support-centers.ml/0.0.0.0
 address=/metalurgicagiom.com.br/0.0.0.0
 address=/metamasc.club/0.0.0.0
 address=/metamask-connect.com/0.0.0.0
@@ -2615,11 +2437,13 @@ address=/metamask-wallets.yahoosites.com/0.0.0.0
 address=/metamask.cam/0.0.0.0
 address=/metamask.io-php.com/0.0.0.0
 address=/metamask.kiwi/0.0.0.0
+address=/metamask.loan/0.0.0.0
 address=/metamask.protocol-process.me/0.0.0.0
 address=/metamask.security-information.cc/0.0.0.0
 address=/metamask.social/0.0.0.0
 address=/metamask.wallets-reauth.net/0.0.0.0
 address=/metamaskdownloadandroid.xyz/0.0.0.0
+address=/metamaskextension.xyz/0.0.0.0
 address=/metamassklogins-us.tumblr.com/0.0.0.0
 address=/metaversepadapp.com/0.0.0.0
 address=/meusabor.com.br/0.0.0.0
@@ -2627,19 +2451,20 @@ address=/mfacebook.blogspot.com.cy/0.0.0.0
 address=/mfacebook.blogspot.lt/0.0.0.0
 address=/mfacebook.blogspot.rs/0.0.0.0
 address=/mgpskartarpur.com/0.0.0.0
+address=/mgrandroyale.com/0.0.0.0
 address=/mibancocrece.com.co/0.0.0.0
 address=/micacd.elshov.com/0.0.0.0
-address=/michaelxrandazzo.com/0.0.0.0
 address=/michiyado.com/0.0.0.0
 address=/microcav.square.site/0.0.0.0
 address=/microsoftonline.pages.dev/0.0.0.0
 address=/microsoftwebserver.mfs.gg/0.0.0.0
 address=/micuenta01.github.io/0.0.0.0
+address=/midasbuy1st.com/0.0.0.0
+address=/midsposc2.com/0.0.0.0
 address=/mijnics-actualisatie.185-236-231-64.plesk.page/0.0.0.0
-address=/mikhali.com/0.0.0.0
+address=/mikayelxhovakimyan.com/0.0.0.0
 address=/milanobet301.com/0.0.0.0
 address=/militarybikers.org/0.0.0.0
-address=/minamikaga.or.jp/0.0.0.0
 address=/mingming20160152.github.io/0.0.0.0
 address=/miozpro.com/0.0.0.0
 address=/miracdoviz.com/0.0.0.0
@@ -2669,16 +2494,17 @@ address=/mjaymvnlchrlbwjlcjizmxn0.filesusr.com/0.0.0.0
 address=/mk2.ge/0.0.0.0
 address=/mkjiool.weebly.com/0.0.0.0
 address=/mnbxa.73kfer9.cn/0.0.0.0
+address=/mnbxcas.zm7wwar.cn/0.0.0.0
 address=/mncxx.qbeepor.cn/0.0.0.0
 address=/mnnbx.r1rpj09.cn/0.0.0.0
+address=/mnncxa.fwffsyt.cn/0.0.0.0
 address=/mobiile.systemredirect-pages.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link/0.0.0.0
-address=/mobil-singaporre.digital-online-login-opportunity.com/0.0.0.0
 address=/mobile-orange-forever.yolasite.com/0.0.0.0
 address=/mobile-portail.live/0.0.0.0
 address=/mobile.hedgesportst.me/0.0.0.0
-address=/moccasinyellowbetatest--josekkk.repl.co/0.0.0.0
 address=/moccasinyellowbetatest.josekkk.repl.co/0.0.0.0
 address=/modest-hertz.45-81-232-15.plesk.page/0.0.0.0
+address=/moiksys.com/0.0.0.0
 address=/mon-token.com/0.0.0.0
 address=/mon.espace.lcl.fr.certosini.info/0.0.0.0
 address=/monbudri.xyz/0.0.0.0
@@ -2693,6 +2519,7 @@ address=/montrealidiomas.com.br/0.0.0.0
 address=/monyeward.com/0.0.0.0
 address=/morcario.xyz/0.0.0.0
 address=/morfybox.com/0.0.0.0
+address=/movil.particulares-secure.com/0.0.0.0
 address=/mqzlsim.mindlogicinfotech.com/0.0.0.0
 address=/mrpitchman.com/0.0.0.0
 address=/msc-doelsach.at/0.0.0.0
@@ -2713,16 +2540,14 @@ address=/my-site219.yolasite.com/0.0.0.0
 address=/my.jcpwb.com/0.0.0.0
 address=/my.nhs-get-pass.com/0.0.0.0
 address=/my.paydi.login-index-home.x4typfc.cn/0.0.0.0
-address=/my.paydi.logining-nexy-home.en6cnm.asia/0.0.0.0
 address=/my02billing-login.com/0.0.0.0
-address=/myaccount.aol.wallat-billing.com.authlog.gq/0.0.0.0
+address=/mybeii.live/0.0.0.0
 address=/mycoerver.es/0.0.0.0
 address=/mygoogleaccount.stantrade.xyz/0.0.0.0
 address=/myjcb.cyyptoi.cn/0.0.0.0
 address=/myjcb.thxpj.cn/0.0.0.0
 address=/mymbg-aa2e2.web.app/0.0.0.0
 address=/mymeta-securearea.plesk07.zap-webspace.com/0.0.0.0
-address=/mymetamask-clientarea.185-236-231-227.plesk.page/0.0.0.0
 address=/mymweb-owner.at.ua/0.0.0.0
 address=/mypo-delivery.com/0.0.0.0
 address=/mypsm.psm.edu.mm/0.0.0.0
@@ -2734,7 +2559,6 @@ address=/mzqualitycleaning.com/0.0.0.0
 address=/n-naoko-0319.github.io/0.0.0.0
 address=/n.salsomascard.top/0.0.0.0
 address=/n26.sa-france.fr/0.0.0.0
-address=/n26servicetechnique.click/0.0.0.0
 address=/n7orton.com/0.0.0.0
 address=/nab-access-breach.com/0.0.0.0
 address=/nab-alert.mobi/0.0.0.0
@@ -2742,7 +2566,6 @@ address=/nab-www.303.si/0.0.0.0
 address=/naderkhani.ir/0.0.0.0
 address=/najboljeuslugezavas.betterservicesforyou.com/0.0.0.0
 address=/nalandaias.com/0.0.0.0
-address=/nalodke.com.ua/0.0.0.0
 address=/nanjing.itud167.cn/0.0.0.0
 address=/napgamelienquan.net/0.0.0.0
 address=/naranja-users.auth0.com/0.0.0.0
@@ -2757,8 +2580,10 @@ address=/natwest.secured-personal-verify.com/0.0.0.0
 address=/nayablabs.com/0.0.0.0
 address=/nayameehomes.com/0.0.0.0
 address=/nbcc.0bit08a.cn/0.0.0.0
+address=/nbcd.xiu58rl.cn/0.0.0.0
 address=/nbcvs.gd65y69.cn/0.0.0.0
 address=/nbcxa.lctlfdq.cn/0.0.0.0
+address=/nbcxas.551awvr.cn/0.0.0.0
 address=/nbhjxa.hblhi96.cn/0.0.0.0
 address=/nbnonres.com/0.0.0.0
 address=/nbxaa.b1b6nac.cn/0.0.0.0
@@ -2770,12 +2595,9 @@ address=/ncgroup.club/0.0.0.0
 address=/necessitymag.com/0.0.0.0
 address=/nedbankqa.flowblocks.com/0.0.0.0
 address=/nedriw.xyz/0.0.0.0
-address=/neftlexi.com/0.0.0.0
 address=/negociebra.com.br/0.0.0.0
 address=/neptuneinnovations.com/0.0.0.0
 address=/netciti.id/0.0.0.0
-address=/netf1ix.us-891691712-local-781652.airalgeriecanada.ca/0.0.0.0
-address=/netfl-lixids938mailmealkas.duckdns.org/0.0.0.0
 address=/netflix-techarmy.me/0.0.0.0
 address=/netflixus-uwm-916726-sbi-917827.kamaliakhaddar.pk/0.0.0.0
 address=/networksol-f35e7.web.app/0.0.0.0
@@ -2799,9 +2621,8 @@ address=/nhri.net/0.0.0.0
 address=/nhs.my-vaccine-status.com/0.0.0.0
 address=/niagarapower.com/0.0.0.0
 address=/nic-home.com/0.0.0.0
-address=/nisuper.com/0.0.0.0
 address=/nizotchauffage.bilty.be/0.0.0.0
-address=/nontonvidioviral2022nohoax.duckdns.org/0.0.0.0
+address=/nodesconnection.com/0.0.0.0
 address=/northlane.esy.es/0.0.0.0
 address=/notife.help.institutepages.workers.dev/0.0.0.0
 address=/notification-fb.secure-pages.workers.dev/0.0.0.0
@@ -2842,23 +2663,22 @@ address=/oidda.5s2iamp.cn/0.0.0.0
 address=/oijcd.qvjcddv.cn/0.0.0.0
 address=/oikca.smwceku.cn/0.0.0.0
 address=/oikcas.6b914ty.cn/0.0.0.0
+address=/oikcd.uf27ce8.cn/0.0.0.0
 address=/oikcxa.zvvx01z.cn/0.0.0.0
 address=/oivac.com/0.0.0.0
 address=/okcs.qj8yua.cn/0.0.0.0
 address=/okds.bbtlcve.cn/0.0.0.0
-address=/okep-terbaru-viral-2022.duckdns.org/0.0.0.0
+address=/okep-viral-terbaru-terhist-2022.duckdns.org/0.0.0.0
 address=/okmca.8xcrn6w.cn/0.0.0.0
 address=/okmca.bxkfham.cn/0.0.0.0
 address=/okmca.uwudagu.cn/0.0.0.0
 address=/okmxa.lfgpror.cn/0.0.0.0
 address=/okpwtu.webwave.dev/0.0.0.0
+address=/ol-run1.online/0.0.0.0
 address=/olidooo.waca.tw/0.0.0.0
 address=/olk.us7apye.cn/0.0.0.0
 address=/olmnxa.wc2ikux.cn/0.0.0.0
-address=/olx-pay-pl.pay-id22343.top/0.0.0.0
-address=/olx.saferegulatory.com/0.0.0.0
 address=/omesqiwines.de/0.0.0.0
-address=/omicronvariat.pagedemo.co/0.0.0.0
 address=/oncopharma-ae.com/0.0.0.0
 address=/onecreator.info/0.0.0.0
 address=/onedrive.zhaoge.workers.dev/0.0.0.0
@@ -2868,13 +2688,16 @@ address=/oneone-19cd8.web.app/0.0.0.0
 address=/oneone-a38ef.web.app/0.0.0.0
 address=/online-sistem.com/0.0.0.0
 address=/onlineasesor01.hostfree.pw/0.0.0.0
+address=/onlinebanking.unrecognised-new-payee.com/0.0.0.0
 address=/onlineffn2.temp.swtest.ru/0.0.0.0
+address=/onlineislemlersayfasivkfgirisicom.tk/0.0.0.0
+address=/onlinsfuco.temp.swtest.ru/0.0.0.0
 address=/onlysportplus.com/0.0.0.0
 address=/ooxvocalor.yolasite.com/0.0.0.0
 address=/opansea.live/0.0.0.0
 address=/open24.ie-tsb.email/0.0.0.0
+address=/operationroofingllc3.com/0.0.0.0
 address=/opticabattilana.com.ar/0.0.0.0
-address=/optika-anda.hr/0.0.0.0
 address=/ora-n.yolasite.com/0.0.0.0
 address=/orabu.it/0.0.0.0
 address=/orange-dcr.fr/0.0.0.0
@@ -2885,11 +2708,8 @@ address=/orange2k22.wixsite.com/0.0.0.0
 address=/orangeb191.temp.swtest.ru/0.0.0.0
 address=/orangess.contactin.bio/0.0.0.0
 address=/org-nr.yolasite.com/0.0.0.0
-address=/orlen-inwe.web.app/0.0.0.0
-address=/orlen-x.web.app/0.0.0.0
 address=/orlen.digital/0.0.0.0
 address=/ormantencs112.odoo.com/0.0.0.0
-address=/oryxcaracalsecurity.com/0.0.0.0
 address=/osis.world/0.0.0.0
 address=/otomoto-h229.net/0.0.0.0
 address=/otomoto3452.com/0.0.0.0
@@ -2898,6 +2718,7 @@ address=/oudczfbniitcqdsrmaapdztwqo-dot-gl44393333333.rj.r.appspot.com/0.0.0.0
 address=/ourgarden.us/0.0.0.0
 address=/outlook1541489.webcindario.com/0.0.0.0
 address=/outlookcom119.yolasite.com/0.0.0.0
+address=/ouverturecompte.lbp-eer.fr/0.0.0.0
 address=/oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com/0.0.0.0
 address=/p1c.servleboncoinser.com/0.0.0.0
 address=/package2021.blogspot.ba/0.0.0.0
@@ -2905,7 +2726,6 @@ address=/package2021.blogspot.bg/0.0.0.0
 address=/package2021.blogspot.com/0.0.0.0
 address=/page-restrict-case22456548.help/0.0.0.0
 address=/pages-1008009999700022199021.com/0.0.0.0
-address=/pages-1008097555214021.com/0.0.0.0
 address=/pages-alert-facebook.ezyro.com/0.0.0.0
 address=/pages-community-standart-2022.co/0.0.0.0
 address=/pages-marvelous-project.webflow.io/0.0.0.0
@@ -2914,11 +2734,11 @@ address=/pages-support-office-2021.tk/0.0.0.0
 address=/pages.secure-accts.workers.dev/0.0.0.0
 address=/pagesdetectscopyrightpostingactivitiesreported.co.vu/0.0.0.0
 address=/pagos.sinpemovil.cr/0.0.0.0
+address=/paidpapers.net/0.0.0.0
 address=/paleyeer.com/0.0.0.0
 address=/palmm.ps/0.0.0.0
 address=/pancaakesvap.com/0.0.0.0
 address=/pancake-sawp.com/0.0.0.0
-address=/pancake.ellipsis.finance/0.0.0.0
 address=/pancake7wop.com/0.0.0.0
 address=/pancakesawpes.com/0.0.0.0
 address=/pancakesfinances.info/0.0.0.0
@@ -2928,7 +2748,6 @@ address=/pancakeswap.men/0.0.0.0
 address=/pancakeswap.multi-wallet.info/0.0.0.0
 address=/pancakeswap.salsasourcing.com/0.0.0.0
 address=/pancakeswapes.company/0.0.0.0
-address=/pancakeswapex.com/0.0.0.0
 address=/pancakeswapexcgn.com/0.0.0.0
 address=/pancakeswapexch.com/0.0.0.0
 address=/pancakeswapexchage.com/0.0.0.0
@@ -2936,17 +2755,15 @@ address=/pancakeswapexchg.com/0.0.0.0
 address=/pancakeswappshop.blogspot.com/0.0.0.0
 address=/pancaku-swap.com/0.0.0.0
 address=/pancalteswap.finance/0.0.0.0
+address=/panccakesswap.org/0.0.0.0
 address=/panckaceswap.finance/0.0.0.0
-address=/pancoke.com/0.0.0.0
 address=/pandaskin.ru.com/0.0.0.0
 address=/panelweb-4cae2.web.app/0.0.0.0
 address=/pankaceeswap.com/0.0.0.0
 address=/pankaceswapes.finance/0.0.0.0
 address=/pankakeswap.ledgity.com/0.0.0.0
 address=/pannelpub-benin.com/0.0.0.0
-address=/pansccakeswap.finance/0.0.0.0
 address=/pantazisezopiiuurmail1.web.app/0.0.0.0
-address=/pantekkalisakitkepalaku.blogspot.com/0.0.0.0
 address=/parcel-support018.com/0.0.0.0
 address=/pardot.assemblecommunities.com/0.0.0.0
 address=/pasarbta.info/0.0.0.0
@@ -2957,6 +2774,7 @@ address=/pathospitals.com/0.0.0.0
 address=/patient-cell-40f5.updatedlogmylogin.workers.dev/0.0.0.0
 address=/patwise.co.in/0.0.0.0
 address=/paws.org.au/0.0.0.0
+address=/paxfulacct.com/0.0.0.0
 address=/paxfulmenu.com/0.0.0.0
 address=/pay-sera.web.app/0.0.0.0
 address=/pay16-olx.pl/0.0.0.0
@@ -2964,13 +2782,16 @@ address=/paymentnotificationnow.blogspot.com/0.0.0.0
 address=/paypal-online-2deposits-paymentaccept.tk/0.0.0.0
 address=/paypal-opladen.be/0.0.0.0
 address=/paypalforex.co.ke/0.0.0.0
+address=/pbemail.youxiangdashui.com/0.0.0.0
 address=/pdf-cloud-document.weeblysite.com/0.0.0.0
 address=/pdf-sharefile-doc.weeblysite.com/0.0.0.0
 address=/pdflogincnvwo.app.link/0.0.0.0
 address=/pdfsecured.mystrikingly.com/0.0.0.0
 address=/peaceful-black.193-70-50-31.plesk.page/0.0.0.0
+address=/pedih.001www.com/0.0.0.0
 address=/pembatalanakundinonaktifkan.weebly.com/0.0.0.0
 address=/pencakecwap.com/0.0.0.0
+address=/pensive-payne-505e1a.netlify.app/0.0.0.0
 address=/perfectliker.net/0.0.0.0
 address=/peringatanakunfb2k214.webnode.com/0.0.0.0
 address=/phantom-walletweb.app/0.0.0.0
@@ -2996,7 +2817,8 @@ address=/pikay13.github.io/0.0.0.0
 address=/pilmezorda.temp.swtest.ru/0.0.0.0
 address=/pinchinchaverify.webcindario.com/0.0.0.0
 address=/pirana.co.rs/0.0.0.0
-address=/pl-swiatowe-wiadomosci.pl/0.0.0.0
+address=/pkobp.pl.justns.ru/0.0.0.0
+address=/pl-wiadomosciswiatowe.pl/0.0.0.0
 address=/pla1060604.nichost.ru/0.0.0.0
 address=/plan-o2-monthlypayments.com/0.0.0.0
 address=/planetaamor.org/0.0.0.0
@@ -3005,8 +2827,6 @@ address=/platinumserviceac.com/0.0.0.0
 address=/playgirlgold.com/0.0.0.0
 address=/ploferta.com/0.0.0.0
 address=/plugmailextraexpiredoldpolicynotificationscenter.pages.dev/0.0.0.0
-address=/plwiadomosciwszystkie.pl/0.0.0.0
-address=/po-deliver-fees.com/0.0.0.0
 address=/po-service-page.com/0.0.0.0
 address=/poc-rewards-program-c2dfc.web.app/0.0.0.0
 address=/podpiska-darom.ru/0.0.0.0
@@ -3023,6 +2843,7 @@ address=/poligrafiapias.com/0.0.0.0
 address=/polkadot-france.fr/0.0.0.0
 address=/polkastarter.app/0.0.0.0
 address=/polsd.pa0cpof.cn/0.0.0.0
+address=/polska-informacyjna.pl/0.0.0.0
 address=/polxa.uh8dg67.cn/0.0.0.0
 address=/polygon-pro.com/0.0.0.0
 address=/polygon-secure.com/0.0.0.0
@@ -3040,7 +2861,6 @@ address=/postch9192.cargo.site/0.0.0.0
 address=/postechsuivre.ileanamlaw.com/0.0.0.0
 address=/postnl.post-tracking-delivery.etelinfra.com/0.0.0.0
 address=/poww.6hkjmb.cn/0.0.0.0
-address=/ppkllp.com/0.0.0.0
 address=/ppnnttcc.ppcnthsc.me/0.0.0.0
 address=/precisionimpex.com/0.0.0.0
 address=/preg.dspearhead.com/0.0.0.0
@@ -3057,11 +2877,13 @@ address=/primecentral.jixinggaozhao2.shop/0.0.0.0
 address=/primecentral.qiourn.shop/0.0.0.0
 address=/primeone.org/0.0.0.0
 address=/printtoner.com.mx/0.0.0.0
+address=/prism.net.in/0.0.0.0
 address=/privacy-update-page-prtections-association-recovry-secu.web.id/0.0.0.0
 address=/privacy-update-secu-recovry-page-protection-4565544.web.id/0.0.0.0
 address=/privacy-update-secu-recovry-page-protection-comunity-45.web.id/0.0.0.0
 address=/priyankasandokar1606.github.io/0.0.0.0
 address=/pro.icloudremovaltool.com/0.0.0.0
+address=/pro.systemine.xyz/0.0.0.0
 address=/procservautomatizacion.com/0.0.0.0
 address=/production.anon-rest-keep-reset.sales18130.workers.dev/0.0.0.0
 address=/production.anon-step-keep-object.sales18130.workers.dev/0.0.0.0
@@ -3075,6 +2897,7 @@ address=/production.try-murpheos-keep.sales18130.workers.dev/0.0.0.0
 address=/production.twilight-darkness-9e4b.updatelogaccountprogramedrfwerwrdhscsw.workers.dev/0.0.0.0
 address=/project1-df3e9.web.app/0.0.0.0
 address=/projectlovewell.com/0.0.0.0
+address=/promashoppe.com/0.0.0.0
 address=/promehedinti.ro/0.0.0.0
 address=/promerica-sv.webcindario.com/0.0.0.0
 address=/promericalinea01.webcindario.com/0.0.0.0
@@ -3083,8 +2906,6 @@ address=/prosmate.com/0.0.0.0
 address=/prosxsiuser.myfreesites.net/0.0.0.0
 address=/prosys.poweredbygravit-e.co.uk/0.0.0.0
 address=/protect-4d56vca.surge.sh/0.0.0.0
-address=/proteczzguuaaardzzzpagess.000webhostapp.com/0.0.0.0
-address=/proteczzpagezzguarddzzz.000webhostapp.com/0.0.0.0
 address=/provodi.com/0.0.0.0
 address=/proximus-account.azurewebsites.net/0.0.0.0
 address=/ptxx.cc/0.0.0.0
@@ -3104,13 +2925,13 @@ address=/qhmqhgnfqbcoxkwamsioilhdmv-dot-gl44393333333.rj.r.appspot.com/0.0.0.0
 address=/qsh74pekkv5e8.clickfunnels.com/0.0.0.0
 address=/qssa.x5yrlr.cn/0.0.0.0
 address=/quinaroja.com/0.0.0.0
+address=/quirky-jones.172-245-159-112.plesk.page/0.0.0.0
 address=/quotex-qx.com/0.0.0.0
 address=/qwas.nfi71vw.cn/0.0.0.0
 address=/qwea.wvhee0w.cn/0.0.0.0
 address=/qweas.hi5g95r.cn/0.0.0.0
 address=/qweas.p6rhddj.cn/0.0.0.0
 address=/qweas.zwfaclq.cn/0.0.0.0
-address=/qxluatbght.cfolks.pl/0.0.0.0
 address=/r3c31v30n3-1d3nt1ty.000webhostapp.com/0.0.0.0
 address=/rabellartz.de/0.0.0.0
 address=/rabofree.blogspot.com/0.0.0.0
@@ -3118,6 +2939,7 @@ address=/rabofree.blogspot.li/0.0.0.0
 address=/rackenfordlabs.com/0.0.0.0
 address=/racuten.nuef.info/0.0.0.0
 address=/radhikamd.github.io/0.0.0.0
+address=/rafbbmx.ga/0.0.0.0
 address=/rafbbmx.ml/0.0.0.0
 address=/raipurrussianescorts.com/0.0.0.0
 address=/rakoten-card.buogfbizkugf.gq/0.0.0.0
@@ -3128,17 +2950,12 @@ address=/raktuen.laobanlocker.com/0.0.0.0
 address=/rakuitan-card.info/0.0.0.0
 address=/rakuten.awjoadc.cn/0.0.0.0
 address=/rakuten.card.nuosreaoms.com/0.0.0.0
-address=/rakuten.card.uosmcoua.com/0.0.0.0
-address=/rakuthn.shop/0.0.0.0
-address=/rakuttm.shop/0.0.0.0
+address=/rakuten.co.jp.rakutenajp.xyz/0.0.0.0
 address=/ramgarhiamatrimonial.ca/0.0.0.0
 address=/rareelements.io/0.0.0.0
-address=/rasmer.fi/0.0.0.0
 address=/ratewatch.net/0.0.0.0
 address=/raycargo.com/0.0.0.0
 address=/raydiom.io/0.0.0.0
-address=/razcjjf.ga/0.0.0.0
-address=/razcjjf.ml/0.0.0.0
 address=/rbcmontgomery.com/0.0.0.0
 address=/rd8um.app.link/0.0.0.0
 address=/rdirtfuo6t.vov.ru/0.0.0.0
@@ -3147,9 +2964,9 @@ address=/re-redirection-acc-id923872635122.blogspot.com/0.0.0.0
 address=/real-anon-keep-passing-word.rvsla.workers.dev/0.0.0.0
 address=/realestate-page-10843446024.expresspestcontrol.co.nz/0.0.0.0
 address=/realindiatravel.com/0.0.0.0
+address=/recibeya.tufacilmoneyonline.online/0.0.0.0
 address=/reconfirmpost287846656.us/0.0.0.0
 address=/recover-pages-media-problems-secur-782.web.id/0.0.0.0
-address=/recover-pages-secur-media-problems-393.web.id/0.0.0.0
 address=/recover-pages-secur-media-problems-397.web.id/0.0.0.0
 address=/recovery-chain.com/0.0.0.0
 address=/recovery-fb.secure-acct.workers.dev/0.0.0.0
@@ -3167,12 +2984,12 @@ address=/reglic.in/0.0.0.0
 address=/regularsweeps.xyz/0.0.0.0
 address=/reignbike.com/0.0.0.0
 address=/reikisadhna.com/0.0.0.0
+address=/rekoution.bcszxcd.shop/0.0.0.0
 address=/relevant.systems/0.0.0.0
 address=/remittance369297292749.goshly.com/0.0.0.0
 address=/renovkonstruksi.com/0.0.0.0
 address=/repl-mess.myfreesites.net/0.0.0.0
 address=/restore.exodusapp.ru/0.0.0.0
-address=/restoredabefore-com.filesusr.com/0.0.0.0
 address=/restorewallet-activation.net/0.0.0.0
 address=/retiro-extracash.com/0.0.0.0
 address=/retiro.cl/0.0.0.0
@@ -3200,7 +3017,6 @@ address=/roccobonheur1-my-cheetah-website-copy.cheetah.builderall.com/0.0.0.0
 address=/roisnoob.github.io/0.0.0.0
 address=/rokulinktechnology.com/0.0.0.0
 address=/rolinadd.surveysparrow.com/0.0.0.0
-address=/romanceify.com/0.0.0.0
 address=/rondalowa.blogspot.com/0.0.0.0
 address=/rondelbarrilito.com/0.0.0.0
 address=/ronin-help.com/0.0.0.0
@@ -3216,10 +3032,10 @@ address=/rplg.co/0.0.0.0
 address=/rrakutenn.co.jp.azii.cn/0.0.0.0
 address=/rrakutenn.co.jp.nanofresh.cn/0.0.0.0
 address=/rsujkblokqlyqfonpzgztejdji-dot-gl44393333333.rj.r.appspot.com/0.0.0.0
-address=/rufoxxy.com/0.0.0.0
 address=/runescape-info.com/0.0.0.0
+address=/runescapebonds.com/0.0.0.0
+address=/runescapeevents.com/0.0.0.0
 address=/ruth.martulangbelulalng.workers.dev/0.0.0.0
-address=/ryanicolehoward.com/0.0.0.0
 address=/rymproducciones.com/0.0.0.0
 address=/s-sarfati.co.il/0.0.0.0
 address=/s.macecri.com/0.0.0.0
@@ -3244,7 +3060,6 @@ address=/sanjilkumar.com/0.0.0.0
 address=/sankyo-rz.com/0.0.0.0
 address=/sanru.cd/0.0.0.0
 address=/santander.secured-auth-login.com/0.0.0.0
-address=/santanverifyfunction.com/0.0.0.0
 address=/santepluspharma.eclatmediasolution.website/0.0.0.0
 address=/santoshdangi.com.np/0.0.0.0
 address=/saritapariyar.com.np/0.0.0.0
@@ -3266,16 +3081,16 @@ address=/secure-boncoincontrol.net/0.0.0.0
 address=/secure-halifax-device.com/0.0.0.0
 address=/secure-mynew-devices.com/0.0.0.0
 address=/secure-runescape.xgm.rnp.mybluehost.me/0.0.0.0
-address=/secure-service-gateway.com/0.0.0.0
 address=/secure-zirox.s3.ap-southeast-2.amazonaws.com/0.0.0.0
 address=/secure.legalmetric.com/0.0.0.0
 address=/secure.oldschool.com-cl.ru/0.0.0.0
 address=/secure.oldschool.com-cu.ru/0.0.0.0
-address=/secure.oldschool.com-cv.ru/0.0.0.0
 address=/secure.oldschool.com-oz.ru/0.0.0.0
 address=/secure.oldschool.com-rsu.ru/0.0.0.0
+address=/secure.runescape.com-ak.ru/0.0.0.0
 address=/secure.runescape.com-as.cz/0.0.0.0
 address=/secure.runescape.com-az.ru/0.0.0.0
+address=/secure.runescape.com-ca.ru/0.0.0.0
 address=/secure.runescape.com-cl.ru/0.0.0.0
 address=/secure.runescape.com-co.ru/0.0.0.0
 address=/secure.runescape.com-cu.ru/0.0.0.0
@@ -3288,13 +3103,13 @@ address=/secure.runescape.com-vs.ru/0.0.0.0
 address=/secure300.inmotionhosting.com/0.0.0.0
 address=/secure303.inmotionhosting.com/0.0.0.0
 address=/secure55.webhostinghub.com/0.0.0.0
-address=/secure7-servr01-log-in.4nmn.com/0.0.0.0
-address=/securee37-authen21.duckdns.org/0.0.0.0
+address=/secureaccount.ntflxauth.co/0.0.0.0
 address=/securegateway-ovhcloud.csl-sl.de/0.0.0.0
 address=/securelloyd-help-app.com/0.0.0.0
+address=/securewalletprotocol.online/0.0.0.0
 address=/security-page-community-standards.blogspot.com/0.0.0.0
 address=/seguridad-oca.webcindario.com/0.0.0.0
-address=/seleb-indo.duckdns.org/0.0.0.0
+address=/seleccionperfil.xyz/0.0.0.0
 address=/selector26.gg/0.0.0.0
 address=/selector28.gg/0.0.0.0
 address=/sem.my-drs.co.uk/0.0.0.0
@@ -3304,7 +3119,7 @@ address=/sendung.eyecatch.ch/0.0.0.0
 address=/sergebubnin.space/0.0.0.0
 address=/sertyxese.myfreesites.net/0.0.0.0
 address=/server-networksolutions.web.app/0.0.0.0
-address=/serverprotocols.com/0.0.0.0
+address=/server221.security.coinbase.com.gdone.co.ke/0.0.0.0
 address=/servervalidationcheck103.web.app/0.0.0.0
 address=/servervalidationcheck104.web.app/0.0.0.0
 address=/servervalidationcheck105.web.app/0.0.0.0
@@ -3359,7 +3174,6 @@ address=/serviceinfo-securehost.duckdns.org/0.0.0.0
 address=/servicepage.service-page.workers.dev/0.0.0.0
 address=/servicepichincha.webcindario.com/0.0.0.0
 address=/services.runescape.com-as.cz/0.0.0.0
-address=/services.runescape.com-oc.ru/0.0.0.0
 address=/services.runescape.com-rse.ru/0.0.0.0
 address=/services.runescape.com-rsu.ru/0.0.0.0
 address=/servicesbancaire.com/0.0.0.0
@@ -3387,6 +3201,7 @@ address=/sharedtris.com/0.0.0.0
 address=/sharelink.sn.am/0.0.0.0
 address=/shayvardphoto.ir/0.0.0.0
 address=/shinex.lk/0.0.0.0
+address=/shippment2.temp.swtest.ru/0.0.0.0
 address=/shirhokos-mhalskbsiaoutfew43535.duckdns.org/0.0.0.0
 address=/shirtshanger.com/0.0.0.0
 address=/shiye666.cn/0.0.0.0
@@ -3398,11 +3213,9 @@ address=/sidneyfcuorg.freshy.site/0.0.0.0
 address=/sign-trk.empressmd.com/0.0.0.0
 address=/signin-gcq7uwojrw58brcckylebjuy39nk2ivt65ol39k6ut6ura94zk.website.yandexcloud.net/0.0.0.0
 address=/signin-payeer.com/0.0.0.0
-address=/signin.eday.ed.ws.eday.ispi.dll.signin.using.ssl.hors-stade.com/0.0.0.0
-address=/silkroadwines.com/0.0.0.0
 address=/silpovsatb-ua.online/0.0.0.0
 address=/silverberrygroup.com/0.0.0.0
-address=/sim0nt0k-viral-terbaru-2022.duckdns.org/0.0.0.0
+address=/simonecamposshop.com.br/0.0.0.0
 address=/simpkk.karanganyarkab.go.id/0.0.0.0
 address=/sindarspen.org.br/0.0.0.0
 address=/siporados15585.blogspot.com/0.0.0.0
@@ -3435,12 +3248,11 @@ address=/slavamel.github.io/0.0.0.0
 address=/sleepmaskz.com/0.0.0.0
 address=/slickparties.com/0.0.0.0
 address=/slmkufeckf.jon-jensen.workers.dev/0.0.0.0
-address=/slovenska-posta.sytes.net/0.0.0.0
 address=/slowlinebag.jp/0.0.0.0
 address=/sm.scicemecod.com/0.0.0.0
 address=/sm777.csb.app/0.0.0.0
+address=/smartfixconnect.live/0.0.0.0
 address=/smbc-accout.com/0.0.0.0
-address=/smbc-credit.shop/0.0.0.0
 address=/smbc-veaiana.com/0.0.0.0
 address=/smbcbc.com/0.0.0.0
 address=/smbccjp.shop/0.0.0.0
@@ -3448,10 +3260,11 @@ address=/smbcr.mrtka.info/0.0.0.0
 address=/smbcwodeqingguoshoujicojp.top/0.0.0.0
 address=/smeo.org.mx/0.0.0.0
 address=/smgolamalif.github.io/0.0.0.0
-address=/smirl.org/0.0.0.0
 address=/smkkesehatanjember.sch.id/0.0.0.0
 address=/smmsvocal.yolasite.com/0.0.0.0
+address=/smpn2jeruklegi.sch.id/0.0.0.0
 address=/sms-check.sc-q.top/0.0.0.0
+address=/sms-infos.d2tt.co/0.0.0.0
 address=/sms-shorter.com/0.0.0.0
 address=/smsbc-info5.com/0.0.0.0
 address=/smsenligne.myfreesites.net/0.0.0.0
@@ -3459,6 +3272,7 @@ address=/smsorangephonemail.myfreesites.net/0.0.0.0
 address=/smsorangesmsmessage.myfreesites.net/0.0.0.0
 address=/smss-mms.yolasite.com/0.0.0.0
 address=/smsverificationmms.myfreesites.net/0.0.0.0
+address=/smvbc-info.com/0.0.0.0
 address=/smwam.coms.cso.gov.tt/0.0.0.0
 address=/so.macecri.com/0.0.0.0
 address=/soaringskiesrentals.com/0.0.0.0
@@ -3471,7 +3285,6 @@ address=/sognointerno.com/0.0.0.0
 address=/solicitarfirmaelectronica-sv.com/0.0.0.0
 address=/solyanayakomnata.ru/0.0.0.0
 address=/sopac.org.py/0.0.0.0
-address=/soracoes.xyz/0.0.0.0
 address=/souaxwaoh.myfreesites.net/0.0.0.0
 address=/soude-masi.firebaseapp.com/0.0.0.0
 address=/soufsont.blogspot.com/0.0.0.0
@@ -3497,6 +3310,7 @@ address=/spirit.gtwozone.com/0.0.0.0
 address=/spk-entsperren.de/0.0.0.0
 address=/spk-jahreswechsel.com/0.0.0.0
 address=/spk-secure-de.com/0.0.0.0
+address=/spkfod.coms.cso.gov.tt/0.0.0.0
 address=/sport.protected-secur.workers.dev/0.0.0.0
 address=/sportshoes.top/0.0.0.0
 address=/sportybetpremium.wapka.co/0.0.0.0
@@ -3513,8 +3327,10 @@ address=/ssia.org.sg/0.0.0.0
 address=/ssl.dsl.isl.mll.aqmst6.stockestan.ir/0.0.0.0
 address=/sso-garena.com/0.0.0.0
 address=/sswebmail-4w5twsr.web.app/0.0.0.0
+address=/staffportal.uoz.edu.krd/0.0.0.0
 address=/stage.vannaryfowler.com/0.0.0.0
 address=/staging.eliteautomotive.com.au/0.0.0.0
+address=/standardcapbnk.com/0.0.0.0
 address=/standardupdatesupportandhelpcenter2021.ga/0.0.0.0
 address=/starforsure.com/0.0.0.0
 address=/starliker.net/0.0.0.0
@@ -3524,11 +3340,10 @@ address=/static-ak-fbcdn.atspace.com/0.0.0.0
 address=/static-dev.o2alerts.com/0.0.0.0
 address=/static-promote.weebly.com/0.0.0.0
 address=/status-dev.o2alerts.com/0.0.0.0
-address=/stbkcoltria.atwebpages.com/0.0.0.0
 address=/stclarechurch.net/0.0.0.0
 address=/steamcommunites.com/0.0.0.0
 address=/steamcommunitj.com/0.0.0.0
-address=/steamnitrof.com/0.0.0.0
+address=/steamcommunityk.com/0.0.0.0
 address=/steampoweredtrade.org/0.0.0.0
 address=/steampoweredtrades.org/0.0.0.0
 address=/stevemadden-sverige.com/0.0.0.0
@@ -3544,6 +3359,7 @@ address=/stjohnmarol.com/0.0.0.0
 address=/stjudes.in/0.0.0.0
 address=/stolizaparketa.ru/0.0.0.0
 address=/stollgroup.coms.cso.gov.tt/0.0.0.0
+address=/stomkinscommercial.com.aus.cso.gov.tt/0.0.0.0
 address=/storage.yandexcloud.net/0.0.0.0
 address=/storenike365.top/0.0.0.0
 address=/studio-lol.com/0.0.0.0
@@ -3558,13 +3374,11 @@ address=/suiviticket.co/0.0.0.0
 address=/sukien-pubgmoblevng.ga/0.0.0.0
 address=/sultan-raza.github.io/0.0.0.0
 address=/sumpandtankcleaners.in/0.0.0.0
-address=/sunami.pagedemo.co/0.0.0.0
 address=/sunbeltmembers.com/0.0.0.0
 address=/sunge-ode.firebaseapp.com/0.0.0.0
 address=/sunshineteam.in/0.0.0.0
 address=/super-dawn-3035.ddahluwalia.workers.dev/0.0.0.0
 address=/supermilhas.com/0.0.0.0
-address=/suportecxacesso2020.com/0.0.0.0
 address=/supotsstunes.servehttp.com/0.0.0.0
 address=/suppliers.bitshepherd.org/0.0.0.0
 address=/support-auwebaccessjpnaikpanggung.com/0.0.0.0
@@ -3596,6 +3410,7 @@ address=/sysm5rn.cn/0.0.0.0
 address=/system-fassil-net-2-3242353453453--12344443.repl.co/0.0.0.0
 address=/t0nline0de0login-001-site1.itempurl.com/0.0.0.0
 address=/taher-mohamed-ahmed-saad.github.io/0.0.0.0
+address=/take-free-2022.duckdns.org/0.0.0.0
 address=/taoistw345ie.co/0.0.0.0
 address=/tarik-fitness.com/0.0.0.0
 address=/taxcare.page.link/0.0.0.0
@@ -3617,11 +3432,13 @@ address=/tellmeliu.github.io/0.0.0.0
 address=/templat65sldh.myfreesites.net/0.0.0.0
 address=/temporary-url.com/0.0.0.0
 address=/terpelsicumple.com/0.0.0.0
-address=/terracontiles.com/0.0.0.0
+address=/tesladrive-event.com/0.0.0.0
 address=/test.bayoucitybadges.org/0.0.0.0
 address=/test.bitflye87.com/0.0.0.0
 address=/test.dxbproductions.com/0.0.0.0
+address=/test.myshopclub.ru/0.0.0.0
 address=/test.webclient4.de/0.0.0.0
+address=/testing-domain.duckdns.org/0.0.0.0
 address=/texasfreedomrun.com/0.0.0.0
 address=/tgpafasfsakkk.pages.dev/0.0.0.0
 address=/theaceofspaeder.com/0.0.0.0
@@ -3643,8 +3460,6 @@ address=/tieganford.ca/0.0.0.0
 address=/tighi.creatorlink.net/0.0.0.0
 address=/tight-samiuboc.co/0.0.0.0
 address=/tikitaps.com/0.0.0.0
-address=/tinhtrangdon.com/0.0.0.0
-address=/tinyurl.mobi/0.0.0.0
 address=/tipografieonline.ro/0.0.0.0
 address=/tirozhjewelry.com/0.0.0.0
 address=/titelinedrillingintl.yolasite.com/0.0.0.0
@@ -3663,7 +3478,6 @@ address=/topskills.ru/0.0.0.0
 address=/torccolborrachas.blogspot.com/0.0.0.0
 address=/torrinwine.com/0.0.0.0
 address=/touchidea.top/0.0.0.0
-address=/touronline2022.com/0.0.0.0
 address=/tovowhuqeojweawmubmaqmqlv.hofferflow.icu/0.0.0.0
 address=/tpayleboncoin.com/0.0.0.0
 address=/traders-joesxyz.com/0.0.0.0
@@ -3674,23 +3488,18 @@ address=/triangarena-membership.ga/0.0.0.0
 address=/tribratanewsbondowoso.com/0.0.0.0
 address=/tribunbalikpapan.com/0.0.0.0
 address=/truegrip.com/0.0.0.0
-address=/trust-wallet.com.cn/0.0.0.0
 address=/trustinpichincha.webcindario.com/0.0.0.0
 address=/trustpress.gr/0.0.0.0
 address=/trustypichincha.webcindario.com/0.0.0.0
-address=/ts3cacd.jhfshm.com/0.0.0.0
 address=/ts3cacd.rzjxbv.com/0.0.0.0
 address=/turntekcnc.com/0.0.0.0
-address=/twoje-zdjecia-622.herokuapp.com/0.0.0.0
 address=/tx.vc/0.0.0.0
 address=/txwnmdsbqghviqxpglgzjrgbzv-dot-gl44393333333.rj.r.appspot.com/0.0.0.0
 address=/typedream.site/0.0.0.0
 address=/typesmartlyocr.com/0.0.0.0
 address=/tyrecentre.ru/0.0.0.0
 address=/u08qv44zu5h.typeform.com/0.0.0.0
-address=/u1571226.cp.regruhosting.ru/0.0.0.0
-address=/u1571630.cp.regruhosting.ru/0.0.0.0
-address=/u1571652.cp.regruhosting.ru/0.0.0.0
+address=/u1565723.plsk.regruhosting.ru/0.0.0.0
 address=/u18741649.ct.sendgrid.net/0.0.0.0
 address=/u827857uw6.ha004.t.justns.ru/0.0.0.0
 address=/uabaiieo.com/0.0.0.0
@@ -3713,7 +3522,6 @@ address=/uhnsa.sdmpo0s.cn/0.0.0.0
 address=/uhnxa.d23xsru.cn/0.0.0.0
 address=/uhnxa.q83itv9.cn/0.0.0.0
 address=/uhnxas.rvw56l.cn/0.0.0.0
-address=/uiuui.pagedemo.co/0.0.0.0
 address=/ujcd.um2nlru.cn/0.0.0.0
 address=/ujdaa.fn3m4en.cn/0.0.0.0
 address=/ujds.5e8tn13.cn/0.0.0.0
@@ -3734,6 +3542,7 @@ address=/ujnca.wxuqxb7.cn/0.0.0.0
 address=/ujnca.zgbo0g.cn/0.0.0.0
 address=/ujncd.kzi68ra.cn/0.0.0.0
 address=/ujncd.lw2djbm.cn/0.0.0.0
+address=/ujnxas.vj135ih.cn/0.0.0.0
 address=/ukcare.in/0.0.0.0
 address=/umbrellaclubla.com/0.0.0.0
 address=/unam.myfreesites.net/0.0.0.0
@@ -3744,9 +3553,8 @@ address=/uniassessoria.com.br/0.0.0.0
 address=/unicreditaustria.ucs.info/0.0.0.0
 address=/unifacema.edu.br/0.0.0.0
 address=/unifacvest.net/0.0.0.0
-address=/unillantas.com.sv/0.0.0.0
+address=/unifiedsmartsync.live/0.0.0.0
 address=/unionheightsresidental.com/0.0.0.0
-address=/unipo-a.web.app/0.0.0.0
 address=/unisons.store/0.0.0.0
 address=/unisonsouthayr.org.uk/0.0.0.0
 address=/uniswap.ch/0.0.0.0
@@ -3756,7 +3564,6 @@ address=/uniswap.pages.dev/0.0.0.0
 address=/uniswap.seal.finance/0.0.0.0
 address=/uniswap.token.im/0.0.0.0
 address=/uniswap.trading/0.0.0.0
-address=/uniswap.vn/0.0.0.0
 address=/uniswapfinancing.info/0.0.0.0
 address=/uniswaps.net/0.0.0.0
 address=/unitedalliance-online.000webhostapp.com/0.0.0.0
@@ -3767,24 +3574,21 @@ address=/unnxa.pqpchqo.cn/0.0.0.0
 address=/unpocodearte.cl/0.0.0.0
 address=/unregpayee-lb.com/0.0.0.0
 address=/unsub.listhandlr.com/0.0.0.0
-address=/upbeat-dhawan.179-43-173-14.plesk.page/0.0.0.0
 address=/updateinfo-billingo2.com/0.0.0.0
+address=/updatemy.software/0.0.0.0
 address=/updateseason.com/0.0.0.0
 address=/updatestory2022.co.vu/0.0.0.0
 address=/updatevoda-billing.com/0.0.0.0
 address=/upgrade-25gb-email.thecornerstudio.com.au/0.0.0.0
 address=/upgradedserver.online/0.0.0.0
-address=/upgradingattonlinee.weebly.com/0.0.0.0
 address=/uploadpichincha.webcindario.com/0.0.0.0
 address=/uploads.codesandbox.io/0.0.0.0
-address=/upnew.site/0.0.0.0
 address=/uppledpichincha.webcindario.com/0.0.0.0
 address=/urbenorte.com/0.0.0.0
 address=/urgent-halifaxlogin.com/0.0.0.0
 address=/userboitevocalweb.flazio.com/0.0.0.0
 address=/userinformationstoreupdatesmail.pages.dev/0.0.0.0
 address=/usfn.net/0.0.0.0
-address=/uspsconfirm.iconoomikert.com/0.0.0.0
 address=/uspsexpressdeliveryline.com/0.0.0.0
 address=/uswowgame.net/0.0.0.0
 address=/uueer.7jgy5xe.cn/0.0.0.0
@@ -3794,6 +3598,7 @@ address=/uyhnxx.urpzkva.cn/0.0.0.0
 address=/uyqw.dykowec.cn/0.0.0.0
 address=/uz154.sbs/0.0.0.0
 address=/v.macecri.com/0.0.0.0
+address=/v3r1f1c4t10ns-1d3nt1tys.000webhostapp.com/0.0.0.0
 address=/v3r1f1c4t10ns-c3nt3rp4g3.000webhostapp.com/0.0.0.0
 address=/vaccine-status-info.com/0.0.0.0
 address=/vakif.albay-arnold.com/0.0.0.0
@@ -3801,45 +3606,45 @@ address=/valax-wallet.com/0.0.0.0
 address=/valenciaoptometry.com/0.0.0.0
 address=/valenteplay.com.br/0.0.0.0
 address=/validacionpichincha.odoo.com/0.0.0.0
+address=/validate-chain.com/0.0.0.0
 address=/validate-solana.com/0.0.0.0
 address=/validator-fzkiy.run-us-west2.goorm.io/0.0.0.0
 address=/vallion.motiffliterature.me/0.0.0.0
 address=/vcz.gmoqkzu.cn/0.0.0.0
 address=/velvish.com/0.0.0.0
 address=/ventas.lnterbarnk.pe.jifad.org/0.0.0.0
-address=/verfybadgeappform.com/0.0.0.0
 address=/veri-pichincha.webcindario.com/0.0.0.0
-address=/verificaciondeprioridad.com/0.0.0.0
 address=/verification-trustwallet.4bl-eg.com/0.0.0.0
 address=/verification.fb-page.workers.dev/0.0.0.0
 address=/verificationmessage.blob.core.windows.net/0.0.0.0
+address=/verifications-zones.com/0.0.0.0
 address=/verififacebookid.wixsite.com/0.0.0.0
 address=/verifiikasi-accounts.weebly.com/0.0.0.0
 address=/verifikasi-akun-anda0011.weeblysite.com/0.0.0.0
 address=/verifikasi-akun-facebook0022.weeblysite.com/0.0.0.0
 address=/verifikasi-identitas47.weebly.com/0.0.0.0
 address=/verifocaoffa.webcindario.com/0.0.0.0
+address=/verifymywallets.com/0.0.0.0
 address=/vgiuhkjnm.b9u6vh5l7g1797.workers.dev/0.0.0.0
 address=/victorarath99.github.io/0.0.0.0
 address=/videobigo.com/0.0.0.0
 address=/vietlime.vn/0.0.0.0
 address=/vietschi.de/0.0.0.0
 address=/viettel-com-dot-c2c01-531c7.uc.r.appspot.com/0.0.0.0
-address=/vigortech.com.np/0.0.0.0
+address=/vigilant-murdock.45-81-232-15.plesk.page/0.0.0.0
 address=/viguohilkasdsd.izwe6g6lyc.workers.dev/0.0.0.0
 address=/vilaanimalviana.pt/0.0.0.0
 address=/vinbpcfatfnkjftetwwkucfqsi-dot-gl44393333333.rj.r.appspot.com/0.0.0.0
 address=/vinivet.mk/0.0.0.0
 address=/vipfbtools.com/0.0.0.0
-address=/vipprofessional.net/0.0.0.0
 address=/viral-groub.duckdns.org/0.0.0.0
 address=/virginia-spi.com/0.0.0.0
 address=/virtual1dattss.com/0.0.0.0
 address=/vis-stort.github.io/0.0.0.0
-address=/visa-band.com/0.0.0.0
 address=/vishaljangale01.github.io/0.0.0.0
 address=/visione.co.id/0.0.0.0
 address=/visionproperty.in/0.0.0.0
+address=/vk-money.xyz/0.0.0.0
 address=/vk-posters.ru/0.0.0.0
 address=/vk-vhods.co/0.0.0.0
 address=/vkjbm.4nt4nb464e6113.workers.dev/0.0.0.0
@@ -3858,25 +3663,30 @@ address=/vugik.mecil33784.workers.dev/0.0.0.0
 address=/vv.macecri.com/0.0.0.0
 address=/vvjde0h0ttttf9hay.com/0.0.0.0
 address=/vvpaes-me-index.egvtpp.cn/0.0.0.0
+address=/vws.co.in/0.0.0.0
+address=/vxcas.a35570.cn/0.0.0.0
 address=/vxdse.myfreesites.net/0.0.0.0
 address=/w2.deraya.org/0.0.0.0
 address=/w5aproject.s3.us-east.cloud-object-storage.appdomain.cloud/0.0.0.0
-address=/w5czf.csb.app/0.0.0.0
 address=/wahed-koudsi2001.github.io/0.0.0.0
 address=/walkers-dot-composite-store-326315.uk.r.appspot.com/0.0.0.0
 address=/wallcertifyonmesh.com/0.0.0.0
 address=/walldesign.com.tr/0.0.0.0
 address=/wallet-connect012.web.app/0.0.0.0
 address=/wallet-reconnection.xyz/0.0.0.0
+address=/wallet-verified.com/0.0.0.0
 address=/wallet.silesiacoin.com/0.0.0.0
 address=/wallet22.000webhostapp.com/0.0.0.0
+address=/walletconnect-tool.net/0.0.0.0
+address=/walletconnect-tools.xyz/0.0.0.0
 address=/walletconnectonline.pages.dev/0.0.0.0
 address=/walletconnectors.com/0.0.0.0
 address=/walleterrorsupport.com/0.0.0.0
+address=/walletokenvalidation.com/0.0.0.0
+address=/walletsconect.live/0.0.0.0
 address=/walletsconnex.com/0.0.0.0
 address=/walletsliveconnects.net/0.0.0.0
 address=/walletsreauth.org/0.0.0.0
-address=/walletsvalidator.org/0.0.0.0
 address=/walletsynclive.com/0.0.0.0
 address=/walletvalidation.me/0.0.0.0
 address=/walletvalidators.com/0.0.0.0
@@ -3892,6 +3702,7 @@ address=/warbonus.ru/0.0.0.0
 address=/warningshadows.org/0.0.0.0
 address=/warsa.bandungkab.go.id/0.0.0.0
 address=/wasites.000webhostapp.com/0.0.0.0
+address=/waterproofingengineer.com/0.0.0.0
 address=/we-exodus-wallet.yahoosites.com/0.0.0.0
 address=/web-armas.royale-freefire1garena-bonus.com/0.0.0.0
 address=/web-b4119.web.app/0.0.0.0
@@ -3909,13 +3720,15 @@ address=/web-verifi05.webcindario.com/0.0.0.0
 address=/web-verifi06.webcindario.com/0.0.0.0
 address=/web.bredbanque.trans.sylog.co/0.0.0.0
 address=/web.royale-freefire1garena-bonus.com/0.0.0.0
-address=/web7320.web07.bero-webspace.de/0.0.0.0
 address=/webbbb.yolasite.com/0.0.0.0
 address=/webbl.yolasite.com/0.0.0.0
+address=/webdappsconnection.com/0.0.0.0
 address=/webdatamltrainingdiag842.blob.core.windows.net/0.0.0.0
 address=/webdesecure.clickfunnels.com/0.0.0.0
+address=/webhost-verify.duckdns.org/0.0.0.0
 address=/webip.yolasite.com/0.0.0.0
 address=/webmail-2aaa0.web.app/0.0.0.0
+address=/webmail-optusnet-com-au-sign1.weebly.com/0.0.0.0
 address=/webmail-sso8uyg.web.app/0.0.0.0
 address=/webmail.gourmer.co.in/0.0.0.0
 address=/webmail.login.access.docs67.live/0.0.0.0
@@ -3925,20 +3738,17 @@ address=/webpres.000webhostapp.com/0.0.0.0
 address=/webregular.xyz/0.0.0.0
 address=/webservice-verify.duckdns.org/0.0.0.0
 address=/websitefun.club/0.0.0.0
-address=/websiteorange.wixsite.com/0.0.0.0
 address=/webstories.eu/0.0.0.0
 address=/webvalidity.com/0.0.0.0
 address=/well-42d74.web.app/0.0.0.0
-address=/wellsfargo-online06.herokuapp.com/0.0.0.0
-address=/weryfikacja-facebookowa-27.herokuapp.com/0.0.0.0
 address=/weryfikacja-facebookowa-28.herokuapp.com/0.0.0.0
 address=/weteachbh.com/0.0.0.0
 address=/whare.100webspace.net/0.0.0.0
+address=/whatsapp-grub99zyc.duckdns.org/0.0.0.0
 address=/wheelsofmercy.org/0.0.0.0
 address=/whitelist-network.com/0.0.0.0
 address=/widadkamillah.github.io/0.0.0.0
 address=/wiki.oceanreeflifegame.com/0.0.0.0
-address=/wildcard.isiolo.go.ke/0.0.0.0
 address=/windstream-net.firebaseapp.com/0.0.0.0
 address=/winville.biz/0.0.0.0
 address=/wireconfirmation68c10a25442a3e13.blogspot.com/0.0.0.0
@@ -3955,12 +3765,15 @@ address=/wpsoar.com/0.0.0.0
 address=/wqass-index.chobqu.cn/0.0.0.0
 address=/wqass-index.dccigq.cn/0.0.0.0
 address=/wqass-index.gbswz.cn/0.0.0.0
-address=/wqass-index.jeewiki.cn/0.0.0.0
 address=/wqass-index.pygbw.cn/0.0.0.0
 address=/wrww-roblox.com/0.0.0.0
+address=/wsertyzx.gq/0.0.0.0
 address=/wteeoq.pfinanceiro.com.de/0.0.0.0
+address=/ww.lnterbank.pe.personas.aaseguros.mx/0.0.0.0
 address=/ww.lnterbank.pe.personas.onlinesocket.in/0.0.0.0
+address=/ww.lnterbank.pe.personas.t-class.org/0.0.0.0
 address=/ww16.inpost-pl-3dsecure.clear-id.xyz/0.0.0.0
+address=/wwedealershipon.000webhostapp.com/0.0.0.0
 address=/www-cursosdigitalesmx-com.filesusr.com/0.0.0.0
 address=/www-degelyehuda-org-il.filesusr.com/0.0.0.0
 address=/www-europe564598-com.filesusr.com/0.0.0.0
@@ -3968,10 +3781,9 @@ address=/www-europessign-com.filesusr.com/0.0.0.0
 address=/www-key-com.test.edgekey.net/0.0.0.0
 address=/www-mufg-jp.handicraft.ltd/0.0.0.0
 address=/www-mufg-jp.kaiqi.ink/0.0.0.0
-address=/www-wattsapcom.duckdns.org/0.0.0.0
+address=/www.facebook.com-sauuvazpjo.isiolo.go.ke/0.0.0.0
 address=/www2.rakutan.co.jploginffd9dfg7.carwork.cn/0.0.0.0
 address=/www2.rakutan.co.jploginffd9dfg7h.iotbaas.cn/0.0.0.0
-address=/www2.rakutan.co.jploginvcx8ds.nanoart.cn/0.0.0.0
 address=/www2.rakuten-card.co.jp.wzsrc.cn/0.0.0.0
 address=/www2.rakutenn.co.jp.nanopark.cn/0.0.0.0
 address=/www2.rakutenn.co.jp.zgyo.cn/0.0.0.0
@@ -3983,6 +3795,7 @@ address=/x.scicemecod.com/0.0.0.0
 address=/xcas.xoh29oz.cn/0.0.0.0
 address=/xcasd.7vo6bt.cn/0.0.0.0
 address=/xcasd.b204uje.cn/0.0.0.0
+address=/xcasd.tcbjnhq.cn/0.0.0.0
 address=/xcasd.yikn2gd.cn/0.0.0.0
 address=/xcryptocars.blogspot.com/0.0.0.0
 address=/xcvdsd.page.link/0.0.0.0
@@ -4001,10 +3814,10 @@ address=/xjmr7.mjt.lu/0.0.0.0
 address=/xjpyyds.pem4yp3.cn/0.0.0.0
 address=/xkljfg.ml/0.0.0.0
 address=/xn--gmal-sya.com/0.0.0.0
-address=/xn--instagam-sf0d.com/0.0.0.0
 address=/xn--ltappen-80a.se/0.0.0.0
 address=/xn--metamsk-lwa.link/0.0.0.0
 address=/xn--rpondeur-sfr2-bhb.yolasite.com/0.0.0.0
+address=/xpubgfrozen.tk/0.0.0.0
 address=/xqr3i.mjt.lu/0.0.0.0
 address=/xqr3n.mjt.lu/0.0.0.0
 address=/xqr3u.mjt.lu/0.0.0.0
@@ -4013,14 +3826,16 @@ address=/xrxh1.mjt.lu/0.0.0.0
 address=/xrxh2.mjt.lu/0.0.0.0
 address=/xrxhl.mjt.lu/0.0.0.0
 address=/xsbrookshhjx.top/0.0.0.0
+address=/xspin.cawnibos.com/0.0.0.0
 address=/xtio.ch/0.0.0.0
 address=/xtw42.mjt.lu/0.0.0.0
+address=/xvideokoreanwifesister18.duckdns.org/0.0.0.0
 address=/xx.macecri.com/0.0.0.0
 address=/xxaas.tp00jv9.cn/0.0.0.0
 address=/xxasd.sf29hrg.cn/0.0.0.0
 address=/xxx-com-dot-c2c01-531c7.uc.r.appspot.com/0.0.0.0
-address=/xyproject.xtensio.com/0.0.0.0
 address=/xzasd.uz64g3.cn/0.0.0.0
+address=/yahoo%2eco%2ejp@asdxa.p2x11pi.cn/0.0.0.0
 address=/yahoo%2eco%2ejp@bghgcd.psuxscm.cn/0.0.0.0
 address=/yahoo%2eco%2ejp@bhgxa.eo76sni.cn/0.0.0.0
 address=/yahoo%2eco%2ejp@cdas.nxzigco.cn/0.0.0.0
@@ -4042,12 +3857,11 @@ address=/yahoo%2eco%2ejp@ujhdca.mdwclcb.cn/0.0.0.0
 address=/yahoo%2eco%2ejp@uyhnxx.urpzkva.cn/0.0.0.0
 address=/yahoo%2eco%2ejp@zxas.2nd0g8.cn/0.0.0.0
 address=/yahoo%2eco%2ejp@zxass.jbkyj0o.cn/0.0.0.0
-address=/yahoopoweredservice.duckdns.org/0.0.0.0
 address=/yahuomall.square.site/0.0.0.0
 address=/yairix.github.io/0.0.0.0
 address=/yalena.me/0.0.0.0
+address=/yandex-viral.duckdns.org/0.0.0.0
 address=/yaqoobi.org/0.0.0.0
-address=/yaranfayez.com/0.0.0.0
 address=/yayanti.com/0.0.0.0
 address=/ybdaa.oqsgm9r.cn/0.0.0.0
 address=/ybggd.fjgjoux.cn/0.0.0.0
@@ -4067,11 +3881,13 @@ address=/yma1ll0g0n.odoo.com/0.0.0.0
 address=/ynbgdc.woprkzp.cn/0.0.0.0
 address=/ynbxa.pvgulkz.cn/0.0.0.0
 address=/yndda.m117s1s.cn/0.0.0.0
+address=/yo7ka-anna.com/0.0.0.0
 address=/yogeshwarwiremesh.com/0.0.0.0
 address=/youknowar.com/0.0.0.0
 address=/young-snow-7447.tcheviron5269.workers.dev/0.0.0.0
 address=/youreasygoing2022.co.vu/0.0.0.0
 address=/yqlpeitost.duckdns.org/0.0.0.0
+address=/ytdjhstej.tk/0.0.0.0
 address=/yuhjjkss.web.app/0.0.0.0
 address=/yumpai.cn/0.0.0.0
 address=/z.macecri.com/0.0.0.0
@@ -4079,10 +3895,12 @@ address=/z.scicemecod.com/0.0.0.0
 address=/z0massegurabclp1.shreeramwoodindustries.com/0.0.0.0
 address=/z2qje.codesandbox.io/0.0.0.0
 address=/z3voicrxxvs.typeform.com/0.0.0.0
+address=/zacharytlasko.com/0.0.0.0
 address=/zackselectronics.co.zw/0.0.0.0
 address=/zaktualizacja-platnosci.netfxtv.co.pl/0.0.0.0
 address=/zasd.yhxmd30.cn/0.0.0.0
 address=/zb2-home.web.app/0.0.0.0
+address=/zen-minsky-ef5931.netlify.app/0.0.0.0
 address=/zenvinyl.com/0.0.0.0
 address=/zepe.io/0.0.0.0
 address=/zeroquiz.com/0.0.0.0
@@ -4095,10 +3913,8 @@ address=/zmpcoacu.cyou/0.0.0.0
 address=/zmpcoado.cyou/0.0.0.0
 address=/zoho-online.web.app/0.0.0.0
 address=/zoho-validationserv.web.app/0.0.0.0
-address=/zonalnterbank.com/0.0.0.0
 address=/zonmca.hxljatvw.cn/0.0.0.0
 address=/zshrvvo.cn/0.0.0.0
-address=/zuiunsya.com/0.0.0.0
 address=/zxas.2nd0g8.cn/0.0.0.0
 address=/zxas.hs0rgq8.cn/0.0.0.0
 address=/zxass.jbkyj0o.cn/0.0.0.0
@@ -4107,6 +3923,5 @@ address=/zxcaspx.aghwlup.cn/0.0.0.0
 address=/zxcnash.seufhsk.cn/0.0.0.0
 address=/zxcod.01l241.cn/0.0.0.0
 address=/zxcuashs.e0n0gh5.cn/0.0.0.0
-address=/zxdlbny.cn/0.0.0.0
 address=/zxnahs.3cze6ri.cn/0.0.0.0
 address=/zz.macecri.com/0.0.0.0
diff --git a/dist/phishing-filter-domains.txt b/dist/phishing-filter-domains.txt
index a23800d5..d1f2ce0a 100644
--- a/dist/phishing-filter-domains.txt
+++ b/dist/phishing-filter-domains.txt
@@ -1,5 +1,5 @@
 # Title: Phishing Domains Blocklist
-# Updated: Sun, 16 Jan 2022 12:01:44 +0000
+# Updated: Mon, 17 Jan 2022 00:01:35 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/phishing-filter
 # License: https://gitlab.com/curben/phishing-filter#license
@@ -13,9 +13,6 @@
 02-billing-support.org
 08863299.sso-secure-mail0454etr.pages.dev
 0bs.de
-0gjvj7a8eydbjz3au8anbg-on.drv.tw
-1000000000347789523698541.tk
-1000000000347789523698545.tk
 1000000000347789523698546.tk
 1000000000347789523698547.tk
 103.114.16.4
@@ -32,10 +29,12 @@
 149-210-143-165.colo.transip.net
 149.210.143.165
 15004083383734.data-store-company.com
+154.222.224.81
 154.30.211.130.bc.googleusercontent.com
 161.35.142.2
 165.227.122.125
 16park.cn
+1727365.com
 173.82.154.253
 178.128.108.233.dsl.dyn.forthnet.gr
 179.43.140.208
@@ -55,9 +54,9 @@
 2022-exodus.com
 2022-girobanken-sparkassen.xyz
 2022.intrebrkprsonas.xyz
+205.185.113.221
 208.82.115.230
 217651.8b.io
-2247317.verifyinguser426128734570198363.com
 228.94.92.rev.sfr.net.gghost.ru
 24611250.sibforms.com
 2482689012.yolasite.com
@@ -66,6 +65,7 @@
 2fa.bthei.com
 2pil.ru
 2rakuten.co.jp.happyyear.cn
+2yfh.short.gy
 3-139-75-158.cprapid.com
 343i.org
 343t3dv9qdufp.clickfunnels.com
@@ -73,8 +73,11 @@
 35.199.84.117
 35.225.222.142
 3568365.com
+365unfreezesecurity.com
+3782365.com
 3a10a178.s6t6sj4s46tu4sys54y5.pages.dev
 3bvjh.sbs
+3c5.com
 3ck.me
 3dprintersupplies.com.au
 3dsecure-update-service-info-live.duckdns.org
@@ -102,20 +105,21 @@
 613707.selcdn.ru
 61da8ae6.6u6566hrrthsh45.pages.dev
 638ca12d-ba2f-451c-8418-faf56b7de7ff.htmlcomponentservice.com
-65451440241544.hyperphp.com
-664876.verifyinguser426128734570198363.com
+6734365.com
 67lksxgjd.bttmassage-thai-tanger.com
 6a7zu9he6mqh.clickfunnels.com
 6c7f0acc.sibforms.com
+6stupefacentevideo2022.pagedemo.co
+754675377.xyz
 78.108.89.240
 7837365.com
 7a4298b9.sso-mail-secure234ds23d23wd1.pages.dev
 7wr4u.csb.app
 7yu3v.csb.app
 8.215.32.173
-8010361370310234068010361370310234.blogspot.be
 859411.icu
 8760365.com
+885211.icu
 889381.icu
 8899.jp
 89ix7y0.cn
@@ -143,15 +147,18 @@ absaonline2021.website2.me
 absolute-containers-sip.business.site
 absolutepleasure.com.my
 acacia.webdevonline.net
+account-recovery.org
 account.herephyshy.info
 account.verifications.help-page.workers.dev
 accounts-autoscout24.de
 acessobradesco.digital
 ach111.xyz
 activate-hulu-com-activate.sitey.me
+activatingmymainnet.com
 adamfeber.com
 adcloudserver.com
 admin-formserviceupdates.weeblysite.com
+administer-708aa.web.app
 administraciondefincaspereznovo.com
 adorablepomskyhome.net
 adpunemploymentclaims.sharefile.com
@@ -161,14 +168,13 @@ affixsports.net
 afreemart.xyz
 africansecrets.ca
 agora.imb.br
-agricolefr-99f918.ingress-erytho.easywp.com
 agrimetiersmartinique.fr
 agurimu-nagoya.com
 ahhhh.pe.kr
 ai.macecri.com
-aib-unauthorized-access.com
 aid-validation-human.run-us-west2.goorm.io
 aimekidya-recpag.web.id
+airbnb.book-space-b851927.live
 airportprescreening.com
 aitsidihamh.my-place.us
 akanksha3012.github.io
@@ -189,8 +195,10 @@ aliciabot.azurewebsites.net
 alkhalilgraphics.com
 allegrolokalnie-pl-3dsafe.id-43051.xyz
 allegrolokalnie-pl-3dsafe.id-91501.xyz
+allegrolokalnie-pl-3dseif.id-43051.xyz
 allegrolokalnie-pl-safe.id-43051.xyz
 alliancesuper.com
+almarjantours.com
 almighty.edu.np
 alnajahh.com
 aloun.ps
@@ -198,6 +206,7 @@ alphabnkgre.com
 alqadi.ps
 alquilervillora.net
 alsofft.com
+alupi-frey.shop
 amacez.jyrtery4.top
 amacredit.amacardpkey.xyz
 amaenv.fgasdfw6.xyz
@@ -208,21 +217,20 @@ amazom.supwwe.xyz
 amazomsse.shop
 amazon-gcatech.com
 amazon-interruption.com
-amazon.co.ip.jlig.cn
 amazon.co.jp.abaiaccounting.cn
 amazon.gousana.casa
-amazon.jp-m.win
+amazon.logins-co.jp
 amazon.works.ga
 amazonhome.sfrmobiles.com
 amazonjapsne.cf
+amazonses.authflows.com
 amazoon.co.op.o4j.top
-ambil-hadiah-gratis-resmi-dari-freefire.duckdns.org
 amc-training.com
-amcgardiennage.com
+amecmasmerd.ga
 ameozom.jp.onaworks.com
 americanexpress-auth.azurewebsites.net
-americanexpress.heiwakai.com
 amguevara.com
+amhsd.com
 amidabuli.com
 amlnov7.web.app
 amnzma-jp.top
@@ -233,7 +241,6 @@ amnzmsn3-jp.shop
 amoazom.rm82j6-t8.cn
 amonzau_co_take.ktbf.shop
 amosleh.com
-amozom.co.ip.taxhod.club
 amreeth.github.io
 amusebouche-bg.com
 amzcredit.dearva.xyz
@@ -249,24 +256,21 @@ angryezgames.com
 anhduongjsc.com
 anj-azakp.run.goorm.io
 anjalijha167.github.io
-anjayredit.duckdns.org
 annacatania.com.mt
 anon-keep-admin-keep.rvsla.workers.dev
 ansr.ro
 aolmailukhelplinecustomerservice.blogspot.com
 aolmailukhelplinecustomerservice.blogspot.com.au
-aolpoweredservice.duckdns.org
 aolverixon11dfd.weebly.com
 aolxperience.com
+api-saisoncard-co-jp.md160.net
 api-saisoncard-co-jp.o4ay8.net
 api.florense.com.br
 api.redirect-bentobot199.com
 api.redirect-safebrowser-online.com
-api.safe-directmail.com
 aplintec.com.mx
 app-928e4a31-5ecb-44ae-8c1e-5a710ac73f9f.cleverapps.io
 app-bombcrypto-io-login-ab.blogspot.com
-app-panckswp.xyz
 app.bydn217.club
 app.duel.network
 app.fiiber.ca
@@ -276,10 +280,11 @@ app.sugarsync.com
 appatualizecef.com
 appibsolicitud.com
 appleid-check.info
+applekra.com
 applepichincha.webcindario.com
 apply.aua.am
 apps.mobile-form-verification40124572700208277579.xjzsg0tqkl-ewl6ngk8w352.p.runcloud.link
-appttech.com
+aprilgagenesh.com
 aquaqualitas.com
 arafathrumman.github.io
 arcacg.com
@@ -287,15 +292,18 @@ archivio-supporto.sitoper.it
 are.scicemecod.com
 areueaom.gtpzcve.cn
 areueaom.gtva.cn
+arif.com.bd
 aromatic.webenliven.in
 arthamahotels.com
 artlux.com.pl
 arub-service.org
 aruba.fatt.ids-sys.com
 as.macecri.com
+as.scicemecod.com
 asaipestcontrol.com
 ascom.co.tz
 asd.9sw53wk.cn
+asdxa.p2x11pi.cn
 asgard-ampqy.run-us-west2.goorm.io
 asimpwsh.com
 asistentetramitadordigitalda.com
@@ -305,19 +313,24 @@ at-t-support-service1.sitey.me
 at-t-yahoo.sitey.me
 atento-fdi.plusoftomni.com.br
 ativacao-online73681.com
+atlanticeconcrete.com
 atnr76dxku336szy.clickfunnels.com
-attcustomdesk.weebly.com
+att556.weebly.com
+att87.weebly.com
 attinfoser.weebly.com
 attonlinemanagementpage.weebly.com
+attonlineuserverification.weebly.com
 attpage1121.weebly.com
 atualizacao-online547864.com
 atualizarmodolo.com
 atulrathore-dev.github.io
+auid-japan.com
 aurumship.com
-aushfew.tokyo
 aushotel.es
 auth-task1-m.web.app
 auth-webmailakeonetcom.yolasite.com
+auth.topgamers.cn
+authent54-sedure32.duckdns.org
 authorize-trustvallet-protocol.com
 authorizewallet.app
 authuxeehmutconjxmailssocl.web.app
@@ -327,16 +340,15 @@ autoexprs.com
 autoranplususeremailprocessingupdate.pages.dev
 autoscurt24.de
 autumn-sun-4a21.paqesads-scure.workers.dev
+avelocidad.com
 avrorganics.com
 awesome-gates-8bdd6f.netlify.app
 ax.xiguw.workers.dev
-axieinfinity-meta.com
 axieinfinity-supportwallet.com
 axlr.in
-ayguru.com
+ayushenterprise.in
 az.macecri.com
 azb3s.cf
-azmnsaz.000webhostapp.com
 azmznonos_co_long.akys.shop
 b.com.0cdb6084fc320a42a6418192753f5960.laremolonarestaurante.com
 b059c86968a6427389952025bcee9886.svc.dynamics.com
@@ -344,7 +356,6 @@ b4e921f0.sso-mailsrvr-4344e5teed.pages.dev
 b96f7f93.sibforms.com
 b97bca39.srvr-cloudmail-srvr6754e5rte.pages.dev
 bacteralia.com
-badnewswegewroighgserhhg.xyz
 bag-macben.eu
 bakhai.vn
 balajihospital.net
@@ -364,7 +375,6 @@ bancaporlnternetlnterbarnk.jifad.org
 bancaporlnternetlnterbarnk.libertycanais.com.br
 bancoiinng.site44.com
 bancooccidentalb.com
-bank-id.pl
 bankapolska.com
 banki0wa.us
 bankocaoffo.webcindario.com
@@ -372,8 +382,8 @@ bankofamer86.ddns.net
 bannerbank.control-inc.com
 bannerchampnyc.com
 banproseguridadasistenteenlineanic.webnode.es
-banqsuepoy.temp.swtest.ru
 baradua.it
+barbecuef.top
 battlelastmont.cyou
 bc1.paiementervice.com
 bconclutmjy.ru
@@ -382,7 +392,7 @@ bcpzonaseguirabeta.com
 be-home.web.do
 bearmybrand.com
 beast-blog.com
-beibys.com.br
+beccu07.zzux.com
 beijing.vfzfy1v.cn
 belovedaroma.com
 bendmytrend.com
@@ -448,18 +458,19 @@ bnconacional.odoo.com
 bncre.odoo.com
 bncxz.9wx9b27.cn
 bndigitalpersonas.com
-bnpparibas-pl.mob-app.xyz
 boaupdate.bfaoscr.com
 bogdonovlerer.com
 bogged-finance.com
+boi.365online-replacement.com
+boke4-indonesia-2022a7whatsapp.duckdns.org
+bokep-virall-sange33.duckdns.org
 bokgabanesolutions.co.za
+bold-lichterman.45-81-232-15.plesk.page
 bookfbs.evangsamuelministries.com
 boxes.com.py
 br4.in
 br622.teste.website
-brave-knuth-96d329.netlify.app
 breople.com
-brigida_cossette.gitlab.io
 brooks-forrunning.top
 brooks-justforjogging.top
 brooks-move.top
@@ -498,7 +509,6 @@ builmon.xyz
 bujikena.web.app
 bundel-cobragratis2022.duckdns.org
 busanopen.org
-business-action-copyright11022.web.app
 business-action-page129591.web.app
 business-appeal-copyright8211.web.app
 business-appeal-form-18222.web.app
@@ -506,24 +516,22 @@ business-copyright-alert100821.web.app
 business-copyright-alert198082.web.app
 business-copyright-alert19882.web.app
 business-copyright-detected920.web.app
-business-page-content125882.web.app
 business-required-helpcenter82.web.app
 business-required-info188221.web.app
 businessemailss.biz
-bussines.messages-redirect-to-page.e37uezyquk-rz83y0rwz4d7.p.runcloud.link
 buyelectronicsnyc.com
 c.curiousmorty.be
 c.jardindemiedo.es
 c.loveawaits.be
 c.mail.com
 c0m-r51znzlh8i.isiolo.go.ke
-c10012022j.temp.swtest.ru
 c1christine.tjelmeland2e.cso.gov.tt
 c2dc5b99.chgmar.pages.dev
 c6ebv708.caspio.com
 cabsiler.com
 cache.nebula.phx3.secureserver.net
 cadeau-orange.fr
+caixabanki.temp.swtest.ru
 caixaseguradora.quadientcloud.com
 cakesbyannemotha.com
 cammymiller.com
@@ -533,7 +541,6 @@ cannellandcoflooring.co.uk
 capservice.online
 caracasmateriais.blogspot.com
 carpediemxp.com
-carry.reduxservices.com
 carservicessaupdate.xyz
 cartamorin-geometres.fr
 carwash.tv
@@ -546,6 +553,7 @@ caycos.beispielseite-wmka.de
 caymanreno.com
 cbmonlinegroups.com
 cc.scicemecod.com
+cc23674.tmweb.ru
 ccjrlaw.com
 cdas.nxzigco.cn
 cdsoa.wuefyta.cn
@@ -558,14 +566,13 @@ centralconsulta.link
 centre1.bubbleapps.io
 ceresgulf.com
 certifica-montepaschii.com
-chalokradocallkakuch.azurewebsites.net
-changenotification.pricesamazonlogincard.monster
+charitascb.com
 charperimagedesign.com
 chat-whatasapp.com
 chat-whatsaap99.duckdns.org
 chat-whatsapp-com-go8i7q-qregrabc-ibuxub.duckdns.org
-chat-whatsapp-group-2022.duckdns.org
 chat-whatsapp-grupo-invitacion.blogspot.com
+chat-whatsapp-gscfghjsgsu.duckdns.org
 chckmaill1.web.app
 chckmaill10.web.app
 chckmaill11.web.app
@@ -599,9 +606,9 @@ chiragrajoria.github.io
 chois.jp
 christienstudystl.wixsite.com
 christmas-dhl-express-delvr.hopekosmos.com
+chronopostaws.com
 chtbnk.uk
 chutomen.com
-ciiusea.com
 cinemaleftech.com
 citagestionenlineabn.com
 city-of-jazz.de
@@ -609,13 +616,11 @@ ckwgruppe.service-now.com
 claiimdiamondgratis84.duckdns.org
 claim-event-freefire-garena-oldfree-a4.duckdns.org
 claim-skingratis-mobailegends161.duckdns.org
-claimgratisff2022.duckdns.org
 claims-funds-enczj.run-us-west2.goorm.io
 claimseventmlbb.duckdns.org
 claimshopee.yolasite.com
 claro-link.brsafe.com.br
 claus.bz
-clefman.cl
 click-here-help.in
 client-support-page.com
 clientid-h5p8n7f9e6fbmkhbr3i4gbnia7e9zpts4nbk3ebk0zj625t2ol.website.yandexcloud.net
@@ -654,7 +659,9 @@ co.jp.rukbcga.cn
 co.jp.sefdvsi.cn
 co.jp.tezkkbp.cn
 co.jp.ztxzzup.cn
+cobaincurlduluom.duckdns.org
 codwarzonemobile.com
+coindappsync.online
 cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev
 collab-land.net
 collabland.info
@@ -669,23 +676,24 @@ com-mm2ai86orr.isiolo.go.ke
 com-r51znzlh8i.isiolo.go.ke
 com-sauuvazpjo.isiolo.go.ke
 com-ugsyk69nqb.isiolo.go.ke
-comefuck.co
 community.fb-pages-01138913366342885284.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
 community.fb-pages-28202553629866144006.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
 community.fb-pages-44883444930165123303.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
 completeegali.webcindario.com
+completeyorcorp.lunsrgovert.net
 comunicazione-europe.net
 comunity-isue-ideent-andromeda-29.web.id
 comunity-isue-ideent-andromeda-33.web.id
-comunity-isue-ideent-andromeda-88.web.id
 con-firma.firebaseapp.com
-confirming-pages-idntitysupport.web.id
 congresosba.com.ar
 conhecaonlinedigital.com.br
 connect.au-login.0662smt.com
+connect.auone.jp-login.kddi-sys.com
+connect.myauone.jp-auid.jp-auid.com
+connect.myauone.jp-auid.kddi-mail.com
+connectlivewallet.io
 connectwallet.me
 conoscofaturahiiiper.com
-consultavirtuai.bieah.com
 contabilidaderabello.com.br
 contact2acceptpoilcyverifingyouracceptancemailfullinbox.pages.dev
 contapessoal.digital
@@ -696,7 +704,7 @@ continentepecas.com
 contratodeparceria.com.br
 controlpichincha.webcindario.com
 copyright-center-live.ml
-corl-inv.web.app
+coroplastusa.com
 correosdemexico-web.com
 corta.ai
 cosemu.com
@@ -716,7 +724,6 @@ credicorp-capital.net
 credicorpfiduciariasa.com
 credifinanciera.didacsis.com
 crediserfinanza.com
-credita302.temp.swtest.ru
 creditagricole-sudrhonealpes.blogspot.ba
 creditagricole-sudrhonealpes.blogspot.com
 creditagricole-sudrhonealpes.blogspot.ro
@@ -724,13 +731,18 @@ creditinternationalbank.com
 creditiperhabbogratissicuro100.blogspot.it
 cresvin.com
 criticalcarevizag.com
+crrdxwjap7t.typeform.com
 cryptocars-plays.buzz
 cryptocarsme.com
 cryptscars-logs.com
 cryqtocars.me
 cuans.bkaamiv.cn
 currentlyupgrade.mystrikingly.com
+cusnas.366wuv.cn
+cxas.bvd2q18.cn
+cxas.zk6w4dt.cn
 cxasd.easghbl.cn
+cxmnsa.04frh0w.cn
 cxnbas.nmkbmqk.cn
 cxuahs.1wc9bxm.cn
 cyna.rkpmage.cn
@@ -743,8 +755,10 @@ d18gc1ytkdv37u.cloudfront.net
 d2aae6a6.srvr-cloudmail-srvr675eu6r.pages.dev
 d3ncuwwrr82.typeform.com
 daatahomes.com
+dadafa88.com
 damp-f43e.recovery-page-secur.workers.dev
 danitraseoexperts.com
+dappconnecttvalidator.net
 dapponlines.com
 dappscoins.com
 dappsiconnect.com
@@ -760,8 +774,8 @@ daycoval.facildepagar.com.br
 db-web-client.com
 dbesmdcjzturhizszllesbthsn-dot-gl44393333333.rj.r.appspot.com
 dbkuzwes.online
-dbs-interrnet.online
 dbs.limited
+dbs.online.webdbslistinonline.com
 dbs.webdbslistinonline.com
 dbw.gr
 dcm1.ae.iwc.static.tungmung.co.id
@@ -794,6 +808,7 @@ deutsche-post.apurvathespygenesh.com
 dev-nadaj.orlenpaczka.ce5.pl
 dev-secu-credit-union.pantheonsite.io
 dev-www.orlenpaczka.ce5.pl
+dev.massageliabilityinsurancegroup.com
 dev.shivaxi.com
 devicepichincha.webcindario.com
 devops.help
@@ -806,15 +821,17 @@ dhl-event.app
 dhl.recruitmentplatform.com
 diamondplate.us
 die-post-swiss-id-19782635812.psd2any.com
+diepost-paketevhost207932.lowhost.ru
 diginto.org
-dilscord.gift
+diligentverify.com
 directqpuprozaakp.weebly.com
 dirtyez.com
 disccrdapp.com
 disckord.club
 discoord-nittro.com
-discorc.gift
 discordbugs.com
+discordnitroos.com
+discrods.gift
 dispositivoapp.azurewebsites.net
 distinctivei.com
 distrial.ec
@@ -827,7 +844,6 @@ dkglobaljobs.com
 dl.9xu.com
 dlink.me
 dmaxpesca.com.es
-dminer.cloud
 doclab-console-auth.firebaseapp.com
 docs-verify-c671.thajetiase.workers.dev
 docs.revv.so
@@ -853,12 +869,9 @@ domainserverlawa116.web.app
 domainserverlawa117.web.app
 domainserverlawa118.web.app
 domainserverlawa119.web.app
-domainserverlawa120.web.app
-domainserverlawa121.web.app
 domainserverlawa122.web.app
 domainserverlawa123.web.app
 domainserverlawa124.web.app
-domainserverlawa125.web.app
 domainserverlawa126.web.app
 domainserverlawa127.web.app
 domainserverlawa128.web.app
@@ -867,32 +880,24 @@ domainserverlawa13.web.app
 domainserverlawa130.web.app
 domainserverlawa131.web.app
 domainserverlawa132.web.app
-domainserverlawa133.web.app
 domainserverlawa134.web.app
 domainserverlawa135.web.app
 domainserverlawa136.web.app
 domainserverlawa137.web.app
-domainserverlawa138.web.app
 domainserverlawa139.web.app
 domainserverlawa14.web.app
-domainserverlawa140.web.app
-domainserverlawa141.web.app
 domainserverlawa142.web.app
 domainserverlawa143.web.app
 domainserverlawa144.web.app
 domainserverlawa145.web.app
 domainserverlawa146.web.app
-domainserverlawa147.web.app
 domainserverlawa148.web.app
 domainserverlawa149.web.app
 domainserverlawa150.web.app
-domainserverlawa151.web.app
 domainserverlawa152.web.app
 domainserverlawa153.web.app
-domainserverlawa154.web.app
 domainserverlawa155.web.app
 domainserverlawa156.web.app
-domainserverlawa157.web.app
 domainserverlawa158.web.app
 domainserverlawa159.web.app
 domainserverlawa160.web.app
@@ -900,20 +905,15 @@ domainserverlawa161.web.app
 domainserverlawa162.web.app
 domainserverlawa163.web.app
 domainserverlawa164.web.app
-domainserverlawa165.web.app
 domainserverlawa166.web.app
 domainserverlawa167.web.app
 domainserverlawa168.web.app
 domainserverlawa169.web.app
-domainserverlawa17.web.app
-domainserverlawa170.web.app
 domainserverlawa171.web.app
 domainserverlawa172.web.app
 domainserverlawa173.web.app
 domainserverlawa174.web.app
-domainserverlawa175.web.app
 domainserverlawa176.web.app
-domainserverlawa177.web.app
 domainserverlawa178.web.app
 domainserverlawa179.web.app
 domainserverlawa18.web.app
@@ -922,34 +922,25 @@ domainserverlawa181.web.app
 domainserverlawa182.web.app
 domainserverlawa183.web.app
 domainserverlawa184.web.app
-domainserverlawa185.web.app
 domainserverlawa186.web.app
 domainserverlawa187.web.app
 domainserverlawa188.web.app
 domainserverlawa189.web.app
 domainserverlawa19.web.app
-domainserverlawa190.web.app
 domainserverlawa191.web.app
 domainserverlawa193.web.app
 domainserverlawa194.web.app
 domainserverlawa195.web.app
-domainserverlawa196.web.app
-domainserverlawa197.web.app
 domainserverlawa198.web.app
-domainserverlawa199.web.app
 domainserverlawa20.web.app
-domainserverlawa200.web.app
 domainserverlawa201.web.app
 domainserverlawa202.web.app
-domainserverlawa203.web.app
 domainserverlawa204.web.app
 domainserverlawa205.web.app
 domainserverlawa206.web.app
-domainserverlawa207.web.app
 domainserverlawa208.web.app
 domainserverlawa209.web.app
 domainserverlawa21.web.app
-domainserverlawa210.web.app
 domainserverlawa211.web.app
 domainserverlawa212.web.app
 domainserverlawa213.web.app
@@ -963,7 +954,6 @@ domainserverlawa220.web.app
 domainserverlawa221.web.app
 domainserverlawa222.web.app
 domainserverlawa223.web.app
-domainserverlawa224.web.app
 domainserverlawa225.web.app
 domainserverlawa226.web.app
 domainserverlawa227.web.app
@@ -976,12 +966,10 @@ domainserverlawa233.web.app
 domainserverlawa234.web.app
 domainserverlawa235.web.app
 domainserverlawa237.web.app
-domainserverlawa238.web.app
 domainserverlawa239.web.app
 domainserverlawa240.web.app
 domainserverlawa241.web.app
 domainserverlawa242.web.app
-domainserverlawa243.web.app
 domainserverlawa244.web.app
 domainserverlawa245.web.app
 domainserverlawa246.web.app
@@ -989,35 +977,23 @@ domainserverlawa247.web.app
 domainserverlawa248.web.app
 domainserverlawa249.web.app
 domainserverlawa25.web.app
-domainserverlawa250.web.app
 domainserverlawa251.web.app
 domainserverlawa252.web.app
 domainserverlawa253.web.app
-domainserverlawa254.web.app
-domainserverlawa255.web.app
 domainserverlawa256.web.app
 domainserverlawa257.web.app
 domainserverlawa258.web.app
-domainserverlawa259.web.app
-domainserverlawa26.web.app
 domainserverlawa260.web.app
-domainserverlawa261.web.app
-domainserverlawa262.web.app
 domainserverlawa263.web.app
 domainserverlawa264.web.app
 domainserverlawa265.web.app
 domainserverlawa266.web.app
 domainserverlawa267.web.app
-domainserverlawa268.web.app
 domainserverlawa269.web.app
 domainserverlawa270.web.app
-domainserverlawa271.web.app
-domainserverlawa272.web.app
 domainserverlawa273.web.app
 domainserverlawa274.web.app
-domainserverlawa275.web.app
 domainserverlawa276.web.app
-domainserverlawa277.web.app
 domainserverlawa278.web.app
 domainserverlawa279.web.app
 domainserverlawa280.web.app
@@ -1026,9 +1002,7 @@ domainserverlawa282.web.app
 domainserverlawa283.web.app
 domainserverlawa284.web.app
 domainserverlawa285.web.app
-domainserverlawa286.web.app
 domainserverlawa287.web.app
-domainserverlawa289.web.app
 domainserverlawa29.web.app
 domainserverlawa290.web.app
 domainserverlawa292.web.app
@@ -1037,28 +1011,20 @@ domainserverlawa294.web.app
 domainserverlawa295.web.app
 domainserverlawa296.web.app
 domainserverlawa297.web.app
-domainserverlawa298.web.app
 domainserverlawa299.web.app
-domainserverlawa30.web.app
 domainserverlawa300.web.app
 domainserverlawa301.web.app
 domainserverlawa302.web.app
 domainserverlawa303.web.app
 domainserverlawa304.web.app
 domainserverlawa305.web.app
-domainserverlawa306.web.app
 domainserverlawa307.web.app
 domainserverlawa308.web.app
-domainserverlawa309.web.app
-domainserverlawa31.web.app
 domainserverlawa310.web.app
 domainserverlawa311.web.app
 domainserverlawa312.web.app
 domainserverlawa313.web.app
-domainserverlawa314.web.app
 domainserverlawa315.web.app
-domainserverlawa316.web.app
-domainserverlawa317.web.app
 domainserverlawa318.web.app
 domainserverlawa319.web.app
 domainserverlawa32.web.app
@@ -1066,13 +1032,11 @@ domainserverlawa320.web.app
 domainserverlawa321.web.app
 domainserverlawa322.web.app
 domainserverlawa323.web.app
-domainserverlawa324.web.app
 domainserverlawa325.web.app
 domainserverlawa326.web.app
 domainserverlawa327.web.app
 domainserverlawa328.web.app
 domainserverlawa329.web.app
-domainserverlawa33.web.app
 domainserverlawa330.web.app
 domainserverlawa331.web.app
 domainserverlawa332.web.app
@@ -1083,17 +1047,14 @@ domainserverlawa336.web.app
 domainserverlawa337.web.app
 domainserverlawa338.web.app
 domainserverlawa339.web.app
-domainserverlawa34.web.app
 domainserverlawa340.web.app
 domainserverlawa341.web.app
 domainserverlawa342.web.app
 domainserverlawa343.web.app
 domainserverlawa344.web.app
-domainserverlawa345.web.app
 domainserverlawa346.web.app
 domainserverlawa347.web.app
 domainserverlawa348.web.app
-domainserverlawa35.web.app
 domainserverlawa350.web.app
 domainserverlawa351.web.app
 domainserverlawa352.web.app
@@ -1107,7 +1068,6 @@ domainserverlawa359.web.app
 domainserverlawa36.web.app
 domainserverlawa360.web.app
 domainserverlawa361.web.app
-domainserverlawa362.web.app
 domainserverlawa363.web.app
 domainserverlawa364.web.app
 domainserverlawa365.web.app
@@ -1118,7 +1078,6 @@ domainserverlawa37.web.app
 domainserverlawa370.web.app
 domainserverlawa371.web.app
 domainserverlawa372.web.app
-domainserverlawa373.web.app
 domainserverlawa374.web.app
 domainserverlawa375.web.app
 domainserverlawa376.web.app
@@ -1134,11 +1093,7 @@ domainserverlawa384.web.app
 domainserverlawa385.web.app
 domainserverlawa386.web.app
 domainserverlawa387.web.app
-domainserverlawa388.web.app
-domainserverlawa389.web.app
-domainserverlawa39.web.app
 domainserverlawa390.web.app
-domainserverlawa391.web.app
 domainserverlawa392.web.app
 domainserverlawa393.web.app
 domainserverlawa394.web.app
@@ -1149,11 +1104,8 @@ domainserverlawa398.web.app
 domainserverlawa40.web.app
 domainserverlawa400.web.app
 domainserverlawa401.web.app
-domainserverlawa402.web.app
 domainserverlawa403.web.app
-domainserverlawa404.web.app
 domainserverlawa405.web.app
-domainserverlawa406.web.app
 domainserverlawa407.web.app
 domainserverlawa408.web.app
 domainserverlawa409.web.app
@@ -1164,7 +1116,6 @@ domainserverlawa412.web.app
 domainserverlawa413.web.app
 domainserverlawa414.web.app
 domainserverlawa415.web.app
-domainserverlawa416.web.app
 domainserverlawa417.web.app
 domainserverlawa418.web.app
 domainserverlawa419.web.app
@@ -1177,12 +1128,10 @@ domainserverlawa424.web.app
 domainserverlawa425.web.app
 domainserverlawa426.web.app
 domainserverlawa427.web.app
-domainserverlawa428.web.app
 domainserverlawa429.web.app
 domainserverlawa43.web.app
 domainserverlawa430.web.app
 domainserverlawa431.web.app
-domainserverlawa432.web.app
 domainserverlawa433.web.app
 domainserverlawa434.web.app
 domainserverlawa435.web.app
@@ -1192,36 +1141,27 @@ domainserverlawa438.web.app
 domainserverlawa439.web.app
 domainserverlawa44.web.app
 domainserverlawa440.web.app
-domainserverlawa441.web.app
 domainserverlawa442.web.app
 domainserverlawa443.web.app
 domainserverlawa444.web.app
 domainserverlawa445.web.app
 domainserverlawa446.web.app
 domainserverlawa447.web.app
-domainserverlawa448.web.app
 domainserverlawa449.web.app
-domainserverlawa45.web.app
 domainserverlawa450.web.app
 domainserverlawa451.web.app
 domainserverlawa452.web.app
 domainserverlawa453.web.app
-domainserverlawa454.web.app
 domainserverlawa455.web.app
 domainserverlawa456.web.app
-domainserverlawa457.web.app
-domainserverlawa458.web.app
 domainserverlawa459.web.app
 domainserverlawa46.web.app
 domainserverlawa460.web.app
-domainserverlawa461.web.app
 domainserverlawa462.web.app
 domainserverlawa463.web.app
 domainserverlawa464.web.app
 domainserverlawa465.web.app
 domainserverlawa466.web.app
-domainserverlawa467.web.app
-domainserverlawa468.web.app
 domainserverlawa469.web.app
 domainserverlawa47.web.app
 domainserverlawa470.web.app
@@ -1232,18 +1172,14 @@ domainserverlawa474.web.app
 domainserverlawa475.web.app
 domainserverlawa476.web.app
 domainserverlawa477.web.app
-domainserverlawa478.web.app
 domainserverlawa479.web.app
 domainserverlawa480.web.app
 domainserverlawa481.web.app
-domainserverlawa482.web.app
 domainserverlawa483.web.app
 domainserverlawa484.web.app
 domainserverlawa485.web.app
 domainserverlawa486.web.app
 domainserverlawa487.web.app
-domainserverlawa488.web.app
-domainserverlawa489.web.app
 domainserverlawa49.web.app
 domainserverlawa490.web.app
 domainserverlawa491.web.app
@@ -1254,22 +1190,15 @@ domainserverlawa495.web.app
 domainserverlawa496.web.app
 domainserverlawa497.web.app
 domainserverlawa498.web.app
-domainserverlawa499.web.app
 domainserverlawa50.web.app
 domainserverlawa500.web.app
-domainserverlawa501.web.app
 domainserverlawa502.web.app
-domainserverlawa503.web.app
-domainserverlawa504.web.app
-domainserverlawa505.web.app
 domainserverlawa506.web.app
 domainserverlawa507.web.app
 domainserverlawa508.web.app
 domainserverlawa509.web.app
 domainserverlawa51.web.app
-domainserverlawa510.web.app
 domainserverlawa511.web.app
-domainserverlawa513.web.app
 domainserverlawa514.web.app
 domainserverlawa515.web.app
 domainserverlawa516.web.app
@@ -1278,10 +1207,8 @@ domainserverlawa518.web.app
 domainserverlawa519.web.app
 domainserverlawa52.web.app
 domainserverlawa520.web.app
-domainserverlawa521.web.app
 domainserverlawa522.web.app
 domainserverlawa523.web.app
-domainserverlawa524.web.app
 domainserverlawa525.web.app
 domainserverlawa526.web.app
 domainserverlawa527.web.app
@@ -1292,28 +1219,21 @@ domainserverlawa530.web.app
 domainserverlawa531.web.app
 domainserverlawa532.web.app
 domainserverlawa533.web.app
-domainserverlawa534.web.app
-domainserverlawa535.web.app
 domainserverlawa536.web.app
 domainserverlawa537.web.app
 domainserverlawa538.web.app
 domainserverlawa539.web.app
 domainserverlawa54.web.app
-domainserverlawa540.web.app
 domainserverlawa541.web.app
 domainserverlawa542.web.app
 domainserverlawa543.web.app
-domainserverlawa544.web.app
 domainserverlawa545.web.app
 domainserverlawa546.web.app
 domainserverlawa547.web.app
-domainserverlawa548.web.app
 domainserverlawa549.web.app
 domainserverlawa550.web.app
 domainserverlawa551.web.app
-domainserverlawa552.web.app
 domainserverlawa553.web.app
-domainserverlawa554.web.app
 domainserverlawa555.web.app
 domainserverlawa556.web.app
 domainserverlawa557.web.app
@@ -1323,9 +1243,7 @@ domainserverlawa56.web.app
 domainserverlawa560.web.app
 domainserverlawa561.web.app
 domainserverlawa562.web.app
-domainserverlawa563.web.app
 domainserverlawa564.web.app
-domainserverlawa565.web.app
 domainserverlawa566.web.app
 domainserverlawa567.web.app
 domainserverlawa568.web.app
@@ -1334,35 +1252,24 @@ domainserverlawa57.web.app
 domainserverlawa570.web.app
 domainserverlawa571.web.app
 domainserverlawa572.web.app
-domainserverlawa573.web.app
 domainserverlawa574.web.app
 domainserverlawa575.web.app
 domainserverlawa576.web.app
 domainserverlawa577.web.app
 domainserverlawa578.web.app
 domainserverlawa579.web.app
-domainserverlawa58.web.app
-domainserverlawa580.web.app
 domainserverlawa581.web.app
 domainserverlawa582.web.app
 domainserverlawa583.web.app
-domainserverlawa584.web.app
-domainserverlawa585.web.app
 domainserverlawa586.web.app
 domainserverlawa587.web.app
 domainserverlawa588.web.app
 domainserverlawa589.web.app
 domainserverlawa59.web.app
-domainserverlawa590.web.app
-domainserverlawa591.web.app
 domainserverlawa592.web.app
 domainserverlawa593.web.app
-domainserverlawa594.web.app
-domainserverlawa595.web.app
-domainserverlawa596.web.app
 domainserverlawa597.web.app
 domainserverlawa598.web.app
-domainserverlawa599.web.app
 domainserverlawa60.web.app
 domainserverlawa600.web.app
 domainserverlawa601.web.app
@@ -1370,25 +1277,18 @@ domainserverlawa602.web.app
 domainserverlawa603.web.app
 domainserverlawa604.web.app
 domainserverlawa605.web.app
-domainserverlawa606.web.app
 domainserverlawa607.web.app
 domainserverlawa608.web.app
 domainserverlawa609.web.app
-domainserverlawa61.web.app
 domainserverlawa610.web.app
-domainserverlawa611.web.app
 domainserverlawa612.web.app
 domainserverlawa613.web.app
 domainserverlawa614.web.app
-domainserverlawa615.web.app
-domainserverlawa616.web.app
-domainserverlawa617.web.app
 domainserverlawa618.web.app
 domainserverlawa619.web.app
 domainserverlawa62.web.app
 domainserverlawa620.web.app
 domainserverlawa621.web.app
-domainserverlawa622.web.app
 domainserverlawa623.web.app
 domainserverlawa624.web.app
 domainserverlawa625.web.app
@@ -1409,7 +1309,6 @@ domainserverlawa638.web.app
 domainserverlawa639.web.app
 domainserverlawa64.web.app
 domainserverlawa640.web.app
-domainserverlawa641.web.app
 domainserverlawa642.web.app
 domainserverlawa643.web.app
 domainserverlawa644.web.app
@@ -1425,11 +1324,6 @@ domainserverlawa652.web.app
 domainserverlawa653.web.app
 domainserverlawa654.web.app
 domainserverlawa655.web.app
-domainserverlawa656.web.app
-domainserverlawa657.web.app
-domainserverlawa658.web.app
-domainserverlawa659.web.app
-domainserverlawa66.web.app
 domainserverlawa660.web.app
 domainserverlawa661.web.app
 domainserverlawa662.web.app
@@ -1440,14 +1334,10 @@ domainserverlawa666.web.app
 domainserverlawa667.web.app
 domainserverlawa668.web.app
 domainserverlawa669.web.app
-domainserverlawa67.web.app
-domainserverlawa670.web.app
 domainserverlawa671.web.app
 domainserverlawa672.web.app
 domainserverlawa673.web.app
-domainserverlawa674.web.app
 domainserverlawa675.web.app
-domainserverlawa676.web.app
 domainserverlawa677.web.app
 domainserverlawa678.web.app
 domainserverlawa679.web.app
@@ -1455,12 +1345,8 @@ domainserverlawa68.web.app
 domainserverlawa680.web.app
 domainserverlawa681.web.app
 domainserverlawa682.web.app
-domainserverlawa683.web.app
 domainserverlawa684.web.app
 domainserverlawa685.web.app
-domainserverlawa686.web.app
-domainserverlawa687.web.app
-domainserverlawa688.web.app
 domainserverlawa689.web.app
 domainserverlawa69.web.app
 domainserverlawa690.web.app
@@ -1468,7 +1354,6 @@ domainserverlawa691.web.app
 domainserverlawa692.web.app
 domainserverlawa693.web.app
 domainserverlawa694.web.app
-domainserverlawa695.web.app
 domainserverlawa696.web.app
 domainserverlawa697.web.app
 domainserverlawa698.web.app
@@ -1479,15 +1364,11 @@ domainserverlawa701.web.app
 domainserverlawa702.web.app
 domainserverlawa703.web.app
 domainserverlawa704.web.app
-domainserverlawa705.web.app
 domainserverlawa706.web.app
-domainserverlawa707.web.app
 domainserverlawa708.web.app
 domainserverlawa709.web.app
 domainserverlawa71.web.app
-domainserverlawa710.web.app
 domainserverlawa711.web.app
-domainserverlawa712.web.app
 domainserverlawa713.web.app
 domainserverlawa714.web.app
 domainserverlawa715.web.app
@@ -1496,17 +1377,13 @@ domainserverlawa717.web.app
 domainserverlawa718.web.app
 domainserverlawa719.web.app
 domainserverlawa72.web.app
-domainserverlawa720.web.app
 domainserverlawa721.web.app
 domainserverlawa722.web.app
-domainserverlawa723.web.app
 domainserverlawa724.web.app
 domainserverlawa725.web.app
 domainserverlawa726.web.app
 domainserverlawa727.web.app
-domainserverlawa728.web.app
 domainserverlawa729.web.app
-domainserverlawa73.web.app
 domainserverlawa730.web.app
 domainserverlawa731.web.app
 domainserverlawa732.web.app
@@ -1519,31 +1396,22 @@ domainserverlawa738.web.app
 domainserverlawa739.web.app
 domainserverlawa74.web.app
 domainserverlawa740.web.app
-domainserverlawa741.web.app
 domainserverlawa742.web.app
 domainserverlawa743.web.app
 domainserverlawa744.web.app
-domainserverlawa745.web.app
 domainserverlawa746.web.app
-domainserverlawa747.web.app
-domainserverlawa748.web.app
 domainserverlawa749.web.app
 domainserverlawa75.web.app
 domainserverlawa750.web.app
-domainserverlawa751.web.app
 domainserverlawa752.web.app
 domainserverlawa753.web.app
 domainserverlawa754.web.app
 domainserverlawa755.web.app
-domainserverlawa756.web.app
 domainserverlawa757.web.app
 domainserverlawa758.web.app
 domainserverlawa759.web.app
-domainserverlawa76.web.app
-domainserverlawa760.web.app
 domainserverlawa761.web.app
 domainserverlawa762.web.app
-domainserverlawa763.web.app
 domainserverlawa764.web.app
 domainserverlawa765.web.app
 domainserverlawa766.web.app
@@ -1563,22 +1431,17 @@ domainserverlawa778.web.app
 domainserverlawa779.web.app
 domainserverlawa78.web.app
 domainserverlawa780.web.app
-domainserverlawa781.web.app
 domainserverlawa782.web.app
 domainserverlawa783.web.app
 domainserverlawa784.web.app
 domainserverlawa785.web.app
 domainserverlawa786.web.app
-domainserverlawa787.web.app
 domainserverlawa788.web.app
 domainserverlawa789.web.app
 domainserverlawa79.web.app
 domainserverlawa790.web.app
-domainserverlawa791.web.app
-domainserverlawa792.web.app
 domainserverlawa793.web.app
 domainserverlawa794.web.app
-domainserverlawa795.web.app
 domainserverlawa796.web.app
 domainserverlawa797.web.app
 domainserverlawa798.web.app
@@ -1587,7 +1450,6 @@ domainserverlawa80.web.app
 domainserverlawa800.web.app
 domainserverlawa801.web.app
 domainserverlawa802.web.app
-domainserverlawa803.web.app
 domainserverlawa804.web.app
 domainserverlawa806.web.app
 domainserverlawa807.web.app
@@ -1595,8 +1457,6 @@ domainserverlawa808.web.app
 domainserverlawa809.web.app
 domainserverlawa81.web.app
 domainserverlawa810.web.app
-domainserverlawa811.web.app
-domainserverlawa812.web.app
 domainserverlawa813.web.app
 domainserverlawa814.web.app
 domainserverlawa815.web.app
@@ -1610,7 +1470,6 @@ domainserverlawa821.web.app
 domainserverlawa822.web.app
 domainserverlawa823.web.app
 domainserverlawa824.web.app
-domainserverlawa825.web.app
 domainserverlawa826.web.app
 domainserverlawa827.web.app
 domainserverlawa828.web.app
@@ -1622,9 +1481,7 @@ domainserverlawa832.web.app
 domainserverlawa833.web.app
 domainserverlawa834.web.app
 domainserverlawa835.web.app
-domainserverlawa836.web.app
 domainserverlawa837.web.app
-domainserverlawa838.web.app
 domainserverlawa839.web.app
 domainserverlawa84.web.app
 domainserverlawa840.web.app
@@ -1632,29 +1489,21 @@ domainserverlawa841.web.app
 domainserverlawa842.web.app
 domainserverlawa843.web.app
 domainserverlawa844.web.app
-domainserverlawa845.web.app
 domainserverlawa846.web.app
-domainserverlawa847.web.app
-domainserverlawa848.web.app
-domainserverlawa849.web.app
 domainserverlawa85.web.app
-domainserverlawa850.web.app
 domainserverlawa851.web.app
 domainserverlawa852.web.app
 domainserverlawa853.web.app
-domainserverlawa854.web.app
 domainserverlawa855.web.app
 domainserverlawa856.web.app
 domainserverlawa857.web.app
 domainserverlawa858.web.app
-domainserverlawa859.web.app
 domainserverlawa86.web.app
 domainserverlawa860.web.app
 domainserverlawa861.web.app
 domainserverlawa862.web.app
 domainserverlawa863.web.app
 domainserverlawa864.web.app
-domainserverlawa865.web.app
 domainserverlawa866.web.app
 domainserverlawa867.web.app
 domainserverlawa868.web.app
@@ -1665,7 +1514,6 @@ domainserverlawa871.web.app
 domainserverlawa872.web.app
 domainserverlawa873.web.app
 domainserverlawa874.web.app
-domainserverlawa875.web.app
 domainserverlawa877.web.app
 domainserverlawa878.web.app
 domainserverlawa879.web.app
@@ -1673,9 +1521,7 @@ domainserverlawa88.web.app
 domainserverlawa880.web.app
 domainserverlawa881.web.app
 domainserverlawa882.web.app
-domainserverlawa883.web.app
 domainserverlawa884.web.app
-domainserverlawa885.web.app
 domainserverlawa886.web.app
 domainserverlawa888.web.app
 domainserverlawa889.web.app
@@ -1695,19 +1541,14 @@ domainserverlawa901.web.app
 domainserverlawa902.web.app
 domainserverlawa903.web.app
 domainserverlawa904.web.app
-domainserverlawa905.web.app
 domainserverlawa906.web.app
 domainserverlawa907.web.app
 domainserverlawa908.web.app
 domainserverlawa909.web.app
 domainserverlawa91.web.app
 domainserverlawa910.web.app
-domainserverlawa911.web.app
 domainserverlawa912.web.app
 domainserverlawa913.web.app
-domainserverlawa914.web.app
-domainserverlawa915.web.app
-domainserverlawa916.web.app
 domainserverlawa917.web.app
 domainserverlawa918.web.app
 domainserverlawa92.web.app
@@ -1716,22 +1557,14 @@ domainserverlawa921.web.app
 domainserverlawa922.web.app
 domainserverlawa923.web.app
 domainserverlawa924.web.app
-domainserverlawa925.web.app
 domainserverlawa926.web.app
 domainserverlawa927.web.app
 domainserverlawa929.web.app
-domainserverlawa93.web.app
 domainserverlawa930.web.app
-domainserverlawa931.web.app
 domainserverlawa932.web.app
-domainserverlawa933.web.app
-domainserverlawa934.web.app
 domainserverlawa935.web.app
-domainserverlawa936.web.app
 domainserverlawa937.web.app
 domainserverlawa938.web.app
-domainserverlawa939.web.app
-domainserverlawa94.web.app
 domainserverlawa940.web.app
 domainserverlawa941.web.app
 domainserverlawa942.web.app
@@ -1740,45 +1573,33 @@ domainserverlawa944.web.app
 domainserverlawa945.web.app
 domainserverlawa946.web.app
 domainserverlawa947.web.app
-domainserverlawa948.web.app
 domainserverlawa949.web.app
 domainserverlawa95.web.app
 domainserverlawa950.web.app
-domainserverlawa951.web.app
 domainserverlawa952.web.app
 domainserverlawa953.web.app
 domainserverlawa954.web.app
 domainserverlawa955.web.app
-domainserverlawa957.web.app
 domainserverlawa958.web.app
 domainserverlawa959.web.app
 domainserverlawa96.web.app
-domainserverlawa960.web.app
 domainserverlawa961.web.app
 domainserverlawa962.web.app
 domainserverlawa963.web.app
 domainserverlawa964.web.app
-domainserverlawa965.web.app
 domainserverlawa966.web.app
 domainserverlawa967.web.app
-domainserverlawa968.web.app
-domainserverlawa969.web.app
 domainserverlawa97.web.app
 domainserverlawa970.web.app
-domainserverlawa971.web.app
-domainserverlawa972.web.app
 domainserverlawa973.web.app
 domainserverlawa974.web.app
 domainserverlawa975.web.app
 domainserverlawa976.web.app
 domainserverlawa977.web.app
-domainserverlawa978.web.app
 domainserverlawa979.web.app
 domainserverlawa98.web.app
 domainserverlawa980.web.app
-domainserverlawa981.web.app
 domainserverlawa982.web.app
-domainserverlawa983.web.app
 domainserverlawa984.web.app
 domainserverlawa985.web.app
 domainserverlawa986.web.app
@@ -1788,14 +1609,11 @@ domainserverlawa989.web.app
 domainserverlawa99.web.app
 domainserverlawa990.web.app
 domainserverlawa991.web.app
-domainserverlawa992.web.app
 domainserverlawa993.web.app
-domainserverlawa994.web.app
 domainserverlawa995.web.app
 domainserverlawa996.web.app
-domainserverlawa997.web.app
-domainserverlawa998.web.app
 domainserverlawa999.web.app
+donaidrsilcio.com
 doooog.cn
 dopeydog.co.nz
 dorouscom.com
@@ -1803,20 +1621,20 @@ douuodwoman.com
 dowaba-s2dhl.blogspot.com
 doz.tode.cz
 dpasdasfasfasfas.pages.dev
+dpd-pl.566868.space
 dpd-redelivery-uk.com
 dpmasdaskj.pages.dev
 dr-joannepeeler.com
 dr3aq.byethost32.com
+dreamhacker.pro
 dreamotion-jp.com
 drivingschoolglasgow.co.uk
 drmarciovaleriano.com.br
-dsadsadsa.diskstation.eu
 dsgcbeonline.com
+dskedirekt.web.app
 dsp2codemdp.t.justns.ru
-dswboot.cc
 dtpprtmwbtudyquwgytcqcthzc-dot-gl44393333333.rj.r.appspot.com
 dtrpsystasfasgas.pages.dev
-duanemanor.tk
 dukhovnist.in.ua
 durecorpperu.com
 dwrat.andalous.org
@@ -1830,7 +1648,6 @@ e4ra.byethost8.com
 e63q45f9h5fr.clickfunnels.com
 eagleeyeapparel.com
 earth01.info
-easy-webtdapp.com
 easywalletfix.net
 easywalletsfix.com
 eba0200d0c.nxcli.net
@@ -1839,15 +1656,12 @@ ebay.com.dashboard-seller.center
 eberhardtedwige.wixsite.com
 ebuddynews.com
 ec.snadc-oecddo.com
-ecloanmoney.com
 ecogreenjanitorial.com
 ecomcrew.staging.wpengine.com
 ecosteelsolution.ro
-editpdfonline.tk
 edje.com
 edukickmexico.com
 ee-sms.co.uk
-ee.mseocri.com
 ee.scicemecod.com
 efarms.com.ng
 eharmonyservice.com
@@ -1870,7 +1684,6 @@ emojis.dels.bar
 emsi-lobo.firebaseapp.com
 en-template-solicito-16414253314897.onepage.website
 enbolivia.com
-enchanting-guiltless-suede.glitch.me
 encryptdrive.booogle.net
 engcamp.org
 enoman.fqzsdgtg.cn
@@ -1896,20 +1709,18 @@ eth-coinwallet.net
 eth.coinscout.cc
 ethnictrendz.com
 ets.jwr.pa-fakfak.go.id
-etwtny.cf
 eucriomeumundo.com
 eugnerally-wixsite-com.filesusr.com
-euraby.com
 eusa-lombo.firebaseapp.com
 evashoes.com.ua
+even-besar-banget.duckdns.org
 even-ff-gratisterbaru2022.duckdns.org
-even-ff-terbarugratis2022.duckdns.org
+event-ff-bundle-baru.duckdns.org
 event-freefire728.duckdns.org
+event-freeskkinmlbb.duckdns.org
 event-garenafreefire263.duckdns.org
-event-skin-resmi-2022.duckdns.org
-eventclaimfreefiregratis2022.duckdns.org
 eventclaimsff0.duckdns.org
-eventgarenafreefiremax2022.duckdns.org
+eventspinfreefire2022.duckdns.org
 everestmotors.com.np
 evo-revolutioncups.com
 evolbithman.web.app
@@ -1918,6 +1729,7 @@ excelhana.com
 exchange-pancakeswaps.com
 exchangedictionary.com
 exodlus.net
+exodus-2022.com
 exodus.com-wallet-signin.com
 exodus.com-web-wallet-online.com
 exodus.com.tccaponline.com
@@ -1929,6 +1741,7 @@ extracash-interlbankonline.com
 extracloud.com.au
 ezblox.site
 ezssausage.com
+f2f.co.jp
 f6fr7.codesandbox.io
 f9w1lned0ruqblxi6jahwotak.filesusr.com
 faccebook.azurewebsites.net
@@ -1943,7 +1756,10 @@ facebook.com-r51znzih8i.isiolo.go.ke
 facebook.com-zxsrf038k.isiolo.go.ke
 facebook.eventspinff.wtf
 facebook.kingstopup.com
+facebook.whcserverbox.com
+facebook8facebook.blogspot.com
 facebookk.azurewebsites.net
+facebookphisher.herokuapp.com
 facebooks.azurewebsites.net
 faic.in
 faizankhan0408.github.io
@@ -1957,20 +1773,21 @@ fassilnet5.ultimatefreehost.in
 fax.gruppobiesse.it
 fb-case-id-28031803-fcdc-48af.web.app
 fb-pages.proteksion-help.workers.dev
+fb.10004682.review
 fb.expressturkeyi.com
 fb7927.bget.ru
 fdasd.2e4jept.cn
 fdhgf.xyz
-feceboolk.blogspot.com
 federalaccesscredit.com
 fedner.net
 fer-brooks.top
 feriadempleos.com
 ferienhof-gempel.de
 ff-anivesary225.duckdns.org
+ff-member-ganena.com
 ff-membership-garena.com
 ff-membershipz-garena.ga
-ff.membership.garenaj.vn
+ff.members.garera.vn
 ffim-event-2022.duckdns.org
 fghjr74rhudfguhtfguji.blogspot.com
 fi.uy
@@ -1979,7 +1796,6 @@ fidelitybank-mn.net
 fighting40s.com
 fikir.id
 fileundelete.net
-filmkenner.com
 filtrosmil.com.br
 finalfantasyguide.co.uk
 finiiishingedgex.tk
@@ -1994,13 +1810,14 @@ fluksrv.mycpanel.rs
 fmwebapp.azurewebsites.net
 foliar.pl
 foma-ura-lote.firebaseapp.com
+foor1.com
+for-pakage-delevry.tragaroleary.com
 foresta-mod.firebaseapp.com
 forhimself9999.co.vu
 formbuddy.com
 forms.formium.io
 formtools.com
 forum-dofus.com.co
-foryour.gov-information.info
 fpalpha.myportfolio.com
 fpmaam.org
 fr-europe564598-com.filesusr.com
@@ -2013,6 +1830,7 @@ freefiredot-comerhadiah.duckdns.org
 freefireevent-codashop2022.duckdns.org
 freeitemff-allreward.duckdns.org
 freeliker.net
+freereward-ff.duckdns.org
 frefire-membership-garena.sukienfreefire2021.top
 freg-nine.pt
 friendsofnechockey.com
@@ -2028,21 +1846,22 @@ ftx.com.vn
 ftx.cool
 ftxbonus.site
 funiswap.exchange
+furgonetka-1.pl
 fusionrestobar.cl
+futurebits.in
+fwztmgr.cn
 fxhalifax.com
 fxxmpavktyihgyqitmuaimubui-dot-gl44393333333.rj.r.appspot.com
 g-mtcc.com
 g.greatsubstance.com.my
 ga.teesmith.shop
 gabrielamims.com
-gabung-grubnew1342.duckdns.org
 gagaclinic.com
 gakrvwufrvhxjaabezdbltlhff-dot-gl44393333333.rj.r.appspot.com
 gallciaonllne.webcindario.com
 garena-xacminhtaikhoan.com
-garenafreefire728.duckdns.org
-gastronomiarobertos.com
 gasunige.mfs.gg
+gbunggrup-pmrsatu13.duckdns.org
 gedfdfsd.eu
 geg.li
 generali-italia-ag.hrweb.it
@@ -2068,7 +1887,6 @@ goldenlasgidi10.web.app
 golkondaresorts.com
 goo-gl.me
 good12345.tripod.com
-goofy-wozniak.192-210-226-164.plesk.page
 gorol-cost.web.app
 gorol-investor.web.app
 gosafes.com
@@ -2078,39 +1896,28 @@ gramarcales.com.br
 greekinfra.com
 greenclasses.in
 grosshandel-mevida.de
-group-mantap-seger.duckdns.org
 group-wa-1.duckdns.org
-groupbkep-vral15.duckdns.org
 groworldinternational.com
 grp02.member.mycld-rakuten.info
-grub-sangex.wikaba.com
-grubgabung.duckdns.org
 grubnatajadeh12.duckdns.org
+grubterbarukk037.duckdns.org
 grubviralterbaru65c.duckdns.org
-grup-bokephot-terbaru2022.duckdns.org
-grup-bokepviral4.duckdns.org
-grup-dwsa-indomesia845.duckdns.org
-grup-viral-seleb.duckdns.org
-grup-viralbokep111.myftp.org
-grup-viralbokep2.ddns.net
+gruo-wa-okep-dewasa-2022.duckdns.org
+grup-bokep-terbaru555.duckdns.org
 grup-whatsapp121.duckdns.org
 grup-whatsappbokep1.duckdns.org
 grup-whatsappbokep2.duckdns.org
-grupbokeppadacantik.duckdns.org
+grup2022ssx.duckdns.org
 grupofsp.com.br
 gruposanpio.com
-gruptiktok.wikaba.com
-grupviral-xx.duckdns.org
-grupviral109.duckdns.org
-grupviralterbaru.duckdns.org
+grupwhatsaap-viral-2022.duckdns.org
 grupwhatsappnobar-2022.duckdns.org
 gscommunityspirit.greenschool.org
 gstsolutions.online
+gtw420.com
 gunatanahku.perkimtan.sumbarprov.go.id
 gurukanth.com
 gwenet.org
-gyfnqyk.cn
-gymjaokhanakho.azurewebsites.net
 habbocreditosparati.blogspot.com
 haftteam.ir
 hahdaeupdate.es.tl
@@ -2127,19 +1934,18 @@ hasseanhannitybeenwaterboarded.com
 haunlimited.org
 hcnprdvz.azureedge.net
 hdmediahub.club
-hdss-stream.org
 heinthu1.github.io
 hellenic-postbank.com
-helloparis.co.uk
 help-account-bxsfe.ondigitalocean.app
+help-identity-recoveri-support-center.web.id
 help-notice-center-identity-6532.web.id
 help.insecur.saftyalert.workers.dev
 help.validation-page.workers.dev
+helpingcentere.com
 henan.vxim58i.cn
 hermes.parcel-tracker.com
 hetershaven.net
 heuristic-gagarin.45-88-108-231.plesk.page
-hfemail.ntneancns.com
 hgda.db0u4hs.cn
 hgdaa.lfoxcct.cn
 hghgda.erjl0hx.cn
@@ -2154,18 +1960,15 @@ hifly38926.top
 hifly39091.top
 hifly61215.top
 hifly71191.top
-hikaheal.com
 himalayansherpa.com.au
 himbauane.blogspot.com
 hitman71hd-wixsite-com.filesusr.com
-hjhjjhjhjh.pagedemo.co
 hockian.com
 holobeam.000webhostapp.com
 home.ei1ns.de
 home.myfairpoint.net
 homepichilinea2.webcindario.com
 homesinlogin.com
-homestaylongho.com
 hostnix.net
 hostpoint.ch.17a902ef.tcorner.fr
 hotbrooks.com
@@ -2178,6 +1981,7 @@ hpplotters.in
 hs-giveaways.ca
 ht-cargo.com.vn
 htlgroup.com.my
+httpcom-0d4tol437.isiolo.go.ke
 httpeugnerally-wixsite-com.filesusr.com
 https-scert-con04.xyz
 https-scert-srv02.xyz
@@ -2202,7 +2006,6 @@ i.violationspage.validationspege.workers.dev
 ialvkqkadlmcdltczoqpwoociz-dot-gl44393333333.rj.r.appspot.com
 ibpm.ru
 icloud-map-live.com
-icloudstatus.com.ng
 icy.martulangbelulalng.workers.dev
 idappswallets.com
 identifiez-vous-avec-votre-compte.yolasite.com
@@ -2215,7 +2018,6 @@ iframejld.avent-media.fr
 ighk.umjlrs7uci2751.workers.dev
 iipvit.by
 ijcda.bukkats.cn
-ijeioqhawdqioqho.weebly.com
 ijhca.0gb0h7z.cn
 ijjd.h8nmtcc.cn
 ijmna.p2y00vd.cn
@@ -2226,23 +2028,25 @@ ikcda.a2g5xvs.cn
 ikcsa.ajiqvjf.cn
 ikdff.jmo904i.cn
 ikja.lbanwqp.cn
+ikjcd.p1z98hl.cn
 ikjd.uk0xnp8.cn
 ikjgd.rg6bzk7.cn
 ikmcd.u4jdbxm.cn
 ikmxaa.qcqxlrq.cn
+ilooksrare.com
 iloveyourglasses.com
 ilpconnect.org
+image-pict-ig.duckdns.org
 imersao.impulseingles.com.br
 imf0rm4t10nc3nt3r-1d3nt1tys.000webhostapp.com
-imi-ksa.jajainfo.net
 imobiliaria-cardinali-com-br.blogspot.com
 impostazionebper.000webhostapp.com
 in.deraya.org
-inaueab.com
 indo-viral2022.duckdns.org
 info.lionnets.com
 infohypesquad.com
 infopichinchaweb.webcindario.com
+information.safeamazoncardweb.cyou
 informations.recovery.confiryourpage.workers.dev
 infos00001.temp.swtest.ru
 infosecplace.com
@@ -2255,16 +2059,16 @@ inna.cedymll.cn
 innca.ol90k56.cn
 innovasjon.as
 inps-ep.com
-instagram-9.blogspot.com
-instagramhelpp.agency
+instahelppbaddge.ml
 intellidata-analytica.com
-interbankempresahome.rankforever.com
 interbankempresas.pe-il.ru
+interbankhomeweb.fullcircleteam.com
 intern.unibas-com.ch
 international-formulier.91-218-65-223.plesk.page
 internetbanking-caixa-gov.xyz
 internetbankinghelp.com
 internetservicetech.com
+intesalife.ie
 intexargentina.com.ar
 inthewildproductions.com
 intoli.ru
@@ -2272,10 +2076,14 @@ intrafloraplants.com
 intranet.sztpe.info
 investpl.work
 iplogger.info
+iqwea.soxr0u1.cn
 ironmantech.shop
-irs-gov.us-get-funds-assistance.com
+irs-gov-supportcenters.com
+irs.gov-coronavirus-pandemic-tax-refund-submission.com
+ise.com.ar
 isfirsatibul.com
 ismamorlin.my-place.us
+isntagranmeta.pagedemo.co
 istudyalumni.com
 it-europe564598-com.filesusr.com
 it.melnikhotels.com
@@ -2287,6 +2095,12 @@ iuhs.tyopfhn.cn
 iujdas.yfwxlc9.cn
 iuyydd.ebeg6uk.cn
 j9w77d0.cn
+jacco.co.jp-service-tranid-0001-00001m.jtlctj.cn
+jacco.co.jp-service-tranid-0001-00001m.jxbehx.cn
+jacco.co.jp-service-tranid-0001-00001m.qyb59bk.cn
+jacco.co.jp-service-tranid-0001-00001m.v8vxqi.cn
+jacco.co.jp-service-tranid-0001-00001m.v9iasv.cn
+jacco.co.jp-service-tranid-0001-00001m.vjsj3y.cn
 jacobliston.com
 jadaart.org
 jagex-rewards.com
@@ -2298,31 +2112,31 @@ jbwbzta.alfens8.cc
 jeanbaileyrobor.com
 jendelajogja.com
 jerinja.github.io
-jessicasproul.com
 jetser-electrical-supply.business.site
-jetstoop.top
 jett.gator.site
 jflkp.csb.app
 jfovukvysqnglcjghfxncklqih-dot-gl44393333333.rj.r.appspot.com
 jhda.wfdyk9p.cn
 jhdd.fjcslad.cn
 jhff.93oe0u9.cn
+jhnd.0drhnjk.cn
 jiwanramchemical.com
 jjhcd.27ke98i.cn
 jk99j.sbs
-jkhkjjkjk.pagedemo.co
 jlogine.com
+jmcna.jiwayjc.cn
+jmfykd.cyou
+jncba.diiqsmm.cn
 jnlope.tangguakrapekpuik.link
 jnnc.grnxkoj.cn
 job-type.com
 jobs.job.com.bd
 joecamera.net
 john-ashley.de
-join-chat-whatssap-viral-2022.duckdns.org
-join-group-wa2022.duckdns.org
-join-grub-bokep-gratis.duckdns.org
-join-grubkienzy849.duckdns.org
-join-whatsapp-tante-hot18.duckdns.org
+join-group-1.duckdns.org
+join-gruo-waku282.duckdns.org
+joinedprice.com
+joingrupku183.duckdns.org
 joingrupp-bkep156.duckdns.org
 joingrupterbaru-0.duckdns.org
 joinlinkviral729.duckdns.org
@@ -2330,12 +2144,14 @@ joinssgropshot18.duckdns.org
 joinssgropssney6.duckdns.org
 jow-japan.or.jp
 joyeriajireh.com.mx
-jp-bnnk.japappoit.asdwb.xyz
-jp-bnnk.japappoit.asdwd.xyz
+jp-auid.com
+jp.mercari.omany.buzz
 jptechdocsign.net
 jrhayley.plus.com
 juandfar.github.io
+jurisgeneral.com
 jurlebedev.ru
+juscook.com
 justgot.gonevis.com
 justsayingbro.com
 jvk.zultifarza.workers.dev
@@ -2343,6 +2159,7 @@ jyeue43rm95p.clickfunnels.com
 jz2bab.webwave.dev
 k3ja6d.webwave.dev
 kaamwalibais.co.in
+kachinas.be
 kamdhenurealities.com
 kargonova.com
 kartaltepespor.com
@@ -2354,9 +2171,11 @@ kdhdf34j6dfh.dealerwebsite.com
 kdlscaffolding.co.uk
 kecc.com
 kecmanijada.com
+kedai-gamers.com
 keep-passw0rd-supp0rt20211129-0106.supp0rtaaqkadq2zgnizte3ltbly2etnge5yi05ntm3lty2yjcwyzywzdjhmwa.workers.dev
 keepactive-8k98-l9k8-98j8-98j78u-d3d3-fr3d34d-2.pages.dev
 keepboxactive-msoe3e3-osd2rrf432-d342f4-3f34e32edetferef.pages.dev
+kenanhusovic.com
 kevinsmovingservice.com
 kex81.sbs
 key-drcp.com
@@ -2380,12 +2199,12 @@ konfirmasi-identitas-2022.webnode.page
 konnect2kamadhenu.com
 koteng.odoo.com
 kr-bithumb.web.app
-kraftongame.net
 krupije.com
 krx887.com
 ksschool.org.in
 kuchkuchnights.com
 kurortnoye.com.ua
+ky79.com
 l-abe.com
 l-q.in
 lambdaweb.info
@@ -2407,16 +2226,17 @@ leadershipmail.org
 learningimpactmodel.com
 leboncoiinlbc.000webhostapp.com
 leboncoin.delivery01588.icu
+lefaf77683.temp.swtest.ru
 lemeiesta.com
 lenagruessdich.net
 leroycu.ca
+letoptuswebmail-9b69f0.ingress-comporellon.easywp.com
 lettertracing4kids.com
 lexnotes.com.ng
-lg-bluebadgecenter.ml
 lg-onecom-io.web.app
 liberasrl.it
 lihi3.cc
-linkcontract.tech
+linkgrupkakak-disini.duckdns.org
 liongear.com
 lirc.cep.edu.vn
 little-frost-1a15.chrisc11004842.workers.dev
@@ -2440,28 +2260,33 @@ lloydsbank.secure-online-deregister.com
 lloydsbank.secure-personal-device-login.com
 lloyduk-newdevice-registered-online.com
 llsckhuhskcamuqwbonsrhwpvk-dot-gl44393333333.rj.r.appspot.com
+lmbanang.pgryuangbtusngka.link
 lnkd.dev
 lnterbancape-lbk.com
 lnterbank.pe.starneonsignsug.com
+local-postoffice-deliver.com
 localwithg.com
 lockpichincha.webcindario.com
 loengregkuetngferu.live
 lofon-add.firebaseapp.com
 loftywallet.com
+logfuliz.web.app
 login-a5x1ir9bkd0dfo9nrbe2akijf3ux35u2gard0djpitipusxxc8.website.yandexcloud.net
 login-facebook18.webnode.page
 login-live.com-s02.net
 login-np6hh1hdf6csg7hcskopd44b7e7z4clqa8lput68g5abukevka.website.yandexcloud.net
 login-postfinance.com
+login-singaporee.apply-now-online-digital.com
 login.dbs.webdbslistinonline.com
 login.privategold.uytrtyuhij987.gowithapex.com
-login.smbc.weddirecttop.com
 logindhlaccess.dhlupdatelogin.workers.dev
+loginnewatt.weebly.com
 logverify-df12e-verify-1230-eu.web.app
 loinesports.com
 lomadesarrollos.mx
 lombard11.eu
 lot-lp-x.web.app
+love.gos-box.com
 lp.vp4.me
 lrs.financial
 lrs.foundation
@@ -2481,13 +2306,10 @@ m.protc.safty-pege.workers.dev
 m.recovery.safetyacount.workers.dev
 m.recovery.saftypageupdate.workers.dev
 m.salsomascard.top
-m4-appcaixia.com
 m42club.com
-m5bundle.com
 machineryzoneservice.com
 macjakarta.com
 macst.cc
-madamailru.temp.swtest.ru
 madens.com.pl
 madrhinoconsulting.com
 maestro.my.prod.dfg152.ru
@@ -2499,15 +2321,15 @@ mail-account-verify-f4723.web.app
 mail-gmxaktualisierung.yolasite.com
 mail-ovhcloud.web.app
 mail-ssocloud-srvr67yhguh.pages.dev
+mail.atlanticeconcrete.com
 mail.enrollmoreclientsbootcamp.com
-mail.gov-taxid.completofyours.info
-mail.grup-dwsa-indomesia845.duckdns.org
 mail.ims-fe.com
+mail.kenanhusovic.com
 mail.kuttabalfatih.com
 mail.santepluspharma.com
 mail.sweetshopspecialtycoffee.com.au
-mail.tariqalaraimi.com
 mail.updateinfo-billingo2.com
+mail.wellsfargous.duckdns.org
 mail.wheel1factory.net
 mail.zenstream.com
 maildomaiincheck1.web.app
@@ -2535,60 +2357,56 @@ mailserver7656566.blob.core.windows.net
 mailupdattee10.web.app
 mailupdattee11.web.app
 mailupdattee12.web.app
-mailupdattee13.web.app
 mailupdattee14.web.app
-mailupdattee15.web.app
 mailupdattee16.web.app
 mailupdattee17.web.app
-mailupdattee18.web.app
 mailupdattee19.web.app
 mailupdattee20.web.app
 mailupdattee21.web.app
 mailupdattee22.web.app
-mailupdattee23.web.app
 mailupdattee24.web.app
 mailupdattee26.web.app
 mailupdattee27.web.app
 mailupdattee28.web.app
 mailupdattee29.web.app
-mailupdattee32.web.app
 mailupdattee34.web.app
 mailupdattee35.web.app
 mailupdattee40.web.app
-mailupdattee5.web.app
 mailupdattee6.web.app
 mailupdattee7.web.app
 mailupdattee8.web.app
-mailupdattee9.web.app
+mainbugerrorfixing.com
+mainmobilerectify.live
+mainsbscrestore.com
 maintoken.org
-mainwalletappconnect.com
 makcts-go.ru
 make-anon-keep-past.rvsla.workers.dev
 mala-riba.com
 malaprontaargentina.com.br
 malehaenterprises.com
 malukutenggarakab.go.id
+mamasitasont.blogspot.com
 mandirilivinlinksystem.brizy.site
-mandirilivinlinksystem2.brizy.site
 mandirilivinlinksystem3.brizy.site
-manthsedty.live
 manualsync.com
+maotun.xyz
 mapsa.com.pe
+marifilmines.ca
 marinthe.poingaitongamlm.link
 marketplace-axieinfinity.io
 marketplace-axlelnfiniity.com
 marketplace.facebook.com-1b6x8r3ep.isiolo.go.ke
 marketplace.facebook.com-29ta3qbv.isiolo.go.ke
 marketplace.facebook.com-hzup1bae.isiolo.go.ke
+marketplace.facebook.com-izkbuxmx.isiolo.go.ke
 marketplace.facebook.com-kq1oh2ae.isiolo.go.ke
+marketplace.facebook.com-milt5ssm.isiolo.go.ke
 marketplace.facebook.com-qze9zt75vm.isiolo.go.ke
 marketplace.facebook.com-sauuvazpjo.isiolo.go.ke
 marketplace.facebook.com-tyeuieb7.isiolo.go.ke
 marketplace.facebook.com-wd5sulr0f5.isiolo.go.ke
 marketplace.facebook.com-z1au8cxghl.isiolo.go.ke
 marketplaceaxieinfiniity.com
-marmardian.co.vu
-marylkmatzenger.com
 masdas0932.co.vu
 masum.lawyer
 match.lookatmynewphotos.com
@@ -2616,22 +2434,28 @@ mercani.pomyt.info
 mercariz.xyz
 meremanovegabana.website2.me
 mericarir.mbudeu.cn
-mericarir.mg0gbo1.cn
+mericarir.mednljn.cn
 mericarir.mgeukpx.cn
 mericarir.mglsffs.cn
-mericarir.mksydb.cn
+mericarir.mglxyul.cn
+mericarir.mhgqdtv.cn
+mericarir.mjrsrfo.cn
 mericarir.mktbbr.cn
+mericarir.mkxbqnu.cn
 mericarir.mlyffa.cn
+mericarir.mmsfzys.cn
 mericarir.mnfjwy.cn
 mericarir.mnheijt.cn
-mericarir.mrzcafk.cn
 mericarir.msnygk.cn
-mericorci-logining.sfhs26r.lyb6srb.cn
+mericarir.mtlrnzu.cn
+mericarir.mukkwvc.cn
+mericarir.mxsoecl.cn
 meriocori-logining.2y3uio.pyqbas.cn
 mestertignseekjet4.blogspot.com
 mestertignseekjet5.blogspot.com
 mestertignseekjet6.blogspot.com
 mestredaobra.com
+meta-support-centers.ml
 metalurgicagiom.com.br
 metamasc.club
 metamask-connect.com
@@ -2642,11 +2466,13 @@ metamask-wallets.yahoosites.com
 metamask.cam
 metamask.io-php.com
 metamask.kiwi
+metamask.loan
 metamask.protocol-process.me
 metamask.security-information.cc
 metamask.social
 metamask.wallets-reauth.net
 metamaskdownloadandroid.xyz
+metamaskextension.xyz
 metamassklogins-us.tumblr.com
 metaversepadapp.com
 meusabor.com.br
@@ -2654,19 +2480,20 @@ mfacebook.blogspot.com.cy
 mfacebook.blogspot.lt
 mfacebook.blogspot.rs
 mgpskartarpur.com
+mgrandroyale.com
 mibancocrece.com.co
 micacd.elshov.com
-michaelxrandazzo.com
 michiyado.com
 microcav.square.site
 microsoftonline.pages.dev
 microsoftwebserver.mfs.gg
 micuenta01.github.io
+midasbuy1st.com
+midsposc2.com
 mijnics-actualisatie.185-236-231-64.plesk.page
-mikhali.com
+mikayelxhovakimyan.com
 milanobet301.com
 militarybikers.org
-minamikaga.or.jp
 mingming20160152.github.io
 miozpro.com
 miracdoviz.com
@@ -2696,16 +2523,17 @@ mjaymvnlchrlbwjlcjizmxn0.filesusr.com
 mk2.ge
 mkjiool.weebly.com
 mnbxa.73kfer9.cn
+mnbxcas.zm7wwar.cn
 mncxx.qbeepor.cn
 mnnbx.r1rpj09.cn
+mnncxa.fwffsyt.cn
 mobiile.systemredirect-pages.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
-mobil-singaporre.digital-online-login-opportunity.com
 mobile-orange-forever.yolasite.com
 mobile-portail.live
 mobile.hedgesportst.me
-moccasinyellowbetatest--josekkk.repl.co
 moccasinyellowbetatest.josekkk.repl.co
 modest-hertz.45-81-232-15.plesk.page
+moiksys.com
 mon-token.com
 mon.espace.lcl.fr.certosini.info
 monbudri.xyz
@@ -2720,6 +2548,7 @@ montrealidiomas.com.br
 monyeward.com
 morcario.xyz
 morfybox.com
+movil.particulares-secure.com
 mqzlsim.mindlogicinfotech.com
 mrpitchman.com
 msc-doelsach.at
@@ -2740,16 +2569,14 @@ my-site219.yolasite.com
 my.jcpwb.com
 my.nhs-get-pass.com
 my.paydi.login-index-home.x4typfc.cn
-my.paydi.logining-nexy-home.en6cnm.asia
 my02billing-login.com
-myaccount.aol.wallat-billing.com.authlog.gq
+mybeii.live
 mycoerver.es
 mygoogleaccount.stantrade.xyz
 myjcb.cyyptoi.cn
 myjcb.thxpj.cn
 mymbg-aa2e2.web.app
 mymeta-securearea.plesk07.zap-webspace.com
-mymetamask-clientarea.185-236-231-227.plesk.page
 mymweb-owner.at.ua
 mypo-delivery.com
 mypsm.psm.edu.mm
@@ -2761,7 +2588,6 @@ mzqualitycleaning.com
 n-naoko-0319.github.io
 n.salsomascard.top
 n26.sa-france.fr
-n26servicetechnique.click
 n7orton.com
 nab-access-breach.com
 nab-alert.mobi
@@ -2769,7 +2595,6 @@ nab-www.303.si
 naderkhani.ir
 najboljeuslugezavas.betterservicesforyou.com
 nalandaias.com
-nalodke.com.ua
 nanjing.itud167.cn
 napgamelienquan.net
 naranja-users.auth0.com
@@ -2784,8 +2609,10 @@ natwest.secured-personal-verify.com
 nayablabs.com
 nayameehomes.com
 nbcc.0bit08a.cn
+nbcd.xiu58rl.cn
 nbcvs.gd65y69.cn
 nbcxa.lctlfdq.cn
+nbcxas.551awvr.cn
 nbhjxa.hblhi96.cn
 nbnonres.com
 nbxaa.b1b6nac.cn
@@ -2797,12 +2624,9 @@ ncgroup.club
 necessitymag.com
 nedbankqa.flowblocks.com
 nedriw.xyz
-neftlexi.com
 negociebra.com.br
 neptuneinnovations.com
 netciti.id
-netf1ix.us-891691712-local-781652.airalgeriecanada.ca
-netfl-lixids938mailmealkas.duckdns.org
 netflix-techarmy.me
 netflixus-uwm-916726-sbi-917827.kamaliakhaddar.pk
 networksol-f35e7.web.app
@@ -2826,9 +2650,8 @@ nhri.net
 nhs.my-vaccine-status.com
 niagarapower.com
 nic-home.com
-nisuper.com
 nizotchauffage.bilty.be
-nontonvidioviral2022nohoax.duckdns.org
+nodesconnection.com
 northlane.esy.es
 notife.help.institutepages.workers.dev
 notification-fb.secure-pages.workers.dev
@@ -2869,23 +2692,22 @@ oidda.5s2iamp.cn
 oijcd.qvjcddv.cn
 oikca.smwceku.cn
 oikcas.6b914ty.cn
+oikcd.uf27ce8.cn
 oikcxa.zvvx01z.cn
 oivac.com
 okcs.qj8yua.cn
 okds.bbtlcve.cn
-okep-terbaru-viral-2022.duckdns.org
+okep-viral-terbaru-terhist-2022.duckdns.org
 okmca.8xcrn6w.cn
 okmca.bxkfham.cn
 okmca.uwudagu.cn
 okmxa.lfgpror.cn
 okpwtu.webwave.dev
+ol-run1.online
 olidooo.waca.tw
 olk.us7apye.cn
 olmnxa.wc2ikux.cn
-olx-pay-pl.pay-id22343.top
-olx.saferegulatory.com
 omesqiwines.de
-omicronvariat.pagedemo.co
 oncopharma-ae.com
 onecreator.info
 onedrive.zhaoge.workers.dev
@@ -2895,13 +2717,16 @@ oneone-19cd8.web.app
 oneone-a38ef.web.app
 online-sistem.com
 onlineasesor01.hostfree.pw
+onlinebanking.unrecognised-new-payee.com
 onlineffn2.temp.swtest.ru
+onlineislemlersayfasivkfgirisicom.tk
+onlinsfuco.temp.swtest.ru
 onlysportplus.com
 ooxvocalor.yolasite.com
 opansea.live
 open24.ie-tsb.email
+operationroofingllc3.com
 opticabattilana.com.ar
-optika-anda.hr
 ora-n.yolasite.com
 orabu.it
 orange-dcr.fr
@@ -2912,11 +2737,8 @@ orange2k22.wixsite.com
 orangeb191.temp.swtest.ru
 orangess.contactin.bio
 org-nr.yolasite.com
-orlen-inwe.web.app
-orlen-x.web.app
 orlen.digital
 ormantencs112.odoo.com
-oryxcaracalsecurity.com
 osis.world
 otomoto-h229.net
 otomoto3452.com
@@ -2925,6 +2747,7 @@ oudczfbniitcqdsrmaapdztwqo-dot-gl44393333333.rj.r.appspot.com
 ourgarden.us
 outlook1541489.webcindario.com
 outlookcom119.yolasite.com
+ouverturecompte.lbp-eer.fr
 oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com
 p1c.servleboncoinser.com
 package2021.blogspot.ba
@@ -2932,7 +2755,6 @@ package2021.blogspot.bg
 package2021.blogspot.com
 page-restrict-case22456548.help
 pages-1008009999700022199021.com
-pages-1008097555214021.com
 pages-alert-facebook.ezyro.com
 pages-community-standart-2022.co
 pages-marvelous-project.webflow.io
@@ -2941,11 +2763,11 @@ pages-support-office-2021.tk
 pages.secure-accts.workers.dev
 pagesdetectscopyrightpostingactivitiesreported.co.vu
 pagos.sinpemovil.cr
+paidpapers.net
 paleyeer.com
 palmm.ps
 pancaakesvap.com
 pancake-sawp.com
-pancake.ellipsis.finance
 pancake7wop.com
 pancakesawpes.com
 pancakesfinances.info
@@ -2955,7 +2777,6 @@ pancakeswap.men
 pancakeswap.multi-wallet.info
 pancakeswap.salsasourcing.com
 pancakeswapes.company
-pancakeswapex.com
 pancakeswapexcgn.com
 pancakeswapexch.com
 pancakeswapexchage.com
@@ -2963,17 +2784,15 @@ pancakeswapexchg.com
 pancakeswappshop.blogspot.com
 pancaku-swap.com
 pancalteswap.finance
+panccakesswap.org
 panckaceswap.finance
-pancoke.com
 pandaskin.ru.com
 panelweb-4cae2.web.app
 pankaceeswap.com
 pankaceswapes.finance
 pankakeswap.ledgity.com
 pannelpub-benin.com
-pansccakeswap.finance
 pantazisezopiiuurmail1.web.app
-pantekkalisakitkepalaku.blogspot.com
 parcel-support018.com
 pardot.assemblecommunities.com
 pasarbta.info
@@ -2984,6 +2803,7 @@ pathospitals.com
 patient-cell-40f5.updatedlogmylogin.workers.dev
 patwise.co.in
 paws.org.au
+paxfulacct.com
 paxfulmenu.com
 pay-sera.web.app
 pay16-olx.pl
@@ -2991,13 +2811,16 @@ paymentnotificationnow.blogspot.com
 paypal-online-2deposits-paymentaccept.tk
 paypal-opladen.be
 paypalforex.co.ke
+pbemail.youxiangdashui.com
 pdf-cloud-document.weeblysite.com
 pdf-sharefile-doc.weeblysite.com
 pdflogincnvwo.app.link
 pdfsecured.mystrikingly.com
 peaceful-black.193-70-50-31.plesk.page
+pedih.001www.com
 pembatalanakundinonaktifkan.weebly.com
 pencakecwap.com
+pensive-payne-505e1a.netlify.app
 perfectliker.net
 peringatanakunfb2k214.webnode.com
 phantom-walletweb.app
@@ -3023,7 +2846,8 @@ pikay13.github.io
 pilmezorda.temp.swtest.ru
 pinchinchaverify.webcindario.com
 pirana.co.rs
-pl-swiatowe-wiadomosci.pl
+pkobp.pl.justns.ru
+pl-wiadomosciswiatowe.pl
 pla1060604.nichost.ru
 plan-o2-monthlypayments.com
 planetaamor.org
@@ -3032,8 +2856,6 @@ platinumserviceac.com
 playgirlgold.com
 ploferta.com
 plugmailextraexpiredoldpolicynotificationscenter.pages.dev
-plwiadomosciwszystkie.pl
-po-deliver-fees.com
 po-service-page.com
 poc-rewards-program-c2dfc.web.app
 podpiska-darom.ru
@@ -3050,6 +2872,7 @@ poligrafiapias.com
 polkadot-france.fr
 polkastarter.app
 polsd.pa0cpof.cn
+polska-informacyjna.pl
 polxa.uh8dg67.cn
 polygon-pro.com
 polygon-secure.com
@@ -3067,7 +2890,6 @@ postch9192.cargo.site
 postechsuivre.ileanamlaw.com
 postnl.post-tracking-delivery.etelinfra.com
 poww.6hkjmb.cn
-ppkllp.com
 ppnnttcc.ppcnthsc.me
 precisionimpex.com
 preg.dspearhead.com
@@ -3084,11 +2906,13 @@ primecentral.jixinggaozhao2.shop
 primecentral.qiourn.shop
 primeone.org
 printtoner.com.mx
+prism.net.in
 privacy-update-page-prtections-association-recovry-secu.web.id
 privacy-update-secu-recovry-page-protection-4565544.web.id
 privacy-update-secu-recovry-page-protection-comunity-45.web.id
 priyankasandokar1606.github.io
 pro.icloudremovaltool.com
+pro.systemine.xyz
 procservautomatizacion.com
 production.anon-rest-keep-reset.sales18130.workers.dev
 production.anon-step-keep-object.sales18130.workers.dev
@@ -3102,6 +2926,7 @@ production.try-murpheos-keep.sales18130.workers.dev
 production.twilight-darkness-9e4b.updatelogaccountprogramedrfwerwrdhscsw.workers.dev
 project1-df3e9.web.app
 projectlovewell.com
+promashoppe.com
 promehedinti.ro
 promerica-sv.webcindario.com
 promericalinea01.webcindario.com
@@ -3110,8 +2935,6 @@ prosmate.com
 prosxsiuser.myfreesites.net
 prosys.poweredbygravit-e.co.uk
 protect-4d56vca.surge.sh
-proteczzguuaaardzzzpagess.000webhostapp.com
-proteczzpagezzguarddzzz.000webhostapp.com
 provodi.com
 proximus-account.azurewebsites.net
 ptxx.cc
@@ -3131,13 +2954,13 @@ qhmqhgnfqbcoxkwamsioilhdmv-dot-gl44393333333.rj.r.appspot.com
 qsh74pekkv5e8.clickfunnels.com
 qssa.x5yrlr.cn
 quinaroja.com
+quirky-jones.172-245-159-112.plesk.page
 quotex-qx.com
 qwas.nfi71vw.cn
 qwea.wvhee0w.cn
 qweas.hi5g95r.cn
 qweas.p6rhddj.cn
 qweas.zwfaclq.cn
-qxluatbght.cfolks.pl
 r3c31v30n3-1d3nt1ty.000webhostapp.com
 rabellartz.de
 rabofree.blogspot.com
@@ -3145,6 +2968,7 @@ rabofree.blogspot.li
 rackenfordlabs.com
 racuten.nuef.info
 radhikamd.github.io
+rafbbmx.ga
 rafbbmx.ml
 raipurrussianescorts.com
 rakoten-card.buogfbizkugf.gq
@@ -3155,17 +2979,12 @@ raktuen.laobanlocker.com
 rakuitan-card.info
 rakuten.awjoadc.cn
 rakuten.card.nuosreaoms.com
-rakuten.card.uosmcoua.com
-rakuthn.shop
-rakuttm.shop
+rakuten.co.jp.rakutenajp.xyz
 ramgarhiamatrimonial.ca
 rareelements.io
-rasmer.fi
 ratewatch.net
 raycargo.com
 raydiom.io
-razcjjf.ga
-razcjjf.ml
 rbcmontgomery.com
 rd8um.app.link
 rdirtfuo6t.vov.ru
@@ -3174,9 +2993,9 @@ re-redirection-acc-id923872635122.blogspot.com
 real-anon-keep-passing-word.rvsla.workers.dev
 realestate-page-10843446024.expresspestcontrol.co.nz
 realindiatravel.com
+recibeya.tufacilmoneyonline.online
 reconfirmpost287846656.us
 recover-pages-media-problems-secur-782.web.id
-recover-pages-secur-media-problems-393.web.id
 recover-pages-secur-media-problems-397.web.id
 recovery-chain.com
 recovery-fb.secure-acct.workers.dev
@@ -3194,12 +3013,12 @@ reglic.in
 regularsweeps.xyz
 reignbike.com
 reikisadhna.com
+rekoution.bcszxcd.shop
 relevant.systems
 remittance369297292749.goshly.com
 renovkonstruksi.com
 repl-mess.myfreesites.net
 restore.exodusapp.ru
-restoredabefore-com.filesusr.com
 restorewallet-activation.net
 retiro-extracash.com
 retiro.cl
@@ -3227,7 +3046,6 @@ roccobonheur1-my-cheetah-website-copy.cheetah.builderall.com
 roisnoob.github.io
 rokulinktechnology.com
 rolinadd.surveysparrow.com
-romanceify.com
 rondalowa.blogspot.com
 rondelbarrilito.com
 ronin-help.com
@@ -3243,10 +3061,10 @@ rplg.co
 rrakutenn.co.jp.azii.cn
 rrakutenn.co.jp.nanofresh.cn
 rsujkblokqlyqfonpzgztejdji-dot-gl44393333333.rj.r.appspot.com
-rufoxxy.com
 runescape-info.com
+runescapebonds.com
+runescapeevents.com
 ruth.martulangbelulalng.workers.dev
-ryanicolehoward.com
 rymproducciones.com
 s-sarfati.co.il
 s.macecri.com
@@ -3271,7 +3089,6 @@ sanjilkumar.com
 sankyo-rz.com
 sanru.cd
 santander.secured-auth-login.com
-santanverifyfunction.com
 santepluspharma.eclatmediasolution.website
 santoshdangi.com.np
 saritapariyar.com.np
@@ -3293,16 +3110,16 @@ secure-boncoincontrol.net
 secure-halifax-device.com
 secure-mynew-devices.com
 secure-runescape.xgm.rnp.mybluehost.me
-secure-service-gateway.com
 secure-zirox.s3.ap-southeast-2.amazonaws.com
 secure.legalmetric.com
 secure.oldschool.com-cl.ru
 secure.oldschool.com-cu.ru
-secure.oldschool.com-cv.ru
 secure.oldschool.com-oz.ru
 secure.oldschool.com-rsu.ru
+secure.runescape.com-ak.ru
 secure.runescape.com-as.cz
 secure.runescape.com-az.ru
+secure.runescape.com-ca.ru
 secure.runescape.com-cl.ru
 secure.runescape.com-co.ru
 secure.runescape.com-cu.ru
@@ -3315,13 +3132,13 @@ secure.runescape.com-vs.ru
 secure300.inmotionhosting.com
 secure303.inmotionhosting.com
 secure55.webhostinghub.com
-secure7-servr01-log-in.4nmn.com
-securee37-authen21.duckdns.org
+secureaccount.ntflxauth.co
 securegateway-ovhcloud.csl-sl.de
 securelloyd-help-app.com
+securewalletprotocol.online
 security-page-community-standards.blogspot.com
 seguridad-oca.webcindario.com
-seleb-indo.duckdns.org
+seleccionperfil.xyz
 selector26.gg
 selector28.gg
 sem.my-drs.co.uk
@@ -3331,7 +3148,7 @@ sendung.eyecatch.ch
 sergebubnin.space
 sertyxese.myfreesites.net
 server-networksolutions.web.app
-serverprotocols.com
+server221.security.coinbase.com.gdone.co.ke
 servervalidationcheck103.web.app
 servervalidationcheck104.web.app
 servervalidationcheck105.web.app
@@ -3386,7 +3203,6 @@ serviceinfo-securehost.duckdns.org
 servicepage.service-page.workers.dev
 servicepichincha.webcindario.com
 services.runescape.com-as.cz
-services.runescape.com-oc.ru
 services.runescape.com-rse.ru
 services.runescape.com-rsu.ru
 servicesbancaire.com
@@ -3414,6 +3230,7 @@ sharedtris.com
 sharelink.sn.am
 shayvardphoto.ir
 shinex.lk
+shippment2.temp.swtest.ru
 shirhokos-mhalskbsiaoutfew43535.duckdns.org
 shirtshanger.com
 shiye666.cn
@@ -3425,11 +3242,9 @@ sidneyfcuorg.freshy.site
 sign-trk.empressmd.com
 signin-gcq7uwojrw58brcckylebjuy39nk2ivt65ol39k6ut6ura94zk.website.yandexcloud.net
 signin-payeer.com
-signin.eday.ed.ws.eday.ispi.dll.signin.using.ssl.hors-stade.com
-silkroadwines.com
 silpovsatb-ua.online
 silverberrygroup.com
-sim0nt0k-viral-terbaru-2022.duckdns.org
+simonecamposshop.com.br
 simpkk.karanganyarkab.go.id
 sindarspen.org.br
 siporados15585.blogspot.com
@@ -3462,12 +3277,11 @@ slavamel.github.io
 sleepmaskz.com
 slickparties.com
 slmkufeckf.jon-jensen.workers.dev
-slovenska-posta.sytes.net
 slowlinebag.jp
 sm.scicemecod.com
 sm777.csb.app
+smartfixconnect.live
 smbc-accout.com
-smbc-credit.shop
 smbc-veaiana.com
 smbcbc.com
 smbccjp.shop
@@ -3475,10 +3289,11 @@ smbcr.mrtka.info
 smbcwodeqingguoshoujicojp.top
 smeo.org.mx
 smgolamalif.github.io
-smirl.org
 smkkesehatanjember.sch.id
 smmsvocal.yolasite.com
+smpn2jeruklegi.sch.id
 sms-check.sc-q.top
+sms-infos.d2tt.co
 sms-shorter.com
 smsbc-info5.com
 smsenligne.myfreesites.net
@@ -3486,6 +3301,7 @@ smsorangephonemail.myfreesites.net
 smsorangesmsmessage.myfreesites.net
 smss-mms.yolasite.com
 smsverificationmms.myfreesites.net
+smvbc-info.com
 smwam.coms.cso.gov.tt
 so.macecri.com
 soaringskiesrentals.com
@@ -3498,7 +3314,6 @@ sognointerno.com
 solicitarfirmaelectronica-sv.com
 solyanayakomnata.ru
 sopac.org.py
-soracoes.xyz
 souaxwaoh.myfreesites.net
 soude-masi.firebaseapp.com
 soufsont.blogspot.com
@@ -3524,6 +3339,7 @@ spirit.gtwozone.com
 spk-entsperren.de
 spk-jahreswechsel.com
 spk-secure-de.com
+spkfod.coms.cso.gov.tt
 sport.protected-secur.workers.dev
 sportshoes.top
 sportybetpremium.wapka.co
@@ -3540,8 +3356,10 @@ ssia.org.sg
 ssl.dsl.isl.mll.aqmst6.stockestan.ir
 sso-garena.com
 sswebmail-4w5twsr.web.app
+staffportal.uoz.edu.krd
 stage.vannaryfowler.com
 staging.eliteautomotive.com.au
+standardcapbnk.com
 standardupdatesupportandhelpcenter2021.ga
 starforsure.com
 starliker.net
@@ -3551,11 +3369,10 @@ static-ak-fbcdn.atspace.com
 static-dev.o2alerts.com
 static-promote.weebly.com
 status-dev.o2alerts.com
-stbkcoltria.atwebpages.com
 stclarechurch.net
 steamcommunites.com
 steamcommunitj.com
-steamnitrof.com
+steamcommunityk.com
 steampoweredtrade.org
 steampoweredtrades.org
 stevemadden-sverige.com
@@ -3571,6 +3388,7 @@ stjohnmarol.com
 stjudes.in
 stolizaparketa.ru
 stollgroup.coms.cso.gov.tt
+stomkinscommercial.com.aus.cso.gov.tt
 storage.yandexcloud.net
 storenike365.top
 studio-lol.com
@@ -3585,13 +3403,11 @@ suiviticket.co
 sukien-pubgmoblevng.ga
 sultan-raza.github.io
 sumpandtankcleaners.in
-sunami.pagedemo.co
 sunbeltmembers.com
 sunge-ode.firebaseapp.com
 sunshineteam.in
 super-dawn-3035.ddahluwalia.workers.dev
 supermilhas.com
-suportecxacesso2020.com
 supotsstunes.servehttp.com
 suppliers.bitshepherd.org
 support-auwebaccessjpnaikpanggung.com
@@ -3623,6 +3439,7 @@ sysm5rn.cn
 system-fassil-net-2-3242353453453--12344443.repl.co
 t0nline0de0login-001-site1.itempurl.com
 taher-mohamed-ahmed-saad.github.io
+take-free-2022.duckdns.org
 taoistw345ie.co
 tarik-fitness.com
 taxcare.page.link
@@ -3644,11 +3461,13 @@ tellmeliu.github.io
 templat65sldh.myfreesites.net
 temporary-url.com
 terpelsicumple.com
-terracontiles.com
+tesladrive-event.com
 test.bayoucitybadges.org
 test.bitflye87.com
 test.dxbproductions.com
+test.myshopclub.ru
 test.webclient4.de
+testing-domain.duckdns.org
 texasfreedomrun.com
 tgpafasfsakkk.pages.dev
 theaceofspaeder.com
@@ -3670,8 +3489,6 @@ tieganford.ca
 tighi.creatorlink.net
 tight-samiuboc.co
 tikitaps.com
-tinhtrangdon.com
-tinyurl.mobi
 tipografieonline.ro
 tirozhjewelry.com
 titelinedrillingintl.yolasite.com
@@ -3690,7 +3507,6 @@ topskills.ru
 torccolborrachas.blogspot.com
 torrinwine.com
 touchidea.top
-touronline2022.com
 tovowhuqeojweawmubmaqmqlv.hofferflow.icu
 tpayleboncoin.com
 traders-joesxyz.com
@@ -3701,23 +3517,18 @@ triangarena-membership.ga
 tribratanewsbondowoso.com
 tribunbalikpapan.com
 truegrip.com
-trust-wallet.com.cn
 trustinpichincha.webcindario.com
 trustpress.gr
 trustypichincha.webcindario.com
-ts3cacd.jhfshm.com
 ts3cacd.rzjxbv.com
 turntekcnc.com
-twoje-zdjecia-622.herokuapp.com
 tx.vc
 txwnmdsbqghviqxpglgzjrgbzv-dot-gl44393333333.rj.r.appspot.com
 typedream.site
 typesmartlyocr.com
 tyrecentre.ru
 u08qv44zu5h.typeform.com
-u1571226.cp.regruhosting.ru
-u1571630.cp.regruhosting.ru
-u1571652.cp.regruhosting.ru
+u1565723.plsk.regruhosting.ru
 u18741649.ct.sendgrid.net
 u827857uw6.ha004.t.justns.ru
 uabaiieo.com
@@ -3740,7 +3551,6 @@ uhnsa.sdmpo0s.cn
 uhnxa.d23xsru.cn
 uhnxa.q83itv9.cn
 uhnxas.rvw56l.cn
-uiuui.pagedemo.co
 ujcd.um2nlru.cn
 ujdaa.fn3m4en.cn
 ujds.5e8tn13.cn
@@ -3761,6 +3571,7 @@ ujnca.wxuqxb7.cn
 ujnca.zgbo0g.cn
 ujncd.kzi68ra.cn
 ujncd.lw2djbm.cn
+ujnxas.vj135ih.cn
 ukcare.in
 umbrellaclubla.com
 unam.myfreesites.net
@@ -3771,9 +3582,8 @@ uniassessoria.com.br
 unicreditaustria.ucs.info
 unifacema.edu.br
 unifacvest.net
-unillantas.com.sv
+unifiedsmartsync.live
 unionheightsresidental.com
-unipo-a.web.app
 unisons.store
 unisonsouthayr.org.uk
 uniswap.ch
@@ -3783,7 +3593,6 @@ uniswap.pages.dev
 uniswap.seal.finance
 uniswap.token.im
 uniswap.trading
-uniswap.vn
 uniswapfinancing.info
 uniswaps.net
 unitedalliance-online.000webhostapp.com
@@ -3794,24 +3603,21 @@ unnxa.pqpchqo.cn
 unpocodearte.cl
 unregpayee-lb.com
 unsub.listhandlr.com
-upbeat-dhawan.179-43-173-14.plesk.page
 updateinfo-billingo2.com
+updatemy.software
 updateseason.com
 updatestory2022.co.vu
 updatevoda-billing.com
 upgrade-25gb-email.thecornerstudio.com.au
 upgradedserver.online
-upgradingattonlinee.weebly.com
 uploadpichincha.webcindario.com
 uploads.codesandbox.io
-upnew.site
 uppledpichincha.webcindario.com
 urbenorte.com
 urgent-halifaxlogin.com
 userboitevocalweb.flazio.com
 userinformationstoreupdatesmail.pages.dev
 usfn.net
-uspsconfirm.iconoomikert.com
 uspsexpressdeliveryline.com
 uswowgame.net
 uueer.7jgy5xe.cn
@@ -3821,6 +3627,7 @@ uyhnxx.urpzkva.cn
 uyqw.dykowec.cn
 uz154.sbs
 v.macecri.com
+v3r1f1c4t10ns-1d3nt1tys.000webhostapp.com
 v3r1f1c4t10ns-c3nt3rp4g3.000webhostapp.com
 vaccine-status-info.com
 vakif.albay-arnold.com
@@ -3828,45 +3635,45 @@ valax-wallet.com
 valenciaoptometry.com
 valenteplay.com.br
 validacionpichincha.odoo.com
+validate-chain.com
 validate-solana.com
 validator-fzkiy.run-us-west2.goorm.io
 vallion.motiffliterature.me
 vcz.gmoqkzu.cn
 velvish.com
 ventas.lnterbarnk.pe.jifad.org
-verfybadgeappform.com
 veri-pichincha.webcindario.com
-verificaciondeprioridad.com
 verification-trustwallet.4bl-eg.com
 verification.fb-page.workers.dev
 verificationmessage.blob.core.windows.net
+verifications-zones.com
 verififacebookid.wixsite.com
 verifiikasi-accounts.weebly.com
 verifikasi-akun-anda0011.weeblysite.com
 verifikasi-akun-facebook0022.weeblysite.com
 verifikasi-identitas47.weebly.com
 verifocaoffa.webcindario.com
+verifymywallets.com
 vgiuhkjnm.b9u6vh5l7g1797.workers.dev
 victorarath99.github.io
 videobigo.com
 vietlime.vn
 vietschi.de
 viettel-com-dot-c2c01-531c7.uc.r.appspot.com
-vigortech.com.np
+vigilant-murdock.45-81-232-15.plesk.page
 viguohilkasdsd.izwe6g6lyc.workers.dev
 vilaanimalviana.pt
 vinbpcfatfnkjftetwwkucfqsi-dot-gl44393333333.rj.r.appspot.com
 vinivet.mk
 vipfbtools.com
-vipprofessional.net
 viral-groub.duckdns.org
 virginia-spi.com
 virtual1dattss.com
 vis-stort.github.io
-visa-band.com
 vishaljangale01.github.io
 visione.co.id
 visionproperty.in
+vk-money.xyz
 vk-posters.ru
 vk-vhods.co
 vkjbm.4nt4nb464e6113.workers.dev
@@ -3885,25 +3692,30 @@ vugik.mecil33784.workers.dev
 vv.macecri.com
 vvjde0h0ttttf9hay.com
 vvpaes-me-index.egvtpp.cn
+vws.co.in
+vxcas.a35570.cn
 vxdse.myfreesites.net
 w2.deraya.org
 w5aproject.s3.us-east.cloud-object-storage.appdomain.cloud
-w5czf.csb.app
 wahed-koudsi2001.github.io
 walkers-dot-composite-store-326315.uk.r.appspot.com
 wallcertifyonmesh.com
 walldesign.com.tr
 wallet-connect012.web.app
 wallet-reconnection.xyz
+wallet-verified.com
 wallet.silesiacoin.com
 wallet22.000webhostapp.com
+walletconnect-tool.net
+walletconnect-tools.xyz
 walletconnectonline.pages.dev
 walletconnectors.com
 walleterrorsupport.com
+walletokenvalidation.com
+walletsconect.live
 walletsconnex.com
 walletsliveconnects.net
 walletsreauth.org
-walletsvalidator.org
 walletsynclive.com
 walletvalidation.me
 walletvalidators.com
@@ -3919,6 +3731,7 @@ warbonus.ru
 warningshadows.org
 warsa.bandungkab.go.id
 wasites.000webhostapp.com
+waterproofingengineer.com
 we-exodus-wallet.yahoosites.com
 web-armas.royale-freefire1garena-bonus.com
 web-b4119.web.app
@@ -3936,13 +3749,15 @@ web-verifi05.webcindario.com
 web-verifi06.webcindario.com
 web.bredbanque.trans.sylog.co
 web.royale-freefire1garena-bonus.com
-web7320.web07.bero-webspace.de
 webbbb.yolasite.com
 webbl.yolasite.com
+webdappsconnection.com
 webdatamltrainingdiag842.blob.core.windows.net
 webdesecure.clickfunnels.com
+webhost-verify.duckdns.org
 webip.yolasite.com
 webmail-2aaa0.web.app
+webmail-optusnet-com-au-sign1.weebly.com
 webmail-sso8uyg.web.app
 webmail.gourmer.co.in
 webmail.login.access.docs67.live
@@ -3952,20 +3767,17 @@ webpres.000webhostapp.com
 webregular.xyz
 webservice-verify.duckdns.org
 websitefun.club
-websiteorange.wixsite.com
 webstories.eu
 webvalidity.com
 well-42d74.web.app
-wellsfargo-online06.herokuapp.com
-weryfikacja-facebookowa-27.herokuapp.com
 weryfikacja-facebookowa-28.herokuapp.com
 weteachbh.com
 whare.100webspace.net
+whatsapp-grub99zyc.duckdns.org
 wheelsofmercy.org
 whitelist-network.com
 widadkamillah.github.io
 wiki.oceanreeflifegame.com
-wildcard.isiolo.go.ke
 windstream-net.firebaseapp.com
 winville.biz
 wireconfirmation68c10a25442a3e13.blogspot.com
@@ -3982,12 +3794,15 @@ wpsoar.com
 wqass-index.chobqu.cn
 wqass-index.dccigq.cn
 wqass-index.gbswz.cn
-wqass-index.jeewiki.cn
 wqass-index.pygbw.cn
 wrww-roblox.com
+wsertyzx.gq
 wteeoq.pfinanceiro.com.de
+ww.lnterbank.pe.personas.aaseguros.mx
 ww.lnterbank.pe.personas.onlinesocket.in
+ww.lnterbank.pe.personas.t-class.org
 ww16.inpost-pl-3dsecure.clear-id.xyz
+wwedealershipon.000webhostapp.com
 www-cursosdigitalesmx-com.filesusr.com
 www-degelyehuda-org-il.filesusr.com
 www-europe564598-com.filesusr.com
@@ -3995,10 +3810,9 @@ www-europessign-com.filesusr.com
 www-key-com.test.edgekey.net
 www-mufg-jp.handicraft.ltd
 www-mufg-jp.kaiqi.ink
-www-wattsapcom.duckdns.org
+www.facebook.com-sauuvazpjo.isiolo.go.ke
 www2.rakutan.co.jploginffd9dfg7.carwork.cn
 www2.rakutan.co.jploginffd9dfg7h.iotbaas.cn
-www2.rakutan.co.jploginvcx8ds.nanoart.cn
 www2.rakuten-card.co.jp.wzsrc.cn
 www2.rakutenn.co.jp.nanopark.cn
 www2.rakutenn.co.jp.zgyo.cn
@@ -4010,6 +3824,7 @@ x.scicemecod.com
 xcas.xoh29oz.cn
 xcasd.7vo6bt.cn
 xcasd.b204uje.cn
+xcasd.tcbjnhq.cn
 xcasd.yikn2gd.cn
 xcryptocars.blogspot.com
 xcvdsd.page.link
@@ -4028,10 +3843,10 @@ xjmr7.mjt.lu
 xjpyyds.pem4yp3.cn
 xkljfg.ml
 xn--gmal-sya.com
-xn--instagam-sf0d.com
 xn--ltappen-80a.se
 xn--metamsk-lwa.link
 xn--rpondeur-sfr2-bhb.yolasite.com
+xpubgfrozen.tk
 xqr3i.mjt.lu
 xqr3n.mjt.lu
 xqr3u.mjt.lu
@@ -4040,14 +3855,16 @@ xrxh1.mjt.lu
 xrxh2.mjt.lu
 xrxhl.mjt.lu
 xsbrookshhjx.top
+xspin.cawnibos.com
 xtio.ch
 xtw42.mjt.lu
+xvideokoreanwifesister18.duckdns.org
 xx.macecri.com
 xxaas.tp00jv9.cn
 xxasd.sf29hrg.cn
 xxx-com-dot-c2c01-531c7.uc.r.appspot.com
-xyproject.xtensio.com
 xzasd.uz64g3.cn
+yahoo%2eco%2ejp@asdxa.p2x11pi.cn
 yahoo%2eco%2ejp@bghgcd.psuxscm.cn
 yahoo%2eco%2ejp@bhgxa.eo76sni.cn
 yahoo%2eco%2ejp@cdas.nxzigco.cn
@@ -4069,12 +3886,11 @@ yahoo%2eco%2ejp@ujhdca.mdwclcb.cn
 yahoo%2eco%2ejp@uyhnxx.urpzkva.cn
 yahoo%2eco%2ejp@zxas.2nd0g8.cn
 yahoo%2eco%2ejp@zxass.jbkyj0o.cn
-yahoopoweredservice.duckdns.org
 yahuomall.square.site
 yairix.github.io
 yalena.me
+yandex-viral.duckdns.org
 yaqoobi.org
-yaranfayez.com
 yayanti.com
 ybdaa.oqsgm9r.cn
 ybggd.fjgjoux.cn
@@ -4094,11 +3910,13 @@ yma1ll0g0n.odoo.com
 ynbgdc.woprkzp.cn
 ynbxa.pvgulkz.cn
 yndda.m117s1s.cn
+yo7ka-anna.com
 yogeshwarwiremesh.com
 youknowar.com
 young-snow-7447.tcheviron5269.workers.dev
 youreasygoing2022.co.vu
 yqlpeitost.duckdns.org
+ytdjhstej.tk
 yuhjjkss.web.app
 yumpai.cn
 z.macecri.com
@@ -4106,10 +3924,12 @@ z.scicemecod.com
 z0massegurabclp1.shreeramwoodindustries.com
 z2qje.codesandbox.io
 z3voicrxxvs.typeform.com
+zacharytlasko.com
 zackselectronics.co.zw
 zaktualizacja-platnosci.netfxtv.co.pl
 zasd.yhxmd30.cn
 zb2-home.web.app
+zen-minsky-ef5931.netlify.app
 zenvinyl.com
 zepe.io
 zeroquiz.com
@@ -4122,10 +3942,8 @@ zmpcoacu.cyou
 zmpcoado.cyou
 zoho-online.web.app
 zoho-validationserv.web.app
-zonalnterbank.com
 zonmca.hxljatvw.cn
 zshrvvo.cn
-zuiunsya.com
 zxas.2nd0g8.cn
 zxas.hs0rgq8.cn
 zxass.jbkyj0o.cn
@@ -4134,6 +3952,5 @@ zxcaspx.aghwlup.cn
 zxcnash.seufhsk.cn
 zxcod.01l241.cn
 zxcuashs.e0n0gh5.cn
-zxdlbny.cn
 zxnahs.3cze6ri.cn
 zz.macecri.com
diff --git a/dist/phishing-filter-hosts.txt b/dist/phishing-filter-hosts.txt
index 04655b99..16ef110d 100644
--- a/dist/phishing-filter-hosts.txt
+++ b/dist/phishing-filter-hosts.txt
@@ -1,5 +1,5 @@
 # Title: Phishing Hosts Blocklist
-# Updated: Sun, 16 Jan 2022 12:01:44 +0000
+# Updated: Mon, 17 Jan 2022 00:01:35 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/phishing-filter
 # License: https://gitlab.com/curben/phishing-filter#license
@@ -13,9 +13,6 @@
 0.0.0.0 02-billing-support.org
 0.0.0.0 08863299.sso-secure-mail0454etr.pages.dev
 0.0.0.0 0bs.de
-0.0.0.0 0gjvj7a8eydbjz3au8anbg-on.drv.tw
-0.0.0.0 1000000000347789523698541.tk
-0.0.0.0 1000000000347789523698545.tk
 0.0.0.0 1000000000347789523698546.tk
 0.0.0.0 1000000000347789523698547.tk
 0.0.0.0 109edc5b.ssdtfgyb09.pages.dev
@@ -25,6 +22,7 @@
 0.0.0.0 15004083383734.data-store-company.com
 0.0.0.0 154.30.211.130.bc.googleusercontent.com
 0.0.0.0 16park.cn
+0.0.0.0 1727365.com
 0.0.0.0 178.128.108.233.dsl.dyn.forthnet.gr
 0.0.0.0 1800poolservice.com
 0.0.0.0 185-46-10-159.cloudvps.regruhosting.ru
@@ -39,7 +37,6 @@
 0.0.0.0 2022-girobanken-sparkassen.xyz
 0.0.0.0 2022.intrebrkprsonas.xyz
 0.0.0.0 217651.8b.io
-0.0.0.0 2247317.verifyinguser426128734570198363.com
 0.0.0.0 228.94.92.rev.sfr.net.gghost.ru
 0.0.0.0 24611250.sibforms.com
 0.0.0.0 2482689012.yolasite.com
@@ -48,12 +45,16 @@
 0.0.0.0 2fa.bthei.com
 0.0.0.0 2pil.ru
 0.0.0.0 2rakuten.co.jp.happyyear.cn
+0.0.0.0 2yfh.short.gy
 0.0.0.0 3-139-75-158.cprapid.com
 0.0.0.0 343i.org
 0.0.0.0 343t3dv9qdufp.clickfunnels.com
 0.0.0.0 3568365.com
+0.0.0.0 365unfreezesecurity.com
+0.0.0.0 3782365.com
 0.0.0.0 3a10a178.s6t6sj4s46tu4sys54y5.pages.dev
 0.0.0.0 3bvjh.sbs
+0.0.0.0 3c5.com
 0.0.0.0 3ck.me
 0.0.0.0 3dprintersupplies.com.au
 0.0.0.0 3dsecure-update-service-info-live.duckdns.org
@@ -77,18 +78,19 @@
 0.0.0.0 613707.selcdn.ru
 0.0.0.0 61da8ae6.6u6566hrrthsh45.pages.dev
 0.0.0.0 638ca12d-ba2f-451c-8418-faf56b7de7ff.htmlcomponentservice.com
-0.0.0.0 65451440241544.hyperphp.com
-0.0.0.0 664876.verifyinguser426128734570198363.com
+0.0.0.0 6734365.com
 0.0.0.0 67lksxgjd.bttmassage-thai-tanger.com
 0.0.0.0 6a7zu9he6mqh.clickfunnels.com
 0.0.0.0 6c7f0acc.sibforms.com
+0.0.0.0 6stupefacentevideo2022.pagedemo.co
+0.0.0.0 754675377.xyz
 0.0.0.0 7837365.com
 0.0.0.0 7a4298b9.sso-mail-secure234ds23d23wd1.pages.dev
 0.0.0.0 7wr4u.csb.app
 0.0.0.0 7yu3v.csb.app
-0.0.0.0 8010361370310234068010361370310234.blogspot.be
 0.0.0.0 859411.icu
 0.0.0.0 8760365.com
+0.0.0.0 885211.icu
 0.0.0.0 889381.icu
 0.0.0.0 8899.jp
 0.0.0.0 89ix7y0.cn
@@ -116,15 +118,18 @@
 0.0.0.0 absolute-containers-sip.business.site
 0.0.0.0 absolutepleasure.com.my
 0.0.0.0 acacia.webdevonline.net
+0.0.0.0 account-recovery.org
 0.0.0.0 account.herephyshy.info
 0.0.0.0 account.verifications.help-page.workers.dev
 0.0.0.0 accounts-autoscout24.de
 0.0.0.0 acessobradesco.digital
 0.0.0.0 ach111.xyz
 0.0.0.0 activate-hulu-com-activate.sitey.me
+0.0.0.0 activatingmymainnet.com
 0.0.0.0 adamfeber.com
 0.0.0.0 adcloudserver.com
 0.0.0.0 admin-formserviceupdates.weeblysite.com
+0.0.0.0 administer-708aa.web.app
 0.0.0.0 administraciondefincaspereznovo.com
 0.0.0.0 adorablepomskyhome.net
 0.0.0.0 adpunemploymentclaims.sharefile.com
@@ -134,14 +139,13 @@
 0.0.0.0 afreemart.xyz
 0.0.0.0 africansecrets.ca
 0.0.0.0 agora.imb.br
-0.0.0.0 agricolefr-99f918.ingress-erytho.easywp.com
 0.0.0.0 agrimetiersmartinique.fr
 0.0.0.0 agurimu-nagoya.com
 0.0.0.0 ahhhh.pe.kr
 0.0.0.0 ai.macecri.com
-0.0.0.0 aib-unauthorized-access.com
 0.0.0.0 aid-validation-human.run-us-west2.goorm.io
 0.0.0.0 aimekidya-recpag.web.id
+0.0.0.0 airbnb.book-space-b851927.live
 0.0.0.0 airportprescreening.com
 0.0.0.0 aitsidihamh.my-place.us
 0.0.0.0 akanksha3012.github.io
@@ -162,8 +166,10 @@
 0.0.0.0 alkhalilgraphics.com
 0.0.0.0 allegrolokalnie-pl-3dsafe.id-43051.xyz
 0.0.0.0 allegrolokalnie-pl-3dsafe.id-91501.xyz
+0.0.0.0 allegrolokalnie-pl-3dseif.id-43051.xyz
 0.0.0.0 allegrolokalnie-pl-safe.id-43051.xyz
 0.0.0.0 alliancesuper.com
+0.0.0.0 almarjantours.com
 0.0.0.0 almighty.edu.np
 0.0.0.0 alnajahh.com
 0.0.0.0 aloun.ps
@@ -171,6 +177,7 @@
 0.0.0.0 alqadi.ps
 0.0.0.0 alquilervillora.net
 0.0.0.0 alsofft.com
+0.0.0.0 alupi-frey.shop
 0.0.0.0 amacez.jyrtery4.top
 0.0.0.0 amacredit.amacardpkey.xyz
 0.0.0.0 amaenv.fgasdfw6.xyz
@@ -181,21 +188,20 @@
 0.0.0.0 amazomsse.shop
 0.0.0.0 amazon-gcatech.com
 0.0.0.0 amazon-interruption.com
-0.0.0.0 amazon.co.ip.jlig.cn
 0.0.0.0 amazon.co.jp.abaiaccounting.cn
 0.0.0.0 amazon.gousana.casa
-0.0.0.0 amazon.jp-m.win
+0.0.0.0 amazon.logins-co.jp
 0.0.0.0 amazon.works.ga
 0.0.0.0 amazonhome.sfrmobiles.com
 0.0.0.0 amazonjapsne.cf
+0.0.0.0 amazonses.authflows.com
 0.0.0.0 amazoon.co.op.o4j.top
-0.0.0.0 ambil-hadiah-gratis-resmi-dari-freefire.duckdns.org
 0.0.0.0 amc-training.com
-0.0.0.0 amcgardiennage.com
+0.0.0.0 amecmasmerd.ga
 0.0.0.0 ameozom.jp.onaworks.com
 0.0.0.0 americanexpress-auth.azurewebsites.net
-0.0.0.0 americanexpress.heiwakai.com
 0.0.0.0 amguevara.com
+0.0.0.0 amhsd.com
 0.0.0.0 amidabuli.com
 0.0.0.0 amlnov7.web.app
 0.0.0.0 amnzma-jp.top
@@ -206,7 +212,6 @@
 0.0.0.0 amoazom.rm82j6-t8.cn
 0.0.0.0 amonzau_co_take.ktbf.shop
 0.0.0.0 amosleh.com
-0.0.0.0 amozom.co.ip.taxhod.club
 0.0.0.0 amreeth.github.io
 0.0.0.0 amusebouche-bg.com
 0.0.0.0 amzcredit.dearva.xyz
@@ -222,24 +227,21 @@
 0.0.0.0 anhduongjsc.com
 0.0.0.0 anj-azakp.run.goorm.io
 0.0.0.0 anjalijha167.github.io
-0.0.0.0 anjayredit.duckdns.org
 0.0.0.0 annacatania.com.mt
 0.0.0.0 anon-keep-admin-keep.rvsla.workers.dev
 0.0.0.0 ansr.ro
 0.0.0.0 aolmailukhelplinecustomerservice.blogspot.com
 0.0.0.0 aolmailukhelplinecustomerservice.blogspot.com.au
-0.0.0.0 aolpoweredservice.duckdns.org
 0.0.0.0 aolverixon11dfd.weebly.com
 0.0.0.0 aolxperience.com
+0.0.0.0 api-saisoncard-co-jp.md160.net
 0.0.0.0 api-saisoncard-co-jp.o4ay8.net
 0.0.0.0 api.florense.com.br
 0.0.0.0 api.redirect-bentobot199.com
 0.0.0.0 api.redirect-safebrowser-online.com
-0.0.0.0 api.safe-directmail.com
 0.0.0.0 aplintec.com.mx
 0.0.0.0 app-928e4a31-5ecb-44ae-8c1e-5a710ac73f9f.cleverapps.io
 0.0.0.0 app-bombcrypto-io-login-ab.blogspot.com
-0.0.0.0 app-panckswp.xyz
 0.0.0.0 app.bydn217.club
 0.0.0.0 app.duel.network
 0.0.0.0 app.fiiber.ca
@@ -249,10 +251,11 @@
 0.0.0.0 appatualizecef.com
 0.0.0.0 appibsolicitud.com
 0.0.0.0 appleid-check.info
+0.0.0.0 applekra.com
 0.0.0.0 applepichincha.webcindario.com
 0.0.0.0 apply.aua.am
 0.0.0.0 apps.mobile-form-verification40124572700208277579.xjzsg0tqkl-ewl6ngk8w352.p.runcloud.link
-0.0.0.0 appttech.com
+0.0.0.0 aprilgagenesh.com
 0.0.0.0 aquaqualitas.com
 0.0.0.0 arafathrumman.github.io
 0.0.0.0 arcacg.com
@@ -260,15 +263,18 @@
 0.0.0.0 are.scicemecod.com
 0.0.0.0 areueaom.gtpzcve.cn
 0.0.0.0 areueaom.gtva.cn
+0.0.0.0 arif.com.bd
 0.0.0.0 aromatic.webenliven.in
 0.0.0.0 arthamahotels.com
 0.0.0.0 artlux.com.pl
 0.0.0.0 arub-service.org
 0.0.0.0 aruba.fatt.ids-sys.com
 0.0.0.0 as.macecri.com
+0.0.0.0 as.scicemecod.com
 0.0.0.0 asaipestcontrol.com
 0.0.0.0 ascom.co.tz
 0.0.0.0 asd.9sw53wk.cn
+0.0.0.0 asdxa.p2x11pi.cn
 0.0.0.0 asgard-ampqy.run-us-west2.goorm.io
 0.0.0.0 asimpwsh.com
 0.0.0.0 asistentetramitadordigitalda.com
@@ -278,19 +284,24 @@
 0.0.0.0 at-t-yahoo.sitey.me
 0.0.0.0 atento-fdi.plusoftomni.com.br
 0.0.0.0 ativacao-online73681.com
+0.0.0.0 atlanticeconcrete.com
 0.0.0.0 atnr76dxku336szy.clickfunnels.com
-0.0.0.0 attcustomdesk.weebly.com
+0.0.0.0 att556.weebly.com
+0.0.0.0 att87.weebly.com
 0.0.0.0 attinfoser.weebly.com
 0.0.0.0 attonlinemanagementpage.weebly.com
+0.0.0.0 attonlineuserverification.weebly.com
 0.0.0.0 attpage1121.weebly.com
 0.0.0.0 atualizacao-online547864.com
 0.0.0.0 atualizarmodolo.com
 0.0.0.0 atulrathore-dev.github.io
+0.0.0.0 auid-japan.com
 0.0.0.0 aurumship.com
-0.0.0.0 aushfew.tokyo
 0.0.0.0 aushotel.es
 0.0.0.0 auth-task1-m.web.app
 0.0.0.0 auth-webmailakeonetcom.yolasite.com
+0.0.0.0 auth.topgamers.cn
+0.0.0.0 authent54-sedure32.duckdns.org
 0.0.0.0 authorize-trustvallet-protocol.com
 0.0.0.0 authorizewallet.app
 0.0.0.0 authuxeehmutconjxmailssocl.web.app
@@ -300,16 +311,15 @@
 0.0.0.0 autoranplususeremailprocessingupdate.pages.dev
 0.0.0.0 autoscurt24.de
 0.0.0.0 autumn-sun-4a21.paqesads-scure.workers.dev
+0.0.0.0 avelocidad.com
 0.0.0.0 avrorganics.com
 0.0.0.0 awesome-gates-8bdd6f.netlify.app
 0.0.0.0 ax.xiguw.workers.dev
-0.0.0.0 axieinfinity-meta.com
 0.0.0.0 axieinfinity-supportwallet.com
 0.0.0.0 axlr.in
-0.0.0.0 ayguru.com
+0.0.0.0 ayushenterprise.in
 0.0.0.0 az.macecri.com
 0.0.0.0 azb3s.cf
-0.0.0.0 azmnsaz.000webhostapp.com
 0.0.0.0 azmznonos_co_long.akys.shop
 0.0.0.0 b.com.0cdb6084fc320a42a6418192753f5960.laremolonarestaurante.com
 0.0.0.0 b059c86968a6427389952025bcee9886.svc.dynamics.com
@@ -317,7 +327,6 @@
 0.0.0.0 b96f7f93.sibforms.com
 0.0.0.0 b97bca39.srvr-cloudmail-srvr6754e5rte.pages.dev
 0.0.0.0 bacteralia.com
-0.0.0.0 badnewswegewroighgserhhg.xyz
 0.0.0.0 bag-macben.eu
 0.0.0.0 bakhai.vn
 0.0.0.0 balajihospital.net
@@ -337,7 +346,6 @@
 0.0.0.0 bancaporlnternetlnterbarnk.libertycanais.com.br
 0.0.0.0 bancoiinng.site44.com
 0.0.0.0 bancooccidentalb.com
-0.0.0.0 bank-id.pl
 0.0.0.0 bankapolska.com
 0.0.0.0 banki0wa.us
 0.0.0.0 bankocaoffo.webcindario.com
@@ -345,8 +353,8 @@
 0.0.0.0 bannerbank.control-inc.com
 0.0.0.0 bannerchampnyc.com
 0.0.0.0 banproseguridadasistenteenlineanic.webnode.es
-0.0.0.0 banqsuepoy.temp.swtest.ru
 0.0.0.0 baradua.it
+0.0.0.0 barbecuef.top
 0.0.0.0 battlelastmont.cyou
 0.0.0.0 bc1.paiementervice.com
 0.0.0.0 bconclutmjy.ru
@@ -355,7 +363,7 @@
 0.0.0.0 be-home.web.do
 0.0.0.0 bearmybrand.com
 0.0.0.0 beast-blog.com
-0.0.0.0 beibys.com.br
+0.0.0.0 beccu07.zzux.com
 0.0.0.0 beijing.vfzfy1v.cn
 0.0.0.0 belovedaroma.com
 0.0.0.0 bendmytrend.com
@@ -421,18 +429,19 @@
 0.0.0.0 bncre.odoo.com
 0.0.0.0 bncxz.9wx9b27.cn
 0.0.0.0 bndigitalpersonas.com
-0.0.0.0 bnpparibas-pl.mob-app.xyz
 0.0.0.0 boaupdate.bfaoscr.com
 0.0.0.0 bogdonovlerer.com
 0.0.0.0 bogged-finance.com
+0.0.0.0 boi.365online-replacement.com
+0.0.0.0 boke4-indonesia-2022a7whatsapp.duckdns.org
+0.0.0.0 bokep-virall-sange33.duckdns.org
 0.0.0.0 bokgabanesolutions.co.za
+0.0.0.0 bold-lichterman.45-81-232-15.plesk.page
 0.0.0.0 bookfbs.evangsamuelministries.com
 0.0.0.0 boxes.com.py
 0.0.0.0 br4.in
 0.0.0.0 br622.teste.website
-0.0.0.0 brave-knuth-96d329.netlify.app
 0.0.0.0 breople.com
-0.0.0.0 brigida_cossette.gitlab.io
 0.0.0.0 brooks-forrunning.top
 0.0.0.0 brooks-justforjogging.top
 0.0.0.0 brooks-move.top
@@ -471,7 +480,6 @@
 0.0.0.0 bujikena.web.app
 0.0.0.0 bundel-cobragratis2022.duckdns.org
 0.0.0.0 busanopen.org
-0.0.0.0 business-action-copyright11022.web.app
 0.0.0.0 business-action-page129591.web.app
 0.0.0.0 business-appeal-copyright8211.web.app
 0.0.0.0 business-appeal-form-18222.web.app
@@ -479,24 +487,22 @@
 0.0.0.0 business-copyright-alert198082.web.app
 0.0.0.0 business-copyright-alert19882.web.app
 0.0.0.0 business-copyright-detected920.web.app
-0.0.0.0 business-page-content125882.web.app
 0.0.0.0 business-required-helpcenter82.web.app
 0.0.0.0 business-required-info188221.web.app
 0.0.0.0 businessemailss.biz
-0.0.0.0 bussines.messages-redirect-to-page.e37uezyquk-rz83y0rwz4d7.p.runcloud.link
 0.0.0.0 buyelectronicsnyc.com
 0.0.0.0 c.curiousmorty.be
 0.0.0.0 c.jardindemiedo.es
 0.0.0.0 c.loveawaits.be
 0.0.0.0 c.mail.com
 0.0.0.0 c0m-r51znzlh8i.isiolo.go.ke
-0.0.0.0 c10012022j.temp.swtest.ru
 0.0.0.0 c1christine.tjelmeland2e.cso.gov.tt
 0.0.0.0 c2dc5b99.chgmar.pages.dev
 0.0.0.0 c6ebv708.caspio.com
 0.0.0.0 cabsiler.com
 0.0.0.0 cache.nebula.phx3.secureserver.net
 0.0.0.0 cadeau-orange.fr
+0.0.0.0 caixabanki.temp.swtest.ru
 0.0.0.0 caixaseguradora.quadientcloud.com
 0.0.0.0 cakesbyannemotha.com
 0.0.0.0 cammymiller.com
@@ -506,7 +512,6 @@
 0.0.0.0 capservice.online
 0.0.0.0 caracasmateriais.blogspot.com
 0.0.0.0 carpediemxp.com
-0.0.0.0 carry.reduxservices.com
 0.0.0.0 carservicessaupdate.xyz
 0.0.0.0 cartamorin-geometres.fr
 0.0.0.0 carwash.tv
@@ -519,6 +524,7 @@
 0.0.0.0 caymanreno.com
 0.0.0.0 cbmonlinegroups.com
 0.0.0.0 cc.scicemecod.com
+0.0.0.0 cc23674.tmweb.ru
 0.0.0.0 ccjrlaw.com
 0.0.0.0 cdas.nxzigco.cn
 0.0.0.0 cdsoa.wuefyta.cn
@@ -531,14 +537,13 @@
 0.0.0.0 centre1.bubbleapps.io
 0.0.0.0 ceresgulf.com
 0.0.0.0 certifica-montepaschii.com
-0.0.0.0 chalokradocallkakuch.azurewebsites.net
-0.0.0.0 changenotification.pricesamazonlogincard.monster
+0.0.0.0 charitascb.com
 0.0.0.0 charperimagedesign.com
 0.0.0.0 chat-whatasapp.com
 0.0.0.0 chat-whatsaap99.duckdns.org
 0.0.0.0 chat-whatsapp-com-go8i7q-qregrabc-ibuxub.duckdns.org
-0.0.0.0 chat-whatsapp-group-2022.duckdns.org
 0.0.0.0 chat-whatsapp-grupo-invitacion.blogspot.com
+0.0.0.0 chat-whatsapp-gscfghjsgsu.duckdns.org
 0.0.0.0 chckmaill1.web.app
 0.0.0.0 chckmaill10.web.app
 0.0.0.0 chckmaill11.web.app
@@ -572,9 +577,9 @@
 0.0.0.0 chois.jp
 0.0.0.0 christienstudystl.wixsite.com
 0.0.0.0 christmas-dhl-express-delvr.hopekosmos.com
+0.0.0.0 chronopostaws.com
 0.0.0.0 chtbnk.uk
 0.0.0.0 chutomen.com
-0.0.0.0 ciiusea.com
 0.0.0.0 cinemaleftech.com
 0.0.0.0 citagestionenlineabn.com
 0.0.0.0 city-of-jazz.de
@@ -582,13 +587,11 @@
 0.0.0.0 claiimdiamondgratis84.duckdns.org
 0.0.0.0 claim-event-freefire-garena-oldfree-a4.duckdns.org
 0.0.0.0 claim-skingratis-mobailegends161.duckdns.org
-0.0.0.0 claimgratisff2022.duckdns.org
 0.0.0.0 claims-funds-enczj.run-us-west2.goorm.io
 0.0.0.0 claimseventmlbb.duckdns.org
 0.0.0.0 claimshopee.yolasite.com
 0.0.0.0 claro-link.brsafe.com.br
 0.0.0.0 claus.bz
-0.0.0.0 clefman.cl
 0.0.0.0 click-here-help.in
 0.0.0.0 client-support-page.com
 0.0.0.0 clientid-h5p8n7f9e6fbmkhbr3i4gbnia7e9zpts4nbk3ebk0zj625t2ol.website.yandexcloud.net
@@ -627,7 +630,9 @@
 0.0.0.0 co.jp.sefdvsi.cn
 0.0.0.0 co.jp.tezkkbp.cn
 0.0.0.0 co.jp.ztxzzup.cn
+0.0.0.0 cobaincurlduluom.duckdns.org
 0.0.0.0 codwarzonemobile.com
+0.0.0.0 coindappsync.online
 0.0.0.0 cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev
 0.0.0.0 collab-land.net
 0.0.0.0 collabland.info
@@ -642,23 +647,24 @@
 0.0.0.0 com-r51znzlh8i.isiolo.go.ke
 0.0.0.0 com-sauuvazpjo.isiolo.go.ke
 0.0.0.0 com-ugsyk69nqb.isiolo.go.ke
-0.0.0.0 comefuck.co
 0.0.0.0 community.fb-pages-01138913366342885284.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
 0.0.0.0 community.fb-pages-28202553629866144006.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
 0.0.0.0 community.fb-pages-44883444930165123303.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
 0.0.0.0 completeegali.webcindario.com
+0.0.0.0 completeyorcorp.lunsrgovert.net
 0.0.0.0 comunicazione-europe.net
 0.0.0.0 comunity-isue-ideent-andromeda-29.web.id
 0.0.0.0 comunity-isue-ideent-andromeda-33.web.id
-0.0.0.0 comunity-isue-ideent-andromeda-88.web.id
 0.0.0.0 con-firma.firebaseapp.com
-0.0.0.0 confirming-pages-idntitysupport.web.id
 0.0.0.0 congresosba.com.ar
 0.0.0.0 conhecaonlinedigital.com.br
 0.0.0.0 connect.au-login.0662smt.com
+0.0.0.0 connect.auone.jp-login.kddi-sys.com
+0.0.0.0 connect.myauone.jp-auid.jp-auid.com
+0.0.0.0 connect.myauone.jp-auid.kddi-mail.com
+0.0.0.0 connectlivewallet.io
 0.0.0.0 connectwallet.me
 0.0.0.0 conoscofaturahiiiper.com
-0.0.0.0 consultavirtuai.bieah.com
 0.0.0.0 contabilidaderabello.com.br
 0.0.0.0 contact2acceptpoilcyverifingyouracceptancemailfullinbox.pages.dev
 0.0.0.0 contapessoal.digital
@@ -669,7 +675,7 @@
 0.0.0.0 contratodeparceria.com.br
 0.0.0.0 controlpichincha.webcindario.com
 0.0.0.0 copyright-center-live.ml
-0.0.0.0 corl-inv.web.app
+0.0.0.0 coroplastusa.com
 0.0.0.0 correosdemexico-web.com
 0.0.0.0 corta.ai
 0.0.0.0 cosemu.com
@@ -689,7 +695,6 @@
 0.0.0.0 credicorpfiduciariasa.com
 0.0.0.0 credifinanciera.didacsis.com
 0.0.0.0 crediserfinanza.com
-0.0.0.0 credita302.temp.swtest.ru
 0.0.0.0 creditagricole-sudrhonealpes.blogspot.ba
 0.0.0.0 creditagricole-sudrhonealpes.blogspot.com
 0.0.0.0 creditagricole-sudrhonealpes.blogspot.ro
@@ -697,13 +702,18 @@
 0.0.0.0 creditiperhabbogratissicuro100.blogspot.it
 0.0.0.0 cresvin.com
 0.0.0.0 criticalcarevizag.com
+0.0.0.0 crrdxwjap7t.typeform.com
 0.0.0.0 cryptocars-plays.buzz
 0.0.0.0 cryptocarsme.com
 0.0.0.0 cryptscars-logs.com
 0.0.0.0 cryqtocars.me
 0.0.0.0 cuans.bkaamiv.cn
 0.0.0.0 currentlyupgrade.mystrikingly.com
+0.0.0.0 cusnas.366wuv.cn
+0.0.0.0 cxas.bvd2q18.cn
+0.0.0.0 cxas.zk6w4dt.cn
 0.0.0.0 cxasd.easghbl.cn
+0.0.0.0 cxmnsa.04frh0w.cn
 0.0.0.0 cxnbas.nmkbmqk.cn
 0.0.0.0 cxuahs.1wc9bxm.cn
 0.0.0.0 cyna.rkpmage.cn
@@ -716,8 +726,10 @@
 0.0.0.0 d2aae6a6.srvr-cloudmail-srvr675eu6r.pages.dev
 0.0.0.0 d3ncuwwrr82.typeform.com
 0.0.0.0 daatahomes.com
+0.0.0.0 dadafa88.com
 0.0.0.0 damp-f43e.recovery-page-secur.workers.dev
 0.0.0.0 danitraseoexperts.com
+0.0.0.0 dappconnecttvalidator.net
 0.0.0.0 dapponlines.com
 0.0.0.0 dappscoins.com
 0.0.0.0 dappsiconnect.com
@@ -733,8 +745,8 @@
 0.0.0.0 db-web-client.com
 0.0.0.0 dbesmdcjzturhizszllesbthsn-dot-gl44393333333.rj.r.appspot.com
 0.0.0.0 dbkuzwes.online
-0.0.0.0 dbs-interrnet.online
 0.0.0.0 dbs.limited
+0.0.0.0 dbs.online.webdbslistinonline.com
 0.0.0.0 dbs.webdbslistinonline.com
 0.0.0.0 dbw.gr
 0.0.0.0 dcm1.ae.iwc.static.tungmung.co.id
@@ -767,6 +779,7 @@
 0.0.0.0 dev-nadaj.orlenpaczka.ce5.pl
 0.0.0.0 dev-secu-credit-union.pantheonsite.io
 0.0.0.0 dev-www.orlenpaczka.ce5.pl
+0.0.0.0 dev.massageliabilityinsurancegroup.com
 0.0.0.0 dev.shivaxi.com
 0.0.0.0 devicepichincha.webcindario.com
 0.0.0.0 devops.help
@@ -779,15 +792,17 @@
 0.0.0.0 dhl.recruitmentplatform.com
 0.0.0.0 diamondplate.us
 0.0.0.0 die-post-swiss-id-19782635812.psd2any.com
+0.0.0.0 diepost-paketevhost207932.lowhost.ru
 0.0.0.0 diginto.org
-0.0.0.0 dilscord.gift
+0.0.0.0 diligentverify.com
 0.0.0.0 directqpuprozaakp.weebly.com
 0.0.0.0 dirtyez.com
 0.0.0.0 disccrdapp.com
 0.0.0.0 disckord.club
 0.0.0.0 discoord-nittro.com
-0.0.0.0 discorc.gift
 0.0.0.0 discordbugs.com
+0.0.0.0 discordnitroos.com
+0.0.0.0 discrods.gift
 0.0.0.0 dispositivoapp.azurewebsites.net
 0.0.0.0 distinctivei.com
 0.0.0.0 distrial.ec
@@ -800,7 +815,6 @@
 0.0.0.0 dl.9xu.com
 0.0.0.0 dlink.me
 0.0.0.0 dmaxpesca.com.es
-0.0.0.0 dminer.cloud
 0.0.0.0 doclab-console-auth.firebaseapp.com
 0.0.0.0 docs-verify-c671.thajetiase.workers.dev
 0.0.0.0 docs.revv.so
@@ -826,12 +840,9 @@
 0.0.0.0 domainserverlawa117.web.app
 0.0.0.0 domainserverlawa118.web.app
 0.0.0.0 domainserverlawa119.web.app
-0.0.0.0 domainserverlawa120.web.app
-0.0.0.0 domainserverlawa121.web.app
 0.0.0.0 domainserverlawa122.web.app
 0.0.0.0 domainserverlawa123.web.app
 0.0.0.0 domainserverlawa124.web.app
-0.0.0.0 domainserverlawa125.web.app
 0.0.0.0 domainserverlawa126.web.app
 0.0.0.0 domainserverlawa127.web.app
 0.0.0.0 domainserverlawa128.web.app
@@ -840,32 +851,24 @@
 0.0.0.0 domainserverlawa130.web.app
 0.0.0.0 domainserverlawa131.web.app
 0.0.0.0 domainserverlawa132.web.app
-0.0.0.0 domainserverlawa133.web.app
 0.0.0.0 domainserverlawa134.web.app
 0.0.0.0 domainserverlawa135.web.app
 0.0.0.0 domainserverlawa136.web.app
 0.0.0.0 domainserverlawa137.web.app
-0.0.0.0 domainserverlawa138.web.app
 0.0.0.0 domainserverlawa139.web.app
 0.0.0.0 domainserverlawa14.web.app
-0.0.0.0 domainserverlawa140.web.app
-0.0.0.0 domainserverlawa141.web.app
 0.0.0.0 domainserverlawa142.web.app
 0.0.0.0 domainserverlawa143.web.app
 0.0.0.0 domainserverlawa144.web.app
 0.0.0.0 domainserverlawa145.web.app
 0.0.0.0 domainserverlawa146.web.app
-0.0.0.0 domainserverlawa147.web.app
 0.0.0.0 domainserverlawa148.web.app
 0.0.0.0 domainserverlawa149.web.app
 0.0.0.0 domainserverlawa150.web.app
-0.0.0.0 domainserverlawa151.web.app
 0.0.0.0 domainserverlawa152.web.app
 0.0.0.0 domainserverlawa153.web.app
-0.0.0.0 domainserverlawa154.web.app
 0.0.0.0 domainserverlawa155.web.app
 0.0.0.0 domainserverlawa156.web.app
-0.0.0.0 domainserverlawa157.web.app
 0.0.0.0 domainserverlawa158.web.app
 0.0.0.0 domainserverlawa159.web.app
 0.0.0.0 domainserverlawa160.web.app
@@ -873,20 +876,15 @@
 0.0.0.0 domainserverlawa162.web.app
 0.0.0.0 domainserverlawa163.web.app
 0.0.0.0 domainserverlawa164.web.app
-0.0.0.0 domainserverlawa165.web.app
 0.0.0.0 domainserverlawa166.web.app
 0.0.0.0 domainserverlawa167.web.app
 0.0.0.0 domainserverlawa168.web.app
 0.0.0.0 domainserverlawa169.web.app
-0.0.0.0 domainserverlawa17.web.app
-0.0.0.0 domainserverlawa170.web.app
 0.0.0.0 domainserverlawa171.web.app
 0.0.0.0 domainserverlawa172.web.app
 0.0.0.0 domainserverlawa173.web.app
 0.0.0.0 domainserverlawa174.web.app
-0.0.0.0 domainserverlawa175.web.app
 0.0.0.0 domainserverlawa176.web.app
-0.0.0.0 domainserverlawa177.web.app
 0.0.0.0 domainserverlawa178.web.app
 0.0.0.0 domainserverlawa179.web.app
 0.0.0.0 domainserverlawa18.web.app
@@ -895,34 +893,25 @@
 0.0.0.0 domainserverlawa182.web.app
 0.0.0.0 domainserverlawa183.web.app
 0.0.0.0 domainserverlawa184.web.app
-0.0.0.0 domainserverlawa185.web.app
 0.0.0.0 domainserverlawa186.web.app
 0.0.0.0 domainserverlawa187.web.app
 0.0.0.0 domainserverlawa188.web.app
 0.0.0.0 domainserverlawa189.web.app
 0.0.0.0 domainserverlawa19.web.app
-0.0.0.0 domainserverlawa190.web.app
 0.0.0.0 domainserverlawa191.web.app
 0.0.0.0 domainserverlawa193.web.app
 0.0.0.0 domainserverlawa194.web.app
 0.0.0.0 domainserverlawa195.web.app
-0.0.0.0 domainserverlawa196.web.app
-0.0.0.0 domainserverlawa197.web.app
 0.0.0.0 domainserverlawa198.web.app
-0.0.0.0 domainserverlawa199.web.app
 0.0.0.0 domainserverlawa20.web.app
-0.0.0.0 domainserverlawa200.web.app
 0.0.0.0 domainserverlawa201.web.app
 0.0.0.0 domainserverlawa202.web.app
-0.0.0.0 domainserverlawa203.web.app
 0.0.0.0 domainserverlawa204.web.app
 0.0.0.0 domainserverlawa205.web.app
 0.0.0.0 domainserverlawa206.web.app
-0.0.0.0 domainserverlawa207.web.app
 0.0.0.0 domainserverlawa208.web.app
 0.0.0.0 domainserverlawa209.web.app
 0.0.0.0 domainserverlawa21.web.app
-0.0.0.0 domainserverlawa210.web.app
 0.0.0.0 domainserverlawa211.web.app
 0.0.0.0 domainserverlawa212.web.app
 0.0.0.0 domainserverlawa213.web.app
@@ -936,7 +925,6 @@
 0.0.0.0 domainserverlawa221.web.app
 0.0.0.0 domainserverlawa222.web.app
 0.0.0.0 domainserverlawa223.web.app
-0.0.0.0 domainserverlawa224.web.app
 0.0.0.0 domainserverlawa225.web.app
 0.0.0.0 domainserverlawa226.web.app
 0.0.0.0 domainserverlawa227.web.app
@@ -949,12 +937,10 @@
 0.0.0.0 domainserverlawa234.web.app
 0.0.0.0 domainserverlawa235.web.app
 0.0.0.0 domainserverlawa237.web.app
-0.0.0.0 domainserverlawa238.web.app
 0.0.0.0 domainserverlawa239.web.app
 0.0.0.0 domainserverlawa240.web.app
 0.0.0.0 domainserverlawa241.web.app
 0.0.0.0 domainserverlawa242.web.app
-0.0.0.0 domainserverlawa243.web.app
 0.0.0.0 domainserverlawa244.web.app
 0.0.0.0 domainserverlawa245.web.app
 0.0.0.0 domainserverlawa246.web.app
@@ -962,35 +948,23 @@
 0.0.0.0 domainserverlawa248.web.app
 0.0.0.0 domainserverlawa249.web.app
 0.0.0.0 domainserverlawa25.web.app
-0.0.0.0 domainserverlawa250.web.app
 0.0.0.0 domainserverlawa251.web.app
 0.0.0.0 domainserverlawa252.web.app
 0.0.0.0 domainserverlawa253.web.app
-0.0.0.0 domainserverlawa254.web.app
-0.0.0.0 domainserverlawa255.web.app
 0.0.0.0 domainserverlawa256.web.app
 0.0.0.0 domainserverlawa257.web.app
 0.0.0.0 domainserverlawa258.web.app
-0.0.0.0 domainserverlawa259.web.app
-0.0.0.0 domainserverlawa26.web.app
 0.0.0.0 domainserverlawa260.web.app
-0.0.0.0 domainserverlawa261.web.app
-0.0.0.0 domainserverlawa262.web.app
 0.0.0.0 domainserverlawa263.web.app
 0.0.0.0 domainserverlawa264.web.app
 0.0.0.0 domainserverlawa265.web.app
 0.0.0.0 domainserverlawa266.web.app
 0.0.0.0 domainserverlawa267.web.app
-0.0.0.0 domainserverlawa268.web.app
 0.0.0.0 domainserverlawa269.web.app
 0.0.0.0 domainserverlawa270.web.app
-0.0.0.0 domainserverlawa271.web.app
-0.0.0.0 domainserverlawa272.web.app
 0.0.0.0 domainserverlawa273.web.app
 0.0.0.0 domainserverlawa274.web.app
-0.0.0.0 domainserverlawa275.web.app
 0.0.0.0 domainserverlawa276.web.app
-0.0.0.0 domainserverlawa277.web.app
 0.0.0.0 domainserverlawa278.web.app
 0.0.0.0 domainserverlawa279.web.app
 0.0.0.0 domainserverlawa280.web.app
@@ -999,9 +973,7 @@
 0.0.0.0 domainserverlawa283.web.app
 0.0.0.0 domainserverlawa284.web.app
 0.0.0.0 domainserverlawa285.web.app
-0.0.0.0 domainserverlawa286.web.app
 0.0.0.0 domainserverlawa287.web.app
-0.0.0.0 domainserverlawa289.web.app
 0.0.0.0 domainserverlawa29.web.app
 0.0.0.0 domainserverlawa290.web.app
 0.0.0.0 domainserverlawa292.web.app
@@ -1010,28 +982,20 @@
 0.0.0.0 domainserverlawa295.web.app
 0.0.0.0 domainserverlawa296.web.app
 0.0.0.0 domainserverlawa297.web.app
-0.0.0.0 domainserverlawa298.web.app
 0.0.0.0 domainserverlawa299.web.app
-0.0.0.0 domainserverlawa30.web.app
 0.0.0.0 domainserverlawa300.web.app
 0.0.0.0 domainserverlawa301.web.app
 0.0.0.0 domainserverlawa302.web.app
 0.0.0.0 domainserverlawa303.web.app
 0.0.0.0 domainserverlawa304.web.app
 0.0.0.0 domainserverlawa305.web.app
-0.0.0.0 domainserverlawa306.web.app
 0.0.0.0 domainserverlawa307.web.app
 0.0.0.0 domainserverlawa308.web.app
-0.0.0.0 domainserverlawa309.web.app
-0.0.0.0 domainserverlawa31.web.app
 0.0.0.0 domainserverlawa310.web.app
 0.0.0.0 domainserverlawa311.web.app
 0.0.0.0 domainserverlawa312.web.app
 0.0.0.0 domainserverlawa313.web.app
-0.0.0.0 domainserverlawa314.web.app
 0.0.0.0 domainserverlawa315.web.app
-0.0.0.0 domainserverlawa316.web.app
-0.0.0.0 domainserverlawa317.web.app
 0.0.0.0 domainserverlawa318.web.app
 0.0.0.0 domainserverlawa319.web.app
 0.0.0.0 domainserverlawa32.web.app
@@ -1039,13 +1003,11 @@
 0.0.0.0 domainserverlawa321.web.app
 0.0.0.0 domainserverlawa322.web.app
 0.0.0.0 domainserverlawa323.web.app
-0.0.0.0 domainserverlawa324.web.app
 0.0.0.0 domainserverlawa325.web.app
 0.0.0.0 domainserverlawa326.web.app
 0.0.0.0 domainserverlawa327.web.app
 0.0.0.0 domainserverlawa328.web.app
 0.0.0.0 domainserverlawa329.web.app
-0.0.0.0 domainserverlawa33.web.app
 0.0.0.0 domainserverlawa330.web.app
 0.0.0.0 domainserverlawa331.web.app
 0.0.0.0 domainserverlawa332.web.app
@@ -1056,17 +1018,14 @@
 0.0.0.0 domainserverlawa337.web.app
 0.0.0.0 domainserverlawa338.web.app
 0.0.0.0 domainserverlawa339.web.app
-0.0.0.0 domainserverlawa34.web.app
 0.0.0.0 domainserverlawa340.web.app
 0.0.0.0 domainserverlawa341.web.app
 0.0.0.0 domainserverlawa342.web.app
 0.0.0.0 domainserverlawa343.web.app
 0.0.0.0 domainserverlawa344.web.app
-0.0.0.0 domainserverlawa345.web.app
 0.0.0.0 domainserverlawa346.web.app
 0.0.0.0 domainserverlawa347.web.app
 0.0.0.0 domainserverlawa348.web.app
-0.0.0.0 domainserverlawa35.web.app
 0.0.0.0 domainserverlawa350.web.app
 0.0.0.0 domainserverlawa351.web.app
 0.0.0.0 domainserverlawa352.web.app
@@ -1080,7 +1039,6 @@
 0.0.0.0 domainserverlawa36.web.app
 0.0.0.0 domainserverlawa360.web.app
 0.0.0.0 domainserverlawa361.web.app
-0.0.0.0 domainserverlawa362.web.app
 0.0.0.0 domainserverlawa363.web.app
 0.0.0.0 domainserverlawa364.web.app
 0.0.0.0 domainserverlawa365.web.app
@@ -1091,7 +1049,6 @@
 0.0.0.0 domainserverlawa370.web.app
 0.0.0.0 domainserverlawa371.web.app
 0.0.0.0 domainserverlawa372.web.app
-0.0.0.0 domainserverlawa373.web.app
 0.0.0.0 domainserverlawa374.web.app
 0.0.0.0 domainserverlawa375.web.app
 0.0.0.0 domainserverlawa376.web.app
@@ -1107,11 +1064,7 @@
 0.0.0.0 domainserverlawa385.web.app
 0.0.0.0 domainserverlawa386.web.app
 0.0.0.0 domainserverlawa387.web.app
-0.0.0.0 domainserverlawa388.web.app
-0.0.0.0 domainserverlawa389.web.app
-0.0.0.0 domainserverlawa39.web.app
 0.0.0.0 domainserverlawa390.web.app
-0.0.0.0 domainserverlawa391.web.app
 0.0.0.0 domainserverlawa392.web.app
 0.0.0.0 domainserverlawa393.web.app
 0.0.0.0 domainserverlawa394.web.app
@@ -1122,11 +1075,8 @@
 0.0.0.0 domainserverlawa40.web.app
 0.0.0.0 domainserverlawa400.web.app
 0.0.0.0 domainserverlawa401.web.app
-0.0.0.0 domainserverlawa402.web.app
 0.0.0.0 domainserverlawa403.web.app
-0.0.0.0 domainserverlawa404.web.app
 0.0.0.0 domainserverlawa405.web.app
-0.0.0.0 domainserverlawa406.web.app
 0.0.0.0 domainserverlawa407.web.app
 0.0.0.0 domainserverlawa408.web.app
 0.0.0.0 domainserverlawa409.web.app
@@ -1137,7 +1087,6 @@
 0.0.0.0 domainserverlawa413.web.app
 0.0.0.0 domainserverlawa414.web.app
 0.0.0.0 domainserverlawa415.web.app
-0.0.0.0 domainserverlawa416.web.app
 0.0.0.0 domainserverlawa417.web.app
 0.0.0.0 domainserverlawa418.web.app
 0.0.0.0 domainserverlawa419.web.app
@@ -1150,12 +1099,10 @@
 0.0.0.0 domainserverlawa425.web.app
 0.0.0.0 domainserverlawa426.web.app
 0.0.0.0 domainserverlawa427.web.app
-0.0.0.0 domainserverlawa428.web.app
 0.0.0.0 domainserverlawa429.web.app
 0.0.0.0 domainserverlawa43.web.app
 0.0.0.0 domainserverlawa430.web.app
 0.0.0.0 domainserverlawa431.web.app
-0.0.0.0 domainserverlawa432.web.app
 0.0.0.0 domainserverlawa433.web.app
 0.0.0.0 domainserverlawa434.web.app
 0.0.0.0 domainserverlawa435.web.app
@@ -1165,36 +1112,27 @@
 0.0.0.0 domainserverlawa439.web.app
 0.0.0.0 domainserverlawa44.web.app
 0.0.0.0 domainserverlawa440.web.app
-0.0.0.0 domainserverlawa441.web.app
 0.0.0.0 domainserverlawa442.web.app
 0.0.0.0 domainserverlawa443.web.app
 0.0.0.0 domainserverlawa444.web.app
 0.0.0.0 domainserverlawa445.web.app
 0.0.0.0 domainserverlawa446.web.app
 0.0.0.0 domainserverlawa447.web.app
-0.0.0.0 domainserverlawa448.web.app
 0.0.0.0 domainserverlawa449.web.app
-0.0.0.0 domainserverlawa45.web.app
 0.0.0.0 domainserverlawa450.web.app
 0.0.0.0 domainserverlawa451.web.app
 0.0.0.0 domainserverlawa452.web.app
 0.0.0.0 domainserverlawa453.web.app
-0.0.0.0 domainserverlawa454.web.app
 0.0.0.0 domainserverlawa455.web.app
 0.0.0.0 domainserverlawa456.web.app
-0.0.0.0 domainserverlawa457.web.app
-0.0.0.0 domainserverlawa458.web.app
 0.0.0.0 domainserverlawa459.web.app
 0.0.0.0 domainserverlawa46.web.app
 0.0.0.0 domainserverlawa460.web.app
-0.0.0.0 domainserverlawa461.web.app
 0.0.0.0 domainserverlawa462.web.app
 0.0.0.0 domainserverlawa463.web.app
 0.0.0.0 domainserverlawa464.web.app
 0.0.0.0 domainserverlawa465.web.app
 0.0.0.0 domainserverlawa466.web.app
-0.0.0.0 domainserverlawa467.web.app
-0.0.0.0 domainserverlawa468.web.app
 0.0.0.0 domainserverlawa469.web.app
 0.0.0.0 domainserverlawa47.web.app
 0.0.0.0 domainserverlawa470.web.app
@@ -1205,18 +1143,14 @@
 0.0.0.0 domainserverlawa475.web.app
 0.0.0.0 domainserverlawa476.web.app
 0.0.0.0 domainserverlawa477.web.app
-0.0.0.0 domainserverlawa478.web.app
 0.0.0.0 domainserverlawa479.web.app
 0.0.0.0 domainserverlawa480.web.app
 0.0.0.0 domainserverlawa481.web.app
-0.0.0.0 domainserverlawa482.web.app
 0.0.0.0 domainserverlawa483.web.app
 0.0.0.0 domainserverlawa484.web.app
 0.0.0.0 domainserverlawa485.web.app
 0.0.0.0 domainserverlawa486.web.app
 0.0.0.0 domainserverlawa487.web.app
-0.0.0.0 domainserverlawa488.web.app
-0.0.0.0 domainserverlawa489.web.app
 0.0.0.0 domainserverlawa49.web.app
 0.0.0.0 domainserverlawa490.web.app
 0.0.0.0 domainserverlawa491.web.app
@@ -1227,22 +1161,15 @@
 0.0.0.0 domainserverlawa496.web.app
 0.0.0.0 domainserverlawa497.web.app
 0.0.0.0 domainserverlawa498.web.app
-0.0.0.0 domainserverlawa499.web.app
 0.0.0.0 domainserverlawa50.web.app
 0.0.0.0 domainserverlawa500.web.app
-0.0.0.0 domainserverlawa501.web.app
 0.0.0.0 domainserverlawa502.web.app
-0.0.0.0 domainserverlawa503.web.app
-0.0.0.0 domainserverlawa504.web.app
-0.0.0.0 domainserverlawa505.web.app
 0.0.0.0 domainserverlawa506.web.app
 0.0.0.0 domainserverlawa507.web.app
 0.0.0.0 domainserverlawa508.web.app
 0.0.0.0 domainserverlawa509.web.app
 0.0.0.0 domainserverlawa51.web.app
-0.0.0.0 domainserverlawa510.web.app
 0.0.0.0 domainserverlawa511.web.app
-0.0.0.0 domainserverlawa513.web.app
 0.0.0.0 domainserverlawa514.web.app
 0.0.0.0 domainserverlawa515.web.app
 0.0.0.0 domainserverlawa516.web.app
@@ -1251,10 +1178,8 @@
 0.0.0.0 domainserverlawa519.web.app
 0.0.0.0 domainserverlawa52.web.app
 0.0.0.0 domainserverlawa520.web.app
-0.0.0.0 domainserverlawa521.web.app
 0.0.0.0 domainserverlawa522.web.app
 0.0.0.0 domainserverlawa523.web.app
-0.0.0.0 domainserverlawa524.web.app
 0.0.0.0 domainserverlawa525.web.app
 0.0.0.0 domainserverlawa526.web.app
 0.0.0.0 domainserverlawa527.web.app
@@ -1265,28 +1190,21 @@
 0.0.0.0 domainserverlawa531.web.app
 0.0.0.0 domainserverlawa532.web.app
 0.0.0.0 domainserverlawa533.web.app
-0.0.0.0 domainserverlawa534.web.app
-0.0.0.0 domainserverlawa535.web.app
 0.0.0.0 domainserverlawa536.web.app
 0.0.0.0 domainserverlawa537.web.app
 0.0.0.0 domainserverlawa538.web.app
 0.0.0.0 domainserverlawa539.web.app
 0.0.0.0 domainserverlawa54.web.app
-0.0.0.0 domainserverlawa540.web.app
 0.0.0.0 domainserverlawa541.web.app
 0.0.0.0 domainserverlawa542.web.app
 0.0.0.0 domainserverlawa543.web.app
-0.0.0.0 domainserverlawa544.web.app
 0.0.0.0 domainserverlawa545.web.app
 0.0.0.0 domainserverlawa546.web.app
 0.0.0.0 domainserverlawa547.web.app
-0.0.0.0 domainserverlawa548.web.app
 0.0.0.0 domainserverlawa549.web.app
 0.0.0.0 domainserverlawa550.web.app
 0.0.0.0 domainserverlawa551.web.app
-0.0.0.0 domainserverlawa552.web.app
 0.0.0.0 domainserverlawa553.web.app
-0.0.0.0 domainserverlawa554.web.app
 0.0.0.0 domainserverlawa555.web.app
 0.0.0.0 domainserverlawa556.web.app
 0.0.0.0 domainserverlawa557.web.app
@@ -1296,9 +1214,7 @@
 0.0.0.0 domainserverlawa560.web.app
 0.0.0.0 domainserverlawa561.web.app
 0.0.0.0 domainserverlawa562.web.app
-0.0.0.0 domainserverlawa563.web.app
 0.0.0.0 domainserverlawa564.web.app
-0.0.0.0 domainserverlawa565.web.app
 0.0.0.0 domainserverlawa566.web.app
 0.0.0.0 domainserverlawa567.web.app
 0.0.0.0 domainserverlawa568.web.app
@@ -1307,35 +1223,24 @@
 0.0.0.0 domainserverlawa570.web.app
 0.0.0.0 domainserverlawa571.web.app
 0.0.0.0 domainserverlawa572.web.app
-0.0.0.0 domainserverlawa573.web.app
 0.0.0.0 domainserverlawa574.web.app
 0.0.0.0 domainserverlawa575.web.app
 0.0.0.0 domainserverlawa576.web.app
 0.0.0.0 domainserverlawa577.web.app
 0.0.0.0 domainserverlawa578.web.app
 0.0.0.0 domainserverlawa579.web.app
-0.0.0.0 domainserverlawa58.web.app
-0.0.0.0 domainserverlawa580.web.app
 0.0.0.0 domainserverlawa581.web.app
 0.0.0.0 domainserverlawa582.web.app
 0.0.0.0 domainserverlawa583.web.app
-0.0.0.0 domainserverlawa584.web.app
-0.0.0.0 domainserverlawa585.web.app
 0.0.0.0 domainserverlawa586.web.app
 0.0.0.0 domainserverlawa587.web.app
 0.0.0.0 domainserverlawa588.web.app
 0.0.0.0 domainserverlawa589.web.app
 0.0.0.0 domainserverlawa59.web.app
-0.0.0.0 domainserverlawa590.web.app
-0.0.0.0 domainserverlawa591.web.app
 0.0.0.0 domainserverlawa592.web.app
 0.0.0.0 domainserverlawa593.web.app
-0.0.0.0 domainserverlawa594.web.app
-0.0.0.0 domainserverlawa595.web.app
-0.0.0.0 domainserverlawa596.web.app
 0.0.0.0 domainserverlawa597.web.app
 0.0.0.0 domainserverlawa598.web.app
-0.0.0.0 domainserverlawa599.web.app
 0.0.0.0 domainserverlawa60.web.app
 0.0.0.0 domainserverlawa600.web.app
 0.0.0.0 domainserverlawa601.web.app
@@ -1343,25 +1248,18 @@
 0.0.0.0 domainserverlawa603.web.app
 0.0.0.0 domainserverlawa604.web.app
 0.0.0.0 domainserverlawa605.web.app
-0.0.0.0 domainserverlawa606.web.app
 0.0.0.0 domainserverlawa607.web.app
 0.0.0.0 domainserverlawa608.web.app
 0.0.0.0 domainserverlawa609.web.app
-0.0.0.0 domainserverlawa61.web.app
 0.0.0.0 domainserverlawa610.web.app
-0.0.0.0 domainserverlawa611.web.app
 0.0.0.0 domainserverlawa612.web.app
 0.0.0.0 domainserverlawa613.web.app
 0.0.0.0 domainserverlawa614.web.app
-0.0.0.0 domainserverlawa615.web.app
-0.0.0.0 domainserverlawa616.web.app
-0.0.0.0 domainserverlawa617.web.app
 0.0.0.0 domainserverlawa618.web.app
 0.0.0.0 domainserverlawa619.web.app
 0.0.0.0 domainserverlawa62.web.app
 0.0.0.0 domainserverlawa620.web.app
 0.0.0.0 domainserverlawa621.web.app
-0.0.0.0 domainserverlawa622.web.app
 0.0.0.0 domainserverlawa623.web.app
 0.0.0.0 domainserverlawa624.web.app
 0.0.0.0 domainserverlawa625.web.app
@@ -1382,7 +1280,6 @@
 0.0.0.0 domainserverlawa639.web.app
 0.0.0.0 domainserverlawa64.web.app
 0.0.0.0 domainserverlawa640.web.app
-0.0.0.0 domainserverlawa641.web.app
 0.0.0.0 domainserverlawa642.web.app
 0.0.0.0 domainserverlawa643.web.app
 0.0.0.0 domainserverlawa644.web.app
@@ -1398,11 +1295,6 @@
 0.0.0.0 domainserverlawa653.web.app
 0.0.0.0 domainserverlawa654.web.app
 0.0.0.0 domainserverlawa655.web.app
-0.0.0.0 domainserverlawa656.web.app
-0.0.0.0 domainserverlawa657.web.app
-0.0.0.0 domainserverlawa658.web.app
-0.0.0.0 domainserverlawa659.web.app
-0.0.0.0 domainserverlawa66.web.app
 0.0.0.0 domainserverlawa660.web.app
 0.0.0.0 domainserverlawa661.web.app
 0.0.0.0 domainserverlawa662.web.app
@@ -1413,14 +1305,10 @@
 0.0.0.0 domainserverlawa667.web.app
 0.0.0.0 domainserverlawa668.web.app
 0.0.0.0 domainserverlawa669.web.app
-0.0.0.0 domainserverlawa67.web.app
-0.0.0.0 domainserverlawa670.web.app
 0.0.0.0 domainserverlawa671.web.app
 0.0.0.0 domainserverlawa672.web.app
 0.0.0.0 domainserverlawa673.web.app
-0.0.0.0 domainserverlawa674.web.app
 0.0.0.0 domainserverlawa675.web.app
-0.0.0.0 domainserverlawa676.web.app
 0.0.0.0 domainserverlawa677.web.app
 0.0.0.0 domainserverlawa678.web.app
 0.0.0.0 domainserverlawa679.web.app
@@ -1428,12 +1316,8 @@
 0.0.0.0 domainserverlawa680.web.app
 0.0.0.0 domainserverlawa681.web.app
 0.0.0.0 domainserverlawa682.web.app
-0.0.0.0 domainserverlawa683.web.app
 0.0.0.0 domainserverlawa684.web.app
 0.0.0.0 domainserverlawa685.web.app
-0.0.0.0 domainserverlawa686.web.app
-0.0.0.0 domainserverlawa687.web.app
-0.0.0.0 domainserverlawa688.web.app
 0.0.0.0 domainserverlawa689.web.app
 0.0.0.0 domainserverlawa69.web.app
 0.0.0.0 domainserverlawa690.web.app
@@ -1441,7 +1325,6 @@
 0.0.0.0 domainserverlawa692.web.app
 0.0.0.0 domainserverlawa693.web.app
 0.0.0.0 domainserverlawa694.web.app
-0.0.0.0 domainserverlawa695.web.app
 0.0.0.0 domainserverlawa696.web.app
 0.0.0.0 domainserverlawa697.web.app
 0.0.0.0 domainserverlawa698.web.app
@@ -1452,15 +1335,11 @@
 0.0.0.0 domainserverlawa702.web.app
 0.0.0.0 domainserverlawa703.web.app
 0.0.0.0 domainserverlawa704.web.app
-0.0.0.0 domainserverlawa705.web.app
 0.0.0.0 domainserverlawa706.web.app
-0.0.0.0 domainserverlawa707.web.app
 0.0.0.0 domainserverlawa708.web.app
 0.0.0.0 domainserverlawa709.web.app
 0.0.0.0 domainserverlawa71.web.app
-0.0.0.0 domainserverlawa710.web.app
 0.0.0.0 domainserverlawa711.web.app
-0.0.0.0 domainserverlawa712.web.app
 0.0.0.0 domainserverlawa713.web.app
 0.0.0.0 domainserverlawa714.web.app
 0.0.0.0 domainserverlawa715.web.app
@@ -1469,17 +1348,13 @@
 0.0.0.0 domainserverlawa718.web.app
 0.0.0.0 domainserverlawa719.web.app
 0.0.0.0 domainserverlawa72.web.app
-0.0.0.0 domainserverlawa720.web.app
 0.0.0.0 domainserverlawa721.web.app
 0.0.0.0 domainserverlawa722.web.app
-0.0.0.0 domainserverlawa723.web.app
 0.0.0.0 domainserverlawa724.web.app
 0.0.0.0 domainserverlawa725.web.app
 0.0.0.0 domainserverlawa726.web.app
 0.0.0.0 domainserverlawa727.web.app
-0.0.0.0 domainserverlawa728.web.app
 0.0.0.0 domainserverlawa729.web.app
-0.0.0.0 domainserverlawa73.web.app
 0.0.0.0 domainserverlawa730.web.app
 0.0.0.0 domainserverlawa731.web.app
 0.0.0.0 domainserverlawa732.web.app
@@ -1492,31 +1367,22 @@
 0.0.0.0 domainserverlawa739.web.app
 0.0.0.0 domainserverlawa74.web.app
 0.0.0.0 domainserverlawa740.web.app
-0.0.0.0 domainserverlawa741.web.app
 0.0.0.0 domainserverlawa742.web.app
 0.0.0.0 domainserverlawa743.web.app
 0.0.0.0 domainserverlawa744.web.app
-0.0.0.0 domainserverlawa745.web.app
 0.0.0.0 domainserverlawa746.web.app
-0.0.0.0 domainserverlawa747.web.app
-0.0.0.0 domainserverlawa748.web.app
 0.0.0.0 domainserverlawa749.web.app
 0.0.0.0 domainserverlawa75.web.app
 0.0.0.0 domainserverlawa750.web.app
-0.0.0.0 domainserverlawa751.web.app
 0.0.0.0 domainserverlawa752.web.app
 0.0.0.0 domainserverlawa753.web.app
 0.0.0.0 domainserverlawa754.web.app
 0.0.0.0 domainserverlawa755.web.app
-0.0.0.0 domainserverlawa756.web.app
 0.0.0.0 domainserverlawa757.web.app
 0.0.0.0 domainserverlawa758.web.app
 0.0.0.0 domainserverlawa759.web.app
-0.0.0.0 domainserverlawa76.web.app
-0.0.0.0 domainserverlawa760.web.app
 0.0.0.0 domainserverlawa761.web.app
 0.0.0.0 domainserverlawa762.web.app
-0.0.0.0 domainserverlawa763.web.app
 0.0.0.0 domainserverlawa764.web.app
 0.0.0.0 domainserverlawa765.web.app
 0.0.0.0 domainserverlawa766.web.app
@@ -1536,22 +1402,17 @@
 0.0.0.0 domainserverlawa779.web.app
 0.0.0.0 domainserverlawa78.web.app
 0.0.0.0 domainserverlawa780.web.app
-0.0.0.0 domainserverlawa781.web.app
 0.0.0.0 domainserverlawa782.web.app
 0.0.0.0 domainserverlawa783.web.app
 0.0.0.0 domainserverlawa784.web.app
 0.0.0.0 domainserverlawa785.web.app
 0.0.0.0 domainserverlawa786.web.app
-0.0.0.0 domainserverlawa787.web.app
 0.0.0.0 domainserverlawa788.web.app
 0.0.0.0 domainserverlawa789.web.app
 0.0.0.0 domainserverlawa79.web.app
 0.0.0.0 domainserverlawa790.web.app
-0.0.0.0 domainserverlawa791.web.app
-0.0.0.0 domainserverlawa792.web.app
 0.0.0.0 domainserverlawa793.web.app
 0.0.0.0 domainserverlawa794.web.app
-0.0.0.0 domainserverlawa795.web.app
 0.0.0.0 domainserverlawa796.web.app
 0.0.0.0 domainserverlawa797.web.app
 0.0.0.0 domainserverlawa798.web.app
@@ -1560,7 +1421,6 @@
 0.0.0.0 domainserverlawa800.web.app
 0.0.0.0 domainserverlawa801.web.app
 0.0.0.0 domainserverlawa802.web.app
-0.0.0.0 domainserverlawa803.web.app
 0.0.0.0 domainserverlawa804.web.app
 0.0.0.0 domainserverlawa806.web.app
 0.0.0.0 domainserverlawa807.web.app
@@ -1568,8 +1428,6 @@
 0.0.0.0 domainserverlawa809.web.app
 0.0.0.0 domainserverlawa81.web.app
 0.0.0.0 domainserverlawa810.web.app
-0.0.0.0 domainserverlawa811.web.app
-0.0.0.0 domainserverlawa812.web.app
 0.0.0.0 domainserverlawa813.web.app
 0.0.0.0 domainserverlawa814.web.app
 0.0.0.0 domainserverlawa815.web.app
@@ -1583,7 +1441,6 @@
 0.0.0.0 domainserverlawa822.web.app
 0.0.0.0 domainserverlawa823.web.app
 0.0.0.0 domainserverlawa824.web.app
-0.0.0.0 domainserverlawa825.web.app
 0.0.0.0 domainserverlawa826.web.app
 0.0.0.0 domainserverlawa827.web.app
 0.0.0.0 domainserverlawa828.web.app
@@ -1595,9 +1452,7 @@
 0.0.0.0 domainserverlawa833.web.app
 0.0.0.0 domainserverlawa834.web.app
 0.0.0.0 domainserverlawa835.web.app
-0.0.0.0 domainserverlawa836.web.app
 0.0.0.0 domainserverlawa837.web.app
-0.0.0.0 domainserverlawa838.web.app
 0.0.0.0 domainserverlawa839.web.app
 0.0.0.0 domainserverlawa84.web.app
 0.0.0.0 domainserverlawa840.web.app
@@ -1605,29 +1460,21 @@
 0.0.0.0 domainserverlawa842.web.app
 0.0.0.0 domainserverlawa843.web.app
 0.0.0.0 domainserverlawa844.web.app
-0.0.0.0 domainserverlawa845.web.app
 0.0.0.0 domainserverlawa846.web.app
-0.0.0.0 domainserverlawa847.web.app
-0.0.0.0 domainserverlawa848.web.app
-0.0.0.0 domainserverlawa849.web.app
 0.0.0.0 domainserverlawa85.web.app
-0.0.0.0 domainserverlawa850.web.app
 0.0.0.0 domainserverlawa851.web.app
 0.0.0.0 domainserverlawa852.web.app
 0.0.0.0 domainserverlawa853.web.app
-0.0.0.0 domainserverlawa854.web.app
 0.0.0.0 domainserverlawa855.web.app
 0.0.0.0 domainserverlawa856.web.app
 0.0.0.0 domainserverlawa857.web.app
 0.0.0.0 domainserverlawa858.web.app
-0.0.0.0 domainserverlawa859.web.app
 0.0.0.0 domainserverlawa86.web.app
 0.0.0.0 domainserverlawa860.web.app
 0.0.0.0 domainserverlawa861.web.app
 0.0.0.0 domainserverlawa862.web.app
 0.0.0.0 domainserverlawa863.web.app
 0.0.0.0 domainserverlawa864.web.app
-0.0.0.0 domainserverlawa865.web.app
 0.0.0.0 domainserverlawa866.web.app
 0.0.0.0 domainserverlawa867.web.app
 0.0.0.0 domainserverlawa868.web.app
@@ -1638,7 +1485,6 @@
 0.0.0.0 domainserverlawa872.web.app
 0.0.0.0 domainserverlawa873.web.app
 0.0.0.0 domainserverlawa874.web.app
-0.0.0.0 domainserverlawa875.web.app
 0.0.0.0 domainserverlawa877.web.app
 0.0.0.0 domainserverlawa878.web.app
 0.0.0.0 domainserverlawa879.web.app
@@ -1646,9 +1492,7 @@
 0.0.0.0 domainserverlawa880.web.app
 0.0.0.0 domainserverlawa881.web.app
 0.0.0.0 domainserverlawa882.web.app
-0.0.0.0 domainserverlawa883.web.app
 0.0.0.0 domainserverlawa884.web.app
-0.0.0.0 domainserverlawa885.web.app
 0.0.0.0 domainserverlawa886.web.app
 0.0.0.0 domainserverlawa888.web.app
 0.0.0.0 domainserverlawa889.web.app
@@ -1668,19 +1512,14 @@
 0.0.0.0 domainserverlawa902.web.app
 0.0.0.0 domainserverlawa903.web.app
 0.0.0.0 domainserverlawa904.web.app
-0.0.0.0 domainserverlawa905.web.app
 0.0.0.0 domainserverlawa906.web.app
 0.0.0.0 domainserverlawa907.web.app
 0.0.0.0 domainserverlawa908.web.app
 0.0.0.0 domainserverlawa909.web.app
 0.0.0.0 domainserverlawa91.web.app
 0.0.0.0 domainserverlawa910.web.app
-0.0.0.0 domainserverlawa911.web.app
 0.0.0.0 domainserverlawa912.web.app
 0.0.0.0 domainserverlawa913.web.app
-0.0.0.0 domainserverlawa914.web.app
-0.0.0.0 domainserverlawa915.web.app
-0.0.0.0 domainserverlawa916.web.app
 0.0.0.0 domainserverlawa917.web.app
 0.0.0.0 domainserverlawa918.web.app
 0.0.0.0 domainserverlawa92.web.app
@@ -1689,22 +1528,14 @@
 0.0.0.0 domainserverlawa922.web.app
 0.0.0.0 domainserverlawa923.web.app
 0.0.0.0 domainserverlawa924.web.app
-0.0.0.0 domainserverlawa925.web.app
 0.0.0.0 domainserverlawa926.web.app
 0.0.0.0 domainserverlawa927.web.app
 0.0.0.0 domainserverlawa929.web.app
-0.0.0.0 domainserverlawa93.web.app
 0.0.0.0 domainserverlawa930.web.app
-0.0.0.0 domainserverlawa931.web.app
 0.0.0.0 domainserverlawa932.web.app
-0.0.0.0 domainserverlawa933.web.app
-0.0.0.0 domainserverlawa934.web.app
 0.0.0.0 domainserverlawa935.web.app
-0.0.0.0 domainserverlawa936.web.app
 0.0.0.0 domainserverlawa937.web.app
 0.0.0.0 domainserverlawa938.web.app
-0.0.0.0 domainserverlawa939.web.app
-0.0.0.0 domainserverlawa94.web.app
 0.0.0.0 domainserverlawa940.web.app
 0.0.0.0 domainserverlawa941.web.app
 0.0.0.0 domainserverlawa942.web.app
@@ -1713,45 +1544,33 @@
 0.0.0.0 domainserverlawa945.web.app
 0.0.0.0 domainserverlawa946.web.app
 0.0.0.0 domainserverlawa947.web.app
-0.0.0.0 domainserverlawa948.web.app
 0.0.0.0 domainserverlawa949.web.app
 0.0.0.0 domainserverlawa95.web.app
 0.0.0.0 domainserverlawa950.web.app
-0.0.0.0 domainserverlawa951.web.app
 0.0.0.0 domainserverlawa952.web.app
 0.0.0.0 domainserverlawa953.web.app
 0.0.0.0 domainserverlawa954.web.app
 0.0.0.0 domainserverlawa955.web.app
-0.0.0.0 domainserverlawa957.web.app
 0.0.0.0 domainserverlawa958.web.app
 0.0.0.0 domainserverlawa959.web.app
 0.0.0.0 domainserverlawa96.web.app
-0.0.0.0 domainserverlawa960.web.app
 0.0.0.0 domainserverlawa961.web.app
 0.0.0.0 domainserverlawa962.web.app
 0.0.0.0 domainserverlawa963.web.app
 0.0.0.0 domainserverlawa964.web.app
-0.0.0.0 domainserverlawa965.web.app
 0.0.0.0 domainserverlawa966.web.app
 0.0.0.0 domainserverlawa967.web.app
-0.0.0.0 domainserverlawa968.web.app
-0.0.0.0 domainserverlawa969.web.app
 0.0.0.0 domainserverlawa97.web.app
 0.0.0.0 domainserverlawa970.web.app
-0.0.0.0 domainserverlawa971.web.app
-0.0.0.0 domainserverlawa972.web.app
 0.0.0.0 domainserverlawa973.web.app
 0.0.0.0 domainserverlawa974.web.app
 0.0.0.0 domainserverlawa975.web.app
 0.0.0.0 domainserverlawa976.web.app
 0.0.0.0 domainserverlawa977.web.app
-0.0.0.0 domainserverlawa978.web.app
 0.0.0.0 domainserverlawa979.web.app
 0.0.0.0 domainserverlawa98.web.app
 0.0.0.0 domainserverlawa980.web.app
-0.0.0.0 domainserverlawa981.web.app
 0.0.0.0 domainserverlawa982.web.app
-0.0.0.0 domainserverlawa983.web.app
 0.0.0.0 domainserverlawa984.web.app
 0.0.0.0 domainserverlawa985.web.app
 0.0.0.0 domainserverlawa986.web.app
@@ -1761,14 +1580,11 @@
 0.0.0.0 domainserverlawa99.web.app
 0.0.0.0 domainserverlawa990.web.app
 0.0.0.0 domainserverlawa991.web.app
-0.0.0.0 domainserverlawa992.web.app
 0.0.0.0 domainserverlawa993.web.app
-0.0.0.0 domainserverlawa994.web.app
 0.0.0.0 domainserverlawa995.web.app
 0.0.0.0 domainserverlawa996.web.app
-0.0.0.0 domainserverlawa997.web.app
-0.0.0.0 domainserverlawa998.web.app
 0.0.0.0 domainserverlawa999.web.app
+0.0.0.0 donaidrsilcio.com
 0.0.0.0 doooog.cn
 0.0.0.0 dopeydog.co.nz
 0.0.0.0 dorouscom.com
@@ -1776,20 +1592,20 @@
 0.0.0.0 dowaba-s2dhl.blogspot.com
 0.0.0.0 doz.tode.cz
 0.0.0.0 dpasdasfasfasfas.pages.dev
+0.0.0.0 dpd-pl.566868.space
 0.0.0.0 dpd-redelivery-uk.com
 0.0.0.0 dpmasdaskj.pages.dev
 0.0.0.0 dr-joannepeeler.com
 0.0.0.0 dr3aq.byethost32.com
+0.0.0.0 dreamhacker.pro
 0.0.0.0 dreamotion-jp.com
 0.0.0.0 drivingschoolglasgow.co.uk
 0.0.0.0 drmarciovaleriano.com.br
-0.0.0.0 dsadsadsa.diskstation.eu
 0.0.0.0 dsgcbeonline.com
+0.0.0.0 dskedirekt.web.app
 0.0.0.0 dsp2codemdp.t.justns.ru
-0.0.0.0 dswboot.cc
 0.0.0.0 dtpprtmwbtudyquwgytcqcthzc-dot-gl44393333333.rj.r.appspot.com
 0.0.0.0 dtrpsystasfasgas.pages.dev
-0.0.0.0 duanemanor.tk
 0.0.0.0 dukhovnist.in.ua
 0.0.0.0 durecorpperu.com
 0.0.0.0 dwrat.andalous.org
@@ -1803,7 +1619,6 @@
 0.0.0.0 e63q45f9h5fr.clickfunnels.com
 0.0.0.0 eagleeyeapparel.com
 0.0.0.0 earth01.info
-0.0.0.0 easy-webtdapp.com
 0.0.0.0 easywalletfix.net
 0.0.0.0 easywalletsfix.com
 0.0.0.0 eba0200d0c.nxcli.net
@@ -1812,15 +1627,12 @@
 0.0.0.0 eberhardtedwige.wixsite.com
 0.0.0.0 ebuddynews.com
 0.0.0.0 ec.snadc-oecddo.com
-0.0.0.0 ecloanmoney.com
 0.0.0.0 ecogreenjanitorial.com
 0.0.0.0 ecomcrew.staging.wpengine.com
 0.0.0.0 ecosteelsolution.ro
-0.0.0.0 editpdfonline.tk
 0.0.0.0 edje.com
 0.0.0.0 edukickmexico.com
 0.0.0.0 ee-sms.co.uk
-0.0.0.0 ee.mseocri.com
 0.0.0.0 ee.scicemecod.com
 0.0.0.0 efarms.com.ng
 0.0.0.0 eharmonyservice.com
@@ -1843,7 +1655,6 @@
 0.0.0.0 emsi-lobo.firebaseapp.com
 0.0.0.0 en-template-solicito-16414253314897.onepage.website
 0.0.0.0 enbolivia.com
-0.0.0.0 enchanting-guiltless-suede.glitch.me
 0.0.0.0 encryptdrive.booogle.net
 0.0.0.0 engcamp.org
 0.0.0.0 enoman.fqzsdgtg.cn
@@ -1869,20 +1680,18 @@
 0.0.0.0 eth.coinscout.cc
 0.0.0.0 ethnictrendz.com
 0.0.0.0 ets.jwr.pa-fakfak.go.id
-0.0.0.0 etwtny.cf
 0.0.0.0 eucriomeumundo.com
 0.0.0.0 eugnerally-wixsite-com.filesusr.com
-0.0.0.0 euraby.com
 0.0.0.0 eusa-lombo.firebaseapp.com
 0.0.0.0 evashoes.com.ua
+0.0.0.0 even-besar-banget.duckdns.org
 0.0.0.0 even-ff-gratisterbaru2022.duckdns.org
-0.0.0.0 even-ff-terbarugratis2022.duckdns.org
+0.0.0.0 event-ff-bundle-baru.duckdns.org
 0.0.0.0 event-freefire728.duckdns.org
+0.0.0.0 event-freeskkinmlbb.duckdns.org
 0.0.0.0 event-garenafreefire263.duckdns.org
-0.0.0.0 event-skin-resmi-2022.duckdns.org
-0.0.0.0 eventclaimfreefiregratis2022.duckdns.org
 0.0.0.0 eventclaimsff0.duckdns.org
-0.0.0.0 eventgarenafreefiremax2022.duckdns.org
+0.0.0.0 eventspinfreefire2022.duckdns.org
 0.0.0.0 everestmotors.com.np
 0.0.0.0 evo-revolutioncups.com
 0.0.0.0 evolbithman.web.app
@@ -1891,6 +1700,7 @@
 0.0.0.0 exchange-pancakeswaps.com
 0.0.0.0 exchangedictionary.com
 0.0.0.0 exodlus.net
+0.0.0.0 exodus-2022.com
 0.0.0.0 exodus.com-wallet-signin.com
 0.0.0.0 exodus.com-web-wallet-online.com
 0.0.0.0 exodus.com.tccaponline.com
@@ -1902,6 +1712,7 @@
 0.0.0.0 extracloud.com.au
 0.0.0.0 ezblox.site
 0.0.0.0 ezssausage.com
+0.0.0.0 f2f.co.jp
 0.0.0.0 f6fr7.codesandbox.io
 0.0.0.0 f9w1lned0ruqblxi6jahwotak.filesusr.com
 0.0.0.0 faccebook.azurewebsites.net
@@ -1916,7 +1727,10 @@
 0.0.0.0 facebook.com-zxsrf038k.isiolo.go.ke
 0.0.0.0 facebook.eventspinff.wtf
 0.0.0.0 facebook.kingstopup.com
+0.0.0.0 facebook.whcserverbox.com
+0.0.0.0 facebook8facebook.blogspot.com
 0.0.0.0 facebookk.azurewebsites.net
+0.0.0.0 facebookphisher.herokuapp.com
 0.0.0.0 facebooks.azurewebsites.net
 0.0.0.0 faic.in
 0.0.0.0 faizankhan0408.github.io
@@ -1930,20 +1744,21 @@
 0.0.0.0 fax.gruppobiesse.it
 0.0.0.0 fb-case-id-28031803-fcdc-48af.web.app
 0.0.0.0 fb-pages.proteksion-help.workers.dev
+0.0.0.0 fb.10004682.review
 0.0.0.0 fb.expressturkeyi.com
 0.0.0.0 fb7927.bget.ru
 0.0.0.0 fdasd.2e4jept.cn
 0.0.0.0 fdhgf.xyz
-0.0.0.0 feceboolk.blogspot.com
 0.0.0.0 federalaccesscredit.com
 0.0.0.0 fedner.net
 0.0.0.0 fer-brooks.top
 0.0.0.0 feriadempleos.com
 0.0.0.0 ferienhof-gempel.de
 0.0.0.0 ff-anivesary225.duckdns.org
+0.0.0.0 ff-member-ganena.com
 0.0.0.0 ff-membership-garena.com
 0.0.0.0 ff-membershipz-garena.ga
-0.0.0.0 ff.membership.garenaj.vn
+0.0.0.0 ff.members.garera.vn
 0.0.0.0 ffim-event-2022.duckdns.org
 0.0.0.0 fghjr74rhudfguhtfguji.blogspot.com
 0.0.0.0 fi.uy
@@ -1952,7 +1767,6 @@
 0.0.0.0 fighting40s.com
 0.0.0.0 fikir.id
 0.0.0.0 fileundelete.net
-0.0.0.0 filmkenner.com
 0.0.0.0 filtrosmil.com.br
 0.0.0.0 finalfantasyguide.co.uk
 0.0.0.0 finiiishingedgex.tk
@@ -1967,13 +1781,14 @@
 0.0.0.0 fmwebapp.azurewebsites.net
 0.0.0.0 foliar.pl
 0.0.0.0 foma-ura-lote.firebaseapp.com
+0.0.0.0 foor1.com
+0.0.0.0 for-pakage-delevry.tragaroleary.com
 0.0.0.0 foresta-mod.firebaseapp.com
 0.0.0.0 forhimself9999.co.vu
 0.0.0.0 formbuddy.com
 0.0.0.0 forms.formium.io
 0.0.0.0 formtools.com
 0.0.0.0 forum-dofus.com.co
-0.0.0.0 foryour.gov-information.info
 0.0.0.0 fpalpha.myportfolio.com
 0.0.0.0 fpmaam.org
 0.0.0.0 fr-europe564598-com.filesusr.com
@@ -1986,6 +1801,7 @@
 0.0.0.0 freefireevent-codashop2022.duckdns.org
 0.0.0.0 freeitemff-allreward.duckdns.org
 0.0.0.0 freeliker.net
+0.0.0.0 freereward-ff.duckdns.org
 0.0.0.0 frefire-membership-garena.sukienfreefire2021.top
 0.0.0.0 freg-nine.pt
 0.0.0.0 friendsofnechockey.com
@@ -2001,21 +1817,22 @@
 0.0.0.0 ftx.cool
 0.0.0.0 ftxbonus.site
 0.0.0.0 funiswap.exchange
+0.0.0.0 furgonetka-1.pl
 0.0.0.0 fusionrestobar.cl
+0.0.0.0 futurebits.in
+0.0.0.0 fwztmgr.cn
 0.0.0.0 fxhalifax.com
 0.0.0.0 fxxmpavktyihgyqitmuaimubui-dot-gl44393333333.rj.r.appspot.com
 0.0.0.0 g-mtcc.com
 0.0.0.0 g.greatsubstance.com.my
 0.0.0.0 ga.teesmith.shop
 0.0.0.0 gabrielamims.com
-0.0.0.0 gabung-grubnew1342.duckdns.org
 0.0.0.0 gagaclinic.com
 0.0.0.0 gakrvwufrvhxjaabezdbltlhff-dot-gl44393333333.rj.r.appspot.com
 0.0.0.0 gallciaonllne.webcindario.com
 0.0.0.0 garena-xacminhtaikhoan.com
-0.0.0.0 garenafreefire728.duckdns.org
-0.0.0.0 gastronomiarobertos.com
 0.0.0.0 gasunige.mfs.gg
+0.0.0.0 gbunggrup-pmrsatu13.duckdns.org
 0.0.0.0 gedfdfsd.eu
 0.0.0.0 geg.li
 0.0.0.0 generali-italia-ag.hrweb.it
@@ -2041,7 +1858,6 @@
 0.0.0.0 golkondaresorts.com
 0.0.0.0 goo-gl.me
 0.0.0.0 good12345.tripod.com
-0.0.0.0 goofy-wozniak.192-210-226-164.plesk.page
 0.0.0.0 gorol-cost.web.app
 0.0.0.0 gorol-investor.web.app
 0.0.0.0 gosafes.com
@@ -2051,39 +1867,28 @@
 0.0.0.0 greekinfra.com
 0.0.0.0 greenclasses.in
 0.0.0.0 grosshandel-mevida.de
-0.0.0.0 group-mantap-seger.duckdns.org
 0.0.0.0 group-wa-1.duckdns.org
-0.0.0.0 groupbkep-vral15.duckdns.org
 0.0.0.0 groworldinternational.com
 0.0.0.0 grp02.member.mycld-rakuten.info
-0.0.0.0 grub-sangex.wikaba.com
-0.0.0.0 grubgabung.duckdns.org
 0.0.0.0 grubnatajadeh12.duckdns.org
+0.0.0.0 grubterbarukk037.duckdns.org
 0.0.0.0 grubviralterbaru65c.duckdns.org
-0.0.0.0 grup-bokephot-terbaru2022.duckdns.org
-0.0.0.0 grup-bokepviral4.duckdns.org
-0.0.0.0 grup-dwsa-indomesia845.duckdns.org
-0.0.0.0 grup-viral-seleb.duckdns.org
-0.0.0.0 grup-viralbokep111.myftp.org
-0.0.0.0 grup-viralbokep2.ddns.net
+0.0.0.0 gruo-wa-okep-dewasa-2022.duckdns.org
+0.0.0.0 grup-bokep-terbaru555.duckdns.org
 0.0.0.0 grup-whatsapp121.duckdns.org
 0.0.0.0 grup-whatsappbokep1.duckdns.org
 0.0.0.0 grup-whatsappbokep2.duckdns.org
-0.0.0.0 grupbokeppadacantik.duckdns.org
+0.0.0.0 grup2022ssx.duckdns.org
 0.0.0.0 grupofsp.com.br
 0.0.0.0 gruposanpio.com
-0.0.0.0 gruptiktok.wikaba.com
-0.0.0.0 grupviral-xx.duckdns.org
-0.0.0.0 grupviral109.duckdns.org
-0.0.0.0 grupviralterbaru.duckdns.org
+0.0.0.0 grupwhatsaap-viral-2022.duckdns.org
 0.0.0.0 grupwhatsappnobar-2022.duckdns.org
 0.0.0.0 gscommunityspirit.greenschool.org
 0.0.0.0 gstsolutions.online
+0.0.0.0 gtw420.com
 0.0.0.0 gunatanahku.perkimtan.sumbarprov.go.id
 0.0.0.0 gurukanth.com
 0.0.0.0 gwenet.org
-0.0.0.0 gyfnqyk.cn
-0.0.0.0 gymjaokhanakho.azurewebsites.net
 0.0.0.0 habbocreditosparati.blogspot.com
 0.0.0.0 haftteam.ir
 0.0.0.0 hahdaeupdate.es.tl
@@ -2100,19 +1905,18 @@
 0.0.0.0 haunlimited.org
 0.0.0.0 hcnprdvz.azureedge.net
 0.0.0.0 hdmediahub.club
-0.0.0.0 hdss-stream.org
 0.0.0.0 heinthu1.github.io
 0.0.0.0 hellenic-postbank.com
-0.0.0.0 helloparis.co.uk
 0.0.0.0 help-account-bxsfe.ondigitalocean.app
+0.0.0.0 help-identity-recoveri-support-center.web.id
 0.0.0.0 help-notice-center-identity-6532.web.id
 0.0.0.0 help.insecur.saftyalert.workers.dev
 0.0.0.0 help.validation-page.workers.dev
+0.0.0.0 helpingcentere.com
 0.0.0.0 henan.vxim58i.cn
 0.0.0.0 hermes.parcel-tracker.com
 0.0.0.0 hetershaven.net
 0.0.0.0 heuristic-gagarin.45-88-108-231.plesk.page
-0.0.0.0 hfemail.ntneancns.com
 0.0.0.0 hgda.db0u4hs.cn
 0.0.0.0 hgdaa.lfoxcct.cn
 0.0.0.0 hghgda.erjl0hx.cn
@@ -2127,18 +1931,15 @@
 0.0.0.0 hifly39091.top
 0.0.0.0 hifly61215.top
 0.0.0.0 hifly71191.top
-0.0.0.0 hikaheal.com
 0.0.0.0 himalayansherpa.com.au
 0.0.0.0 himbauane.blogspot.com
 0.0.0.0 hitman71hd-wixsite-com.filesusr.com
-0.0.0.0 hjhjjhjhjh.pagedemo.co
 0.0.0.0 hockian.com
 0.0.0.0 holobeam.000webhostapp.com
 0.0.0.0 home.ei1ns.de
 0.0.0.0 home.myfairpoint.net
 0.0.0.0 homepichilinea2.webcindario.com
 0.0.0.0 homesinlogin.com
-0.0.0.0 homestaylongho.com
 0.0.0.0 hostnix.net
 0.0.0.0 hostpoint.ch.17a902ef.tcorner.fr
 0.0.0.0 hotbrooks.com
@@ -2151,6 +1952,7 @@
 0.0.0.0 hs-giveaways.ca
 0.0.0.0 ht-cargo.com.vn
 0.0.0.0 htlgroup.com.my
+0.0.0.0 httpcom-0d4tol437.isiolo.go.ke
 0.0.0.0 httpeugnerally-wixsite-com.filesusr.com
 0.0.0.0 https-scert-con04.xyz
 0.0.0.0 https-scert-srv02.xyz
@@ -2175,7 +1977,6 @@
 0.0.0.0 ialvkqkadlmcdltczoqpwoociz-dot-gl44393333333.rj.r.appspot.com
 0.0.0.0 ibpm.ru
 0.0.0.0 icloud-map-live.com
-0.0.0.0 icloudstatus.com.ng
 0.0.0.0 icy.martulangbelulalng.workers.dev
 0.0.0.0 idappswallets.com
 0.0.0.0 identifiez-vous-avec-votre-compte.yolasite.com
@@ -2188,7 +1989,6 @@
 0.0.0.0 ighk.umjlrs7uci2751.workers.dev
 0.0.0.0 iipvit.by
 0.0.0.0 ijcda.bukkats.cn
-0.0.0.0 ijeioqhawdqioqho.weebly.com
 0.0.0.0 ijhca.0gb0h7z.cn
 0.0.0.0 ijjd.h8nmtcc.cn
 0.0.0.0 ijmna.p2y00vd.cn
@@ -2199,23 +1999,25 @@
 0.0.0.0 ikcsa.ajiqvjf.cn
 0.0.0.0 ikdff.jmo904i.cn
 0.0.0.0 ikja.lbanwqp.cn
+0.0.0.0 ikjcd.p1z98hl.cn
 0.0.0.0 ikjd.uk0xnp8.cn
 0.0.0.0 ikjgd.rg6bzk7.cn
 0.0.0.0 ikmcd.u4jdbxm.cn
 0.0.0.0 ikmxaa.qcqxlrq.cn
+0.0.0.0 ilooksrare.com
 0.0.0.0 iloveyourglasses.com
 0.0.0.0 ilpconnect.org
+0.0.0.0 image-pict-ig.duckdns.org
 0.0.0.0 imersao.impulseingles.com.br
 0.0.0.0 imf0rm4t10nc3nt3r-1d3nt1tys.000webhostapp.com
-0.0.0.0 imi-ksa.jajainfo.net
 0.0.0.0 imobiliaria-cardinali-com-br.blogspot.com
 0.0.0.0 impostazionebper.000webhostapp.com
 0.0.0.0 in.deraya.org
-0.0.0.0 inaueab.com
 0.0.0.0 indo-viral2022.duckdns.org
 0.0.0.0 info.lionnets.com
 0.0.0.0 infohypesquad.com
 0.0.0.0 infopichinchaweb.webcindario.com
+0.0.0.0 information.safeamazoncardweb.cyou
 0.0.0.0 informations.recovery.confiryourpage.workers.dev
 0.0.0.0 infos00001.temp.swtest.ru
 0.0.0.0 infosecplace.com
@@ -2228,16 +2030,16 @@
 0.0.0.0 innca.ol90k56.cn
 0.0.0.0 innovasjon.as
 0.0.0.0 inps-ep.com
-0.0.0.0 instagram-9.blogspot.com
-0.0.0.0 instagramhelpp.agency
+0.0.0.0 instahelppbaddge.ml
 0.0.0.0 intellidata-analytica.com
-0.0.0.0 interbankempresahome.rankforever.com
 0.0.0.0 interbankempresas.pe-il.ru
+0.0.0.0 interbankhomeweb.fullcircleteam.com
 0.0.0.0 intern.unibas-com.ch
 0.0.0.0 international-formulier.91-218-65-223.plesk.page
 0.0.0.0 internetbanking-caixa-gov.xyz
 0.0.0.0 internetbankinghelp.com
 0.0.0.0 internetservicetech.com
+0.0.0.0 intesalife.ie
 0.0.0.0 intexargentina.com.ar
 0.0.0.0 inthewildproductions.com
 0.0.0.0 intoli.ru
@@ -2245,10 +2047,14 @@
 0.0.0.0 intranet.sztpe.info
 0.0.0.0 investpl.work
 0.0.0.0 iplogger.info
+0.0.0.0 iqwea.soxr0u1.cn
 0.0.0.0 ironmantech.shop
-0.0.0.0 irs-gov.us-get-funds-assistance.com
+0.0.0.0 irs-gov-supportcenters.com
+0.0.0.0 irs.gov-coronavirus-pandemic-tax-refund-submission.com
+0.0.0.0 ise.com.ar
 0.0.0.0 isfirsatibul.com
 0.0.0.0 ismamorlin.my-place.us
+0.0.0.0 isntagranmeta.pagedemo.co
 0.0.0.0 istudyalumni.com
 0.0.0.0 it-europe564598-com.filesusr.com
 0.0.0.0 it.melnikhotels.com
@@ -2260,6 +2066,12 @@
 0.0.0.0 iujdas.yfwxlc9.cn
 0.0.0.0 iuyydd.ebeg6uk.cn
 0.0.0.0 j9w77d0.cn
+0.0.0.0 jacco.co.jp-service-tranid-0001-00001m.jtlctj.cn
+0.0.0.0 jacco.co.jp-service-tranid-0001-00001m.jxbehx.cn
+0.0.0.0 jacco.co.jp-service-tranid-0001-00001m.qyb59bk.cn
+0.0.0.0 jacco.co.jp-service-tranid-0001-00001m.v8vxqi.cn
+0.0.0.0 jacco.co.jp-service-tranid-0001-00001m.v9iasv.cn
+0.0.0.0 jacco.co.jp-service-tranid-0001-00001m.vjsj3y.cn
 0.0.0.0 jacobliston.com
 0.0.0.0 jadaart.org
 0.0.0.0 jagex-rewards.com
@@ -2271,31 +2083,31 @@
 0.0.0.0 jeanbaileyrobor.com
 0.0.0.0 jendelajogja.com
 0.0.0.0 jerinja.github.io
-0.0.0.0 jessicasproul.com
 0.0.0.0 jetser-electrical-supply.business.site
-0.0.0.0 jetstoop.top
 0.0.0.0 jett.gator.site
 0.0.0.0 jflkp.csb.app
 0.0.0.0 jfovukvysqnglcjghfxncklqih-dot-gl44393333333.rj.r.appspot.com
 0.0.0.0 jhda.wfdyk9p.cn
 0.0.0.0 jhdd.fjcslad.cn
 0.0.0.0 jhff.93oe0u9.cn
+0.0.0.0 jhnd.0drhnjk.cn
 0.0.0.0 jiwanramchemical.com
 0.0.0.0 jjhcd.27ke98i.cn
 0.0.0.0 jk99j.sbs
-0.0.0.0 jkhkjjkjk.pagedemo.co
 0.0.0.0 jlogine.com
+0.0.0.0 jmcna.jiwayjc.cn
+0.0.0.0 jmfykd.cyou
+0.0.0.0 jncba.diiqsmm.cn
 0.0.0.0 jnlope.tangguakrapekpuik.link
 0.0.0.0 jnnc.grnxkoj.cn
 0.0.0.0 job-type.com
 0.0.0.0 jobs.job.com.bd
 0.0.0.0 joecamera.net
 0.0.0.0 john-ashley.de
-0.0.0.0 join-chat-whatssap-viral-2022.duckdns.org
-0.0.0.0 join-group-wa2022.duckdns.org
-0.0.0.0 join-grub-bokep-gratis.duckdns.org
-0.0.0.0 join-grubkienzy849.duckdns.org
-0.0.0.0 join-whatsapp-tante-hot18.duckdns.org
+0.0.0.0 join-group-1.duckdns.org
+0.0.0.0 join-gruo-waku282.duckdns.org
+0.0.0.0 joinedprice.com
+0.0.0.0 joingrupku183.duckdns.org
 0.0.0.0 joingrupp-bkep156.duckdns.org
 0.0.0.0 joingrupterbaru-0.duckdns.org
 0.0.0.0 joinlinkviral729.duckdns.org
@@ -2303,12 +2115,14 @@
 0.0.0.0 joinssgropssney6.duckdns.org
 0.0.0.0 jow-japan.or.jp
 0.0.0.0 joyeriajireh.com.mx
-0.0.0.0 jp-bnnk.japappoit.asdwb.xyz
-0.0.0.0 jp-bnnk.japappoit.asdwd.xyz
+0.0.0.0 jp-auid.com
+0.0.0.0 jp.mercari.omany.buzz
 0.0.0.0 jptechdocsign.net
 0.0.0.0 jrhayley.plus.com
 0.0.0.0 juandfar.github.io
+0.0.0.0 jurisgeneral.com
 0.0.0.0 jurlebedev.ru
+0.0.0.0 juscook.com
 0.0.0.0 justgot.gonevis.com
 0.0.0.0 justsayingbro.com
 0.0.0.0 jvk.zultifarza.workers.dev
@@ -2316,6 +2130,7 @@
 0.0.0.0 jz2bab.webwave.dev
 0.0.0.0 k3ja6d.webwave.dev
 0.0.0.0 kaamwalibais.co.in
+0.0.0.0 kachinas.be
 0.0.0.0 kamdhenurealities.com
 0.0.0.0 kargonova.com
 0.0.0.0 kartaltepespor.com
@@ -2327,9 +2142,11 @@
 0.0.0.0 kdlscaffolding.co.uk
 0.0.0.0 kecc.com
 0.0.0.0 kecmanijada.com
+0.0.0.0 kedai-gamers.com
 0.0.0.0 keep-passw0rd-supp0rt20211129-0106.supp0rtaaqkadq2zgnizte3ltbly2etnge5yi05ntm3lty2yjcwyzywzdjhmwa.workers.dev
 0.0.0.0 keepactive-8k98-l9k8-98j8-98j78u-d3d3-fr3d34d-2.pages.dev
 0.0.0.0 keepboxactive-msoe3e3-osd2rrf432-d342f4-3f34e32edetferef.pages.dev
+0.0.0.0 kenanhusovic.com
 0.0.0.0 kevinsmovingservice.com
 0.0.0.0 kex81.sbs
 0.0.0.0 key-drcp.com
@@ -2353,12 +2170,12 @@
 0.0.0.0 konnect2kamadhenu.com
 0.0.0.0 koteng.odoo.com
 0.0.0.0 kr-bithumb.web.app
-0.0.0.0 kraftongame.net
 0.0.0.0 krupije.com
 0.0.0.0 krx887.com
 0.0.0.0 ksschool.org.in
 0.0.0.0 kuchkuchnights.com
 0.0.0.0 kurortnoye.com.ua
+0.0.0.0 ky79.com
 0.0.0.0 l-abe.com
 0.0.0.0 l-q.in
 0.0.0.0 lambdaweb.info
@@ -2380,16 +2197,17 @@
 0.0.0.0 learningimpactmodel.com
 0.0.0.0 leboncoiinlbc.000webhostapp.com
 0.0.0.0 leboncoin.delivery01588.icu
+0.0.0.0 lefaf77683.temp.swtest.ru
 0.0.0.0 lemeiesta.com
 0.0.0.0 lenagruessdich.net
 0.0.0.0 leroycu.ca
+0.0.0.0 letoptuswebmail-9b69f0.ingress-comporellon.easywp.com
 0.0.0.0 lettertracing4kids.com
 0.0.0.0 lexnotes.com.ng
-0.0.0.0 lg-bluebadgecenter.ml
 0.0.0.0 lg-onecom-io.web.app
 0.0.0.0 liberasrl.it
 0.0.0.0 lihi3.cc
-0.0.0.0 linkcontract.tech
+0.0.0.0 linkgrupkakak-disini.duckdns.org
 0.0.0.0 liongear.com
 0.0.0.0 lirc.cep.edu.vn
 0.0.0.0 little-frost-1a15.chrisc11004842.workers.dev
@@ -2413,28 +2231,33 @@
 0.0.0.0 lloydsbank.secure-personal-device-login.com
 0.0.0.0 lloyduk-newdevice-registered-online.com
 0.0.0.0 llsckhuhskcamuqwbonsrhwpvk-dot-gl44393333333.rj.r.appspot.com
+0.0.0.0 lmbanang.pgryuangbtusngka.link
 0.0.0.0 lnkd.dev
 0.0.0.0 lnterbancape-lbk.com
 0.0.0.0 lnterbank.pe.starneonsignsug.com
+0.0.0.0 local-postoffice-deliver.com
 0.0.0.0 localwithg.com
 0.0.0.0 lockpichincha.webcindario.com
 0.0.0.0 loengregkuetngferu.live
 0.0.0.0 lofon-add.firebaseapp.com
 0.0.0.0 loftywallet.com
+0.0.0.0 logfuliz.web.app
 0.0.0.0 login-a5x1ir9bkd0dfo9nrbe2akijf3ux35u2gard0djpitipusxxc8.website.yandexcloud.net
 0.0.0.0 login-facebook18.webnode.page
 0.0.0.0 login-live.com-s02.net
 0.0.0.0 login-np6hh1hdf6csg7hcskopd44b7e7z4clqa8lput68g5abukevka.website.yandexcloud.net
 0.0.0.0 login-postfinance.com
+0.0.0.0 login-singaporee.apply-now-online-digital.com
 0.0.0.0 login.dbs.webdbslistinonline.com
 0.0.0.0 login.privategold.uytrtyuhij987.gowithapex.com
-0.0.0.0 login.smbc.weddirecttop.com
 0.0.0.0 logindhlaccess.dhlupdatelogin.workers.dev
+0.0.0.0 loginnewatt.weebly.com
 0.0.0.0 logverify-df12e-verify-1230-eu.web.app
 0.0.0.0 loinesports.com
 0.0.0.0 lomadesarrollos.mx
 0.0.0.0 lombard11.eu
 0.0.0.0 lot-lp-x.web.app
+0.0.0.0 love.gos-box.com
 0.0.0.0 lp.vp4.me
 0.0.0.0 lrs.financial
 0.0.0.0 lrs.foundation
@@ -2454,13 +2277,10 @@
 0.0.0.0 m.recovery.safetyacount.workers.dev
 0.0.0.0 m.recovery.saftypageupdate.workers.dev
 0.0.0.0 m.salsomascard.top
-0.0.0.0 m4-appcaixia.com
 0.0.0.0 m42club.com
-0.0.0.0 m5bundle.com
 0.0.0.0 machineryzoneservice.com
 0.0.0.0 macjakarta.com
 0.0.0.0 macst.cc
-0.0.0.0 madamailru.temp.swtest.ru
 0.0.0.0 madens.com.pl
 0.0.0.0 madrhinoconsulting.com
 0.0.0.0 maestro.my.prod.dfg152.ru
@@ -2472,15 +2292,15 @@
 0.0.0.0 mail-gmxaktualisierung.yolasite.com
 0.0.0.0 mail-ovhcloud.web.app
 0.0.0.0 mail-ssocloud-srvr67yhguh.pages.dev
+0.0.0.0 mail.atlanticeconcrete.com
 0.0.0.0 mail.enrollmoreclientsbootcamp.com
-0.0.0.0 mail.gov-taxid.completofyours.info
-0.0.0.0 mail.grup-dwsa-indomesia845.duckdns.org
 0.0.0.0 mail.ims-fe.com
+0.0.0.0 mail.kenanhusovic.com
 0.0.0.0 mail.kuttabalfatih.com
 0.0.0.0 mail.santepluspharma.com
 0.0.0.0 mail.sweetshopspecialtycoffee.com.au
-0.0.0.0 mail.tariqalaraimi.com
 0.0.0.0 mail.updateinfo-billingo2.com
+0.0.0.0 mail.wellsfargous.duckdns.org
 0.0.0.0 mail.wheel1factory.net
 0.0.0.0 mail.zenstream.com
 0.0.0.0 maildomaiincheck1.web.app
@@ -2508,60 +2328,56 @@
 0.0.0.0 mailupdattee10.web.app
 0.0.0.0 mailupdattee11.web.app
 0.0.0.0 mailupdattee12.web.app
-0.0.0.0 mailupdattee13.web.app
 0.0.0.0 mailupdattee14.web.app
-0.0.0.0 mailupdattee15.web.app
 0.0.0.0 mailupdattee16.web.app
 0.0.0.0 mailupdattee17.web.app
-0.0.0.0 mailupdattee18.web.app
 0.0.0.0 mailupdattee19.web.app
 0.0.0.0 mailupdattee20.web.app
 0.0.0.0 mailupdattee21.web.app
 0.0.0.0 mailupdattee22.web.app
-0.0.0.0 mailupdattee23.web.app
 0.0.0.0 mailupdattee24.web.app
 0.0.0.0 mailupdattee26.web.app
 0.0.0.0 mailupdattee27.web.app
 0.0.0.0 mailupdattee28.web.app
 0.0.0.0 mailupdattee29.web.app
-0.0.0.0 mailupdattee32.web.app
 0.0.0.0 mailupdattee34.web.app
 0.0.0.0 mailupdattee35.web.app
 0.0.0.0 mailupdattee40.web.app
-0.0.0.0 mailupdattee5.web.app
 0.0.0.0 mailupdattee6.web.app
 0.0.0.0 mailupdattee7.web.app
 0.0.0.0 mailupdattee8.web.app
-0.0.0.0 mailupdattee9.web.app
+0.0.0.0 mainbugerrorfixing.com
+0.0.0.0 mainmobilerectify.live
+0.0.0.0 mainsbscrestore.com
 0.0.0.0 maintoken.org
-0.0.0.0 mainwalletappconnect.com
 0.0.0.0 makcts-go.ru
 0.0.0.0 make-anon-keep-past.rvsla.workers.dev
 0.0.0.0 mala-riba.com
 0.0.0.0 malaprontaargentina.com.br
 0.0.0.0 malehaenterprises.com
 0.0.0.0 malukutenggarakab.go.id
+0.0.0.0 mamasitasont.blogspot.com
 0.0.0.0 mandirilivinlinksystem.brizy.site
-0.0.0.0 mandirilivinlinksystem2.brizy.site
 0.0.0.0 mandirilivinlinksystem3.brizy.site
-0.0.0.0 manthsedty.live
 0.0.0.0 manualsync.com
+0.0.0.0 maotun.xyz
 0.0.0.0 mapsa.com.pe
+0.0.0.0 marifilmines.ca
 0.0.0.0 marinthe.poingaitongamlm.link
 0.0.0.0 marketplace-axieinfinity.io
 0.0.0.0 marketplace-axlelnfiniity.com
 0.0.0.0 marketplace.facebook.com-1b6x8r3ep.isiolo.go.ke
 0.0.0.0 marketplace.facebook.com-29ta3qbv.isiolo.go.ke
 0.0.0.0 marketplace.facebook.com-hzup1bae.isiolo.go.ke
+0.0.0.0 marketplace.facebook.com-izkbuxmx.isiolo.go.ke
 0.0.0.0 marketplace.facebook.com-kq1oh2ae.isiolo.go.ke
+0.0.0.0 marketplace.facebook.com-milt5ssm.isiolo.go.ke
 0.0.0.0 marketplace.facebook.com-qze9zt75vm.isiolo.go.ke
 0.0.0.0 marketplace.facebook.com-sauuvazpjo.isiolo.go.ke
 0.0.0.0 marketplace.facebook.com-tyeuieb7.isiolo.go.ke
 0.0.0.0 marketplace.facebook.com-wd5sulr0f5.isiolo.go.ke
 0.0.0.0 marketplace.facebook.com-z1au8cxghl.isiolo.go.ke
 0.0.0.0 marketplaceaxieinfiniity.com
-0.0.0.0 marmardian.co.vu
-0.0.0.0 marylkmatzenger.com
 0.0.0.0 masdas0932.co.vu
 0.0.0.0 masum.lawyer
 0.0.0.0 match.lookatmynewphotos.com
@@ -2589,22 +2405,28 @@
 0.0.0.0 mercariz.xyz
 0.0.0.0 meremanovegabana.website2.me
 0.0.0.0 mericarir.mbudeu.cn
-0.0.0.0 mericarir.mg0gbo1.cn
+0.0.0.0 mericarir.mednljn.cn
 0.0.0.0 mericarir.mgeukpx.cn
 0.0.0.0 mericarir.mglsffs.cn
-0.0.0.0 mericarir.mksydb.cn
+0.0.0.0 mericarir.mglxyul.cn
+0.0.0.0 mericarir.mhgqdtv.cn
+0.0.0.0 mericarir.mjrsrfo.cn
 0.0.0.0 mericarir.mktbbr.cn
+0.0.0.0 mericarir.mkxbqnu.cn
 0.0.0.0 mericarir.mlyffa.cn
+0.0.0.0 mericarir.mmsfzys.cn
 0.0.0.0 mericarir.mnfjwy.cn
 0.0.0.0 mericarir.mnheijt.cn
-0.0.0.0 mericarir.mrzcafk.cn
 0.0.0.0 mericarir.msnygk.cn
-0.0.0.0 mericorci-logining.sfhs26r.lyb6srb.cn
+0.0.0.0 mericarir.mtlrnzu.cn
+0.0.0.0 mericarir.mukkwvc.cn
+0.0.0.0 mericarir.mxsoecl.cn
 0.0.0.0 meriocori-logining.2y3uio.pyqbas.cn
 0.0.0.0 mestertignseekjet4.blogspot.com
 0.0.0.0 mestertignseekjet5.blogspot.com
 0.0.0.0 mestertignseekjet6.blogspot.com
 0.0.0.0 mestredaobra.com
+0.0.0.0 meta-support-centers.ml
 0.0.0.0 metalurgicagiom.com.br
 0.0.0.0 metamasc.club
 0.0.0.0 metamask-connect.com
@@ -2615,11 +2437,13 @@
 0.0.0.0 metamask.cam
 0.0.0.0 metamask.io-php.com
 0.0.0.0 metamask.kiwi
+0.0.0.0 metamask.loan
 0.0.0.0 metamask.protocol-process.me
 0.0.0.0 metamask.security-information.cc
 0.0.0.0 metamask.social
 0.0.0.0 metamask.wallets-reauth.net
 0.0.0.0 metamaskdownloadandroid.xyz
+0.0.0.0 metamaskextension.xyz
 0.0.0.0 metamassklogins-us.tumblr.com
 0.0.0.0 metaversepadapp.com
 0.0.0.0 meusabor.com.br
@@ -2627,19 +2451,20 @@
 0.0.0.0 mfacebook.blogspot.lt
 0.0.0.0 mfacebook.blogspot.rs
 0.0.0.0 mgpskartarpur.com
+0.0.0.0 mgrandroyale.com
 0.0.0.0 mibancocrece.com.co
 0.0.0.0 micacd.elshov.com
-0.0.0.0 michaelxrandazzo.com
 0.0.0.0 michiyado.com
 0.0.0.0 microcav.square.site
 0.0.0.0 microsoftonline.pages.dev
 0.0.0.0 microsoftwebserver.mfs.gg
 0.0.0.0 micuenta01.github.io
+0.0.0.0 midasbuy1st.com
+0.0.0.0 midsposc2.com
 0.0.0.0 mijnics-actualisatie.185-236-231-64.plesk.page
-0.0.0.0 mikhali.com
+0.0.0.0 mikayelxhovakimyan.com
 0.0.0.0 milanobet301.com
 0.0.0.0 militarybikers.org
-0.0.0.0 minamikaga.or.jp
 0.0.0.0 mingming20160152.github.io
 0.0.0.0 miozpro.com
 0.0.0.0 miracdoviz.com
@@ -2669,16 +2494,17 @@
 0.0.0.0 mk2.ge
 0.0.0.0 mkjiool.weebly.com
 0.0.0.0 mnbxa.73kfer9.cn
+0.0.0.0 mnbxcas.zm7wwar.cn
 0.0.0.0 mncxx.qbeepor.cn
 0.0.0.0 mnnbx.r1rpj09.cn
+0.0.0.0 mnncxa.fwffsyt.cn
 0.0.0.0 mobiile.systemredirect-pages.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
-0.0.0.0 mobil-singaporre.digital-online-login-opportunity.com
 0.0.0.0 mobile-orange-forever.yolasite.com
 0.0.0.0 mobile-portail.live
 0.0.0.0 mobile.hedgesportst.me
-0.0.0.0 moccasinyellowbetatest--josekkk.repl.co
 0.0.0.0 moccasinyellowbetatest.josekkk.repl.co
 0.0.0.0 modest-hertz.45-81-232-15.plesk.page
+0.0.0.0 moiksys.com
 0.0.0.0 mon-token.com
 0.0.0.0 mon.espace.lcl.fr.certosini.info
 0.0.0.0 monbudri.xyz
@@ -2693,6 +2519,7 @@
 0.0.0.0 monyeward.com
 0.0.0.0 morcario.xyz
 0.0.0.0 morfybox.com
+0.0.0.0 movil.particulares-secure.com
 0.0.0.0 mqzlsim.mindlogicinfotech.com
 0.0.0.0 mrpitchman.com
 0.0.0.0 msc-doelsach.at
@@ -2713,16 +2540,14 @@
 0.0.0.0 my.jcpwb.com
 0.0.0.0 my.nhs-get-pass.com
 0.0.0.0 my.paydi.login-index-home.x4typfc.cn
-0.0.0.0 my.paydi.logining-nexy-home.en6cnm.asia
 0.0.0.0 my02billing-login.com
-0.0.0.0 myaccount.aol.wallat-billing.com.authlog.gq
+0.0.0.0 mybeii.live
 0.0.0.0 mycoerver.es
 0.0.0.0 mygoogleaccount.stantrade.xyz
 0.0.0.0 myjcb.cyyptoi.cn
 0.0.0.0 myjcb.thxpj.cn
 0.0.0.0 mymbg-aa2e2.web.app
 0.0.0.0 mymeta-securearea.plesk07.zap-webspace.com
-0.0.0.0 mymetamask-clientarea.185-236-231-227.plesk.page
 0.0.0.0 mymweb-owner.at.ua
 0.0.0.0 mypo-delivery.com
 0.0.0.0 mypsm.psm.edu.mm
@@ -2734,7 +2559,6 @@
 0.0.0.0 n-naoko-0319.github.io
 0.0.0.0 n.salsomascard.top
 0.0.0.0 n26.sa-france.fr
-0.0.0.0 n26servicetechnique.click
 0.0.0.0 n7orton.com
 0.0.0.0 nab-access-breach.com
 0.0.0.0 nab-alert.mobi
@@ -2742,7 +2566,6 @@
 0.0.0.0 naderkhani.ir
 0.0.0.0 najboljeuslugezavas.betterservicesforyou.com
 0.0.0.0 nalandaias.com
-0.0.0.0 nalodke.com.ua
 0.0.0.0 nanjing.itud167.cn
 0.0.0.0 napgamelienquan.net
 0.0.0.0 naranja-users.auth0.com
@@ -2757,8 +2580,10 @@
 0.0.0.0 nayablabs.com
 0.0.0.0 nayameehomes.com
 0.0.0.0 nbcc.0bit08a.cn
+0.0.0.0 nbcd.xiu58rl.cn
 0.0.0.0 nbcvs.gd65y69.cn
 0.0.0.0 nbcxa.lctlfdq.cn
+0.0.0.0 nbcxas.551awvr.cn
 0.0.0.0 nbhjxa.hblhi96.cn
 0.0.0.0 nbnonres.com
 0.0.0.0 nbxaa.b1b6nac.cn
@@ -2770,12 +2595,9 @@
 0.0.0.0 necessitymag.com
 0.0.0.0 nedbankqa.flowblocks.com
 0.0.0.0 nedriw.xyz
-0.0.0.0 neftlexi.com
 0.0.0.0 negociebra.com.br
 0.0.0.0 neptuneinnovations.com
 0.0.0.0 netciti.id
-0.0.0.0 netf1ix.us-891691712-local-781652.airalgeriecanada.ca
-0.0.0.0 netfl-lixids938mailmealkas.duckdns.org
 0.0.0.0 netflix-techarmy.me
 0.0.0.0 netflixus-uwm-916726-sbi-917827.kamaliakhaddar.pk
 0.0.0.0 networksol-f35e7.web.app
@@ -2799,9 +2621,8 @@
 0.0.0.0 nhs.my-vaccine-status.com
 0.0.0.0 niagarapower.com
 0.0.0.0 nic-home.com
-0.0.0.0 nisuper.com
 0.0.0.0 nizotchauffage.bilty.be
-0.0.0.0 nontonvidioviral2022nohoax.duckdns.org
+0.0.0.0 nodesconnection.com
 0.0.0.0 northlane.esy.es
 0.0.0.0 notife.help.institutepages.workers.dev
 0.0.0.0 notification-fb.secure-pages.workers.dev
@@ -2842,23 +2663,22 @@
 0.0.0.0 oijcd.qvjcddv.cn
 0.0.0.0 oikca.smwceku.cn
 0.0.0.0 oikcas.6b914ty.cn
+0.0.0.0 oikcd.uf27ce8.cn
 0.0.0.0 oikcxa.zvvx01z.cn
 0.0.0.0 oivac.com
 0.0.0.0 okcs.qj8yua.cn
 0.0.0.0 okds.bbtlcve.cn
-0.0.0.0 okep-terbaru-viral-2022.duckdns.org
+0.0.0.0 okep-viral-terbaru-terhist-2022.duckdns.org
 0.0.0.0 okmca.8xcrn6w.cn
 0.0.0.0 okmca.bxkfham.cn
 0.0.0.0 okmca.uwudagu.cn
 0.0.0.0 okmxa.lfgpror.cn
 0.0.0.0 okpwtu.webwave.dev
+0.0.0.0 ol-run1.online
 0.0.0.0 olidooo.waca.tw
 0.0.0.0 olk.us7apye.cn
 0.0.0.0 olmnxa.wc2ikux.cn
-0.0.0.0 olx-pay-pl.pay-id22343.top
-0.0.0.0 olx.saferegulatory.com
 0.0.0.0 omesqiwines.de
-0.0.0.0 omicronvariat.pagedemo.co
 0.0.0.0 oncopharma-ae.com
 0.0.0.0 onecreator.info
 0.0.0.0 onedrive.zhaoge.workers.dev
@@ -2868,13 +2688,16 @@
 0.0.0.0 oneone-a38ef.web.app
 0.0.0.0 online-sistem.com
 0.0.0.0 onlineasesor01.hostfree.pw
+0.0.0.0 onlinebanking.unrecognised-new-payee.com
 0.0.0.0 onlineffn2.temp.swtest.ru
+0.0.0.0 onlineislemlersayfasivkfgirisicom.tk
+0.0.0.0 onlinsfuco.temp.swtest.ru
 0.0.0.0 onlysportplus.com
 0.0.0.0 ooxvocalor.yolasite.com
 0.0.0.0 opansea.live
 0.0.0.0 open24.ie-tsb.email
+0.0.0.0 operationroofingllc3.com
 0.0.0.0 opticabattilana.com.ar
-0.0.0.0 optika-anda.hr
 0.0.0.0 ora-n.yolasite.com
 0.0.0.0 orabu.it
 0.0.0.0 orange-dcr.fr
@@ -2885,11 +2708,8 @@
 0.0.0.0 orangeb191.temp.swtest.ru
 0.0.0.0 orangess.contactin.bio
 0.0.0.0 org-nr.yolasite.com
-0.0.0.0 orlen-inwe.web.app
-0.0.0.0 orlen-x.web.app
 0.0.0.0 orlen.digital
 0.0.0.0 ormantencs112.odoo.com
-0.0.0.0 oryxcaracalsecurity.com
 0.0.0.0 osis.world
 0.0.0.0 otomoto-h229.net
 0.0.0.0 otomoto3452.com
@@ -2898,6 +2718,7 @@
 0.0.0.0 ourgarden.us
 0.0.0.0 outlook1541489.webcindario.com
 0.0.0.0 outlookcom119.yolasite.com
+0.0.0.0 ouverturecompte.lbp-eer.fr
 0.0.0.0 oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com
 0.0.0.0 p1c.servleboncoinser.com
 0.0.0.0 package2021.blogspot.ba
@@ -2905,7 +2726,6 @@
 0.0.0.0 package2021.blogspot.com
 0.0.0.0 page-restrict-case22456548.help
 0.0.0.0 pages-1008009999700022199021.com
-0.0.0.0 pages-1008097555214021.com
 0.0.0.0 pages-alert-facebook.ezyro.com
 0.0.0.0 pages-community-standart-2022.co
 0.0.0.0 pages-marvelous-project.webflow.io
@@ -2914,11 +2734,11 @@
 0.0.0.0 pages.secure-accts.workers.dev
 0.0.0.0 pagesdetectscopyrightpostingactivitiesreported.co.vu
 0.0.0.0 pagos.sinpemovil.cr
+0.0.0.0 paidpapers.net
 0.0.0.0 paleyeer.com
 0.0.0.0 palmm.ps
 0.0.0.0 pancaakesvap.com
 0.0.0.0 pancake-sawp.com
-0.0.0.0 pancake.ellipsis.finance
 0.0.0.0 pancake7wop.com
 0.0.0.0 pancakesawpes.com
 0.0.0.0 pancakesfinances.info
@@ -2928,7 +2748,6 @@
 0.0.0.0 pancakeswap.multi-wallet.info
 0.0.0.0 pancakeswap.salsasourcing.com
 0.0.0.0 pancakeswapes.company
-0.0.0.0 pancakeswapex.com
 0.0.0.0 pancakeswapexcgn.com
 0.0.0.0 pancakeswapexch.com
 0.0.0.0 pancakeswapexchage.com
@@ -2936,17 +2755,15 @@
 0.0.0.0 pancakeswappshop.blogspot.com
 0.0.0.0 pancaku-swap.com
 0.0.0.0 pancalteswap.finance
+0.0.0.0 panccakesswap.org
 0.0.0.0 panckaceswap.finance
-0.0.0.0 pancoke.com
 0.0.0.0 pandaskin.ru.com
 0.0.0.0 panelweb-4cae2.web.app
 0.0.0.0 pankaceeswap.com
 0.0.0.0 pankaceswapes.finance
 0.0.0.0 pankakeswap.ledgity.com
 0.0.0.0 pannelpub-benin.com
-0.0.0.0 pansccakeswap.finance
 0.0.0.0 pantazisezopiiuurmail1.web.app
-0.0.0.0 pantekkalisakitkepalaku.blogspot.com
 0.0.0.0 parcel-support018.com
 0.0.0.0 pardot.assemblecommunities.com
 0.0.0.0 pasarbta.info
@@ -2957,6 +2774,7 @@
 0.0.0.0 patient-cell-40f5.updatedlogmylogin.workers.dev
 0.0.0.0 patwise.co.in
 0.0.0.0 paws.org.au
+0.0.0.0 paxfulacct.com
 0.0.0.0 paxfulmenu.com
 0.0.0.0 pay-sera.web.app
 0.0.0.0 pay16-olx.pl
@@ -2964,13 +2782,16 @@
 0.0.0.0 paypal-online-2deposits-paymentaccept.tk
 0.0.0.0 paypal-opladen.be
 0.0.0.0 paypalforex.co.ke
+0.0.0.0 pbemail.youxiangdashui.com
 0.0.0.0 pdf-cloud-document.weeblysite.com
 0.0.0.0 pdf-sharefile-doc.weeblysite.com
 0.0.0.0 pdflogincnvwo.app.link
 0.0.0.0 pdfsecured.mystrikingly.com
 0.0.0.0 peaceful-black.193-70-50-31.plesk.page
+0.0.0.0 pedih.001www.com
 0.0.0.0 pembatalanakundinonaktifkan.weebly.com
 0.0.0.0 pencakecwap.com
+0.0.0.0 pensive-payne-505e1a.netlify.app
 0.0.0.0 perfectliker.net
 0.0.0.0 peringatanakunfb2k214.webnode.com
 0.0.0.0 phantom-walletweb.app
@@ -2996,7 +2817,8 @@
 0.0.0.0 pilmezorda.temp.swtest.ru
 0.0.0.0 pinchinchaverify.webcindario.com
 0.0.0.0 pirana.co.rs
-0.0.0.0 pl-swiatowe-wiadomosci.pl
+0.0.0.0 pkobp.pl.justns.ru
+0.0.0.0 pl-wiadomosciswiatowe.pl
 0.0.0.0 pla1060604.nichost.ru
 0.0.0.0 plan-o2-monthlypayments.com
 0.0.0.0 planetaamor.org
@@ -3005,8 +2827,6 @@
 0.0.0.0 playgirlgold.com
 0.0.0.0 ploferta.com
 0.0.0.0 plugmailextraexpiredoldpolicynotificationscenter.pages.dev
-0.0.0.0 plwiadomosciwszystkie.pl
-0.0.0.0 po-deliver-fees.com
 0.0.0.0 po-service-page.com
 0.0.0.0 poc-rewards-program-c2dfc.web.app
 0.0.0.0 podpiska-darom.ru
@@ -3023,6 +2843,7 @@
 0.0.0.0 polkadot-france.fr
 0.0.0.0 polkastarter.app
 0.0.0.0 polsd.pa0cpof.cn
+0.0.0.0 polska-informacyjna.pl
 0.0.0.0 polxa.uh8dg67.cn
 0.0.0.0 polygon-pro.com
 0.0.0.0 polygon-secure.com
@@ -3040,7 +2861,6 @@
 0.0.0.0 postechsuivre.ileanamlaw.com
 0.0.0.0 postnl.post-tracking-delivery.etelinfra.com
 0.0.0.0 poww.6hkjmb.cn
-0.0.0.0 ppkllp.com
 0.0.0.0 ppnnttcc.ppcnthsc.me
 0.0.0.0 precisionimpex.com
 0.0.0.0 preg.dspearhead.com
@@ -3057,11 +2877,13 @@
 0.0.0.0 primecentral.qiourn.shop
 0.0.0.0 primeone.org
 0.0.0.0 printtoner.com.mx
+0.0.0.0 prism.net.in
 0.0.0.0 privacy-update-page-prtections-association-recovry-secu.web.id
 0.0.0.0 privacy-update-secu-recovry-page-protection-4565544.web.id
 0.0.0.0 privacy-update-secu-recovry-page-protection-comunity-45.web.id
 0.0.0.0 priyankasandokar1606.github.io
 0.0.0.0 pro.icloudremovaltool.com
+0.0.0.0 pro.systemine.xyz
 0.0.0.0 procservautomatizacion.com
 0.0.0.0 production.anon-rest-keep-reset.sales18130.workers.dev
 0.0.0.0 production.anon-step-keep-object.sales18130.workers.dev
@@ -3075,6 +2897,7 @@
 0.0.0.0 production.twilight-darkness-9e4b.updatelogaccountprogramedrfwerwrdhscsw.workers.dev
 0.0.0.0 project1-df3e9.web.app
 0.0.0.0 projectlovewell.com
+0.0.0.0 promashoppe.com
 0.0.0.0 promehedinti.ro
 0.0.0.0 promerica-sv.webcindario.com
 0.0.0.0 promericalinea01.webcindario.com
@@ -3083,8 +2906,6 @@
 0.0.0.0 prosxsiuser.myfreesites.net
 0.0.0.0 prosys.poweredbygravit-e.co.uk
 0.0.0.0 protect-4d56vca.surge.sh
-0.0.0.0 proteczzguuaaardzzzpagess.000webhostapp.com
-0.0.0.0 proteczzpagezzguarddzzz.000webhostapp.com
 0.0.0.0 provodi.com
 0.0.0.0 proximus-account.azurewebsites.net
 0.0.0.0 ptxx.cc
@@ -3104,13 +2925,13 @@
 0.0.0.0 qsh74pekkv5e8.clickfunnels.com
 0.0.0.0 qssa.x5yrlr.cn
 0.0.0.0 quinaroja.com
+0.0.0.0 quirky-jones.172-245-159-112.plesk.page
 0.0.0.0 quotex-qx.com
 0.0.0.0 qwas.nfi71vw.cn
 0.0.0.0 qwea.wvhee0w.cn
 0.0.0.0 qweas.hi5g95r.cn
 0.0.0.0 qweas.p6rhddj.cn
 0.0.0.0 qweas.zwfaclq.cn
-0.0.0.0 qxluatbght.cfolks.pl
 0.0.0.0 r3c31v30n3-1d3nt1ty.000webhostapp.com
 0.0.0.0 rabellartz.de
 0.0.0.0 rabofree.blogspot.com
@@ -3118,6 +2939,7 @@
 0.0.0.0 rackenfordlabs.com
 0.0.0.0 racuten.nuef.info
 0.0.0.0 radhikamd.github.io
+0.0.0.0 rafbbmx.ga
 0.0.0.0 rafbbmx.ml
 0.0.0.0 raipurrussianescorts.com
 0.0.0.0 rakoten-card.buogfbizkugf.gq
@@ -3128,17 +2950,12 @@
 0.0.0.0 rakuitan-card.info
 0.0.0.0 rakuten.awjoadc.cn
 0.0.0.0 rakuten.card.nuosreaoms.com
-0.0.0.0 rakuten.card.uosmcoua.com
-0.0.0.0 rakuthn.shop
-0.0.0.0 rakuttm.shop
+0.0.0.0 rakuten.co.jp.rakutenajp.xyz
 0.0.0.0 ramgarhiamatrimonial.ca
 0.0.0.0 rareelements.io
-0.0.0.0 rasmer.fi
 0.0.0.0 ratewatch.net
 0.0.0.0 raycargo.com
 0.0.0.0 raydiom.io
-0.0.0.0 razcjjf.ga
-0.0.0.0 razcjjf.ml
 0.0.0.0 rbcmontgomery.com
 0.0.0.0 rd8um.app.link
 0.0.0.0 rdirtfuo6t.vov.ru
@@ -3147,9 +2964,9 @@
 0.0.0.0 real-anon-keep-passing-word.rvsla.workers.dev
 0.0.0.0 realestate-page-10843446024.expresspestcontrol.co.nz
 0.0.0.0 realindiatravel.com
+0.0.0.0 recibeya.tufacilmoneyonline.online
 0.0.0.0 reconfirmpost287846656.us
 0.0.0.0 recover-pages-media-problems-secur-782.web.id
-0.0.0.0 recover-pages-secur-media-problems-393.web.id
 0.0.0.0 recover-pages-secur-media-problems-397.web.id
 0.0.0.0 recovery-chain.com
 0.0.0.0 recovery-fb.secure-acct.workers.dev
@@ -3167,12 +2984,12 @@
 0.0.0.0 regularsweeps.xyz
 0.0.0.0 reignbike.com
 0.0.0.0 reikisadhna.com
+0.0.0.0 rekoution.bcszxcd.shop
 0.0.0.0 relevant.systems
 0.0.0.0 remittance369297292749.goshly.com
 0.0.0.0 renovkonstruksi.com
 0.0.0.0 repl-mess.myfreesites.net
 0.0.0.0 restore.exodusapp.ru
-0.0.0.0 restoredabefore-com.filesusr.com
 0.0.0.0 restorewallet-activation.net
 0.0.0.0 retiro-extracash.com
 0.0.0.0 retiro.cl
@@ -3200,7 +3017,6 @@
 0.0.0.0 roisnoob.github.io
 0.0.0.0 rokulinktechnology.com
 0.0.0.0 rolinadd.surveysparrow.com
-0.0.0.0 romanceify.com
 0.0.0.0 rondalowa.blogspot.com
 0.0.0.0 rondelbarrilito.com
 0.0.0.0 ronin-help.com
@@ -3216,10 +3032,10 @@
 0.0.0.0 rrakutenn.co.jp.azii.cn
 0.0.0.0 rrakutenn.co.jp.nanofresh.cn
 0.0.0.0 rsujkblokqlyqfonpzgztejdji-dot-gl44393333333.rj.r.appspot.com
-0.0.0.0 rufoxxy.com
 0.0.0.0 runescape-info.com
+0.0.0.0 runescapebonds.com
+0.0.0.0 runescapeevents.com
 0.0.0.0 ruth.martulangbelulalng.workers.dev
-0.0.0.0 ryanicolehoward.com
 0.0.0.0 rymproducciones.com
 0.0.0.0 s-sarfati.co.il
 0.0.0.0 s.macecri.com
@@ -3244,7 +3060,6 @@
 0.0.0.0 sankyo-rz.com
 0.0.0.0 sanru.cd
 0.0.0.0 santander.secured-auth-login.com
-0.0.0.0 santanverifyfunction.com
 0.0.0.0 santepluspharma.eclatmediasolution.website
 0.0.0.0 santoshdangi.com.np
 0.0.0.0 saritapariyar.com.np
@@ -3266,16 +3081,16 @@
 0.0.0.0 secure-halifax-device.com
 0.0.0.0 secure-mynew-devices.com
 0.0.0.0 secure-runescape.xgm.rnp.mybluehost.me
-0.0.0.0 secure-service-gateway.com
 0.0.0.0 secure-zirox.s3.ap-southeast-2.amazonaws.com
 0.0.0.0 secure.legalmetric.com
 0.0.0.0 secure.oldschool.com-cl.ru
 0.0.0.0 secure.oldschool.com-cu.ru
-0.0.0.0 secure.oldschool.com-cv.ru
 0.0.0.0 secure.oldschool.com-oz.ru
 0.0.0.0 secure.oldschool.com-rsu.ru
+0.0.0.0 secure.runescape.com-ak.ru
 0.0.0.0 secure.runescape.com-as.cz
 0.0.0.0 secure.runescape.com-az.ru
+0.0.0.0 secure.runescape.com-ca.ru
 0.0.0.0 secure.runescape.com-cl.ru
 0.0.0.0 secure.runescape.com-co.ru
 0.0.0.0 secure.runescape.com-cu.ru
@@ -3288,13 +3103,13 @@
 0.0.0.0 secure300.inmotionhosting.com
 0.0.0.0 secure303.inmotionhosting.com
 0.0.0.0 secure55.webhostinghub.com
-0.0.0.0 secure7-servr01-log-in.4nmn.com
-0.0.0.0 securee37-authen21.duckdns.org
+0.0.0.0 secureaccount.ntflxauth.co
 0.0.0.0 securegateway-ovhcloud.csl-sl.de
 0.0.0.0 securelloyd-help-app.com
+0.0.0.0 securewalletprotocol.online
 0.0.0.0 security-page-community-standards.blogspot.com
 0.0.0.0 seguridad-oca.webcindario.com
-0.0.0.0 seleb-indo.duckdns.org
+0.0.0.0 seleccionperfil.xyz
 0.0.0.0 selector26.gg
 0.0.0.0 selector28.gg
 0.0.0.0 sem.my-drs.co.uk
@@ -3304,7 +3119,7 @@
 0.0.0.0 sergebubnin.space
 0.0.0.0 sertyxese.myfreesites.net
 0.0.0.0 server-networksolutions.web.app
-0.0.0.0 serverprotocols.com
+0.0.0.0 server221.security.coinbase.com.gdone.co.ke
 0.0.0.0 servervalidationcheck103.web.app
 0.0.0.0 servervalidationcheck104.web.app
 0.0.0.0 servervalidationcheck105.web.app
@@ -3359,7 +3174,6 @@
 0.0.0.0 servicepage.service-page.workers.dev
 0.0.0.0 servicepichincha.webcindario.com
 0.0.0.0 services.runescape.com-as.cz
-0.0.0.0 services.runescape.com-oc.ru
 0.0.0.0 services.runescape.com-rse.ru
 0.0.0.0 services.runescape.com-rsu.ru
 0.0.0.0 servicesbancaire.com
@@ -3387,6 +3201,7 @@
 0.0.0.0 sharelink.sn.am
 0.0.0.0 shayvardphoto.ir
 0.0.0.0 shinex.lk
+0.0.0.0 shippment2.temp.swtest.ru
 0.0.0.0 shirhokos-mhalskbsiaoutfew43535.duckdns.org
 0.0.0.0 shirtshanger.com
 0.0.0.0 shiye666.cn
@@ -3398,11 +3213,9 @@
 0.0.0.0 sign-trk.empressmd.com
 0.0.0.0 signin-gcq7uwojrw58brcckylebjuy39nk2ivt65ol39k6ut6ura94zk.website.yandexcloud.net
 0.0.0.0 signin-payeer.com
-0.0.0.0 signin.eday.ed.ws.eday.ispi.dll.signin.using.ssl.hors-stade.com
-0.0.0.0 silkroadwines.com
 0.0.0.0 silpovsatb-ua.online
 0.0.0.0 silverberrygroup.com
-0.0.0.0 sim0nt0k-viral-terbaru-2022.duckdns.org
+0.0.0.0 simonecamposshop.com.br
 0.0.0.0 simpkk.karanganyarkab.go.id
 0.0.0.0 sindarspen.org.br
 0.0.0.0 siporados15585.blogspot.com
@@ -3435,12 +3248,11 @@
 0.0.0.0 sleepmaskz.com
 0.0.0.0 slickparties.com
 0.0.0.0 slmkufeckf.jon-jensen.workers.dev
-0.0.0.0 slovenska-posta.sytes.net
 0.0.0.0 slowlinebag.jp
 0.0.0.0 sm.scicemecod.com
 0.0.0.0 sm777.csb.app
+0.0.0.0 smartfixconnect.live
 0.0.0.0 smbc-accout.com
-0.0.0.0 smbc-credit.shop
 0.0.0.0 smbc-veaiana.com
 0.0.0.0 smbcbc.com
 0.0.0.0 smbccjp.shop
@@ -3448,10 +3260,11 @@
 0.0.0.0 smbcwodeqingguoshoujicojp.top
 0.0.0.0 smeo.org.mx
 0.0.0.0 smgolamalif.github.io
-0.0.0.0 smirl.org
 0.0.0.0 smkkesehatanjember.sch.id
 0.0.0.0 smmsvocal.yolasite.com
+0.0.0.0 smpn2jeruklegi.sch.id
 0.0.0.0 sms-check.sc-q.top
+0.0.0.0 sms-infos.d2tt.co
 0.0.0.0 sms-shorter.com
 0.0.0.0 smsbc-info5.com
 0.0.0.0 smsenligne.myfreesites.net
@@ -3459,6 +3272,7 @@
 0.0.0.0 smsorangesmsmessage.myfreesites.net
 0.0.0.0 smss-mms.yolasite.com
 0.0.0.0 smsverificationmms.myfreesites.net
+0.0.0.0 smvbc-info.com
 0.0.0.0 smwam.coms.cso.gov.tt
 0.0.0.0 so.macecri.com
 0.0.0.0 soaringskiesrentals.com
@@ -3471,7 +3285,6 @@
 0.0.0.0 solicitarfirmaelectronica-sv.com
 0.0.0.0 solyanayakomnata.ru
 0.0.0.0 sopac.org.py
-0.0.0.0 soracoes.xyz
 0.0.0.0 souaxwaoh.myfreesites.net
 0.0.0.0 soude-masi.firebaseapp.com
 0.0.0.0 soufsont.blogspot.com
@@ -3497,6 +3310,7 @@
 0.0.0.0 spk-entsperren.de
 0.0.0.0 spk-jahreswechsel.com
 0.0.0.0 spk-secure-de.com
+0.0.0.0 spkfod.coms.cso.gov.tt
 0.0.0.0 sport.protected-secur.workers.dev
 0.0.0.0 sportshoes.top
 0.0.0.0 sportybetpremium.wapka.co
@@ -3513,8 +3327,10 @@
 0.0.0.0 ssl.dsl.isl.mll.aqmst6.stockestan.ir
 0.0.0.0 sso-garena.com
 0.0.0.0 sswebmail-4w5twsr.web.app
+0.0.0.0 staffportal.uoz.edu.krd
 0.0.0.0 stage.vannaryfowler.com
 0.0.0.0 staging.eliteautomotive.com.au
+0.0.0.0 standardcapbnk.com
 0.0.0.0 standardupdatesupportandhelpcenter2021.ga
 0.0.0.0 starforsure.com
 0.0.0.0 starliker.net
@@ -3524,11 +3340,10 @@
 0.0.0.0 static-dev.o2alerts.com
 0.0.0.0 static-promote.weebly.com
 0.0.0.0 status-dev.o2alerts.com
-0.0.0.0 stbkcoltria.atwebpages.com
 0.0.0.0 stclarechurch.net
 0.0.0.0 steamcommunites.com
 0.0.0.0 steamcommunitj.com
-0.0.0.0 steamnitrof.com
+0.0.0.0 steamcommunityk.com
 0.0.0.0 steampoweredtrade.org
 0.0.0.0 steampoweredtrades.org
 0.0.0.0 stevemadden-sverige.com
@@ -3544,6 +3359,7 @@
 0.0.0.0 stjudes.in
 0.0.0.0 stolizaparketa.ru
 0.0.0.0 stollgroup.coms.cso.gov.tt
+0.0.0.0 stomkinscommercial.com.aus.cso.gov.tt
 0.0.0.0 storage.yandexcloud.net
 0.0.0.0 storenike365.top
 0.0.0.0 studio-lol.com
@@ -3558,13 +3374,11 @@
 0.0.0.0 sukien-pubgmoblevng.ga
 0.0.0.0 sultan-raza.github.io
 0.0.0.0 sumpandtankcleaners.in
-0.0.0.0 sunami.pagedemo.co
 0.0.0.0 sunbeltmembers.com
 0.0.0.0 sunge-ode.firebaseapp.com
 0.0.0.0 sunshineteam.in
 0.0.0.0 super-dawn-3035.ddahluwalia.workers.dev
 0.0.0.0 supermilhas.com
-0.0.0.0 suportecxacesso2020.com
 0.0.0.0 supotsstunes.servehttp.com
 0.0.0.0 suppliers.bitshepherd.org
 0.0.0.0 support-auwebaccessjpnaikpanggung.com
@@ -3596,6 +3410,7 @@
 0.0.0.0 system-fassil-net-2-3242353453453--12344443.repl.co
 0.0.0.0 t0nline0de0login-001-site1.itempurl.com
 0.0.0.0 taher-mohamed-ahmed-saad.github.io
+0.0.0.0 take-free-2022.duckdns.org
 0.0.0.0 taoistw345ie.co
 0.0.0.0 tarik-fitness.com
 0.0.0.0 taxcare.page.link
@@ -3617,11 +3432,13 @@
 0.0.0.0 templat65sldh.myfreesites.net
 0.0.0.0 temporary-url.com
 0.0.0.0 terpelsicumple.com
-0.0.0.0 terracontiles.com
+0.0.0.0 tesladrive-event.com
 0.0.0.0 test.bayoucitybadges.org
 0.0.0.0 test.bitflye87.com
 0.0.0.0 test.dxbproductions.com
+0.0.0.0 test.myshopclub.ru
 0.0.0.0 test.webclient4.de
+0.0.0.0 testing-domain.duckdns.org
 0.0.0.0 texasfreedomrun.com
 0.0.0.0 tgpafasfsakkk.pages.dev
 0.0.0.0 theaceofspaeder.com
@@ -3643,8 +3460,6 @@
 0.0.0.0 tighi.creatorlink.net
 0.0.0.0 tight-samiuboc.co
 0.0.0.0 tikitaps.com
-0.0.0.0 tinhtrangdon.com
-0.0.0.0 tinyurl.mobi
 0.0.0.0 tipografieonline.ro
 0.0.0.0 tirozhjewelry.com
 0.0.0.0 titelinedrillingintl.yolasite.com
@@ -3663,7 +3478,6 @@
 0.0.0.0 torccolborrachas.blogspot.com
 0.0.0.0 torrinwine.com
 0.0.0.0 touchidea.top
-0.0.0.0 touronline2022.com
 0.0.0.0 tovowhuqeojweawmubmaqmqlv.hofferflow.icu
 0.0.0.0 tpayleboncoin.com
 0.0.0.0 traders-joesxyz.com
@@ -3674,23 +3488,18 @@
 0.0.0.0 tribratanewsbondowoso.com
 0.0.0.0 tribunbalikpapan.com
 0.0.0.0 truegrip.com
-0.0.0.0 trust-wallet.com.cn
 0.0.0.0 trustinpichincha.webcindario.com
 0.0.0.0 trustpress.gr
 0.0.0.0 trustypichincha.webcindario.com
-0.0.0.0 ts3cacd.jhfshm.com
 0.0.0.0 ts3cacd.rzjxbv.com
 0.0.0.0 turntekcnc.com
-0.0.0.0 twoje-zdjecia-622.herokuapp.com
 0.0.0.0 tx.vc
 0.0.0.0 txwnmdsbqghviqxpglgzjrgbzv-dot-gl44393333333.rj.r.appspot.com
 0.0.0.0 typedream.site
 0.0.0.0 typesmartlyocr.com
 0.0.0.0 tyrecentre.ru
 0.0.0.0 u08qv44zu5h.typeform.com
-0.0.0.0 u1571226.cp.regruhosting.ru
-0.0.0.0 u1571630.cp.regruhosting.ru
-0.0.0.0 u1571652.cp.regruhosting.ru
+0.0.0.0 u1565723.plsk.regruhosting.ru
 0.0.0.0 u18741649.ct.sendgrid.net
 0.0.0.0 u827857uw6.ha004.t.justns.ru
 0.0.0.0 uabaiieo.com
@@ -3713,7 +3522,6 @@
 0.0.0.0 uhnxa.d23xsru.cn
 0.0.0.0 uhnxa.q83itv9.cn
 0.0.0.0 uhnxas.rvw56l.cn
-0.0.0.0 uiuui.pagedemo.co
 0.0.0.0 ujcd.um2nlru.cn
 0.0.0.0 ujdaa.fn3m4en.cn
 0.0.0.0 ujds.5e8tn13.cn
@@ -3734,6 +3542,7 @@
 0.0.0.0 ujnca.zgbo0g.cn
 0.0.0.0 ujncd.kzi68ra.cn
 0.0.0.0 ujncd.lw2djbm.cn
+0.0.0.0 ujnxas.vj135ih.cn
 0.0.0.0 ukcare.in
 0.0.0.0 umbrellaclubla.com
 0.0.0.0 unam.myfreesites.net
@@ -3744,9 +3553,8 @@
 0.0.0.0 unicreditaustria.ucs.info
 0.0.0.0 unifacema.edu.br
 0.0.0.0 unifacvest.net
-0.0.0.0 unillantas.com.sv
+0.0.0.0 unifiedsmartsync.live
 0.0.0.0 unionheightsresidental.com
-0.0.0.0 unipo-a.web.app
 0.0.0.0 unisons.store
 0.0.0.0 unisonsouthayr.org.uk
 0.0.0.0 uniswap.ch
@@ -3756,7 +3564,6 @@
 0.0.0.0 uniswap.seal.finance
 0.0.0.0 uniswap.token.im
 0.0.0.0 uniswap.trading
-0.0.0.0 uniswap.vn
 0.0.0.0 uniswapfinancing.info
 0.0.0.0 uniswaps.net
 0.0.0.0 unitedalliance-online.000webhostapp.com
@@ -3767,24 +3574,21 @@
 0.0.0.0 unpocodearte.cl
 0.0.0.0 unregpayee-lb.com
 0.0.0.0 unsub.listhandlr.com
-0.0.0.0 upbeat-dhawan.179-43-173-14.plesk.page
 0.0.0.0 updateinfo-billingo2.com
+0.0.0.0 updatemy.software
 0.0.0.0 updateseason.com
 0.0.0.0 updatestory2022.co.vu
 0.0.0.0 updatevoda-billing.com
 0.0.0.0 upgrade-25gb-email.thecornerstudio.com.au
 0.0.0.0 upgradedserver.online
-0.0.0.0 upgradingattonlinee.weebly.com
 0.0.0.0 uploadpichincha.webcindario.com
 0.0.0.0 uploads.codesandbox.io
-0.0.0.0 upnew.site
 0.0.0.0 uppledpichincha.webcindario.com
 0.0.0.0 urbenorte.com
 0.0.0.0 urgent-halifaxlogin.com
 0.0.0.0 userboitevocalweb.flazio.com
 0.0.0.0 userinformationstoreupdatesmail.pages.dev
 0.0.0.0 usfn.net
-0.0.0.0 uspsconfirm.iconoomikert.com
 0.0.0.0 uspsexpressdeliveryline.com
 0.0.0.0 uswowgame.net
 0.0.0.0 uueer.7jgy5xe.cn
@@ -3794,6 +3598,7 @@
 0.0.0.0 uyqw.dykowec.cn
 0.0.0.0 uz154.sbs
 0.0.0.0 v.macecri.com
+0.0.0.0 v3r1f1c4t10ns-1d3nt1tys.000webhostapp.com
 0.0.0.0 v3r1f1c4t10ns-c3nt3rp4g3.000webhostapp.com
 0.0.0.0 vaccine-status-info.com
 0.0.0.0 vakif.albay-arnold.com
@@ -3801,45 +3606,45 @@
 0.0.0.0 valenciaoptometry.com
 0.0.0.0 valenteplay.com.br
 0.0.0.0 validacionpichincha.odoo.com
+0.0.0.0 validate-chain.com
 0.0.0.0 validate-solana.com
 0.0.0.0 validator-fzkiy.run-us-west2.goorm.io
 0.0.0.0 vallion.motiffliterature.me
 0.0.0.0 vcz.gmoqkzu.cn
 0.0.0.0 velvish.com
 0.0.0.0 ventas.lnterbarnk.pe.jifad.org
-0.0.0.0 verfybadgeappform.com
 0.0.0.0 veri-pichincha.webcindario.com
-0.0.0.0 verificaciondeprioridad.com
 0.0.0.0 verification-trustwallet.4bl-eg.com
 0.0.0.0 verification.fb-page.workers.dev
 0.0.0.0 verificationmessage.blob.core.windows.net
+0.0.0.0 verifications-zones.com
 0.0.0.0 verififacebookid.wixsite.com
 0.0.0.0 verifiikasi-accounts.weebly.com
 0.0.0.0 verifikasi-akun-anda0011.weeblysite.com
 0.0.0.0 verifikasi-akun-facebook0022.weeblysite.com
 0.0.0.0 verifikasi-identitas47.weebly.com
 0.0.0.0 verifocaoffa.webcindario.com
+0.0.0.0 verifymywallets.com
 0.0.0.0 vgiuhkjnm.b9u6vh5l7g1797.workers.dev
 0.0.0.0 victorarath99.github.io
 0.0.0.0 videobigo.com
 0.0.0.0 vietlime.vn
 0.0.0.0 vietschi.de
 0.0.0.0 viettel-com-dot-c2c01-531c7.uc.r.appspot.com
-0.0.0.0 vigortech.com.np
+0.0.0.0 vigilant-murdock.45-81-232-15.plesk.page
 0.0.0.0 viguohilkasdsd.izwe6g6lyc.workers.dev
 0.0.0.0 vilaanimalviana.pt
 0.0.0.0 vinbpcfatfnkjftetwwkucfqsi-dot-gl44393333333.rj.r.appspot.com
 0.0.0.0 vinivet.mk
 0.0.0.0 vipfbtools.com
-0.0.0.0 vipprofessional.net
 0.0.0.0 viral-groub.duckdns.org
 0.0.0.0 virginia-spi.com
 0.0.0.0 virtual1dattss.com
 0.0.0.0 vis-stort.github.io
-0.0.0.0 visa-band.com
 0.0.0.0 vishaljangale01.github.io
 0.0.0.0 visione.co.id
 0.0.0.0 visionproperty.in
+0.0.0.0 vk-money.xyz
 0.0.0.0 vk-posters.ru
 0.0.0.0 vk-vhods.co
 0.0.0.0 vkjbm.4nt4nb464e6113.workers.dev
@@ -3858,25 +3663,30 @@
 0.0.0.0 vv.macecri.com
 0.0.0.0 vvjde0h0ttttf9hay.com
 0.0.0.0 vvpaes-me-index.egvtpp.cn
+0.0.0.0 vws.co.in
+0.0.0.0 vxcas.a35570.cn
 0.0.0.0 vxdse.myfreesites.net
 0.0.0.0 w2.deraya.org
 0.0.0.0 w5aproject.s3.us-east.cloud-object-storage.appdomain.cloud
-0.0.0.0 w5czf.csb.app
 0.0.0.0 wahed-koudsi2001.github.io
 0.0.0.0 walkers-dot-composite-store-326315.uk.r.appspot.com
 0.0.0.0 wallcertifyonmesh.com
 0.0.0.0 walldesign.com.tr
 0.0.0.0 wallet-connect012.web.app
 0.0.0.0 wallet-reconnection.xyz
+0.0.0.0 wallet-verified.com
 0.0.0.0 wallet.silesiacoin.com
 0.0.0.0 wallet22.000webhostapp.com
+0.0.0.0 walletconnect-tool.net
+0.0.0.0 walletconnect-tools.xyz
 0.0.0.0 walletconnectonline.pages.dev
 0.0.0.0 walletconnectors.com
 0.0.0.0 walleterrorsupport.com
+0.0.0.0 walletokenvalidation.com
+0.0.0.0 walletsconect.live
 0.0.0.0 walletsconnex.com
 0.0.0.0 walletsliveconnects.net
 0.0.0.0 walletsreauth.org
-0.0.0.0 walletsvalidator.org
 0.0.0.0 walletsynclive.com
 0.0.0.0 walletvalidation.me
 0.0.0.0 walletvalidators.com
@@ -3892,6 +3702,7 @@
 0.0.0.0 warningshadows.org
 0.0.0.0 warsa.bandungkab.go.id
 0.0.0.0 wasites.000webhostapp.com
+0.0.0.0 waterproofingengineer.com
 0.0.0.0 we-exodus-wallet.yahoosites.com
 0.0.0.0 web-armas.royale-freefire1garena-bonus.com
 0.0.0.0 web-b4119.web.app
@@ -3909,13 +3720,15 @@
 0.0.0.0 web-verifi06.webcindario.com
 0.0.0.0 web.bredbanque.trans.sylog.co
 0.0.0.0 web.royale-freefire1garena-bonus.com
-0.0.0.0 web7320.web07.bero-webspace.de
 0.0.0.0 webbbb.yolasite.com
 0.0.0.0 webbl.yolasite.com
+0.0.0.0 webdappsconnection.com
 0.0.0.0 webdatamltrainingdiag842.blob.core.windows.net
 0.0.0.0 webdesecure.clickfunnels.com
+0.0.0.0 webhost-verify.duckdns.org
 0.0.0.0 webip.yolasite.com
 0.0.0.0 webmail-2aaa0.web.app
+0.0.0.0 webmail-optusnet-com-au-sign1.weebly.com
 0.0.0.0 webmail-sso8uyg.web.app
 0.0.0.0 webmail.gourmer.co.in
 0.0.0.0 webmail.login.access.docs67.live
@@ -3925,20 +3738,17 @@
 0.0.0.0 webregular.xyz
 0.0.0.0 webservice-verify.duckdns.org
 0.0.0.0 websitefun.club
-0.0.0.0 websiteorange.wixsite.com
 0.0.0.0 webstories.eu
 0.0.0.0 webvalidity.com
 0.0.0.0 well-42d74.web.app
-0.0.0.0 wellsfargo-online06.herokuapp.com
-0.0.0.0 weryfikacja-facebookowa-27.herokuapp.com
 0.0.0.0 weryfikacja-facebookowa-28.herokuapp.com
 0.0.0.0 weteachbh.com
 0.0.0.0 whare.100webspace.net
+0.0.0.0 whatsapp-grub99zyc.duckdns.org
 0.0.0.0 wheelsofmercy.org
 0.0.0.0 whitelist-network.com
 0.0.0.0 widadkamillah.github.io
 0.0.0.0 wiki.oceanreeflifegame.com
-0.0.0.0 wildcard.isiolo.go.ke
 0.0.0.0 windstream-net.firebaseapp.com
 0.0.0.0 winville.biz
 0.0.0.0 wireconfirmation68c10a25442a3e13.blogspot.com
@@ -3955,12 +3765,15 @@
 0.0.0.0 wqass-index.chobqu.cn
 0.0.0.0 wqass-index.dccigq.cn
 0.0.0.0 wqass-index.gbswz.cn
-0.0.0.0 wqass-index.jeewiki.cn
 0.0.0.0 wqass-index.pygbw.cn
 0.0.0.0 wrww-roblox.com
+0.0.0.0 wsertyzx.gq
 0.0.0.0 wteeoq.pfinanceiro.com.de
+0.0.0.0 ww.lnterbank.pe.personas.aaseguros.mx
 0.0.0.0 ww.lnterbank.pe.personas.onlinesocket.in
+0.0.0.0 ww.lnterbank.pe.personas.t-class.org
 0.0.0.0 ww16.inpost-pl-3dsecure.clear-id.xyz
+0.0.0.0 wwedealershipon.000webhostapp.com
 0.0.0.0 www-cursosdigitalesmx-com.filesusr.com
 0.0.0.0 www-degelyehuda-org-il.filesusr.com
 0.0.0.0 www-europe564598-com.filesusr.com
@@ -3968,10 +3781,9 @@
 0.0.0.0 www-key-com.test.edgekey.net
 0.0.0.0 www-mufg-jp.handicraft.ltd
 0.0.0.0 www-mufg-jp.kaiqi.ink
-0.0.0.0 www-wattsapcom.duckdns.org
+0.0.0.0 www.facebook.com-sauuvazpjo.isiolo.go.ke
 0.0.0.0 www2.rakutan.co.jploginffd9dfg7.carwork.cn
 0.0.0.0 www2.rakutan.co.jploginffd9dfg7h.iotbaas.cn
-0.0.0.0 www2.rakutan.co.jploginvcx8ds.nanoart.cn
 0.0.0.0 www2.rakuten-card.co.jp.wzsrc.cn
 0.0.0.0 www2.rakutenn.co.jp.nanopark.cn
 0.0.0.0 www2.rakutenn.co.jp.zgyo.cn
@@ -3983,6 +3795,7 @@
 0.0.0.0 xcas.xoh29oz.cn
 0.0.0.0 xcasd.7vo6bt.cn
 0.0.0.0 xcasd.b204uje.cn
+0.0.0.0 xcasd.tcbjnhq.cn
 0.0.0.0 xcasd.yikn2gd.cn
 0.0.0.0 xcryptocars.blogspot.com
 0.0.0.0 xcvdsd.page.link
@@ -4001,10 +3814,10 @@
 0.0.0.0 xjpyyds.pem4yp3.cn
 0.0.0.0 xkljfg.ml
 0.0.0.0 xn--gmal-sya.com
-0.0.0.0 xn--instagam-sf0d.com
 0.0.0.0 xn--ltappen-80a.se
 0.0.0.0 xn--metamsk-lwa.link
 0.0.0.0 xn--rpondeur-sfr2-bhb.yolasite.com
+0.0.0.0 xpubgfrozen.tk
 0.0.0.0 xqr3i.mjt.lu
 0.0.0.0 xqr3n.mjt.lu
 0.0.0.0 xqr3u.mjt.lu
@@ -4013,14 +3826,16 @@
 0.0.0.0 xrxh2.mjt.lu
 0.0.0.0 xrxhl.mjt.lu
 0.0.0.0 xsbrookshhjx.top
+0.0.0.0 xspin.cawnibos.com
 0.0.0.0 xtio.ch
 0.0.0.0 xtw42.mjt.lu
+0.0.0.0 xvideokoreanwifesister18.duckdns.org
 0.0.0.0 xx.macecri.com
 0.0.0.0 xxaas.tp00jv9.cn
 0.0.0.0 xxasd.sf29hrg.cn
 0.0.0.0 xxx-com-dot-c2c01-531c7.uc.r.appspot.com
-0.0.0.0 xyproject.xtensio.com
 0.0.0.0 xzasd.uz64g3.cn
+0.0.0.0 yahoo%2eco%2ejp@asdxa.p2x11pi.cn
 0.0.0.0 yahoo%2eco%2ejp@bghgcd.psuxscm.cn
 0.0.0.0 yahoo%2eco%2ejp@bhgxa.eo76sni.cn
 0.0.0.0 yahoo%2eco%2ejp@cdas.nxzigco.cn
@@ -4042,12 +3857,11 @@
 0.0.0.0 yahoo%2eco%2ejp@uyhnxx.urpzkva.cn
 0.0.0.0 yahoo%2eco%2ejp@zxas.2nd0g8.cn
 0.0.0.0 yahoo%2eco%2ejp@zxass.jbkyj0o.cn
-0.0.0.0 yahoopoweredservice.duckdns.org
 0.0.0.0 yahuomall.square.site
 0.0.0.0 yairix.github.io
 0.0.0.0 yalena.me
+0.0.0.0 yandex-viral.duckdns.org
 0.0.0.0 yaqoobi.org
-0.0.0.0 yaranfayez.com
 0.0.0.0 yayanti.com
 0.0.0.0 ybdaa.oqsgm9r.cn
 0.0.0.0 ybggd.fjgjoux.cn
@@ -4067,11 +3881,13 @@
 0.0.0.0 ynbgdc.woprkzp.cn
 0.0.0.0 ynbxa.pvgulkz.cn
 0.0.0.0 yndda.m117s1s.cn
+0.0.0.0 yo7ka-anna.com
 0.0.0.0 yogeshwarwiremesh.com
 0.0.0.0 youknowar.com
 0.0.0.0 young-snow-7447.tcheviron5269.workers.dev
 0.0.0.0 youreasygoing2022.co.vu
 0.0.0.0 yqlpeitost.duckdns.org
+0.0.0.0 ytdjhstej.tk
 0.0.0.0 yuhjjkss.web.app
 0.0.0.0 yumpai.cn
 0.0.0.0 z.macecri.com
@@ -4079,10 +3895,12 @@
 0.0.0.0 z0massegurabclp1.shreeramwoodindustries.com
 0.0.0.0 z2qje.codesandbox.io
 0.0.0.0 z3voicrxxvs.typeform.com
+0.0.0.0 zacharytlasko.com
 0.0.0.0 zackselectronics.co.zw
 0.0.0.0 zaktualizacja-platnosci.netfxtv.co.pl
 0.0.0.0 zasd.yhxmd30.cn
 0.0.0.0 zb2-home.web.app
+0.0.0.0 zen-minsky-ef5931.netlify.app
 0.0.0.0 zenvinyl.com
 0.0.0.0 zepe.io
 0.0.0.0 zeroquiz.com
@@ -4095,10 +3913,8 @@
 0.0.0.0 zmpcoado.cyou
 0.0.0.0 zoho-online.web.app
 0.0.0.0 zoho-validationserv.web.app
-0.0.0.0 zonalnterbank.com
 0.0.0.0 zonmca.hxljatvw.cn
 0.0.0.0 zshrvvo.cn
-0.0.0.0 zuiunsya.com
 0.0.0.0 zxas.2nd0g8.cn
 0.0.0.0 zxas.hs0rgq8.cn
 0.0.0.0 zxass.jbkyj0o.cn
@@ -4107,6 +3923,5 @@
 0.0.0.0 zxcnash.seufhsk.cn
 0.0.0.0 zxcod.01l241.cn
 0.0.0.0 zxcuashs.e0n0gh5.cn
-0.0.0.0 zxdlbny.cn
 0.0.0.0 zxnahs.3cze6ri.cn
 0.0.0.0 zz.macecri.com
diff --git a/dist/phishing-filter-rpz.conf b/dist/phishing-filter-rpz.conf
index 3b78755b..0e1f8d31 100644
--- a/dist/phishing-filter-rpz.conf
+++ b/dist/phishing-filter-rpz.conf
@@ -1,5 +1,5 @@
 ; Title: Phishing Domains RPZ Blocklist
-; Updated: Sun, 16 Jan 2022 12:01:44 +0000
+; Updated: Mon, 17 Jan 2022 00:01:35 +0000
 ; Expires: 1 day (update frequency)
 ; Homepage: https://gitlab.com/curben/phishing-filter
 ; License: https://gitlab.com/curben/phishing-filter#license
@@ -8,7 +8,7 @@
 ; Notice: https://curben.gitlab.io/phishing-filter-mirror is moved to https://curben.gitlab.io/malware-filter
 
 $TTL 30
-@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1642334504 86400 3600 604800 30
+@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1642377695 86400 3600 604800 30
  NS localhost.
 
 001.ammazu.net CNAME .
@@ -18,9 +18,6 @@ $TTL 30
 02-billing-support.org CNAME .
 08863299.sso-secure-mail0454etr.pages.dev CNAME .
 0bs.de CNAME .
-0gjvj7a8eydbjz3au8anbg-on.drv.tw CNAME .
-1000000000347789523698541.tk CNAME .
-1000000000347789523698545.tk CNAME .
 1000000000347789523698546.tk CNAME .
 1000000000347789523698547.tk CNAME .
 109edc5b.ssdtfgyb09.pages.dev CNAME .
@@ -30,6 +27,7 @@ $TTL 30
 15004083383734.data-store-company.com CNAME .
 154.30.211.130.bc.googleusercontent.com CNAME .
 16park.cn CNAME .
+1727365.com CNAME .
 178.128.108.233.dsl.dyn.forthnet.gr CNAME .
 1800poolservice.com CNAME .
 185-46-10-159.cloudvps.regruhosting.ru CNAME .
@@ -44,7 +42,6 @@ $TTL 30
 2022-girobanken-sparkassen.xyz CNAME .
 2022.intrebrkprsonas.xyz CNAME .
 217651.8b.io CNAME .
-2247317.verifyinguser426128734570198363.com CNAME .
 228.94.92.rev.sfr.net.gghost.ru CNAME .
 24611250.sibforms.com CNAME .
 2482689012.yolasite.com CNAME .
@@ -53,12 +50,16 @@ $TTL 30
 2fa.bthei.com CNAME .
 2pil.ru CNAME .
 2rakuten.co.jp.happyyear.cn CNAME .
+2yfh.short.gy CNAME .
 3-139-75-158.cprapid.com CNAME .
 343i.org CNAME .
 343t3dv9qdufp.clickfunnels.com CNAME .
 3568365.com CNAME .
+365unfreezesecurity.com CNAME .
+3782365.com CNAME .
 3a10a178.s6t6sj4s46tu4sys54y5.pages.dev CNAME .
 3bvjh.sbs CNAME .
+3c5.com CNAME .
 3ck.me CNAME .
 3dprintersupplies.com.au CNAME .
 3dsecure-update-service-info-live.duckdns.org CNAME .
@@ -82,18 +83,19 @@ $TTL 30
 613707.selcdn.ru CNAME .
 61da8ae6.6u6566hrrthsh45.pages.dev CNAME .
 638ca12d-ba2f-451c-8418-faf56b7de7ff.htmlcomponentservice.com CNAME .
-65451440241544.hyperphp.com CNAME .
-664876.verifyinguser426128734570198363.com CNAME .
+6734365.com CNAME .
 67lksxgjd.bttmassage-thai-tanger.com CNAME .
 6a7zu9he6mqh.clickfunnels.com CNAME .
 6c7f0acc.sibforms.com CNAME .
+6stupefacentevideo2022.pagedemo.co CNAME .
+754675377.xyz CNAME .
 7837365.com CNAME .
 7a4298b9.sso-mail-secure234ds23d23wd1.pages.dev CNAME .
 7wr4u.csb.app CNAME .
 7yu3v.csb.app CNAME .
-8010361370310234068010361370310234.blogspot.be CNAME .
 859411.icu CNAME .
 8760365.com CNAME .
+885211.icu CNAME .
 889381.icu CNAME .
 8899.jp CNAME .
 89ix7y0.cn CNAME .
@@ -121,15 +123,18 @@ absaonline2021.website2.me CNAME .
 absolute-containers-sip.business.site CNAME .
 absolutepleasure.com.my CNAME .
 acacia.webdevonline.net CNAME .
+account-recovery.org CNAME .
 account.herephyshy.info CNAME .
 account.verifications.help-page.workers.dev CNAME .
 accounts-autoscout24.de CNAME .
 acessobradesco.digital CNAME .
 ach111.xyz CNAME .
 activate-hulu-com-activate.sitey.me CNAME .
+activatingmymainnet.com CNAME .
 adamfeber.com CNAME .
 adcloudserver.com CNAME .
 admin-formserviceupdates.weeblysite.com CNAME .
+administer-708aa.web.app CNAME .
 administraciondefincaspereznovo.com CNAME .
 adorablepomskyhome.net CNAME .
 adpunemploymentclaims.sharefile.com CNAME .
@@ -139,14 +144,13 @@ affixsports.net CNAME .
 afreemart.xyz CNAME .
 africansecrets.ca CNAME .
 agora.imb.br CNAME .
-agricolefr-99f918.ingress-erytho.easywp.com CNAME .
 agrimetiersmartinique.fr CNAME .
 agurimu-nagoya.com CNAME .
 ahhhh.pe.kr CNAME .
 ai.macecri.com CNAME .
-aib-unauthorized-access.com CNAME .
 aid-validation-human.run-us-west2.goorm.io CNAME .
 aimekidya-recpag.web.id CNAME .
+airbnb.book-space-b851927.live CNAME .
 airportprescreening.com CNAME .
 aitsidihamh.my-place.us CNAME .
 akanksha3012.github.io CNAME .
@@ -167,8 +171,10 @@ aliciabot.azurewebsites.net CNAME .
 alkhalilgraphics.com CNAME .
 allegrolokalnie-pl-3dsafe.id-43051.xyz CNAME .
 allegrolokalnie-pl-3dsafe.id-91501.xyz CNAME .
+allegrolokalnie-pl-3dseif.id-43051.xyz CNAME .
 allegrolokalnie-pl-safe.id-43051.xyz CNAME .
 alliancesuper.com CNAME .
+almarjantours.com CNAME .
 almighty.edu.np CNAME .
 alnajahh.com CNAME .
 aloun.ps CNAME .
@@ -176,6 +182,7 @@ alphabnkgre.com CNAME .
 alqadi.ps CNAME .
 alquilervillora.net CNAME .
 alsofft.com CNAME .
+alupi-frey.shop CNAME .
 amacez.jyrtery4.top CNAME .
 amacredit.amacardpkey.xyz CNAME .
 amaenv.fgasdfw6.xyz CNAME .
@@ -186,21 +193,20 @@ amazom.supwwe.xyz CNAME .
 amazomsse.shop CNAME .
 amazon-gcatech.com CNAME .
 amazon-interruption.com CNAME .
-amazon.co.ip.jlig.cn CNAME .
 amazon.co.jp.abaiaccounting.cn CNAME .
 amazon.gousana.casa CNAME .
-amazon.jp-m.win CNAME .
+amazon.logins-co.jp CNAME .
 amazon.works.ga CNAME .
 amazonhome.sfrmobiles.com CNAME .
 amazonjapsne.cf CNAME .
+amazonses.authflows.com CNAME .
 amazoon.co.op.o4j.top CNAME .
-ambil-hadiah-gratis-resmi-dari-freefire.duckdns.org CNAME .
 amc-training.com CNAME .
-amcgardiennage.com CNAME .
+amecmasmerd.ga CNAME .
 ameozom.jp.onaworks.com CNAME .
 americanexpress-auth.azurewebsites.net CNAME .
-americanexpress.heiwakai.com CNAME .
 amguevara.com CNAME .
+amhsd.com CNAME .
 amidabuli.com CNAME .
 amlnov7.web.app CNAME .
 amnzma-jp.top CNAME .
@@ -211,7 +217,6 @@ amnzmsn3-jp.shop CNAME .
 amoazom.rm82j6-t8.cn CNAME .
 amonzau_co_take.ktbf.shop CNAME .
 amosleh.com CNAME .
-amozom.co.ip.taxhod.club CNAME .
 amreeth.github.io CNAME .
 amusebouche-bg.com CNAME .
 amzcredit.dearva.xyz CNAME .
@@ -227,24 +232,21 @@ angryezgames.com CNAME .
 anhduongjsc.com CNAME .
 anj-azakp.run.goorm.io CNAME .
 anjalijha167.github.io CNAME .
-anjayredit.duckdns.org CNAME .
 annacatania.com.mt CNAME .
 anon-keep-admin-keep.rvsla.workers.dev CNAME .
 ansr.ro CNAME .
 aolmailukhelplinecustomerservice.blogspot.com CNAME .
 aolmailukhelplinecustomerservice.blogspot.com.au CNAME .
-aolpoweredservice.duckdns.org CNAME .
 aolverixon11dfd.weebly.com CNAME .
 aolxperience.com CNAME .
+api-saisoncard-co-jp.md160.net CNAME .
 api-saisoncard-co-jp.o4ay8.net CNAME .
 api.florense.com.br CNAME .
 api.redirect-bentobot199.com CNAME .
 api.redirect-safebrowser-online.com CNAME .
-api.safe-directmail.com CNAME .
 aplintec.com.mx CNAME .
 app-928e4a31-5ecb-44ae-8c1e-5a710ac73f9f.cleverapps.io CNAME .
 app-bombcrypto-io-login-ab.blogspot.com CNAME .
-app-panckswp.xyz CNAME .
 app.bydn217.club CNAME .
 app.duel.network CNAME .
 app.fiiber.ca CNAME .
@@ -254,10 +256,11 @@ app.sugarsync.com CNAME .
 appatualizecef.com CNAME .
 appibsolicitud.com CNAME .
 appleid-check.info CNAME .
+applekra.com CNAME .
 applepichincha.webcindario.com CNAME .
 apply.aua.am CNAME .
 apps.mobile-form-verification40124572700208277579.xjzsg0tqkl-ewl6ngk8w352.p.runcloud.link CNAME .
-appttech.com CNAME .
+aprilgagenesh.com CNAME .
 aquaqualitas.com CNAME .
 arafathrumman.github.io CNAME .
 arcacg.com CNAME .
@@ -265,15 +268,18 @@ archivio-supporto.sitoper.it CNAME .
 are.scicemecod.com CNAME .
 areueaom.gtpzcve.cn CNAME .
 areueaom.gtva.cn CNAME .
+arif.com.bd CNAME .
 aromatic.webenliven.in CNAME .
 arthamahotels.com CNAME .
 artlux.com.pl CNAME .
 arub-service.org CNAME .
 aruba.fatt.ids-sys.com CNAME .
 as.macecri.com CNAME .
+as.scicemecod.com CNAME .
 asaipestcontrol.com CNAME .
 ascom.co.tz CNAME .
 asd.9sw53wk.cn CNAME .
+asdxa.p2x11pi.cn CNAME .
 asgard-ampqy.run-us-west2.goorm.io CNAME .
 asimpwsh.com CNAME .
 asistentetramitadordigitalda.com CNAME .
@@ -283,19 +289,24 @@ at-t-support-service1.sitey.me CNAME .
 at-t-yahoo.sitey.me CNAME .
 atento-fdi.plusoftomni.com.br CNAME .
 ativacao-online73681.com CNAME .
+atlanticeconcrete.com CNAME .
 atnr76dxku336szy.clickfunnels.com CNAME .
-attcustomdesk.weebly.com CNAME .
+att556.weebly.com CNAME .
+att87.weebly.com CNAME .
 attinfoser.weebly.com CNAME .
 attonlinemanagementpage.weebly.com CNAME .
+attonlineuserverification.weebly.com CNAME .
 attpage1121.weebly.com CNAME .
 atualizacao-online547864.com CNAME .
 atualizarmodolo.com CNAME .
 atulrathore-dev.github.io CNAME .
+auid-japan.com CNAME .
 aurumship.com CNAME .
-aushfew.tokyo CNAME .
 aushotel.es CNAME .
 auth-task1-m.web.app CNAME .
 auth-webmailakeonetcom.yolasite.com CNAME .
+auth.topgamers.cn CNAME .
+authent54-sedure32.duckdns.org CNAME .
 authorize-trustvallet-protocol.com CNAME .
 authorizewallet.app CNAME .
 authuxeehmutconjxmailssocl.web.app CNAME .
@@ -305,16 +316,15 @@ autoexprs.com CNAME .
 autoranplususeremailprocessingupdate.pages.dev CNAME .
 autoscurt24.de CNAME .
 autumn-sun-4a21.paqesads-scure.workers.dev CNAME .
+avelocidad.com CNAME .
 avrorganics.com CNAME .
 awesome-gates-8bdd6f.netlify.app CNAME .
 ax.xiguw.workers.dev CNAME .
-axieinfinity-meta.com CNAME .
 axieinfinity-supportwallet.com CNAME .
 axlr.in CNAME .
-ayguru.com CNAME .
+ayushenterprise.in CNAME .
 az.macecri.com CNAME .
 azb3s.cf CNAME .
-azmnsaz.000webhostapp.com CNAME .
 azmznonos_co_long.akys.shop CNAME .
 b.com.0cdb6084fc320a42a6418192753f5960.laremolonarestaurante.com CNAME .
 b059c86968a6427389952025bcee9886.svc.dynamics.com CNAME .
@@ -322,7 +332,6 @@ b4e921f0.sso-mailsrvr-4344e5teed.pages.dev CNAME .
 b96f7f93.sibforms.com CNAME .
 b97bca39.srvr-cloudmail-srvr6754e5rte.pages.dev CNAME .
 bacteralia.com CNAME .
-badnewswegewroighgserhhg.xyz CNAME .
 bag-macben.eu CNAME .
 bakhai.vn CNAME .
 balajihospital.net CNAME .
@@ -342,7 +351,6 @@ bancaporlnternetlnterbarnk.jifad.org CNAME .
 bancaporlnternetlnterbarnk.libertycanais.com.br CNAME .
 bancoiinng.site44.com CNAME .
 bancooccidentalb.com CNAME .
-bank-id.pl CNAME .
 bankapolska.com CNAME .
 banki0wa.us CNAME .
 bankocaoffo.webcindario.com CNAME .
@@ -350,8 +358,8 @@ bankofamer86.ddns.net CNAME .
 bannerbank.control-inc.com CNAME .
 bannerchampnyc.com CNAME .
 banproseguridadasistenteenlineanic.webnode.es CNAME .
-banqsuepoy.temp.swtest.ru CNAME .
 baradua.it CNAME .
+barbecuef.top CNAME .
 battlelastmont.cyou CNAME .
 bc1.paiementervice.com CNAME .
 bconclutmjy.ru CNAME .
@@ -360,7 +368,7 @@ bcpzonaseguirabeta.com CNAME .
 be-home.web.do CNAME .
 bearmybrand.com CNAME .
 beast-blog.com CNAME .
-beibys.com.br CNAME .
+beccu07.zzux.com CNAME .
 beijing.vfzfy1v.cn CNAME .
 belovedaroma.com CNAME .
 bendmytrend.com CNAME .
@@ -426,18 +434,19 @@ bnconacional.odoo.com CNAME .
 bncre.odoo.com CNAME .
 bncxz.9wx9b27.cn CNAME .
 bndigitalpersonas.com CNAME .
-bnpparibas-pl.mob-app.xyz CNAME .
 boaupdate.bfaoscr.com CNAME .
 bogdonovlerer.com CNAME .
 bogged-finance.com CNAME .
+boi.365online-replacement.com CNAME .
+boke4-indonesia-2022a7whatsapp.duckdns.org CNAME .
+bokep-virall-sange33.duckdns.org CNAME .
 bokgabanesolutions.co.za CNAME .
+bold-lichterman.45-81-232-15.plesk.page CNAME .
 bookfbs.evangsamuelministries.com CNAME .
 boxes.com.py CNAME .
 br4.in CNAME .
 br622.teste.website CNAME .
-brave-knuth-96d329.netlify.app CNAME .
 breople.com CNAME .
-brigida_cossette.gitlab.io CNAME .
 brooks-forrunning.top CNAME .
 brooks-justforjogging.top CNAME .
 brooks-move.top CNAME .
@@ -476,7 +485,6 @@ builmon.xyz CNAME .
 bujikena.web.app CNAME .
 bundel-cobragratis2022.duckdns.org CNAME .
 busanopen.org CNAME .
-business-action-copyright11022.web.app CNAME .
 business-action-page129591.web.app CNAME .
 business-appeal-copyright8211.web.app CNAME .
 business-appeal-form-18222.web.app CNAME .
@@ -484,24 +492,22 @@ business-copyright-alert100821.web.app CNAME .
 business-copyright-alert198082.web.app CNAME .
 business-copyright-alert19882.web.app CNAME .
 business-copyright-detected920.web.app CNAME .
-business-page-content125882.web.app CNAME .
 business-required-helpcenter82.web.app CNAME .
 business-required-info188221.web.app CNAME .
 businessemailss.biz CNAME .
-bussines.messages-redirect-to-page.e37uezyquk-rz83y0rwz4d7.p.runcloud.link CNAME .
 buyelectronicsnyc.com CNAME .
 c.curiousmorty.be CNAME .
 c.jardindemiedo.es CNAME .
 c.loveawaits.be CNAME .
 c.mail.com CNAME .
 c0m-r51znzlh8i.isiolo.go.ke CNAME .
-c10012022j.temp.swtest.ru CNAME .
 c1christine.tjelmeland2e.cso.gov.tt CNAME .
 c2dc5b99.chgmar.pages.dev CNAME .
 c6ebv708.caspio.com CNAME .
 cabsiler.com CNAME .
 cache.nebula.phx3.secureserver.net CNAME .
 cadeau-orange.fr CNAME .
+caixabanki.temp.swtest.ru CNAME .
 caixaseguradora.quadientcloud.com CNAME .
 cakesbyannemotha.com CNAME .
 cammymiller.com CNAME .
@@ -511,7 +517,6 @@ cannellandcoflooring.co.uk CNAME .
 capservice.online CNAME .
 caracasmateriais.blogspot.com CNAME .
 carpediemxp.com CNAME .
-carry.reduxservices.com CNAME .
 carservicessaupdate.xyz CNAME .
 cartamorin-geometres.fr CNAME .
 carwash.tv CNAME .
@@ -524,6 +529,7 @@ caycos.beispielseite-wmka.de CNAME .
 caymanreno.com CNAME .
 cbmonlinegroups.com CNAME .
 cc.scicemecod.com CNAME .
+cc23674.tmweb.ru CNAME .
 ccjrlaw.com CNAME .
 cdas.nxzigco.cn CNAME .
 cdsoa.wuefyta.cn CNAME .
@@ -536,14 +542,13 @@ centralconsulta.link CNAME .
 centre1.bubbleapps.io CNAME .
 ceresgulf.com CNAME .
 certifica-montepaschii.com CNAME .
-chalokradocallkakuch.azurewebsites.net CNAME .
-changenotification.pricesamazonlogincard.monster CNAME .
+charitascb.com CNAME .
 charperimagedesign.com CNAME .
 chat-whatasapp.com CNAME .
 chat-whatsaap99.duckdns.org CNAME .
 chat-whatsapp-com-go8i7q-qregrabc-ibuxub.duckdns.org CNAME .
-chat-whatsapp-group-2022.duckdns.org CNAME .
 chat-whatsapp-grupo-invitacion.blogspot.com CNAME .
+chat-whatsapp-gscfghjsgsu.duckdns.org CNAME .
 chckmaill1.web.app CNAME .
 chckmaill10.web.app CNAME .
 chckmaill11.web.app CNAME .
@@ -577,9 +582,9 @@ chiragrajoria.github.io CNAME .
 chois.jp CNAME .
 christienstudystl.wixsite.com CNAME .
 christmas-dhl-express-delvr.hopekosmos.com CNAME .
+chronopostaws.com CNAME .
 chtbnk.uk CNAME .
 chutomen.com CNAME .
-ciiusea.com CNAME .
 cinemaleftech.com CNAME .
 citagestionenlineabn.com CNAME .
 city-of-jazz.de CNAME .
@@ -587,13 +592,11 @@ ckwgruppe.service-now.com CNAME .
 claiimdiamondgratis84.duckdns.org CNAME .
 claim-event-freefire-garena-oldfree-a4.duckdns.org CNAME .
 claim-skingratis-mobailegends161.duckdns.org CNAME .
-claimgratisff2022.duckdns.org CNAME .
 claims-funds-enczj.run-us-west2.goorm.io CNAME .
 claimseventmlbb.duckdns.org CNAME .
 claimshopee.yolasite.com CNAME .
 claro-link.brsafe.com.br CNAME .
 claus.bz CNAME .
-clefman.cl CNAME .
 click-here-help.in CNAME .
 client-support-page.com CNAME .
 clientid-h5p8n7f9e6fbmkhbr3i4gbnia7e9zpts4nbk3ebk0zj625t2ol.website.yandexcloud.net CNAME .
@@ -632,7 +635,9 @@ co.jp.rukbcga.cn CNAME .
 co.jp.sefdvsi.cn CNAME .
 co.jp.tezkkbp.cn CNAME .
 co.jp.ztxzzup.cn CNAME .
+cobaincurlduluom.duckdns.org CNAME .
 codwarzonemobile.com CNAME .
+coindappsync.online CNAME .
 cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev CNAME .
 collab-land.net CNAME .
 collabland.info CNAME .
@@ -647,23 +652,24 @@ com-mm2ai86orr.isiolo.go.ke CNAME .
 com-r51znzlh8i.isiolo.go.ke CNAME .
 com-sauuvazpjo.isiolo.go.ke CNAME .
 com-ugsyk69nqb.isiolo.go.ke CNAME .
-comefuck.co CNAME .
 community.fb-pages-01138913366342885284.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link CNAME .
 community.fb-pages-28202553629866144006.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link CNAME .
 community.fb-pages-44883444930165123303.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link CNAME .
 completeegali.webcindario.com CNAME .
+completeyorcorp.lunsrgovert.net CNAME .
 comunicazione-europe.net CNAME .
 comunity-isue-ideent-andromeda-29.web.id CNAME .
 comunity-isue-ideent-andromeda-33.web.id CNAME .
-comunity-isue-ideent-andromeda-88.web.id CNAME .
 con-firma.firebaseapp.com CNAME .
-confirming-pages-idntitysupport.web.id CNAME .
 congresosba.com.ar CNAME .
 conhecaonlinedigital.com.br CNAME .
 connect.au-login.0662smt.com CNAME .
+connect.auone.jp-login.kddi-sys.com CNAME .
+connect.myauone.jp-auid.jp-auid.com CNAME .
+connect.myauone.jp-auid.kddi-mail.com CNAME .
+connectlivewallet.io CNAME .
 connectwallet.me CNAME .
 conoscofaturahiiiper.com CNAME .
-consultavirtuai.bieah.com CNAME .
 contabilidaderabello.com.br CNAME .
 contact2acceptpoilcyverifingyouracceptancemailfullinbox.pages.dev CNAME .
 contapessoal.digital CNAME .
@@ -674,7 +680,7 @@ continentepecas.com CNAME .
 contratodeparceria.com.br CNAME .
 controlpichincha.webcindario.com CNAME .
 copyright-center-live.ml CNAME .
-corl-inv.web.app CNAME .
+coroplastusa.com CNAME .
 correosdemexico-web.com CNAME .
 corta.ai CNAME .
 cosemu.com CNAME .
@@ -694,7 +700,6 @@ credicorp-capital.net CNAME .
 credicorpfiduciariasa.com CNAME .
 credifinanciera.didacsis.com CNAME .
 crediserfinanza.com CNAME .
-credita302.temp.swtest.ru CNAME .
 creditagricole-sudrhonealpes.blogspot.ba CNAME .
 creditagricole-sudrhonealpes.blogspot.com CNAME .
 creditagricole-sudrhonealpes.blogspot.ro CNAME .
@@ -702,13 +707,18 @@ creditinternationalbank.com CNAME .
 creditiperhabbogratissicuro100.blogspot.it CNAME .
 cresvin.com CNAME .
 criticalcarevizag.com CNAME .
+crrdxwjap7t.typeform.com CNAME .
 cryptocars-plays.buzz CNAME .
 cryptocarsme.com CNAME .
 cryptscars-logs.com CNAME .
 cryqtocars.me CNAME .
 cuans.bkaamiv.cn CNAME .
 currentlyupgrade.mystrikingly.com CNAME .
+cusnas.366wuv.cn CNAME .
+cxas.bvd2q18.cn CNAME .
+cxas.zk6w4dt.cn CNAME .
 cxasd.easghbl.cn CNAME .
+cxmnsa.04frh0w.cn CNAME .
 cxnbas.nmkbmqk.cn CNAME .
 cxuahs.1wc9bxm.cn CNAME .
 cyna.rkpmage.cn CNAME .
@@ -721,8 +731,10 @@ d18gc1ytkdv37u.cloudfront.net CNAME .
 d2aae6a6.srvr-cloudmail-srvr675eu6r.pages.dev CNAME .
 d3ncuwwrr82.typeform.com CNAME .
 daatahomes.com CNAME .
+dadafa88.com CNAME .
 damp-f43e.recovery-page-secur.workers.dev CNAME .
 danitraseoexperts.com CNAME .
+dappconnecttvalidator.net CNAME .
 dapponlines.com CNAME .
 dappscoins.com CNAME .
 dappsiconnect.com CNAME .
@@ -738,8 +750,8 @@ daycoval.facildepagar.com.br CNAME .
 db-web-client.com CNAME .
 dbesmdcjzturhizszllesbthsn-dot-gl44393333333.rj.r.appspot.com CNAME .
 dbkuzwes.online CNAME .
-dbs-interrnet.online CNAME .
 dbs.limited CNAME .
+dbs.online.webdbslistinonline.com CNAME .
 dbs.webdbslistinonline.com CNAME .
 dbw.gr CNAME .
 dcm1.ae.iwc.static.tungmung.co.id CNAME .
@@ -772,6 +784,7 @@ deutsche-post.apurvathespygenesh.com CNAME .
 dev-nadaj.orlenpaczka.ce5.pl CNAME .
 dev-secu-credit-union.pantheonsite.io CNAME .
 dev-www.orlenpaczka.ce5.pl CNAME .
+dev.massageliabilityinsurancegroup.com CNAME .
 dev.shivaxi.com CNAME .
 devicepichincha.webcindario.com CNAME .
 devops.help CNAME .
@@ -784,15 +797,17 @@ dhl-event.app CNAME .
 dhl.recruitmentplatform.com CNAME .
 diamondplate.us CNAME .
 die-post-swiss-id-19782635812.psd2any.com CNAME .
+diepost-paketevhost207932.lowhost.ru CNAME .
 diginto.org CNAME .
-dilscord.gift CNAME .
+diligentverify.com CNAME .
 directqpuprozaakp.weebly.com CNAME .
 dirtyez.com CNAME .
 disccrdapp.com CNAME .
 disckord.club CNAME .
 discoord-nittro.com CNAME .
-discorc.gift CNAME .
 discordbugs.com CNAME .
+discordnitroos.com CNAME .
+discrods.gift CNAME .
 dispositivoapp.azurewebsites.net CNAME .
 distinctivei.com CNAME .
 distrial.ec CNAME .
@@ -805,7 +820,6 @@ dkglobaljobs.com CNAME .
 dl.9xu.com CNAME .
 dlink.me CNAME .
 dmaxpesca.com.es CNAME .
-dminer.cloud CNAME .
 doclab-console-auth.firebaseapp.com CNAME .
 docs-verify-c671.thajetiase.workers.dev CNAME .
 docs.revv.so CNAME .
@@ -831,12 +845,9 @@ domainserverlawa116.web.app CNAME .
 domainserverlawa117.web.app CNAME .
 domainserverlawa118.web.app CNAME .
 domainserverlawa119.web.app CNAME .
-domainserverlawa120.web.app CNAME .
-domainserverlawa121.web.app CNAME .
 domainserverlawa122.web.app CNAME .
 domainserverlawa123.web.app CNAME .
 domainserverlawa124.web.app CNAME .
-domainserverlawa125.web.app CNAME .
 domainserverlawa126.web.app CNAME .
 domainserverlawa127.web.app CNAME .
 domainserverlawa128.web.app CNAME .
@@ -845,32 +856,24 @@ domainserverlawa13.web.app CNAME .
 domainserverlawa130.web.app CNAME .
 domainserverlawa131.web.app CNAME .
 domainserverlawa132.web.app CNAME .
-domainserverlawa133.web.app CNAME .
 domainserverlawa134.web.app CNAME .
 domainserverlawa135.web.app CNAME .
 domainserverlawa136.web.app CNAME .
 domainserverlawa137.web.app CNAME .
-domainserverlawa138.web.app CNAME .
 domainserverlawa139.web.app CNAME .
 domainserverlawa14.web.app CNAME .
-domainserverlawa140.web.app CNAME .
-domainserverlawa141.web.app CNAME .
 domainserverlawa142.web.app CNAME .
 domainserverlawa143.web.app CNAME .
 domainserverlawa144.web.app CNAME .
 domainserverlawa145.web.app CNAME .
 domainserverlawa146.web.app CNAME .
-domainserverlawa147.web.app CNAME .
 domainserverlawa148.web.app CNAME .
 domainserverlawa149.web.app CNAME .
 domainserverlawa150.web.app CNAME .
-domainserverlawa151.web.app CNAME .
 domainserverlawa152.web.app CNAME .
 domainserverlawa153.web.app CNAME .
-domainserverlawa154.web.app CNAME .
 domainserverlawa155.web.app CNAME .
 domainserverlawa156.web.app CNAME .
-domainserverlawa157.web.app CNAME .
 domainserverlawa158.web.app CNAME .
 domainserverlawa159.web.app CNAME .
 domainserverlawa160.web.app CNAME .
@@ -878,20 +881,15 @@ domainserverlawa161.web.app CNAME .
 domainserverlawa162.web.app CNAME .
 domainserverlawa163.web.app CNAME .
 domainserverlawa164.web.app CNAME .
-domainserverlawa165.web.app CNAME .
 domainserverlawa166.web.app CNAME .
 domainserverlawa167.web.app CNAME .
 domainserverlawa168.web.app CNAME .
 domainserverlawa169.web.app CNAME .
-domainserverlawa17.web.app CNAME .
-domainserverlawa170.web.app CNAME .
 domainserverlawa171.web.app CNAME .
 domainserverlawa172.web.app CNAME .
 domainserverlawa173.web.app CNAME .
 domainserverlawa174.web.app CNAME .
-domainserverlawa175.web.app CNAME .
 domainserverlawa176.web.app CNAME .
-domainserverlawa177.web.app CNAME .
 domainserverlawa178.web.app CNAME .
 domainserverlawa179.web.app CNAME .
 domainserverlawa18.web.app CNAME .
@@ -900,34 +898,25 @@ domainserverlawa181.web.app CNAME .
 domainserverlawa182.web.app CNAME .
 domainserverlawa183.web.app CNAME .
 domainserverlawa184.web.app CNAME .
-domainserverlawa185.web.app CNAME .
 domainserverlawa186.web.app CNAME .
 domainserverlawa187.web.app CNAME .
 domainserverlawa188.web.app CNAME .
 domainserverlawa189.web.app CNAME .
 domainserverlawa19.web.app CNAME .
-domainserverlawa190.web.app CNAME .
 domainserverlawa191.web.app CNAME .
 domainserverlawa193.web.app CNAME .
 domainserverlawa194.web.app CNAME .
 domainserverlawa195.web.app CNAME .
-domainserverlawa196.web.app CNAME .
-domainserverlawa197.web.app CNAME .
 domainserverlawa198.web.app CNAME .
-domainserverlawa199.web.app CNAME .
 domainserverlawa20.web.app CNAME .
-domainserverlawa200.web.app CNAME .
 domainserverlawa201.web.app CNAME .
 domainserverlawa202.web.app CNAME .
-domainserverlawa203.web.app CNAME .
 domainserverlawa204.web.app CNAME .
 domainserverlawa205.web.app CNAME .
 domainserverlawa206.web.app CNAME .
-domainserverlawa207.web.app CNAME .
 domainserverlawa208.web.app CNAME .
 domainserverlawa209.web.app CNAME .
 domainserverlawa21.web.app CNAME .
-domainserverlawa210.web.app CNAME .
 domainserverlawa211.web.app CNAME .
 domainserverlawa212.web.app CNAME .
 domainserverlawa213.web.app CNAME .
@@ -941,7 +930,6 @@ domainserverlawa220.web.app CNAME .
 domainserverlawa221.web.app CNAME .
 domainserverlawa222.web.app CNAME .
 domainserverlawa223.web.app CNAME .
-domainserverlawa224.web.app CNAME .
 domainserverlawa225.web.app CNAME .
 domainserverlawa226.web.app CNAME .
 domainserverlawa227.web.app CNAME .
@@ -954,12 +942,10 @@ domainserverlawa233.web.app CNAME .
 domainserverlawa234.web.app CNAME .
 domainserverlawa235.web.app CNAME .
 domainserverlawa237.web.app CNAME .
-domainserverlawa238.web.app CNAME .
 domainserverlawa239.web.app CNAME .
 domainserverlawa240.web.app CNAME .
 domainserverlawa241.web.app CNAME .
 domainserverlawa242.web.app CNAME .
-domainserverlawa243.web.app CNAME .
 domainserverlawa244.web.app CNAME .
 domainserverlawa245.web.app CNAME .
 domainserverlawa246.web.app CNAME .
@@ -967,35 +953,23 @@ domainserverlawa247.web.app CNAME .
 domainserverlawa248.web.app CNAME .
 domainserverlawa249.web.app CNAME .
 domainserverlawa25.web.app CNAME .
-domainserverlawa250.web.app CNAME .
 domainserverlawa251.web.app CNAME .
 domainserverlawa252.web.app CNAME .
 domainserverlawa253.web.app CNAME .
-domainserverlawa254.web.app CNAME .
-domainserverlawa255.web.app CNAME .
 domainserverlawa256.web.app CNAME .
 domainserverlawa257.web.app CNAME .
 domainserverlawa258.web.app CNAME .
-domainserverlawa259.web.app CNAME .
-domainserverlawa26.web.app CNAME .
 domainserverlawa260.web.app CNAME .
-domainserverlawa261.web.app CNAME .
-domainserverlawa262.web.app CNAME .
 domainserverlawa263.web.app CNAME .
 domainserverlawa264.web.app CNAME .
 domainserverlawa265.web.app CNAME .
 domainserverlawa266.web.app CNAME .
 domainserverlawa267.web.app CNAME .
-domainserverlawa268.web.app CNAME .
 domainserverlawa269.web.app CNAME .
 domainserverlawa270.web.app CNAME .
-domainserverlawa271.web.app CNAME .
-domainserverlawa272.web.app CNAME .
 domainserverlawa273.web.app CNAME .
 domainserverlawa274.web.app CNAME .
-domainserverlawa275.web.app CNAME .
 domainserverlawa276.web.app CNAME .
-domainserverlawa277.web.app CNAME .
 domainserverlawa278.web.app CNAME .
 domainserverlawa279.web.app CNAME .
 domainserverlawa280.web.app CNAME .
@@ -1004,9 +978,7 @@ domainserverlawa282.web.app CNAME .
 domainserverlawa283.web.app CNAME .
 domainserverlawa284.web.app CNAME .
 domainserverlawa285.web.app CNAME .
-domainserverlawa286.web.app CNAME .
 domainserverlawa287.web.app CNAME .
-domainserverlawa289.web.app CNAME .
 domainserverlawa29.web.app CNAME .
 domainserverlawa290.web.app CNAME .
 domainserverlawa292.web.app CNAME .
@@ -1015,28 +987,20 @@ domainserverlawa294.web.app CNAME .
 domainserverlawa295.web.app CNAME .
 domainserverlawa296.web.app CNAME .
 domainserverlawa297.web.app CNAME .
-domainserverlawa298.web.app CNAME .
 domainserverlawa299.web.app CNAME .
-domainserverlawa30.web.app CNAME .
 domainserverlawa300.web.app CNAME .
 domainserverlawa301.web.app CNAME .
 domainserverlawa302.web.app CNAME .
 domainserverlawa303.web.app CNAME .
 domainserverlawa304.web.app CNAME .
 domainserverlawa305.web.app CNAME .
-domainserverlawa306.web.app CNAME .
 domainserverlawa307.web.app CNAME .
 domainserverlawa308.web.app CNAME .
-domainserverlawa309.web.app CNAME .
-domainserverlawa31.web.app CNAME .
 domainserverlawa310.web.app CNAME .
 domainserverlawa311.web.app CNAME .
 domainserverlawa312.web.app CNAME .
 domainserverlawa313.web.app CNAME .
-domainserverlawa314.web.app CNAME .
 domainserverlawa315.web.app CNAME .
-domainserverlawa316.web.app CNAME .
-domainserverlawa317.web.app CNAME .
 domainserverlawa318.web.app CNAME .
 domainserverlawa319.web.app CNAME .
 domainserverlawa32.web.app CNAME .
@@ -1044,13 +1008,11 @@ domainserverlawa320.web.app CNAME .
 domainserverlawa321.web.app CNAME .
 domainserverlawa322.web.app CNAME .
 domainserverlawa323.web.app CNAME .
-domainserverlawa324.web.app CNAME .
 domainserverlawa325.web.app CNAME .
 domainserverlawa326.web.app CNAME .
 domainserverlawa327.web.app CNAME .
 domainserverlawa328.web.app CNAME .
 domainserverlawa329.web.app CNAME .
-domainserverlawa33.web.app CNAME .
 domainserverlawa330.web.app CNAME .
 domainserverlawa331.web.app CNAME .
 domainserverlawa332.web.app CNAME .
@@ -1061,17 +1023,14 @@ domainserverlawa336.web.app CNAME .
 domainserverlawa337.web.app CNAME .
 domainserverlawa338.web.app CNAME .
 domainserverlawa339.web.app CNAME .
-domainserverlawa34.web.app CNAME .
 domainserverlawa340.web.app CNAME .
 domainserverlawa341.web.app CNAME .
 domainserverlawa342.web.app CNAME .
 domainserverlawa343.web.app CNAME .
 domainserverlawa344.web.app CNAME .
-domainserverlawa345.web.app CNAME .
 domainserverlawa346.web.app CNAME .
 domainserverlawa347.web.app CNAME .
 domainserverlawa348.web.app CNAME .
-domainserverlawa35.web.app CNAME .
 domainserverlawa350.web.app CNAME .
 domainserverlawa351.web.app CNAME .
 domainserverlawa352.web.app CNAME .
@@ -1085,7 +1044,6 @@ domainserverlawa359.web.app CNAME .
 domainserverlawa36.web.app CNAME .
 domainserverlawa360.web.app CNAME .
 domainserverlawa361.web.app CNAME .
-domainserverlawa362.web.app CNAME .
 domainserverlawa363.web.app CNAME .
 domainserverlawa364.web.app CNAME .
 domainserverlawa365.web.app CNAME .
@@ -1096,7 +1054,6 @@ domainserverlawa37.web.app CNAME .
 domainserverlawa370.web.app CNAME .
 domainserverlawa371.web.app CNAME .
 domainserverlawa372.web.app CNAME .
-domainserverlawa373.web.app CNAME .
 domainserverlawa374.web.app CNAME .
 domainserverlawa375.web.app CNAME .
 domainserverlawa376.web.app CNAME .
@@ -1112,11 +1069,7 @@ domainserverlawa384.web.app CNAME .
 domainserverlawa385.web.app CNAME .
 domainserverlawa386.web.app CNAME .
 domainserverlawa387.web.app CNAME .
-domainserverlawa388.web.app CNAME .
-domainserverlawa389.web.app CNAME .
-domainserverlawa39.web.app CNAME .
 domainserverlawa390.web.app CNAME .
-domainserverlawa391.web.app CNAME .
 domainserverlawa392.web.app CNAME .
 domainserverlawa393.web.app CNAME .
 domainserverlawa394.web.app CNAME .
@@ -1127,11 +1080,8 @@ domainserverlawa398.web.app CNAME .
 domainserverlawa40.web.app CNAME .
 domainserverlawa400.web.app CNAME .
 domainserverlawa401.web.app CNAME .
-domainserverlawa402.web.app CNAME .
 domainserverlawa403.web.app CNAME .
-domainserverlawa404.web.app CNAME .
 domainserverlawa405.web.app CNAME .
-domainserverlawa406.web.app CNAME .
 domainserverlawa407.web.app CNAME .
 domainserverlawa408.web.app CNAME .
 domainserverlawa409.web.app CNAME .
@@ -1142,7 +1092,6 @@ domainserverlawa412.web.app CNAME .
 domainserverlawa413.web.app CNAME .
 domainserverlawa414.web.app CNAME .
 domainserverlawa415.web.app CNAME .
-domainserverlawa416.web.app CNAME .
 domainserverlawa417.web.app CNAME .
 domainserverlawa418.web.app CNAME .
 domainserverlawa419.web.app CNAME .
@@ -1155,12 +1104,10 @@ domainserverlawa424.web.app CNAME .
 domainserverlawa425.web.app CNAME .
 domainserverlawa426.web.app CNAME .
 domainserverlawa427.web.app CNAME .
-domainserverlawa428.web.app CNAME .
 domainserverlawa429.web.app CNAME .
 domainserverlawa43.web.app CNAME .
 domainserverlawa430.web.app CNAME .
 domainserverlawa431.web.app CNAME .
-domainserverlawa432.web.app CNAME .
 domainserverlawa433.web.app CNAME .
 domainserverlawa434.web.app CNAME .
 domainserverlawa435.web.app CNAME .
@@ -1170,36 +1117,27 @@ domainserverlawa438.web.app CNAME .
 domainserverlawa439.web.app CNAME .
 domainserverlawa44.web.app CNAME .
 domainserverlawa440.web.app CNAME .
-domainserverlawa441.web.app CNAME .
 domainserverlawa442.web.app CNAME .
 domainserverlawa443.web.app CNAME .
 domainserverlawa444.web.app CNAME .
 domainserverlawa445.web.app CNAME .
 domainserverlawa446.web.app CNAME .
 domainserverlawa447.web.app CNAME .
-domainserverlawa448.web.app CNAME .
 domainserverlawa449.web.app CNAME .
-domainserverlawa45.web.app CNAME .
 domainserverlawa450.web.app CNAME .
 domainserverlawa451.web.app CNAME .
 domainserverlawa452.web.app CNAME .
 domainserverlawa453.web.app CNAME .
-domainserverlawa454.web.app CNAME .
 domainserverlawa455.web.app CNAME .
 domainserverlawa456.web.app CNAME .
-domainserverlawa457.web.app CNAME .
-domainserverlawa458.web.app CNAME .
 domainserverlawa459.web.app CNAME .
 domainserverlawa46.web.app CNAME .
 domainserverlawa460.web.app CNAME .
-domainserverlawa461.web.app CNAME .
 domainserverlawa462.web.app CNAME .
 domainserverlawa463.web.app CNAME .
 domainserverlawa464.web.app CNAME .
 domainserverlawa465.web.app CNAME .
 domainserverlawa466.web.app CNAME .
-domainserverlawa467.web.app CNAME .
-domainserverlawa468.web.app CNAME .
 domainserverlawa469.web.app CNAME .
 domainserverlawa47.web.app CNAME .
 domainserverlawa470.web.app CNAME .
@@ -1210,18 +1148,14 @@ domainserverlawa474.web.app CNAME .
 domainserverlawa475.web.app CNAME .
 domainserverlawa476.web.app CNAME .
 domainserverlawa477.web.app CNAME .
-domainserverlawa478.web.app CNAME .
 domainserverlawa479.web.app CNAME .
 domainserverlawa480.web.app CNAME .
 domainserverlawa481.web.app CNAME .
-domainserverlawa482.web.app CNAME .
 domainserverlawa483.web.app CNAME .
 domainserverlawa484.web.app CNAME .
 domainserverlawa485.web.app CNAME .
 domainserverlawa486.web.app CNAME .
 domainserverlawa487.web.app CNAME .
-domainserverlawa488.web.app CNAME .
-domainserverlawa489.web.app CNAME .
 domainserverlawa49.web.app CNAME .
 domainserverlawa490.web.app CNAME .
 domainserverlawa491.web.app CNAME .
@@ -1232,22 +1166,15 @@ domainserverlawa495.web.app CNAME .
 domainserverlawa496.web.app CNAME .
 domainserverlawa497.web.app CNAME .
 domainserverlawa498.web.app CNAME .
-domainserverlawa499.web.app CNAME .
 domainserverlawa50.web.app CNAME .
 domainserverlawa500.web.app CNAME .
-domainserverlawa501.web.app CNAME .
 domainserverlawa502.web.app CNAME .
-domainserverlawa503.web.app CNAME .
-domainserverlawa504.web.app CNAME .
-domainserverlawa505.web.app CNAME .
 domainserverlawa506.web.app CNAME .
 domainserverlawa507.web.app CNAME .
 domainserverlawa508.web.app CNAME .
 domainserverlawa509.web.app CNAME .
 domainserverlawa51.web.app CNAME .
-domainserverlawa510.web.app CNAME .
 domainserverlawa511.web.app CNAME .
-domainserverlawa513.web.app CNAME .
 domainserverlawa514.web.app CNAME .
 domainserverlawa515.web.app CNAME .
 domainserverlawa516.web.app CNAME .
@@ -1256,10 +1183,8 @@ domainserverlawa518.web.app CNAME .
 domainserverlawa519.web.app CNAME .
 domainserverlawa52.web.app CNAME .
 domainserverlawa520.web.app CNAME .
-domainserverlawa521.web.app CNAME .
 domainserverlawa522.web.app CNAME .
 domainserverlawa523.web.app CNAME .
-domainserverlawa524.web.app CNAME .
 domainserverlawa525.web.app CNAME .
 domainserverlawa526.web.app CNAME .
 domainserverlawa527.web.app CNAME .
@@ -1270,28 +1195,21 @@ domainserverlawa530.web.app CNAME .
 domainserverlawa531.web.app CNAME .
 domainserverlawa532.web.app CNAME .
 domainserverlawa533.web.app CNAME .
-domainserverlawa534.web.app CNAME .
-domainserverlawa535.web.app CNAME .
 domainserverlawa536.web.app CNAME .
 domainserverlawa537.web.app CNAME .
 domainserverlawa538.web.app CNAME .
 domainserverlawa539.web.app CNAME .
 domainserverlawa54.web.app CNAME .
-domainserverlawa540.web.app CNAME .
 domainserverlawa541.web.app CNAME .
 domainserverlawa542.web.app CNAME .
 domainserverlawa543.web.app CNAME .
-domainserverlawa544.web.app CNAME .
 domainserverlawa545.web.app CNAME .
 domainserverlawa546.web.app CNAME .
 domainserverlawa547.web.app CNAME .
-domainserverlawa548.web.app CNAME .
 domainserverlawa549.web.app CNAME .
 domainserverlawa550.web.app CNAME .
 domainserverlawa551.web.app CNAME .
-domainserverlawa552.web.app CNAME .
 domainserverlawa553.web.app CNAME .
-domainserverlawa554.web.app CNAME .
 domainserverlawa555.web.app CNAME .
 domainserverlawa556.web.app CNAME .
 domainserverlawa557.web.app CNAME .
@@ -1301,9 +1219,7 @@ domainserverlawa56.web.app CNAME .
 domainserverlawa560.web.app CNAME .
 domainserverlawa561.web.app CNAME .
 domainserverlawa562.web.app CNAME .
-domainserverlawa563.web.app CNAME .
 domainserverlawa564.web.app CNAME .
-domainserverlawa565.web.app CNAME .
 domainserverlawa566.web.app CNAME .
 domainserverlawa567.web.app CNAME .
 domainserverlawa568.web.app CNAME .
@@ -1312,35 +1228,24 @@ domainserverlawa57.web.app CNAME .
 domainserverlawa570.web.app CNAME .
 domainserverlawa571.web.app CNAME .
 domainserverlawa572.web.app CNAME .
-domainserverlawa573.web.app CNAME .
 domainserverlawa574.web.app CNAME .
 domainserverlawa575.web.app CNAME .
 domainserverlawa576.web.app CNAME .
 domainserverlawa577.web.app CNAME .
 domainserverlawa578.web.app CNAME .
 domainserverlawa579.web.app CNAME .
-domainserverlawa58.web.app CNAME .
-domainserverlawa580.web.app CNAME .
 domainserverlawa581.web.app CNAME .
 domainserverlawa582.web.app CNAME .
 domainserverlawa583.web.app CNAME .
-domainserverlawa584.web.app CNAME .
-domainserverlawa585.web.app CNAME .
 domainserverlawa586.web.app CNAME .
 domainserverlawa587.web.app CNAME .
 domainserverlawa588.web.app CNAME .
 domainserverlawa589.web.app CNAME .
 domainserverlawa59.web.app CNAME .
-domainserverlawa590.web.app CNAME .
-domainserverlawa591.web.app CNAME .
 domainserverlawa592.web.app CNAME .
 domainserverlawa593.web.app CNAME .
-domainserverlawa594.web.app CNAME .
-domainserverlawa595.web.app CNAME .
-domainserverlawa596.web.app CNAME .
 domainserverlawa597.web.app CNAME .
 domainserverlawa598.web.app CNAME .
-domainserverlawa599.web.app CNAME .
 domainserverlawa60.web.app CNAME .
 domainserverlawa600.web.app CNAME .
 domainserverlawa601.web.app CNAME .
@@ -1348,25 +1253,18 @@ domainserverlawa602.web.app CNAME .
 domainserverlawa603.web.app CNAME .
 domainserverlawa604.web.app CNAME .
 domainserverlawa605.web.app CNAME .
-domainserverlawa606.web.app CNAME .
 domainserverlawa607.web.app CNAME .
 domainserverlawa608.web.app CNAME .
 domainserverlawa609.web.app CNAME .
-domainserverlawa61.web.app CNAME .
 domainserverlawa610.web.app CNAME .
-domainserverlawa611.web.app CNAME .
 domainserverlawa612.web.app CNAME .
 domainserverlawa613.web.app CNAME .
 domainserverlawa614.web.app CNAME .
-domainserverlawa615.web.app CNAME .
-domainserverlawa616.web.app CNAME .
-domainserverlawa617.web.app CNAME .
 domainserverlawa618.web.app CNAME .
 domainserverlawa619.web.app CNAME .
 domainserverlawa62.web.app CNAME .
 domainserverlawa620.web.app CNAME .
 domainserverlawa621.web.app CNAME .
-domainserverlawa622.web.app CNAME .
 domainserverlawa623.web.app CNAME .
 domainserverlawa624.web.app CNAME .
 domainserverlawa625.web.app CNAME .
@@ -1387,7 +1285,6 @@ domainserverlawa638.web.app CNAME .
 domainserverlawa639.web.app CNAME .
 domainserverlawa64.web.app CNAME .
 domainserverlawa640.web.app CNAME .
-domainserverlawa641.web.app CNAME .
 domainserverlawa642.web.app CNAME .
 domainserverlawa643.web.app CNAME .
 domainserverlawa644.web.app CNAME .
@@ -1403,11 +1300,6 @@ domainserverlawa652.web.app CNAME .
 domainserverlawa653.web.app CNAME .
 domainserverlawa654.web.app CNAME .
 domainserverlawa655.web.app CNAME .
-domainserverlawa656.web.app CNAME .
-domainserverlawa657.web.app CNAME .
-domainserverlawa658.web.app CNAME .
-domainserverlawa659.web.app CNAME .
-domainserverlawa66.web.app CNAME .
 domainserverlawa660.web.app CNAME .
 domainserverlawa661.web.app CNAME .
 domainserverlawa662.web.app CNAME .
@@ -1418,14 +1310,10 @@ domainserverlawa666.web.app CNAME .
 domainserverlawa667.web.app CNAME .
 domainserverlawa668.web.app CNAME .
 domainserverlawa669.web.app CNAME .
-domainserverlawa67.web.app CNAME .
-domainserverlawa670.web.app CNAME .
 domainserverlawa671.web.app CNAME .
 domainserverlawa672.web.app CNAME .
 domainserverlawa673.web.app CNAME .
-domainserverlawa674.web.app CNAME .
 domainserverlawa675.web.app CNAME .
-domainserverlawa676.web.app CNAME .
 domainserverlawa677.web.app CNAME .
 domainserverlawa678.web.app CNAME .
 domainserverlawa679.web.app CNAME .
@@ -1433,12 +1321,8 @@ domainserverlawa68.web.app CNAME .
 domainserverlawa680.web.app CNAME .
 domainserverlawa681.web.app CNAME .
 domainserverlawa682.web.app CNAME .
-domainserverlawa683.web.app CNAME .
 domainserverlawa684.web.app CNAME .
 domainserverlawa685.web.app CNAME .
-domainserverlawa686.web.app CNAME .
-domainserverlawa687.web.app CNAME .
-domainserverlawa688.web.app CNAME .
 domainserverlawa689.web.app CNAME .
 domainserverlawa69.web.app CNAME .
 domainserverlawa690.web.app CNAME .
@@ -1446,7 +1330,6 @@ domainserverlawa691.web.app CNAME .
 domainserverlawa692.web.app CNAME .
 domainserverlawa693.web.app CNAME .
 domainserverlawa694.web.app CNAME .
-domainserverlawa695.web.app CNAME .
 domainserverlawa696.web.app CNAME .
 domainserverlawa697.web.app CNAME .
 domainserverlawa698.web.app CNAME .
@@ -1457,15 +1340,11 @@ domainserverlawa701.web.app CNAME .
 domainserverlawa702.web.app CNAME .
 domainserverlawa703.web.app CNAME .
 domainserverlawa704.web.app CNAME .
-domainserverlawa705.web.app CNAME .
 domainserverlawa706.web.app CNAME .
-domainserverlawa707.web.app CNAME .
 domainserverlawa708.web.app CNAME .
 domainserverlawa709.web.app CNAME .
 domainserverlawa71.web.app CNAME .
-domainserverlawa710.web.app CNAME .
 domainserverlawa711.web.app CNAME .
-domainserverlawa712.web.app CNAME .
 domainserverlawa713.web.app CNAME .
 domainserverlawa714.web.app CNAME .
 domainserverlawa715.web.app CNAME .
@@ -1474,17 +1353,13 @@ domainserverlawa717.web.app CNAME .
 domainserverlawa718.web.app CNAME .
 domainserverlawa719.web.app CNAME .
 domainserverlawa72.web.app CNAME .
-domainserverlawa720.web.app CNAME .
 domainserverlawa721.web.app CNAME .
 domainserverlawa722.web.app CNAME .
-domainserverlawa723.web.app CNAME .
 domainserverlawa724.web.app CNAME .
 domainserverlawa725.web.app CNAME .
 domainserverlawa726.web.app CNAME .
 domainserverlawa727.web.app CNAME .
-domainserverlawa728.web.app CNAME .
 domainserverlawa729.web.app CNAME .
-domainserverlawa73.web.app CNAME .
 domainserverlawa730.web.app CNAME .
 domainserverlawa731.web.app CNAME .
 domainserverlawa732.web.app CNAME .
@@ -1497,31 +1372,22 @@ domainserverlawa738.web.app CNAME .
 domainserverlawa739.web.app CNAME .
 domainserverlawa74.web.app CNAME .
 domainserverlawa740.web.app CNAME .
-domainserverlawa741.web.app CNAME .
 domainserverlawa742.web.app CNAME .
 domainserverlawa743.web.app CNAME .
 domainserverlawa744.web.app CNAME .
-domainserverlawa745.web.app CNAME .
 domainserverlawa746.web.app CNAME .
-domainserverlawa747.web.app CNAME .
-domainserverlawa748.web.app CNAME .
 domainserverlawa749.web.app CNAME .
 domainserverlawa75.web.app CNAME .
 domainserverlawa750.web.app CNAME .
-domainserverlawa751.web.app CNAME .
 domainserverlawa752.web.app CNAME .
 domainserverlawa753.web.app CNAME .
 domainserverlawa754.web.app CNAME .
 domainserverlawa755.web.app CNAME .
-domainserverlawa756.web.app CNAME .
 domainserverlawa757.web.app CNAME .
 domainserverlawa758.web.app CNAME .
 domainserverlawa759.web.app CNAME .
-domainserverlawa76.web.app CNAME .
-domainserverlawa760.web.app CNAME .
 domainserverlawa761.web.app CNAME .
 domainserverlawa762.web.app CNAME .
-domainserverlawa763.web.app CNAME .
 domainserverlawa764.web.app CNAME .
 domainserverlawa765.web.app CNAME .
 domainserverlawa766.web.app CNAME .
@@ -1541,22 +1407,17 @@ domainserverlawa778.web.app CNAME .
 domainserverlawa779.web.app CNAME .
 domainserverlawa78.web.app CNAME .
 domainserverlawa780.web.app CNAME .
-domainserverlawa781.web.app CNAME .
 domainserverlawa782.web.app CNAME .
 domainserverlawa783.web.app CNAME .
 domainserverlawa784.web.app CNAME .
 domainserverlawa785.web.app CNAME .
 domainserverlawa786.web.app CNAME .
-domainserverlawa787.web.app CNAME .
 domainserverlawa788.web.app CNAME .
 domainserverlawa789.web.app CNAME .
 domainserverlawa79.web.app CNAME .
 domainserverlawa790.web.app CNAME .
-domainserverlawa791.web.app CNAME .
-domainserverlawa792.web.app CNAME .
 domainserverlawa793.web.app CNAME .
 domainserverlawa794.web.app CNAME .
-domainserverlawa795.web.app CNAME .
 domainserverlawa796.web.app CNAME .
 domainserverlawa797.web.app CNAME .
 domainserverlawa798.web.app CNAME .
@@ -1565,7 +1426,6 @@ domainserverlawa80.web.app CNAME .
 domainserverlawa800.web.app CNAME .
 domainserverlawa801.web.app CNAME .
 domainserverlawa802.web.app CNAME .
-domainserverlawa803.web.app CNAME .
 domainserverlawa804.web.app CNAME .
 domainserverlawa806.web.app CNAME .
 domainserverlawa807.web.app CNAME .
@@ -1573,8 +1433,6 @@ domainserverlawa808.web.app CNAME .
 domainserverlawa809.web.app CNAME .
 domainserverlawa81.web.app CNAME .
 domainserverlawa810.web.app CNAME .
-domainserverlawa811.web.app CNAME .
-domainserverlawa812.web.app CNAME .
 domainserverlawa813.web.app CNAME .
 domainserverlawa814.web.app CNAME .
 domainserverlawa815.web.app CNAME .
@@ -1588,7 +1446,6 @@ domainserverlawa821.web.app CNAME .
 domainserverlawa822.web.app CNAME .
 domainserverlawa823.web.app CNAME .
 domainserverlawa824.web.app CNAME .
-domainserverlawa825.web.app CNAME .
 domainserverlawa826.web.app CNAME .
 domainserverlawa827.web.app CNAME .
 domainserverlawa828.web.app CNAME .
@@ -1600,9 +1457,7 @@ domainserverlawa832.web.app CNAME .
 domainserverlawa833.web.app CNAME .
 domainserverlawa834.web.app CNAME .
 domainserverlawa835.web.app CNAME .
-domainserverlawa836.web.app CNAME .
 domainserverlawa837.web.app CNAME .
-domainserverlawa838.web.app CNAME .
 domainserverlawa839.web.app CNAME .
 domainserverlawa84.web.app CNAME .
 domainserverlawa840.web.app CNAME .
@@ -1610,29 +1465,21 @@ domainserverlawa841.web.app CNAME .
 domainserverlawa842.web.app CNAME .
 domainserverlawa843.web.app CNAME .
 domainserverlawa844.web.app CNAME .
-domainserverlawa845.web.app CNAME .
 domainserverlawa846.web.app CNAME .
-domainserverlawa847.web.app CNAME .
-domainserverlawa848.web.app CNAME .
-domainserverlawa849.web.app CNAME .
 domainserverlawa85.web.app CNAME .
-domainserverlawa850.web.app CNAME .
 domainserverlawa851.web.app CNAME .
 domainserverlawa852.web.app CNAME .
 domainserverlawa853.web.app CNAME .
-domainserverlawa854.web.app CNAME .
 domainserverlawa855.web.app CNAME .
 domainserverlawa856.web.app CNAME .
 domainserverlawa857.web.app CNAME .
 domainserverlawa858.web.app CNAME .
-domainserverlawa859.web.app CNAME .
 domainserverlawa86.web.app CNAME .
 domainserverlawa860.web.app CNAME .
 domainserverlawa861.web.app CNAME .
 domainserverlawa862.web.app CNAME .
 domainserverlawa863.web.app CNAME .
 domainserverlawa864.web.app CNAME .
-domainserverlawa865.web.app CNAME .
 domainserverlawa866.web.app CNAME .
 domainserverlawa867.web.app CNAME .
 domainserverlawa868.web.app CNAME .
@@ -1643,7 +1490,6 @@ domainserverlawa871.web.app CNAME .
 domainserverlawa872.web.app CNAME .
 domainserverlawa873.web.app CNAME .
 domainserverlawa874.web.app CNAME .
-domainserverlawa875.web.app CNAME .
 domainserverlawa877.web.app CNAME .
 domainserverlawa878.web.app CNAME .
 domainserverlawa879.web.app CNAME .
@@ -1651,9 +1497,7 @@ domainserverlawa88.web.app CNAME .
 domainserverlawa880.web.app CNAME .
 domainserverlawa881.web.app CNAME .
 domainserverlawa882.web.app CNAME .
-domainserverlawa883.web.app CNAME .
 domainserverlawa884.web.app CNAME .
-domainserverlawa885.web.app CNAME .
 domainserverlawa886.web.app CNAME .
 domainserverlawa888.web.app CNAME .
 domainserverlawa889.web.app CNAME .
@@ -1673,19 +1517,14 @@ domainserverlawa901.web.app CNAME .
 domainserverlawa902.web.app CNAME .
 domainserverlawa903.web.app CNAME .
 domainserverlawa904.web.app CNAME .
-domainserverlawa905.web.app CNAME .
 domainserverlawa906.web.app CNAME .
 domainserverlawa907.web.app CNAME .
 domainserverlawa908.web.app CNAME .
 domainserverlawa909.web.app CNAME .
 domainserverlawa91.web.app CNAME .
 domainserverlawa910.web.app CNAME .
-domainserverlawa911.web.app CNAME .
 domainserverlawa912.web.app CNAME .
 domainserverlawa913.web.app CNAME .
-domainserverlawa914.web.app CNAME .
-domainserverlawa915.web.app CNAME .
-domainserverlawa916.web.app CNAME .
 domainserverlawa917.web.app CNAME .
 domainserverlawa918.web.app CNAME .
 domainserverlawa92.web.app CNAME .
@@ -1694,22 +1533,14 @@ domainserverlawa921.web.app CNAME .
 domainserverlawa922.web.app CNAME .
 domainserverlawa923.web.app CNAME .
 domainserverlawa924.web.app CNAME .
-domainserverlawa925.web.app CNAME .
 domainserverlawa926.web.app CNAME .
 domainserverlawa927.web.app CNAME .
 domainserverlawa929.web.app CNAME .
-domainserverlawa93.web.app CNAME .
 domainserverlawa930.web.app CNAME .
-domainserverlawa931.web.app CNAME .
 domainserverlawa932.web.app CNAME .
-domainserverlawa933.web.app CNAME .
-domainserverlawa934.web.app CNAME .
 domainserverlawa935.web.app CNAME .
-domainserverlawa936.web.app CNAME .
 domainserverlawa937.web.app CNAME .
 domainserverlawa938.web.app CNAME .
-domainserverlawa939.web.app CNAME .
-domainserverlawa94.web.app CNAME .
 domainserverlawa940.web.app CNAME .
 domainserverlawa941.web.app CNAME .
 domainserverlawa942.web.app CNAME .
@@ -1718,45 +1549,33 @@ domainserverlawa944.web.app CNAME .
 domainserverlawa945.web.app CNAME .
 domainserverlawa946.web.app CNAME .
 domainserverlawa947.web.app CNAME .
-domainserverlawa948.web.app CNAME .
 domainserverlawa949.web.app CNAME .
 domainserverlawa95.web.app CNAME .
 domainserverlawa950.web.app CNAME .
-domainserverlawa951.web.app CNAME .
 domainserverlawa952.web.app CNAME .
 domainserverlawa953.web.app CNAME .
 domainserverlawa954.web.app CNAME .
 domainserverlawa955.web.app CNAME .
-domainserverlawa957.web.app CNAME .
 domainserverlawa958.web.app CNAME .
 domainserverlawa959.web.app CNAME .
 domainserverlawa96.web.app CNAME .
-domainserverlawa960.web.app CNAME .
 domainserverlawa961.web.app CNAME .
 domainserverlawa962.web.app CNAME .
 domainserverlawa963.web.app CNAME .
 domainserverlawa964.web.app CNAME .
-domainserverlawa965.web.app CNAME .
 domainserverlawa966.web.app CNAME .
 domainserverlawa967.web.app CNAME .
-domainserverlawa968.web.app CNAME .
-domainserverlawa969.web.app CNAME .
 domainserverlawa97.web.app CNAME .
 domainserverlawa970.web.app CNAME .
-domainserverlawa971.web.app CNAME .
-domainserverlawa972.web.app CNAME .
 domainserverlawa973.web.app CNAME .
 domainserverlawa974.web.app CNAME .
 domainserverlawa975.web.app CNAME .
 domainserverlawa976.web.app CNAME .
 domainserverlawa977.web.app CNAME .
-domainserverlawa978.web.app CNAME .
 domainserverlawa979.web.app CNAME .
 domainserverlawa98.web.app CNAME .
 domainserverlawa980.web.app CNAME .
-domainserverlawa981.web.app CNAME .
 domainserverlawa982.web.app CNAME .
-domainserverlawa983.web.app CNAME .
 domainserverlawa984.web.app CNAME .
 domainserverlawa985.web.app CNAME .
 domainserverlawa986.web.app CNAME .
@@ -1766,14 +1585,11 @@ domainserverlawa989.web.app CNAME .
 domainserverlawa99.web.app CNAME .
 domainserverlawa990.web.app CNAME .
 domainserverlawa991.web.app CNAME .
-domainserverlawa992.web.app CNAME .
 domainserverlawa993.web.app CNAME .
-domainserverlawa994.web.app CNAME .
 domainserverlawa995.web.app CNAME .
 domainserverlawa996.web.app CNAME .
-domainserverlawa997.web.app CNAME .
-domainserverlawa998.web.app CNAME .
 domainserverlawa999.web.app CNAME .
+donaidrsilcio.com CNAME .
 doooog.cn CNAME .
 dopeydog.co.nz CNAME .
 dorouscom.com CNAME .
@@ -1781,20 +1597,20 @@ douuodwoman.com CNAME .
 dowaba-s2dhl.blogspot.com CNAME .
 doz.tode.cz CNAME .
 dpasdasfasfasfas.pages.dev CNAME .
+dpd-pl.566868.space CNAME .
 dpd-redelivery-uk.com CNAME .
 dpmasdaskj.pages.dev CNAME .
 dr-joannepeeler.com CNAME .
 dr3aq.byethost32.com CNAME .
+dreamhacker.pro CNAME .
 dreamotion-jp.com CNAME .
 drivingschoolglasgow.co.uk CNAME .
 drmarciovaleriano.com.br CNAME .
-dsadsadsa.diskstation.eu CNAME .
 dsgcbeonline.com CNAME .
+dskedirekt.web.app CNAME .
 dsp2codemdp.t.justns.ru CNAME .
-dswboot.cc CNAME .
 dtpprtmwbtudyquwgytcqcthzc-dot-gl44393333333.rj.r.appspot.com CNAME .
 dtrpsystasfasgas.pages.dev CNAME .
-duanemanor.tk CNAME .
 dukhovnist.in.ua CNAME .
 durecorpperu.com CNAME .
 dwrat.andalous.org CNAME .
@@ -1808,7 +1624,6 @@ e4ra.byethost8.com CNAME .
 e63q45f9h5fr.clickfunnels.com CNAME .
 eagleeyeapparel.com CNAME .
 earth01.info CNAME .
-easy-webtdapp.com CNAME .
 easywalletfix.net CNAME .
 easywalletsfix.com CNAME .
 eba0200d0c.nxcli.net CNAME .
@@ -1817,15 +1632,12 @@ ebay.com.dashboard-seller.center CNAME .
 eberhardtedwige.wixsite.com CNAME .
 ebuddynews.com CNAME .
 ec.snadc-oecddo.com CNAME .
-ecloanmoney.com CNAME .
 ecogreenjanitorial.com CNAME .
 ecomcrew.staging.wpengine.com CNAME .
 ecosteelsolution.ro CNAME .
-editpdfonline.tk CNAME .
 edje.com CNAME .
 edukickmexico.com CNAME .
 ee-sms.co.uk CNAME .
-ee.mseocri.com CNAME .
 ee.scicemecod.com CNAME .
 efarms.com.ng CNAME .
 eharmonyservice.com CNAME .
@@ -1848,7 +1660,6 @@ emojis.dels.bar CNAME .
 emsi-lobo.firebaseapp.com CNAME .
 en-template-solicito-16414253314897.onepage.website CNAME .
 enbolivia.com CNAME .
-enchanting-guiltless-suede.glitch.me CNAME .
 encryptdrive.booogle.net CNAME .
 engcamp.org CNAME .
 enoman.fqzsdgtg.cn CNAME .
@@ -1874,20 +1685,18 @@ eth-coinwallet.net CNAME .
 eth.coinscout.cc CNAME .
 ethnictrendz.com CNAME .
 ets.jwr.pa-fakfak.go.id CNAME .
-etwtny.cf CNAME .
 eucriomeumundo.com CNAME .
 eugnerally-wixsite-com.filesusr.com CNAME .
-euraby.com CNAME .
 eusa-lombo.firebaseapp.com CNAME .
 evashoes.com.ua CNAME .
+even-besar-banget.duckdns.org CNAME .
 even-ff-gratisterbaru2022.duckdns.org CNAME .
-even-ff-terbarugratis2022.duckdns.org CNAME .
+event-ff-bundle-baru.duckdns.org CNAME .
 event-freefire728.duckdns.org CNAME .
+event-freeskkinmlbb.duckdns.org CNAME .
 event-garenafreefire263.duckdns.org CNAME .
-event-skin-resmi-2022.duckdns.org CNAME .
-eventclaimfreefiregratis2022.duckdns.org CNAME .
 eventclaimsff0.duckdns.org CNAME .
-eventgarenafreefiremax2022.duckdns.org CNAME .
+eventspinfreefire2022.duckdns.org CNAME .
 everestmotors.com.np CNAME .
 evo-revolutioncups.com CNAME .
 evolbithman.web.app CNAME .
@@ -1896,6 +1705,7 @@ excelhana.com CNAME .
 exchange-pancakeswaps.com CNAME .
 exchangedictionary.com CNAME .
 exodlus.net CNAME .
+exodus-2022.com CNAME .
 exodus.com-wallet-signin.com CNAME .
 exodus.com-web-wallet-online.com CNAME .
 exodus.com.tccaponline.com CNAME .
@@ -1907,6 +1717,7 @@ extracash-interlbankonline.com CNAME .
 extracloud.com.au CNAME .
 ezblox.site CNAME .
 ezssausage.com CNAME .
+f2f.co.jp CNAME .
 f6fr7.codesandbox.io CNAME .
 f9w1lned0ruqblxi6jahwotak.filesusr.com CNAME .
 faccebook.azurewebsites.net CNAME .
@@ -1921,7 +1732,10 @@ facebook.com-r51znzih8i.isiolo.go.ke CNAME .
 facebook.com-zxsrf038k.isiolo.go.ke CNAME .
 facebook.eventspinff.wtf CNAME .
 facebook.kingstopup.com CNAME .
+facebook.whcserverbox.com CNAME .
+facebook8facebook.blogspot.com CNAME .
 facebookk.azurewebsites.net CNAME .
+facebookphisher.herokuapp.com CNAME .
 facebooks.azurewebsites.net CNAME .
 faic.in CNAME .
 faizankhan0408.github.io CNAME .
@@ -1935,20 +1749,21 @@ fassilnet5.ultimatefreehost.in CNAME .
 fax.gruppobiesse.it CNAME .
 fb-case-id-28031803-fcdc-48af.web.app CNAME .
 fb-pages.proteksion-help.workers.dev CNAME .
+fb.10004682.review CNAME .
 fb.expressturkeyi.com CNAME .
 fb7927.bget.ru CNAME .
 fdasd.2e4jept.cn CNAME .
 fdhgf.xyz CNAME .
-feceboolk.blogspot.com CNAME .
 federalaccesscredit.com CNAME .
 fedner.net CNAME .
 fer-brooks.top CNAME .
 feriadempleos.com CNAME .
 ferienhof-gempel.de CNAME .
 ff-anivesary225.duckdns.org CNAME .
+ff-member-ganena.com CNAME .
 ff-membership-garena.com CNAME .
 ff-membershipz-garena.ga CNAME .
-ff.membership.garenaj.vn CNAME .
+ff.members.garera.vn CNAME .
 ffim-event-2022.duckdns.org CNAME .
 fghjr74rhudfguhtfguji.blogspot.com CNAME .
 fi.uy CNAME .
@@ -1957,7 +1772,6 @@ fidelitybank-mn.net CNAME .
 fighting40s.com CNAME .
 fikir.id CNAME .
 fileundelete.net CNAME .
-filmkenner.com CNAME .
 filtrosmil.com.br CNAME .
 finalfantasyguide.co.uk CNAME .
 finiiishingedgex.tk CNAME .
@@ -1972,13 +1786,14 @@ fluksrv.mycpanel.rs CNAME .
 fmwebapp.azurewebsites.net CNAME .
 foliar.pl CNAME .
 foma-ura-lote.firebaseapp.com CNAME .
+foor1.com CNAME .
+for-pakage-delevry.tragaroleary.com CNAME .
 foresta-mod.firebaseapp.com CNAME .
 forhimself9999.co.vu CNAME .
 formbuddy.com CNAME .
 forms.formium.io CNAME .
 formtools.com CNAME .
 forum-dofus.com.co CNAME .
-foryour.gov-information.info CNAME .
 fpalpha.myportfolio.com CNAME .
 fpmaam.org CNAME .
 fr-europe564598-com.filesusr.com CNAME .
@@ -1991,6 +1806,7 @@ freefiredot-comerhadiah.duckdns.org CNAME .
 freefireevent-codashop2022.duckdns.org CNAME .
 freeitemff-allreward.duckdns.org CNAME .
 freeliker.net CNAME .
+freereward-ff.duckdns.org CNAME .
 frefire-membership-garena.sukienfreefire2021.top CNAME .
 freg-nine.pt CNAME .
 friendsofnechockey.com CNAME .
@@ -2006,21 +1822,22 @@ ftx.com.vn CNAME .
 ftx.cool CNAME .
 ftxbonus.site CNAME .
 funiswap.exchange CNAME .
+furgonetka-1.pl CNAME .
 fusionrestobar.cl CNAME .
+futurebits.in CNAME .
+fwztmgr.cn CNAME .
 fxhalifax.com CNAME .
 fxxmpavktyihgyqitmuaimubui-dot-gl44393333333.rj.r.appspot.com CNAME .
 g-mtcc.com CNAME .
 g.greatsubstance.com.my CNAME .
 ga.teesmith.shop CNAME .
 gabrielamims.com CNAME .
-gabung-grubnew1342.duckdns.org CNAME .
 gagaclinic.com CNAME .
 gakrvwufrvhxjaabezdbltlhff-dot-gl44393333333.rj.r.appspot.com CNAME .
 gallciaonllne.webcindario.com CNAME .
 garena-xacminhtaikhoan.com CNAME .
-garenafreefire728.duckdns.org CNAME .
-gastronomiarobertos.com CNAME .
 gasunige.mfs.gg CNAME .
+gbunggrup-pmrsatu13.duckdns.org CNAME .
 gedfdfsd.eu CNAME .
 geg.li CNAME .
 generali-italia-ag.hrweb.it CNAME .
@@ -2046,7 +1863,6 @@ goldenlasgidi10.web.app CNAME .
 golkondaresorts.com CNAME .
 goo-gl.me CNAME .
 good12345.tripod.com CNAME .
-goofy-wozniak.192-210-226-164.plesk.page CNAME .
 gorol-cost.web.app CNAME .
 gorol-investor.web.app CNAME .
 gosafes.com CNAME .
@@ -2056,39 +1872,28 @@ gramarcales.com.br CNAME .
 greekinfra.com CNAME .
 greenclasses.in CNAME .
 grosshandel-mevida.de CNAME .
-group-mantap-seger.duckdns.org CNAME .
 group-wa-1.duckdns.org CNAME .
-groupbkep-vral15.duckdns.org CNAME .
 groworldinternational.com CNAME .
 grp02.member.mycld-rakuten.info CNAME .
-grub-sangex.wikaba.com CNAME .
-grubgabung.duckdns.org CNAME .
 grubnatajadeh12.duckdns.org CNAME .
+grubterbarukk037.duckdns.org CNAME .
 grubviralterbaru65c.duckdns.org CNAME .
-grup-bokephot-terbaru2022.duckdns.org CNAME .
-grup-bokepviral4.duckdns.org CNAME .
-grup-dwsa-indomesia845.duckdns.org CNAME .
-grup-viral-seleb.duckdns.org CNAME .
-grup-viralbokep111.myftp.org CNAME .
-grup-viralbokep2.ddns.net CNAME .
+gruo-wa-okep-dewasa-2022.duckdns.org CNAME .
+grup-bokep-terbaru555.duckdns.org CNAME .
 grup-whatsapp121.duckdns.org CNAME .
 grup-whatsappbokep1.duckdns.org CNAME .
 grup-whatsappbokep2.duckdns.org CNAME .
-grupbokeppadacantik.duckdns.org CNAME .
+grup2022ssx.duckdns.org CNAME .
 grupofsp.com.br CNAME .
 gruposanpio.com CNAME .
-gruptiktok.wikaba.com CNAME .
-grupviral-xx.duckdns.org CNAME .
-grupviral109.duckdns.org CNAME .
-grupviralterbaru.duckdns.org CNAME .
+grupwhatsaap-viral-2022.duckdns.org CNAME .
 grupwhatsappnobar-2022.duckdns.org CNAME .
 gscommunityspirit.greenschool.org CNAME .
 gstsolutions.online CNAME .
+gtw420.com CNAME .
 gunatanahku.perkimtan.sumbarprov.go.id CNAME .
 gurukanth.com CNAME .
 gwenet.org CNAME .
-gyfnqyk.cn CNAME .
-gymjaokhanakho.azurewebsites.net CNAME .
 habbocreditosparati.blogspot.com CNAME .
 haftteam.ir CNAME .
 hahdaeupdate.es.tl CNAME .
@@ -2105,19 +1910,18 @@ hasseanhannitybeenwaterboarded.com CNAME .
 haunlimited.org CNAME .
 hcnprdvz.azureedge.net CNAME .
 hdmediahub.club CNAME .
-hdss-stream.org CNAME .
 heinthu1.github.io CNAME .
 hellenic-postbank.com CNAME .
-helloparis.co.uk CNAME .
 help-account-bxsfe.ondigitalocean.app CNAME .
+help-identity-recoveri-support-center.web.id CNAME .
 help-notice-center-identity-6532.web.id CNAME .
 help.insecur.saftyalert.workers.dev CNAME .
 help.validation-page.workers.dev CNAME .
+helpingcentere.com CNAME .
 henan.vxim58i.cn CNAME .
 hermes.parcel-tracker.com CNAME .
 hetershaven.net CNAME .
 heuristic-gagarin.45-88-108-231.plesk.page CNAME .
-hfemail.ntneancns.com CNAME .
 hgda.db0u4hs.cn CNAME .
 hgdaa.lfoxcct.cn CNAME .
 hghgda.erjl0hx.cn CNAME .
@@ -2132,18 +1936,15 @@ hifly38926.top CNAME .
 hifly39091.top CNAME .
 hifly61215.top CNAME .
 hifly71191.top CNAME .
-hikaheal.com CNAME .
 himalayansherpa.com.au CNAME .
 himbauane.blogspot.com CNAME .
 hitman71hd-wixsite-com.filesusr.com CNAME .
-hjhjjhjhjh.pagedemo.co CNAME .
 hockian.com CNAME .
 holobeam.000webhostapp.com CNAME .
 home.ei1ns.de CNAME .
 home.myfairpoint.net CNAME .
 homepichilinea2.webcindario.com CNAME .
 homesinlogin.com CNAME .
-homestaylongho.com CNAME .
 hostnix.net CNAME .
 hostpoint.ch.17a902ef.tcorner.fr CNAME .
 hotbrooks.com CNAME .
@@ -2156,6 +1957,7 @@ hpplotters.in CNAME .
 hs-giveaways.ca CNAME .
 ht-cargo.com.vn CNAME .
 htlgroup.com.my CNAME .
+httpcom-0d4tol437.isiolo.go.ke CNAME .
 httpeugnerally-wixsite-com.filesusr.com CNAME .
 https-scert-con04.xyz CNAME .
 https-scert-srv02.xyz CNAME .
@@ -2180,7 +1982,6 @@ i.violationspage.validationspege.workers.dev CNAME .
 ialvkqkadlmcdltczoqpwoociz-dot-gl44393333333.rj.r.appspot.com CNAME .
 ibpm.ru CNAME .
 icloud-map-live.com CNAME .
-icloudstatus.com.ng CNAME .
 icy.martulangbelulalng.workers.dev CNAME .
 idappswallets.com CNAME .
 identifiez-vous-avec-votre-compte.yolasite.com CNAME .
@@ -2193,7 +1994,6 @@ iframejld.avent-media.fr CNAME .
 ighk.umjlrs7uci2751.workers.dev CNAME .
 iipvit.by CNAME .
 ijcda.bukkats.cn CNAME .
-ijeioqhawdqioqho.weebly.com CNAME .
 ijhca.0gb0h7z.cn CNAME .
 ijjd.h8nmtcc.cn CNAME .
 ijmna.p2y00vd.cn CNAME .
@@ -2204,23 +2004,25 @@ ikcda.a2g5xvs.cn CNAME .
 ikcsa.ajiqvjf.cn CNAME .
 ikdff.jmo904i.cn CNAME .
 ikja.lbanwqp.cn CNAME .
+ikjcd.p1z98hl.cn CNAME .
 ikjd.uk0xnp8.cn CNAME .
 ikjgd.rg6bzk7.cn CNAME .
 ikmcd.u4jdbxm.cn CNAME .
 ikmxaa.qcqxlrq.cn CNAME .
+ilooksrare.com CNAME .
 iloveyourglasses.com CNAME .
 ilpconnect.org CNAME .
+image-pict-ig.duckdns.org CNAME .
 imersao.impulseingles.com.br CNAME .
 imf0rm4t10nc3nt3r-1d3nt1tys.000webhostapp.com CNAME .
-imi-ksa.jajainfo.net CNAME .
 imobiliaria-cardinali-com-br.blogspot.com CNAME .
 impostazionebper.000webhostapp.com CNAME .
 in.deraya.org CNAME .
-inaueab.com CNAME .
 indo-viral2022.duckdns.org CNAME .
 info.lionnets.com CNAME .
 infohypesquad.com CNAME .
 infopichinchaweb.webcindario.com CNAME .
+information.safeamazoncardweb.cyou CNAME .
 informations.recovery.confiryourpage.workers.dev CNAME .
 infos00001.temp.swtest.ru CNAME .
 infosecplace.com CNAME .
@@ -2233,16 +2035,16 @@ inna.cedymll.cn CNAME .
 innca.ol90k56.cn CNAME .
 innovasjon.as CNAME .
 inps-ep.com CNAME .
-instagram-9.blogspot.com CNAME .
-instagramhelpp.agency CNAME .
+instahelppbaddge.ml CNAME .
 intellidata-analytica.com CNAME .
-interbankempresahome.rankforever.com CNAME .
 interbankempresas.pe-il.ru CNAME .
+interbankhomeweb.fullcircleteam.com CNAME .
 intern.unibas-com.ch CNAME .
 international-formulier.91-218-65-223.plesk.page CNAME .
 internetbanking-caixa-gov.xyz CNAME .
 internetbankinghelp.com CNAME .
 internetservicetech.com CNAME .
+intesalife.ie CNAME .
 intexargentina.com.ar CNAME .
 inthewildproductions.com CNAME .
 intoli.ru CNAME .
@@ -2250,10 +2052,14 @@ intrafloraplants.com CNAME .
 intranet.sztpe.info CNAME .
 investpl.work CNAME .
 iplogger.info CNAME .
+iqwea.soxr0u1.cn CNAME .
 ironmantech.shop CNAME .
-irs-gov.us-get-funds-assistance.com CNAME .
+irs-gov-supportcenters.com CNAME .
+irs.gov-coronavirus-pandemic-tax-refund-submission.com CNAME .
+ise.com.ar CNAME .
 isfirsatibul.com CNAME .
 ismamorlin.my-place.us CNAME .
+isntagranmeta.pagedemo.co CNAME .
 istudyalumni.com CNAME .
 it-europe564598-com.filesusr.com CNAME .
 it.melnikhotels.com CNAME .
@@ -2265,6 +2071,12 @@ iuhs.tyopfhn.cn CNAME .
 iujdas.yfwxlc9.cn CNAME .
 iuyydd.ebeg6uk.cn CNAME .
 j9w77d0.cn CNAME .
+jacco.co.jp-service-tranid-0001-00001m.jtlctj.cn CNAME .
+jacco.co.jp-service-tranid-0001-00001m.jxbehx.cn CNAME .
+jacco.co.jp-service-tranid-0001-00001m.qyb59bk.cn CNAME .
+jacco.co.jp-service-tranid-0001-00001m.v8vxqi.cn CNAME .
+jacco.co.jp-service-tranid-0001-00001m.v9iasv.cn CNAME .
+jacco.co.jp-service-tranid-0001-00001m.vjsj3y.cn CNAME .
 jacobliston.com CNAME .
 jadaart.org CNAME .
 jagex-rewards.com CNAME .
@@ -2276,31 +2088,31 @@ jbwbzta.alfens8.cc CNAME .
 jeanbaileyrobor.com CNAME .
 jendelajogja.com CNAME .
 jerinja.github.io CNAME .
-jessicasproul.com CNAME .
 jetser-electrical-supply.business.site CNAME .
-jetstoop.top CNAME .
 jett.gator.site CNAME .
 jflkp.csb.app CNAME .
 jfovukvysqnglcjghfxncklqih-dot-gl44393333333.rj.r.appspot.com CNAME .
 jhda.wfdyk9p.cn CNAME .
 jhdd.fjcslad.cn CNAME .
 jhff.93oe0u9.cn CNAME .
+jhnd.0drhnjk.cn CNAME .
 jiwanramchemical.com CNAME .
 jjhcd.27ke98i.cn CNAME .
 jk99j.sbs CNAME .
-jkhkjjkjk.pagedemo.co CNAME .
 jlogine.com CNAME .
+jmcna.jiwayjc.cn CNAME .
+jmfykd.cyou CNAME .
+jncba.diiqsmm.cn CNAME .
 jnlope.tangguakrapekpuik.link CNAME .
 jnnc.grnxkoj.cn CNAME .
 job-type.com CNAME .
 jobs.job.com.bd CNAME .
 joecamera.net CNAME .
 john-ashley.de CNAME .
-join-chat-whatssap-viral-2022.duckdns.org CNAME .
-join-group-wa2022.duckdns.org CNAME .
-join-grub-bokep-gratis.duckdns.org CNAME .
-join-grubkienzy849.duckdns.org CNAME .
-join-whatsapp-tante-hot18.duckdns.org CNAME .
+join-group-1.duckdns.org CNAME .
+join-gruo-waku282.duckdns.org CNAME .
+joinedprice.com CNAME .
+joingrupku183.duckdns.org CNAME .
 joingrupp-bkep156.duckdns.org CNAME .
 joingrupterbaru-0.duckdns.org CNAME .
 joinlinkviral729.duckdns.org CNAME .
@@ -2308,12 +2120,14 @@ joinssgropshot18.duckdns.org CNAME .
 joinssgropssney6.duckdns.org CNAME .
 jow-japan.or.jp CNAME .
 joyeriajireh.com.mx CNAME .
-jp-bnnk.japappoit.asdwb.xyz CNAME .
-jp-bnnk.japappoit.asdwd.xyz CNAME .
+jp-auid.com CNAME .
+jp.mercari.omany.buzz CNAME .
 jptechdocsign.net CNAME .
 jrhayley.plus.com CNAME .
 juandfar.github.io CNAME .
+jurisgeneral.com CNAME .
 jurlebedev.ru CNAME .
+juscook.com CNAME .
 justgot.gonevis.com CNAME .
 justsayingbro.com CNAME .
 jvk.zultifarza.workers.dev CNAME .
@@ -2321,6 +2135,7 @@ jyeue43rm95p.clickfunnels.com CNAME .
 jz2bab.webwave.dev CNAME .
 k3ja6d.webwave.dev CNAME .
 kaamwalibais.co.in CNAME .
+kachinas.be CNAME .
 kamdhenurealities.com CNAME .
 kargonova.com CNAME .
 kartaltepespor.com CNAME .
@@ -2332,9 +2147,11 @@ kdhdf34j6dfh.dealerwebsite.com CNAME .
 kdlscaffolding.co.uk CNAME .
 kecc.com CNAME .
 kecmanijada.com CNAME .
+kedai-gamers.com CNAME .
 keep-passw0rd-supp0rt20211129-0106.supp0rtaaqkadq2zgnizte3ltbly2etnge5yi05ntm3lty2yjcwyzywzdjhmwa.workers.dev CNAME .
 keepactive-8k98-l9k8-98j8-98j78u-d3d3-fr3d34d-2.pages.dev CNAME .
 keepboxactive-msoe3e3-osd2rrf432-d342f4-3f34e32edetferef.pages.dev CNAME .
+kenanhusovic.com CNAME .
 kevinsmovingservice.com CNAME .
 kex81.sbs CNAME .
 key-drcp.com CNAME .
@@ -2358,12 +2175,12 @@ konfirmasi-identitas-2022.webnode.page CNAME .
 konnect2kamadhenu.com CNAME .
 koteng.odoo.com CNAME .
 kr-bithumb.web.app CNAME .
-kraftongame.net CNAME .
 krupije.com CNAME .
 krx887.com CNAME .
 ksschool.org.in CNAME .
 kuchkuchnights.com CNAME .
 kurortnoye.com.ua CNAME .
+ky79.com CNAME .
 l-abe.com CNAME .
 l-q.in CNAME .
 lambdaweb.info CNAME .
@@ -2385,16 +2202,17 @@ leadershipmail.org CNAME .
 learningimpactmodel.com CNAME .
 leboncoiinlbc.000webhostapp.com CNAME .
 leboncoin.delivery01588.icu CNAME .
+lefaf77683.temp.swtest.ru CNAME .
 lemeiesta.com CNAME .
 lenagruessdich.net CNAME .
 leroycu.ca CNAME .
+letoptuswebmail-9b69f0.ingress-comporellon.easywp.com CNAME .
 lettertracing4kids.com CNAME .
 lexnotes.com.ng CNAME .
-lg-bluebadgecenter.ml CNAME .
 lg-onecom-io.web.app CNAME .
 liberasrl.it CNAME .
 lihi3.cc CNAME .
-linkcontract.tech CNAME .
+linkgrupkakak-disini.duckdns.org CNAME .
 liongear.com CNAME .
 lirc.cep.edu.vn CNAME .
 little-frost-1a15.chrisc11004842.workers.dev CNAME .
@@ -2418,28 +2236,33 @@ lloydsbank.secure-online-deregister.com CNAME .
 lloydsbank.secure-personal-device-login.com CNAME .
 lloyduk-newdevice-registered-online.com CNAME .
 llsckhuhskcamuqwbonsrhwpvk-dot-gl44393333333.rj.r.appspot.com CNAME .
+lmbanang.pgryuangbtusngka.link CNAME .
 lnkd.dev CNAME .
 lnterbancape-lbk.com CNAME .
 lnterbank.pe.starneonsignsug.com CNAME .
+local-postoffice-deliver.com CNAME .
 localwithg.com CNAME .
 lockpichincha.webcindario.com CNAME .
 loengregkuetngferu.live CNAME .
 lofon-add.firebaseapp.com CNAME .
 loftywallet.com CNAME .
+logfuliz.web.app CNAME .
 login-a5x1ir9bkd0dfo9nrbe2akijf3ux35u2gard0djpitipusxxc8.website.yandexcloud.net CNAME .
 login-facebook18.webnode.page CNAME .
 login-live.com-s02.net CNAME .
 login-np6hh1hdf6csg7hcskopd44b7e7z4clqa8lput68g5abukevka.website.yandexcloud.net CNAME .
 login-postfinance.com CNAME .
+login-singaporee.apply-now-online-digital.com CNAME .
 login.dbs.webdbslistinonline.com CNAME .
 login.privategold.uytrtyuhij987.gowithapex.com CNAME .
-login.smbc.weddirecttop.com CNAME .
 logindhlaccess.dhlupdatelogin.workers.dev CNAME .
+loginnewatt.weebly.com CNAME .
 logverify-df12e-verify-1230-eu.web.app CNAME .
 loinesports.com CNAME .
 lomadesarrollos.mx CNAME .
 lombard11.eu CNAME .
 lot-lp-x.web.app CNAME .
+love.gos-box.com CNAME .
 lp.vp4.me CNAME .
 lrs.financial CNAME .
 lrs.foundation CNAME .
@@ -2459,13 +2282,10 @@ m.protc.safty-pege.workers.dev CNAME .
 m.recovery.safetyacount.workers.dev CNAME .
 m.recovery.saftypageupdate.workers.dev CNAME .
 m.salsomascard.top CNAME .
-m4-appcaixia.com CNAME .
 m42club.com CNAME .
-m5bundle.com CNAME .
 machineryzoneservice.com CNAME .
 macjakarta.com CNAME .
 macst.cc CNAME .
-madamailru.temp.swtest.ru CNAME .
 madens.com.pl CNAME .
 madrhinoconsulting.com CNAME .
 maestro.my.prod.dfg152.ru CNAME .
@@ -2477,15 +2297,15 @@ mail-account-verify-f4723.web.app CNAME .
 mail-gmxaktualisierung.yolasite.com CNAME .
 mail-ovhcloud.web.app CNAME .
 mail-ssocloud-srvr67yhguh.pages.dev CNAME .
+mail.atlanticeconcrete.com CNAME .
 mail.enrollmoreclientsbootcamp.com CNAME .
-mail.gov-taxid.completofyours.info CNAME .
-mail.grup-dwsa-indomesia845.duckdns.org CNAME .
 mail.ims-fe.com CNAME .
+mail.kenanhusovic.com CNAME .
 mail.kuttabalfatih.com CNAME .
 mail.santepluspharma.com CNAME .
 mail.sweetshopspecialtycoffee.com.au CNAME .
-mail.tariqalaraimi.com CNAME .
 mail.updateinfo-billingo2.com CNAME .
+mail.wellsfargous.duckdns.org CNAME .
 mail.wheel1factory.net CNAME .
 mail.zenstream.com CNAME .
 maildomaiincheck1.web.app CNAME .
@@ -2513,60 +2333,56 @@ mailserver7656566.blob.core.windows.net CNAME .
 mailupdattee10.web.app CNAME .
 mailupdattee11.web.app CNAME .
 mailupdattee12.web.app CNAME .
-mailupdattee13.web.app CNAME .
 mailupdattee14.web.app CNAME .
-mailupdattee15.web.app CNAME .
 mailupdattee16.web.app CNAME .
 mailupdattee17.web.app CNAME .
-mailupdattee18.web.app CNAME .
 mailupdattee19.web.app CNAME .
 mailupdattee20.web.app CNAME .
 mailupdattee21.web.app CNAME .
 mailupdattee22.web.app CNAME .
-mailupdattee23.web.app CNAME .
 mailupdattee24.web.app CNAME .
 mailupdattee26.web.app CNAME .
 mailupdattee27.web.app CNAME .
 mailupdattee28.web.app CNAME .
 mailupdattee29.web.app CNAME .
-mailupdattee32.web.app CNAME .
 mailupdattee34.web.app CNAME .
 mailupdattee35.web.app CNAME .
 mailupdattee40.web.app CNAME .
-mailupdattee5.web.app CNAME .
 mailupdattee6.web.app CNAME .
 mailupdattee7.web.app CNAME .
 mailupdattee8.web.app CNAME .
-mailupdattee9.web.app CNAME .
+mainbugerrorfixing.com CNAME .
+mainmobilerectify.live CNAME .
+mainsbscrestore.com CNAME .
 maintoken.org CNAME .
-mainwalletappconnect.com CNAME .
 makcts-go.ru CNAME .
 make-anon-keep-past.rvsla.workers.dev CNAME .
 mala-riba.com CNAME .
 malaprontaargentina.com.br CNAME .
 malehaenterprises.com CNAME .
 malukutenggarakab.go.id CNAME .
+mamasitasont.blogspot.com CNAME .
 mandirilivinlinksystem.brizy.site CNAME .
-mandirilivinlinksystem2.brizy.site CNAME .
 mandirilivinlinksystem3.brizy.site CNAME .
-manthsedty.live CNAME .
 manualsync.com CNAME .
+maotun.xyz CNAME .
 mapsa.com.pe CNAME .
+marifilmines.ca CNAME .
 marinthe.poingaitongamlm.link CNAME .
 marketplace-axieinfinity.io CNAME .
 marketplace-axlelnfiniity.com CNAME .
 marketplace.facebook.com-1b6x8r3ep.isiolo.go.ke CNAME .
 marketplace.facebook.com-29ta3qbv.isiolo.go.ke CNAME .
 marketplace.facebook.com-hzup1bae.isiolo.go.ke CNAME .
+marketplace.facebook.com-izkbuxmx.isiolo.go.ke CNAME .
 marketplace.facebook.com-kq1oh2ae.isiolo.go.ke CNAME .
+marketplace.facebook.com-milt5ssm.isiolo.go.ke CNAME .
 marketplace.facebook.com-qze9zt75vm.isiolo.go.ke CNAME .
 marketplace.facebook.com-sauuvazpjo.isiolo.go.ke CNAME .
 marketplace.facebook.com-tyeuieb7.isiolo.go.ke CNAME .
 marketplace.facebook.com-wd5sulr0f5.isiolo.go.ke CNAME .
 marketplace.facebook.com-z1au8cxghl.isiolo.go.ke CNAME .
 marketplaceaxieinfiniity.com CNAME .
-marmardian.co.vu CNAME .
-marylkmatzenger.com CNAME .
 masdas0932.co.vu CNAME .
 masum.lawyer CNAME .
 match.lookatmynewphotos.com CNAME .
@@ -2594,22 +2410,28 @@ mercani.pomyt.info CNAME .
 mercariz.xyz CNAME .
 meremanovegabana.website2.me CNAME .
 mericarir.mbudeu.cn CNAME .
-mericarir.mg0gbo1.cn CNAME .
+mericarir.mednljn.cn CNAME .
 mericarir.mgeukpx.cn CNAME .
 mericarir.mglsffs.cn CNAME .
-mericarir.mksydb.cn CNAME .
+mericarir.mglxyul.cn CNAME .
+mericarir.mhgqdtv.cn CNAME .
+mericarir.mjrsrfo.cn CNAME .
 mericarir.mktbbr.cn CNAME .
+mericarir.mkxbqnu.cn CNAME .
 mericarir.mlyffa.cn CNAME .
+mericarir.mmsfzys.cn CNAME .
 mericarir.mnfjwy.cn CNAME .
 mericarir.mnheijt.cn CNAME .
-mericarir.mrzcafk.cn CNAME .
 mericarir.msnygk.cn CNAME .
-mericorci-logining.sfhs26r.lyb6srb.cn CNAME .
+mericarir.mtlrnzu.cn CNAME .
+mericarir.mukkwvc.cn CNAME .
+mericarir.mxsoecl.cn CNAME .
 meriocori-logining.2y3uio.pyqbas.cn CNAME .
 mestertignseekjet4.blogspot.com CNAME .
 mestertignseekjet5.blogspot.com CNAME .
 mestertignseekjet6.blogspot.com CNAME .
 mestredaobra.com CNAME .
+meta-support-centers.ml CNAME .
 metalurgicagiom.com.br CNAME .
 metamasc.club CNAME .
 metamask-connect.com CNAME .
@@ -2620,11 +2442,13 @@ metamask-wallets.yahoosites.com CNAME .
 metamask.cam CNAME .
 metamask.io-php.com CNAME .
 metamask.kiwi CNAME .
+metamask.loan CNAME .
 metamask.protocol-process.me CNAME .
 metamask.security-information.cc CNAME .
 metamask.social CNAME .
 metamask.wallets-reauth.net CNAME .
 metamaskdownloadandroid.xyz CNAME .
+metamaskextension.xyz CNAME .
 metamassklogins-us.tumblr.com CNAME .
 metaversepadapp.com CNAME .
 meusabor.com.br CNAME .
@@ -2632,19 +2456,20 @@ mfacebook.blogspot.com.cy CNAME .
 mfacebook.blogspot.lt CNAME .
 mfacebook.blogspot.rs CNAME .
 mgpskartarpur.com CNAME .
+mgrandroyale.com CNAME .
 mibancocrece.com.co CNAME .
 micacd.elshov.com CNAME .
-michaelxrandazzo.com CNAME .
 michiyado.com CNAME .
 microcav.square.site CNAME .
 microsoftonline.pages.dev CNAME .
 microsoftwebserver.mfs.gg CNAME .
 micuenta01.github.io CNAME .
+midasbuy1st.com CNAME .
+midsposc2.com CNAME .
 mijnics-actualisatie.185-236-231-64.plesk.page CNAME .
-mikhali.com CNAME .
+mikayelxhovakimyan.com CNAME .
 milanobet301.com CNAME .
 militarybikers.org CNAME .
-minamikaga.or.jp CNAME .
 mingming20160152.github.io CNAME .
 miozpro.com CNAME .
 miracdoviz.com CNAME .
@@ -2674,16 +2499,17 @@ mjaymvnlchrlbwjlcjizmxn0.filesusr.com CNAME .
 mk2.ge CNAME .
 mkjiool.weebly.com CNAME .
 mnbxa.73kfer9.cn CNAME .
+mnbxcas.zm7wwar.cn CNAME .
 mncxx.qbeepor.cn CNAME .
 mnnbx.r1rpj09.cn CNAME .
+mnncxa.fwffsyt.cn CNAME .
 mobiile.systemredirect-pages.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link CNAME .
-mobil-singaporre.digital-online-login-opportunity.com CNAME .
 mobile-orange-forever.yolasite.com CNAME .
 mobile-portail.live CNAME .
 mobile.hedgesportst.me CNAME .
-moccasinyellowbetatest--josekkk.repl.co CNAME .
 moccasinyellowbetatest.josekkk.repl.co CNAME .
 modest-hertz.45-81-232-15.plesk.page CNAME .
+moiksys.com CNAME .
 mon-token.com CNAME .
 mon.espace.lcl.fr.certosini.info CNAME .
 monbudri.xyz CNAME .
@@ -2698,6 +2524,7 @@ montrealidiomas.com.br CNAME .
 monyeward.com CNAME .
 morcario.xyz CNAME .
 morfybox.com CNAME .
+movil.particulares-secure.com CNAME .
 mqzlsim.mindlogicinfotech.com CNAME .
 mrpitchman.com CNAME .
 msc-doelsach.at CNAME .
@@ -2718,16 +2545,14 @@ my-site219.yolasite.com CNAME .
 my.jcpwb.com CNAME .
 my.nhs-get-pass.com CNAME .
 my.paydi.login-index-home.x4typfc.cn CNAME .
-my.paydi.logining-nexy-home.en6cnm.asia CNAME .
 my02billing-login.com CNAME .
-myaccount.aol.wallat-billing.com.authlog.gq CNAME .
+mybeii.live CNAME .
 mycoerver.es CNAME .
 mygoogleaccount.stantrade.xyz CNAME .
 myjcb.cyyptoi.cn CNAME .
 myjcb.thxpj.cn CNAME .
 mymbg-aa2e2.web.app CNAME .
 mymeta-securearea.plesk07.zap-webspace.com CNAME .
-mymetamask-clientarea.185-236-231-227.plesk.page CNAME .
 mymweb-owner.at.ua CNAME .
 mypo-delivery.com CNAME .
 mypsm.psm.edu.mm CNAME .
@@ -2739,7 +2564,6 @@ mzqualitycleaning.com CNAME .
 n-naoko-0319.github.io CNAME .
 n.salsomascard.top CNAME .
 n26.sa-france.fr CNAME .
-n26servicetechnique.click CNAME .
 n7orton.com CNAME .
 nab-access-breach.com CNAME .
 nab-alert.mobi CNAME .
@@ -2747,7 +2571,6 @@ nab-www.303.si CNAME .
 naderkhani.ir CNAME .
 najboljeuslugezavas.betterservicesforyou.com CNAME .
 nalandaias.com CNAME .
-nalodke.com.ua CNAME .
 nanjing.itud167.cn CNAME .
 napgamelienquan.net CNAME .
 naranja-users.auth0.com CNAME .
@@ -2762,8 +2585,10 @@ natwest.secured-personal-verify.com CNAME .
 nayablabs.com CNAME .
 nayameehomes.com CNAME .
 nbcc.0bit08a.cn CNAME .
+nbcd.xiu58rl.cn CNAME .
 nbcvs.gd65y69.cn CNAME .
 nbcxa.lctlfdq.cn CNAME .
+nbcxas.551awvr.cn CNAME .
 nbhjxa.hblhi96.cn CNAME .
 nbnonres.com CNAME .
 nbxaa.b1b6nac.cn CNAME .
@@ -2775,12 +2600,9 @@ ncgroup.club CNAME .
 necessitymag.com CNAME .
 nedbankqa.flowblocks.com CNAME .
 nedriw.xyz CNAME .
-neftlexi.com CNAME .
 negociebra.com.br CNAME .
 neptuneinnovations.com CNAME .
 netciti.id CNAME .
-netf1ix.us-891691712-local-781652.airalgeriecanada.ca CNAME .
-netfl-lixids938mailmealkas.duckdns.org CNAME .
 netflix-techarmy.me CNAME .
 netflixus-uwm-916726-sbi-917827.kamaliakhaddar.pk CNAME .
 networksol-f35e7.web.app CNAME .
@@ -2804,9 +2626,8 @@ nhri.net CNAME .
 nhs.my-vaccine-status.com CNAME .
 niagarapower.com CNAME .
 nic-home.com CNAME .
-nisuper.com CNAME .
 nizotchauffage.bilty.be CNAME .
-nontonvidioviral2022nohoax.duckdns.org CNAME .
+nodesconnection.com CNAME .
 northlane.esy.es CNAME .
 notife.help.institutepages.workers.dev CNAME .
 notification-fb.secure-pages.workers.dev CNAME .
@@ -2847,23 +2668,22 @@ oidda.5s2iamp.cn CNAME .
 oijcd.qvjcddv.cn CNAME .
 oikca.smwceku.cn CNAME .
 oikcas.6b914ty.cn CNAME .
+oikcd.uf27ce8.cn CNAME .
 oikcxa.zvvx01z.cn CNAME .
 oivac.com CNAME .
 okcs.qj8yua.cn CNAME .
 okds.bbtlcve.cn CNAME .
-okep-terbaru-viral-2022.duckdns.org CNAME .
+okep-viral-terbaru-terhist-2022.duckdns.org CNAME .
 okmca.8xcrn6w.cn CNAME .
 okmca.bxkfham.cn CNAME .
 okmca.uwudagu.cn CNAME .
 okmxa.lfgpror.cn CNAME .
 okpwtu.webwave.dev CNAME .
+ol-run1.online CNAME .
 olidooo.waca.tw CNAME .
 olk.us7apye.cn CNAME .
 olmnxa.wc2ikux.cn CNAME .
-olx-pay-pl.pay-id22343.top CNAME .
-olx.saferegulatory.com CNAME .
 omesqiwines.de CNAME .
-omicronvariat.pagedemo.co CNAME .
 oncopharma-ae.com CNAME .
 onecreator.info CNAME .
 onedrive.zhaoge.workers.dev CNAME .
@@ -2873,13 +2693,16 @@ oneone-19cd8.web.app CNAME .
 oneone-a38ef.web.app CNAME .
 online-sistem.com CNAME .
 onlineasesor01.hostfree.pw CNAME .
+onlinebanking.unrecognised-new-payee.com CNAME .
 onlineffn2.temp.swtest.ru CNAME .
+onlineislemlersayfasivkfgirisicom.tk CNAME .
+onlinsfuco.temp.swtest.ru CNAME .
 onlysportplus.com CNAME .
 ooxvocalor.yolasite.com CNAME .
 opansea.live CNAME .
 open24.ie-tsb.email CNAME .
+operationroofingllc3.com CNAME .
 opticabattilana.com.ar CNAME .
-optika-anda.hr CNAME .
 ora-n.yolasite.com CNAME .
 orabu.it CNAME .
 orange-dcr.fr CNAME .
@@ -2890,11 +2713,8 @@ orange2k22.wixsite.com CNAME .
 orangeb191.temp.swtest.ru CNAME .
 orangess.contactin.bio CNAME .
 org-nr.yolasite.com CNAME .
-orlen-inwe.web.app CNAME .
-orlen-x.web.app CNAME .
 orlen.digital CNAME .
 ormantencs112.odoo.com CNAME .
-oryxcaracalsecurity.com CNAME .
 osis.world CNAME .
 otomoto-h229.net CNAME .
 otomoto3452.com CNAME .
@@ -2903,6 +2723,7 @@ oudczfbniitcqdsrmaapdztwqo-dot-gl44393333333.rj.r.appspot.com CNAME .
 ourgarden.us CNAME .
 outlook1541489.webcindario.com CNAME .
 outlookcom119.yolasite.com CNAME .
+ouverturecompte.lbp-eer.fr CNAME .
 oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com CNAME .
 p1c.servleboncoinser.com CNAME .
 package2021.blogspot.ba CNAME .
@@ -2910,7 +2731,6 @@ package2021.blogspot.bg CNAME .
 package2021.blogspot.com CNAME .
 page-restrict-case22456548.help CNAME .
 pages-1008009999700022199021.com CNAME .
-pages-1008097555214021.com CNAME .
 pages-alert-facebook.ezyro.com CNAME .
 pages-community-standart-2022.co CNAME .
 pages-marvelous-project.webflow.io CNAME .
@@ -2919,11 +2739,11 @@ pages-support-office-2021.tk CNAME .
 pages.secure-accts.workers.dev CNAME .
 pagesdetectscopyrightpostingactivitiesreported.co.vu CNAME .
 pagos.sinpemovil.cr CNAME .
+paidpapers.net CNAME .
 paleyeer.com CNAME .
 palmm.ps CNAME .
 pancaakesvap.com CNAME .
 pancake-sawp.com CNAME .
-pancake.ellipsis.finance CNAME .
 pancake7wop.com CNAME .
 pancakesawpes.com CNAME .
 pancakesfinances.info CNAME .
@@ -2933,7 +2753,6 @@ pancakeswap.men CNAME .
 pancakeswap.multi-wallet.info CNAME .
 pancakeswap.salsasourcing.com CNAME .
 pancakeswapes.company CNAME .
-pancakeswapex.com CNAME .
 pancakeswapexcgn.com CNAME .
 pancakeswapexch.com CNAME .
 pancakeswapexchage.com CNAME .
@@ -2941,17 +2760,15 @@ pancakeswapexchg.com CNAME .
 pancakeswappshop.blogspot.com CNAME .
 pancaku-swap.com CNAME .
 pancalteswap.finance CNAME .
+panccakesswap.org CNAME .
 panckaceswap.finance CNAME .
-pancoke.com CNAME .
 pandaskin.ru.com CNAME .
 panelweb-4cae2.web.app CNAME .
 pankaceeswap.com CNAME .
 pankaceswapes.finance CNAME .
 pankakeswap.ledgity.com CNAME .
 pannelpub-benin.com CNAME .
-pansccakeswap.finance CNAME .
 pantazisezopiiuurmail1.web.app CNAME .
-pantekkalisakitkepalaku.blogspot.com CNAME .
 parcel-support018.com CNAME .
 pardot.assemblecommunities.com CNAME .
 pasarbta.info CNAME .
@@ -2962,6 +2779,7 @@ pathospitals.com CNAME .
 patient-cell-40f5.updatedlogmylogin.workers.dev CNAME .
 patwise.co.in CNAME .
 paws.org.au CNAME .
+paxfulacct.com CNAME .
 paxfulmenu.com CNAME .
 pay-sera.web.app CNAME .
 pay16-olx.pl CNAME .
@@ -2969,13 +2787,16 @@ paymentnotificationnow.blogspot.com CNAME .
 paypal-online-2deposits-paymentaccept.tk CNAME .
 paypal-opladen.be CNAME .
 paypalforex.co.ke CNAME .
+pbemail.youxiangdashui.com CNAME .
 pdf-cloud-document.weeblysite.com CNAME .
 pdf-sharefile-doc.weeblysite.com CNAME .
 pdflogincnvwo.app.link CNAME .
 pdfsecured.mystrikingly.com CNAME .
 peaceful-black.193-70-50-31.plesk.page CNAME .
+pedih.001www.com CNAME .
 pembatalanakundinonaktifkan.weebly.com CNAME .
 pencakecwap.com CNAME .
+pensive-payne-505e1a.netlify.app CNAME .
 perfectliker.net CNAME .
 peringatanakunfb2k214.webnode.com CNAME .
 phantom-walletweb.app CNAME .
@@ -3001,7 +2822,8 @@ pikay13.github.io CNAME .
 pilmezorda.temp.swtest.ru CNAME .
 pinchinchaverify.webcindario.com CNAME .
 pirana.co.rs CNAME .
-pl-swiatowe-wiadomosci.pl CNAME .
+pkobp.pl.justns.ru CNAME .
+pl-wiadomosciswiatowe.pl CNAME .
 pla1060604.nichost.ru CNAME .
 plan-o2-monthlypayments.com CNAME .
 planetaamor.org CNAME .
@@ -3010,8 +2832,6 @@ platinumserviceac.com CNAME .
 playgirlgold.com CNAME .
 ploferta.com CNAME .
 plugmailextraexpiredoldpolicynotificationscenter.pages.dev CNAME .
-plwiadomosciwszystkie.pl CNAME .
-po-deliver-fees.com CNAME .
 po-service-page.com CNAME .
 poc-rewards-program-c2dfc.web.app CNAME .
 podpiska-darom.ru CNAME .
@@ -3028,6 +2848,7 @@ poligrafiapias.com CNAME .
 polkadot-france.fr CNAME .
 polkastarter.app CNAME .
 polsd.pa0cpof.cn CNAME .
+polska-informacyjna.pl CNAME .
 polxa.uh8dg67.cn CNAME .
 polygon-pro.com CNAME .
 polygon-secure.com CNAME .
@@ -3045,7 +2866,6 @@ postch9192.cargo.site CNAME .
 postechsuivre.ileanamlaw.com CNAME .
 postnl.post-tracking-delivery.etelinfra.com CNAME .
 poww.6hkjmb.cn CNAME .
-ppkllp.com CNAME .
 ppnnttcc.ppcnthsc.me CNAME .
 precisionimpex.com CNAME .
 preg.dspearhead.com CNAME .
@@ -3062,11 +2882,13 @@ primecentral.jixinggaozhao2.shop CNAME .
 primecentral.qiourn.shop CNAME .
 primeone.org CNAME .
 printtoner.com.mx CNAME .
+prism.net.in CNAME .
 privacy-update-page-prtections-association-recovry-secu.web.id CNAME .
 privacy-update-secu-recovry-page-protection-4565544.web.id CNAME .
 privacy-update-secu-recovry-page-protection-comunity-45.web.id CNAME .
 priyankasandokar1606.github.io CNAME .
 pro.icloudremovaltool.com CNAME .
+pro.systemine.xyz CNAME .
 procservautomatizacion.com CNAME .
 production.anon-rest-keep-reset.sales18130.workers.dev CNAME .
 production.anon-step-keep-object.sales18130.workers.dev CNAME .
@@ -3080,6 +2902,7 @@ production.try-murpheos-keep.sales18130.workers.dev CNAME .
 production.twilight-darkness-9e4b.updatelogaccountprogramedrfwerwrdhscsw.workers.dev CNAME .
 project1-df3e9.web.app CNAME .
 projectlovewell.com CNAME .
+promashoppe.com CNAME .
 promehedinti.ro CNAME .
 promerica-sv.webcindario.com CNAME .
 promericalinea01.webcindario.com CNAME .
@@ -3088,8 +2911,6 @@ prosmate.com CNAME .
 prosxsiuser.myfreesites.net CNAME .
 prosys.poweredbygravit-e.co.uk CNAME .
 protect-4d56vca.surge.sh CNAME .
-proteczzguuaaardzzzpagess.000webhostapp.com CNAME .
-proteczzpagezzguarddzzz.000webhostapp.com CNAME .
 provodi.com CNAME .
 proximus-account.azurewebsites.net CNAME .
 ptxx.cc CNAME .
@@ -3109,13 +2930,13 @@ qhmqhgnfqbcoxkwamsioilhdmv-dot-gl44393333333.rj.r.appspot.com CNAME .
 qsh74pekkv5e8.clickfunnels.com CNAME .
 qssa.x5yrlr.cn CNAME .
 quinaroja.com CNAME .
+quirky-jones.172-245-159-112.plesk.page CNAME .
 quotex-qx.com CNAME .
 qwas.nfi71vw.cn CNAME .
 qwea.wvhee0w.cn CNAME .
 qweas.hi5g95r.cn CNAME .
 qweas.p6rhddj.cn CNAME .
 qweas.zwfaclq.cn CNAME .
-qxluatbght.cfolks.pl CNAME .
 r3c31v30n3-1d3nt1ty.000webhostapp.com CNAME .
 rabellartz.de CNAME .
 rabofree.blogspot.com CNAME .
@@ -3123,6 +2944,7 @@ rabofree.blogspot.li CNAME .
 rackenfordlabs.com CNAME .
 racuten.nuef.info CNAME .
 radhikamd.github.io CNAME .
+rafbbmx.ga CNAME .
 rafbbmx.ml CNAME .
 raipurrussianescorts.com CNAME .
 rakoten-card.buogfbizkugf.gq CNAME .
@@ -3133,17 +2955,12 @@ raktuen.laobanlocker.com CNAME .
 rakuitan-card.info CNAME .
 rakuten.awjoadc.cn CNAME .
 rakuten.card.nuosreaoms.com CNAME .
-rakuten.card.uosmcoua.com CNAME .
-rakuthn.shop CNAME .
-rakuttm.shop CNAME .
+rakuten.co.jp.rakutenajp.xyz CNAME .
 ramgarhiamatrimonial.ca CNAME .
 rareelements.io CNAME .
-rasmer.fi CNAME .
 ratewatch.net CNAME .
 raycargo.com CNAME .
 raydiom.io CNAME .
-razcjjf.ga CNAME .
-razcjjf.ml CNAME .
 rbcmontgomery.com CNAME .
 rd8um.app.link CNAME .
 rdirtfuo6t.vov.ru CNAME .
@@ -3152,9 +2969,9 @@ re-redirection-acc-id923872635122.blogspot.com CNAME .
 real-anon-keep-passing-word.rvsla.workers.dev CNAME .
 realestate-page-10843446024.expresspestcontrol.co.nz CNAME .
 realindiatravel.com CNAME .
+recibeya.tufacilmoneyonline.online CNAME .
 reconfirmpost287846656.us CNAME .
 recover-pages-media-problems-secur-782.web.id CNAME .
-recover-pages-secur-media-problems-393.web.id CNAME .
 recover-pages-secur-media-problems-397.web.id CNAME .
 recovery-chain.com CNAME .
 recovery-fb.secure-acct.workers.dev CNAME .
@@ -3172,12 +2989,12 @@ reglic.in CNAME .
 regularsweeps.xyz CNAME .
 reignbike.com CNAME .
 reikisadhna.com CNAME .
+rekoution.bcszxcd.shop CNAME .
 relevant.systems CNAME .
 remittance369297292749.goshly.com CNAME .
 renovkonstruksi.com CNAME .
 repl-mess.myfreesites.net CNAME .
 restore.exodusapp.ru CNAME .
-restoredabefore-com.filesusr.com CNAME .
 restorewallet-activation.net CNAME .
 retiro-extracash.com CNAME .
 retiro.cl CNAME .
@@ -3205,7 +3022,6 @@ roccobonheur1-my-cheetah-website-copy.cheetah.builderall.com CNAME .
 roisnoob.github.io CNAME .
 rokulinktechnology.com CNAME .
 rolinadd.surveysparrow.com CNAME .
-romanceify.com CNAME .
 rondalowa.blogspot.com CNAME .
 rondelbarrilito.com CNAME .
 ronin-help.com CNAME .
@@ -3221,10 +3037,10 @@ rplg.co CNAME .
 rrakutenn.co.jp.azii.cn CNAME .
 rrakutenn.co.jp.nanofresh.cn CNAME .
 rsujkblokqlyqfonpzgztejdji-dot-gl44393333333.rj.r.appspot.com CNAME .
-rufoxxy.com CNAME .
 runescape-info.com CNAME .
+runescapebonds.com CNAME .
+runescapeevents.com CNAME .
 ruth.martulangbelulalng.workers.dev CNAME .
-ryanicolehoward.com CNAME .
 rymproducciones.com CNAME .
 s-sarfati.co.il CNAME .
 s.macecri.com CNAME .
@@ -3249,7 +3065,6 @@ sanjilkumar.com CNAME .
 sankyo-rz.com CNAME .
 sanru.cd CNAME .
 santander.secured-auth-login.com CNAME .
-santanverifyfunction.com CNAME .
 santepluspharma.eclatmediasolution.website CNAME .
 santoshdangi.com.np CNAME .
 saritapariyar.com.np CNAME .
@@ -3271,16 +3086,16 @@ secure-boncoincontrol.net CNAME .
 secure-halifax-device.com CNAME .
 secure-mynew-devices.com CNAME .
 secure-runescape.xgm.rnp.mybluehost.me CNAME .
-secure-service-gateway.com CNAME .
 secure-zirox.s3.ap-southeast-2.amazonaws.com CNAME .
 secure.legalmetric.com CNAME .
 secure.oldschool.com-cl.ru CNAME .
 secure.oldschool.com-cu.ru CNAME .
-secure.oldschool.com-cv.ru CNAME .
 secure.oldschool.com-oz.ru CNAME .
 secure.oldschool.com-rsu.ru CNAME .
+secure.runescape.com-ak.ru CNAME .
 secure.runescape.com-as.cz CNAME .
 secure.runescape.com-az.ru CNAME .
+secure.runescape.com-ca.ru CNAME .
 secure.runescape.com-cl.ru CNAME .
 secure.runescape.com-co.ru CNAME .
 secure.runescape.com-cu.ru CNAME .
@@ -3293,13 +3108,13 @@ secure.runescape.com-vs.ru CNAME .
 secure300.inmotionhosting.com CNAME .
 secure303.inmotionhosting.com CNAME .
 secure55.webhostinghub.com CNAME .
-secure7-servr01-log-in.4nmn.com CNAME .
-securee37-authen21.duckdns.org CNAME .
+secureaccount.ntflxauth.co CNAME .
 securegateway-ovhcloud.csl-sl.de CNAME .
 securelloyd-help-app.com CNAME .
+securewalletprotocol.online CNAME .
 security-page-community-standards.blogspot.com CNAME .
 seguridad-oca.webcindario.com CNAME .
-seleb-indo.duckdns.org CNAME .
+seleccionperfil.xyz CNAME .
 selector26.gg CNAME .
 selector28.gg CNAME .
 sem.my-drs.co.uk CNAME .
@@ -3309,7 +3124,7 @@ sendung.eyecatch.ch CNAME .
 sergebubnin.space CNAME .
 sertyxese.myfreesites.net CNAME .
 server-networksolutions.web.app CNAME .
-serverprotocols.com CNAME .
+server221.security.coinbase.com.gdone.co.ke CNAME .
 servervalidationcheck103.web.app CNAME .
 servervalidationcheck104.web.app CNAME .
 servervalidationcheck105.web.app CNAME .
@@ -3364,7 +3179,6 @@ serviceinfo-securehost.duckdns.org CNAME .
 servicepage.service-page.workers.dev CNAME .
 servicepichincha.webcindario.com CNAME .
 services.runescape.com-as.cz CNAME .
-services.runescape.com-oc.ru CNAME .
 services.runescape.com-rse.ru CNAME .
 services.runescape.com-rsu.ru CNAME .
 servicesbancaire.com CNAME .
@@ -3392,6 +3206,7 @@ sharedtris.com CNAME .
 sharelink.sn.am CNAME .
 shayvardphoto.ir CNAME .
 shinex.lk CNAME .
+shippment2.temp.swtest.ru CNAME .
 shirhokos-mhalskbsiaoutfew43535.duckdns.org CNAME .
 shirtshanger.com CNAME .
 shiye666.cn CNAME .
@@ -3403,11 +3218,9 @@ sidneyfcuorg.freshy.site CNAME .
 sign-trk.empressmd.com CNAME .
 signin-gcq7uwojrw58brcckylebjuy39nk2ivt65ol39k6ut6ura94zk.website.yandexcloud.net CNAME .
 signin-payeer.com CNAME .
-signin.eday.ed.ws.eday.ispi.dll.signin.using.ssl.hors-stade.com CNAME .
-silkroadwines.com CNAME .
 silpovsatb-ua.online CNAME .
 silverberrygroup.com CNAME .
-sim0nt0k-viral-terbaru-2022.duckdns.org CNAME .
+simonecamposshop.com.br CNAME .
 simpkk.karanganyarkab.go.id CNAME .
 sindarspen.org.br CNAME .
 siporados15585.blogspot.com CNAME .
@@ -3440,12 +3253,11 @@ slavamel.github.io CNAME .
 sleepmaskz.com CNAME .
 slickparties.com CNAME .
 slmkufeckf.jon-jensen.workers.dev CNAME .
-slovenska-posta.sytes.net CNAME .
 slowlinebag.jp CNAME .
 sm.scicemecod.com CNAME .
 sm777.csb.app CNAME .
+smartfixconnect.live CNAME .
 smbc-accout.com CNAME .
-smbc-credit.shop CNAME .
 smbc-veaiana.com CNAME .
 smbcbc.com CNAME .
 smbccjp.shop CNAME .
@@ -3453,10 +3265,11 @@ smbcr.mrtka.info CNAME .
 smbcwodeqingguoshoujicojp.top CNAME .
 smeo.org.mx CNAME .
 smgolamalif.github.io CNAME .
-smirl.org CNAME .
 smkkesehatanjember.sch.id CNAME .
 smmsvocal.yolasite.com CNAME .
+smpn2jeruklegi.sch.id CNAME .
 sms-check.sc-q.top CNAME .
+sms-infos.d2tt.co CNAME .
 sms-shorter.com CNAME .
 smsbc-info5.com CNAME .
 smsenligne.myfreesites.net CNAME .
@@ -3464,6 +3277,7 @@ smsorangephonemail.myfreesites.net CNAME .
 smsorangesmsmessage.myfreesites.net CNAME .
 smss-mms.yolasite.com CNAME .
 smsverificationmms.myfreesites.net CNAME .
+smvbc-info.com CNAME .
 smwam.coms.cso.gov.tt CNAME .
 so.macecri.com CNAME .
 soaringskiesrentals.com CNAME .
@@ -3476,7 +3290,6 @@ sognointerno.com CNAME .
 solicitarfirmaelectronica-sv.com CNAME .
 solyanayakomnata.ru CNAME .
 sopac.org.py CNAME .
-soracoes.xyz CNAME .
 souaxwaoh.myfreesites.net CNAME .
 soude-masi.firebaseapp.com CNAME .
 soufsont.blogspot.com CNAME .
@@ -3502,6 +3315,7 @@ spirit.gtwozone.com CNAME .
 spk-entsperren.de CNAME .
 spk-jahreswechsel.com CNAME .
 spk-secure-de.com CNAME .
+spkfod.coms.cso.gov.tt CNAME .
 sport.protected-secur.workers.dev CNAME .
 sportshoes.top CNAME .
 sportybetpremium.wapka.co CNAME .
@@ -3518,8 +3332,10 @@ ssia.org.sg CNAME .
 ssl.dsl.isl.mll.aqmst6.stockestan.ir CNAME .
 sso-garena.com CNAME .
 sswebmail-4w5twsr.web.app CNAME .
+staffportal.uoz.edu.krd CNAME .
 stage.vannaryfowler.com CNAME .
 staging.eliteautomotive.com.au CNAME .
+standardcapbnk.com CNAME .
 standardupdatesupportandhelpcenter2021.ga CNAME .
 starforsure.com CNAME .
 starliker.net CNAME .
@@ -3529,11 +3345,10 @@ static-ak-fbcdn.atspace.com CNAME .
 static-dev.o2alerts.com CNAME .
 static-promote.weebly.com CNAME .
 status-dev.o2alerts.com CNAME .
-stbkcoltria.atwebpages.com CNAME .
 stclarechurch.net CNAME .
 steamcommunites.com CNAME .
 steamcommunitj.com CNAME .
-steamnitrof.com CNAME .
+steamcommunityk.com CNAME .
 steampoweredtrade.org CNAME .
 steampoweredtrades.org CNAME .
 stevemadden-sverige.com CNAME .
@@ -3549,6 +3364,7 @@ stjohnmarol.com CNAME .
 stjudes.in CNAME .
 stolizaparketa.ru CNAME .
 stollgroup.coms.cso.gov.tt CNAME .
+stomkinscommercial.com.aus.cso.gov.tt CNAME .
 storage.yandexcloud.net CNAME .
 storenike365.top CNAME .
 studio-lol.com CNAME .
@@ -3563,13 +3379,11 @@ suiviticket.co CNAME .
 sukien-pubgmoblevng.ga CNAME .
 sultan-raza.github.io CNAME .
 sumpandtankcleaners.in CNAME .
-sunami.pagedemo.co CNAME .
 sunbeltmembers.com CNAME .
 sunge-ode.firebaseapp.com CNAME .
 sunshineteam.in CNAME .
 super-dawn-3035.ddahluwalia.workers.dev CNAME .
 supermilhas.com CNAME .
-suportecxacesso2020.com CNAME .
 supotsstunes.servehttp.com CNAME .
 suppliers.bitshepherd.org CNAME .
 support-auwebaccessjpnaikpanggung.com CNAME .
@@ -3601,6 +3415,7 @@ sysm5rn.cn CNAME .
 system-fassil-net-2-3242353453453--12344443.repl.co CNAME .
 t0nline0de0login-001-site1.itempurl.com CNAME .
 taher-mohamed-ahmed-saad.github.io CNAME .
+take-free-2022.duckdns.org CNAME .
 taoistw345ie.co CNAME .
 tarik-fitness.com CNAME .
 taxcare.page.link CNAME .
@@ -3622,11 +3437,13 @@ tellmeliu.github.io CNAME .
 templat65sldh.myfreesites.net CNAME .
 temporary-url.com CNAME .
 terpelsicumple.com CNAME .
-terracontiles.com CNAME .
+tesladrive-event.com CNAME .
 test.bayoucitybadges.org CNAME .
 test.bitflye87.com CNAME .
 test.dxbproductions.com CNAME .
+test.myshopclub.ru CNAME .
 test.webclient4.de CNAME .
+testing-domain.duckdns.org CNAME .
 texasfreedomrun.com CNAME .
 tgpafasfsakkk.pages.dev CNAME .
 theaceofspaeder.com CNAME .
@@ -3648,8 +3465,6 @@ tieganford.ca CNAME .
 tighi.creatorlink.net CNAME .
 tight-samiuboc.co CNAME .
 tikitaps.com CNAME .
-tinhtrangdon.com CNAME .
-tinyurl.mobi CNAME .
 tipografieonline.ro CNAME .
 tirozhjewelry.com CNAME .
 titelinedrillingintl.yolasite.com CNAME .
@@ -3668,7 +3483,6 @@ topskills.ru CNAME .
 torccolborrachas.blogspot.com CNAME .
 torrinwine.com CNAME .
 touchidea.top CNAME .
-touronline2022.com CNAME .
 tovowhuqeojweawmubmaqmqlv.hofferflow.icu CNAME .
 tpayleboncoin.com CNAME .
 traders-joesxyz.com CNAME .
@@ -3679,23 +3493,18 @@ triangarena-membership.ga CNAME .
 tribratanewsbondowoso.com CNAME .
 tribunbalikpapan.com CNAME .
 truegrip.com CNAME .
-trust-wallet.com.cn CNAME .
 trustinpichincha.webcindario.com CNAME .
 trustpress.gr CNAME .
 trustypichincha.webcindario.com CNAME .
-ts3cacd.jhfshm.com CNAME .
 ts3cacd.rzjxbv.com CNAME .
 turntekcnc.com CNAME .
-twoje-zdjecia-622.herokuapp.com CNAME .
 tx.vc CNAME .
 txwnmdsbqghviqxpglgzjrgbzv-dot-gl44393333333.rj.r.appspot.com CNAME .
 typedream.site CNAME .
 typesmartlyocr.com CNAME .
 tyrecentre.ru CNAME .
 u08qv44zu5h.typeform.com CNAME .
-u1571226.cp.regruhosting.ru CNAME .
-u1571630.cp.regruhosting.ru CNAME .
-u1571652.cp.regruhosting.ru CNAME .
+u1565723.plsk.regruhosting.ru CNAME .
 u18741649.ct.sendgrid.net CNAME .
 u827857uw6.ha004.t.justns.ru CNAME .
 uabaiieo.com CNAME .
@@ -3718,7 +3527,6 @@ uhnsa.sdmpo0s.cn CNAME .
 uhnxa.d23xsru.cn CNAME .
 uhnxa.q83itv9.cn CNAME .
 uhnxas.rvw56l.cn CNAME .
-uiuui.pagedemo.co CNAME .
 ujcd.um2nlru.cn CNAME .
 ujdaa.fn3m4en.cn CNAME .
 ujds.5e8tn13.cn CNAME .
@@ -3739,6 +3547,7 @@ ujnca.wxuqxb7.cn CNAME .
 ujnca.zgbo0g.cn CNAME .
 ujncd.kzi68ra.cn CNAME .
 ujncd.lw2djbm.cn CNAME .
+ujnxas.vj135ih.cn CNAME .
 ukcare.in CNAME .
 umbrellaclubla.com CNAME .
 unam.myfreesites.net CNAME .
@@ -3749,9 +3558,8 @@ uniassessoria.com.br CNAME .
 unicreditaustria.ucs.info CNAME .
 unifacema.edu.br CNAME .
 unifacvest.net CNAME .
-unillantas.com.sv CNAME .
+unifiedsmartsync.live CNAME .
 unionheightsresidental.com CNAME .
-unipo-a.web.app CNAME .
 unisons.store CNAME .
 unisonsouthayr.org.uk CNAME .
 uniswap.ch CNAME .
@@ -3761,7 +3569,6 @@ uniswap.pages.dev CNAME .
 uniswap.seal.finance CNAME .
 uniswap.token.im CNAME .
 uniswap.trading CNAME .
-uniswap.vn CNAME .
 uniswapfinancing.info CNAME .
 uniswaps.net CNAME .
 unitedalliance-online.000webhostapp.com CNAME .
@@ -3772,24 +3579,21 @@ unnxa.pqpchqo.cn CNAME .
 unpocodearte.cl CNAME .
 unregpayee-lb.com CNAME .
 unsub.listhandlr.com CNAME .
-upbeat-dhawan.179-43-173-14.plesk.page CNAME .
 updateinfo-billingo2.com CNAME .
+updatemy.software CNAME .
 updateseason.com CNAME .
 updatestory2022.co.vu CNAME .
 updatevoda-billing.com CNAME .
 upgrade-25gb-email.thecornerstudio.com.au CNAME .
 upgradedserver.online CNAME .
-upgradingattonlinee.weebly.com CNAME .
 uploadpichincha.webcindario.com CNAME .
 uploads.codesandbox.io CNAME .
-upnew.site CNAME .
 uppledpichincha.webcindario.com CNAME .
 urbenorte.com CNAME .
 urgent-halifaxlogin.com CNAME .
 userboitevocalweb.flazio.com CNAME .
 userinformationstoreupdatesmail.pages.dev CNAME .
 usfn.net CNAME .
-uspsconfirm.iconoomikert.com CNAME .
 uspsexpressdeliveryline.com CNAME .
 uswowgame.net CNAME .
 uueer.7jgy5xe.cn CNAME .
@@ -3799,6 +3603,7 @@ uyhnxx.urpzkva.cn CNAME .
 uyqw.dykowec.cn CNAME .
 uz154.sbs CNAME .
 v.macecri.com CNAME .
+v3r1f1c4t10ns-1d3nt1tys.000webhostapp.com CNAME .
 v3r1f1c4t10ns-c3nt3rp4g3.000webhostapp.com CNAME .
 vaccine-status-info.com CNAME .
 vakif.albay-arnold.com CNAME .
@@ -3806,45 +3611,45 @@ valax-wallet.com CNAME .
 valenciaoptometry.com CNAME .
 valenteplay.com.br CNAME .
 validacionpichincha.odoo.com CNAME .
+validate-chain.com CNAME .
 validate-solana.com CNAME .
 validator-fzkiy.run-us-west2.goorm.io CNAME .
 vallion.motiffliterature.me CNAME .
 vcz.gmoqkzu.cn CNAME .
 velvish.com CNAME .
 ventas.lnterbarnk.pe.jifad.org CNAME .
-verfybadgeappform.com CNAME .
 veri-pichincha.webcindario.com CNAME .
-verificaciondeprioridad.com CNAME .
 verification-trustwallet.4bl-eg.com CNAME .
 verification.fb-page.workers.dev CNAME .
 verificationmessage.blob.core.windows.net CNAME .
+verifications-zones.com CNAME .
 verififacebookid.wixsite.com CNAME .
 verifiikasi-accounts.weebly.com CNAME .
 verifikasi-akun-anda0011.weeblysite.com CNAME .
 verifikasi-akun-facebook0022.weeblysite.com CNAME .
 verifikasi-identitas47.weebly.com CNAME .
 verifocaoffa.webcindario.com CNAME .
+verifymywallets.com CNAME .
 vgiuhkjnm.b9u6vh5l7g1797.workers.dev CNAME .
 victorarath99.github.io CNAME .
 videobigo.com CNAME .
 vietlime.vn CNAME .
 vietschi.de CNAME .
 viettel-com-dot-c2c01-531c7.uc.r.appspot.com CNAME .
-vigortech.com.np CNAME .
+vigilant-murdock.45-81-232-15.plesk.page CNAME .
 viguohilkasdsd.izwe6g6lyc.workers.dev CNAME .
 vilaanimalviana.pt CNAME .
 vinbpcfatfnkjftetwwkucfqsi-dot-gl44393333333.rj.r.appspot.com CNAME .
 vinivet.mk CNAME .
 vipfbtools.com CNAME .
-vipprofessional.net CNAME .
 viral-groub.duckdns.org CNAME .
 virginia-spi.com CNAME .
 virtual1dattss.com CNAME .
 vis-stort.github.io CNAME .
-visa-band.com CNAME .
 vishaljangale01.github.io CNAME .
 visione.co.id CNAME .
 visionproperty.in CNAME .
+vk-money.xyz CNAME .
 vk-posters.ru CNAME .
 vk-vhods.co CNAME .
 vkjbm.4nt4nb464e6113.workers.dev CNAME .
@@ -3863,25 +3668,30 @@ vugik.mecil33784.workers.dev CNAME .
 vv.macecri.com CNAME .
 vvjde0h0ttttf9hay.com CNAME .
 vvpaes-me-index.egvtpp.cn CNAME .
+vws.co.in CNAME .
+vxcas.a35570.cn CNAME .
 vxdse.myfreesites.net CNAME .
 w2.deraya.org CNAME .
 w5aproject.s3.us-east.cloud-object-storage.appdomain.cloud CNAME .
-w5czf.csb.app CNAME .
 wahed-koudsi2001.github.io CNAME .
 walkers-dot-composite-store-326315.uk.r.appspot.com CNAME .
 wallcertifyonmesh.com CNAME .
 walldesign.com.tr CNAME .
 wallet-connect012.web.app CNAME .
 wallet-reconnection.xyz CNAME .
+wallet-verified.com CNAME .
 wallet.silesiacoin.com CNAME .
 wallet22.000webhostapp.com CNAME .
+walletconnect-tool.net CNAME .
+walletconnect-tools.xyz CNAME .
 walletconnectonline.pages.dev CNAME .
 walletconnectors.com CNAME .
 walleterrorsupport.com CNAME .
+walletokenvalidation.com CNAME .
+walletsconect.live CNAME .
 walletsconnex.com CNAME .
 walletsliveconnects.net CNAME .
 walletsreauth.org CNAME .
-walletsvalidator.org CNAME .
 walletsynclive.com CNAME .
 walletvalidation.me CNAME .
 walletvalidators.com CNAME .
@@ -3897,6 +3707,7 @@ warbonus.ru CNAME .
 warningshadows.org CNAME .
 warsa.bandungkab.go.id CNAME .
 wasites.000webhostapp.com CNAME .
+waterproofingengineer.com CNAME .
 we-exodus-wallet.yahoosites.com CNAME .
 web-armas.royale-freefire1garena-bonus.com CNAME .
 web-b4119.web.app CNAME .
@@ -3914,13 +3725,15 @@ web-verifi05.webcindario.com CNAME .
 web-verifi06.webcindario.com CNAME .
 web.bredbanque.trans.sylog.co CNAME .
 web.royale-freefire1garena-bonus.com CNAME .
-web7320.web07.bero-webspace.de CNAME .
 webbbb.yolasite.com CNAME .
 webbl.yolasite.com CNAME .
+webdappsconnection.com CNAME .
 webdatamltrainingdiag842.blob.core.windows.net CNAME .
 webdesecure.clickfunnels.com CNAME .
+webhost-verify.duckdns.org CNAME .
 webip.yolasite.com CNAME .
 webmail-2aaa0.web.app CNAME .
+webmail-optusnet-com-au-sign1.weebly.com CNAME .
 webmail-sso8uyg.web.app CNAME .
 webmail.gourmer.co.in CNAME .
 webmail.login.access.docs67.live CNAME .
@@ -3930,20 +3743,17 @@ webpres.000webhostapp.com CNAME .
 webregular.xyz CNAME .
 webservice-verify.duckdns.org CNAME .
 websitefun.club CNAME .
-websiteorange.wixsite.com CNAME .
 webstories.eu CNAME .
 webvalidity.com CNAME .
 well-42d74.web.app CNAME .
-wellsfargo-online06.herokuapp.com CNAME .
-weryfikacja-facebookowa-27.herokuapp.com CNAME .
 weryfikacja-facebookowa-28.herokuapp.com CNAME .
 weteachbh.com CNAME .
 whare.100webspace.net CNAME .
+whatsapp-grub99zyc.duckdns.org CNAME .
 wheelsofmercy.org CNAME .
 whitelist-network.com CNAME .
 widadkamillah.github.io CNAME .
 wiki.oceanreeflifegame.com CNAME .
-wildcard.isiolo.go.ke CNAME .
 windstream-net.firebaseapp.com CNAME .
 winville.biz CNAME .
 wireconfirmation68c10a25442a3e13.blogspot.com CNAME .
@@ -3960,12 +3770,15 @@ wpsoar.com CNAME .
 wqass-index.chobqu.cn CNAME .
 wqass-index.dccigq.cn CNAME .
 wqass-index.gbswz.cn CNAME .
-wqass-index.jeewiki.cn CNAME .
 wqass-index.pygbw.cn CNAME .
 wrww-roblox.com CNAME .
+wsertyzx.gq CNAME .
 wteeoq.pfinanceiro.com.de CNAME .
+ww.lnterbank.pe.personas.aaseguros.mx CNAME .
 ww.lnterbank.pe.personas.onlinesocket.in CNAME .
+ww.lnterbank.pe.personas.t-class.org CNAME .
 ww16.inpost-pl-3dsecure.clear-id.xyz CNAME .
+wwedealershipon.000webhostapp.com CNAME .
 www-cursosdigitalesmx-com.filesusr.com CNAME .
 www-degelyehuda-org-il.filesusr.com CNAME .
 www-europe564598-com.filesusr.com CNAME .
@@ -3973,10 +3786,9 @@ www-europessign-com.filesusr.com CNAME .
 www-key-com.test.edgekey.net CNAME .
 www-mufg-jp.handicraft.ltd CNAME .
 www-mufg-jp.kaiqi.ink CNAME .
-www-wattsapcom.duckdns.org CNAME .
+www.facebook.com-sauuvazpjo.isiolo.go.ke CNAME .
 www2.rakutan.co.jploginffd9dfg7.carwork.cn CNAME .
 www2.rakutan.co.jploginffd9dfg7h.iotbaas.cn CNAME .
-www2.rakutan.co.jploginvcx8ds.nanoart.cn CNAME .
 www2.rakuten-card.co.jp.wzsrc.cn CNAME .
 www2.rakutenn.co.jp.nanopark.cn CNAME .
 www2.rakutenn.co.jp.zgyo.cn CNAME .
@@ -3988,6 +3800,7 @@ x.scicemecod.com CNAME .
 xcas.xoh29oz.cn CNAME .
 xcasd.7vo6bt.cn CNAME .
 xcasd.b204uje.cn CNAME .
+xcasd.tcbjnhq.cn CNAME .
 xcasd.yikn2gd.cn CNAME .
 xcryptocars.blogspot.com CNAME .
 xcvdsd.page.link CNAME .
@@ -4006,10 +3819,10 @@ xjmr7.mjt.lu CNAME .
 xjpyyds.pem4yp3.cn CNAME .
 xkljfg.ml CNAME .
 xn--gmal-sya.com CNAME .
-xn--instagam-sf0d.com CNAME .
 xn--ltappen-80a.se CNAME .
 xn--metamsk-lwa.link CNAME .
 xn--rpondeur-sfr2-bhb.yolasite.com CNAME .
+xpubgfrozen.tk CNAME .
 xqr3i.mjt.lu CNAME .
 xqr3n.mjt.lu CNAME .
 xqr3u.mjt.lu CNAME .
@@ -4018,14 +3831,16 @@ xrxh1.mjt.lu CNAME .
 xrxh2.mjt.lu CNAME .
 xrxhl.mjt.lu CNAME .
 xsbrookshhjx.top CNAME .
+xspin.cawnibos.com CNAME .
 xtio.ch CNAME .
 xtw42.mjt.lu CNAME .
+xvideokoreanwifesister18.duckdns.org CNAME .
 xx.macecri.com CNAME .
 xxaas.tp00jv9.cn CNAME .
 xxasd.sf29hrg.cn CNAME .
 xxx-com-dot-c2c01-531c7.uc.r.appspot.com CNAME .
-xyproject.xtensio.com CNAME .
 xzasd.uz64g3.cn CNAME .
+yahoo%2eco%2ejp@asdxa.p2x11pi.cn CNAME .
 yahoo%2eco%2ejp@bghgcd.psuxscm.cn CNAME .
 yahoo%2eco%2ejp@bhgxa.eo76sni.cn CNAME .
 yahoo%2eco%2ejp@cdas.nxzigco.cn CNAME .
@@ -4047,12 +3862,11 @@ yahoo%2eco%2ejp@ujhdca.mdwclcb.cn CNAME .
 yahoo%2eco%2ejp@uyhnxx.urpzkva.cn CNAME .
 yahoo%2eco%2ejp@zxas.2nd0g8.cn CNAME .
 yahoo%2eco%2ejp@zxass.jbkyj0o.cn CNAME .
-yahoopoweredservice.duckdns.org CNAME .
 yahuomall.square.site CNAME .
 yairix.github.io CNAME .
 yalena.me CNAME .
+yandex-viral.duckdns.org CNAME .
 yaqoobi.org CNAME .
-yaranfayez.com CNAME .
 yayanti.com CNAME .
 ybdaa.oqsgm9r.cn CNAME .
 ybggd.fjgjoux.cn CNAME .
@@ -4072,11 +3886,13 @@ yma1ll0g0n.odoo.com CNAME .
 ynbgdc.woprkzp.cn CNAME .
 ynbxa.pvgulkz.cn CNAME .
 yndda.m117s1s.cn CNAME .
+yo7ka-anna.com CNAME .
 yogeshwarwiremesh.com CNAME .
 youknowar.com CNAME .
 young-snow-7447.tcheviron5269.workers.dev CNAME .
 youreasygoing2022.co.vu CNAME .
 yqlpeitost.duckdns.org CNAME .
+ytdjhstej.tk CNAME .
 yuhjjkss.web.app CNAME .
 yumpai.cn CNAME .
 z.macecri.com CNAME .
@@ -4084,10 +3900,12 @@ z.scicemecod.com CNAME .
 z0massegurabclp1.shreeramwoodindustries.com CNAME .
 z2qje.codesandbox.io CNAME .
 z3voicrxxvs.typeform.com CNAME .
+zacharytlasko.com CNAME .
 zackselectronics.co.zw CNAME .
 zaktualizacja-platnosci.netfxtv.co.pl CNAME .
 zasd.yhxmd30.cn CNAME .
 zb2-home.web.app CNAME .
+zen-minsky-ef5931.netlify.app CNAME .
 zenvinyl.com CNAME .
 zepe.io CNAME .
 zeroquiz.com CNAME .
@@ -4100,10 +3918,8 @@ zmpcoacu.cyou CNAME .
 zmpcoado.cyou CNAME .
 zoho-online.web.app CNAME .
 zoho-validationserv.web.app CNAME .
-zonalnterbank.com CNAME .
 zonmca.hxljatvw.cn CNAME .
 zshrvvo.cn CNAME .
-zuiunsya.com CNAME .
 zxas.2nd0g8.cn CNAME .
 zxas.hs0rgq8.cn CNAME .
 zxass.jbkyj0o.cn CNAME .
@@ -4112,6 +3928,5 @@ zxcaspx.aghwlup.cn CNAME .
 zxcnash.seufhsk.cn CNAME .
 zxcod.01l241.cn CNAME .
 zxcuashs.e0n0gh5.cn CNAME .
-zxdlbny.cn CNAME .
 zxnahs.3cze6ri.cn CNAME .
 zz.macecri.com CNAME .
diff --git a/dist/phishing-filter-snort2.rules b/dist/phishing-filter-snort2.rules
index 72e87a3c..3f994e12 100644
--- a/dist/phishing-filter-snort2.rules
+++ b/dist/phishing-filter-snort2.rules
@@ -1,5 +1,5 @@
 # Title: Phishing URL Snort2 Ruleset
-# Updated: Sun, 16 Jan 2022 12:01:44 +0000
+# Updated: Mon, 17 Jan 2022 00:01:35 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/phishing-filter
 # License: https://gitlab.com/curben/phishing-filter#license
@@ -13,59 +13,59 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"02-billing-support.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000005; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"08863299.sso-secure-mail0454etr.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000006; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"0bs.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200000007; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"0gjvj7a8eydbjz3au8anbg-on.drv.tw"; content:"Host"; http_header; classtype:attempted-recon; sid:200000008; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1000000000347789523698541.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000009; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1000000000347789523698545.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000010; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1000000000347789523698546.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000011; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1000000000347789523698547.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000012; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"103.114.16.4"; content:"Host"; http_header; classtype:attempted-recon; sid:200000013; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"104.168.173.244"; content:"Host"; http_header; classtype:attempted-recon; sid:200000014; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"104.168.173.248"; content:"Host"; http_header; classtype:attempted-recon; sid:200000015; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"107.172.198.119"; content:"Host"; http_header; classtype:attempted-recon; sid:200000016; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"109edc5b.ssdtfgyb09.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000017; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"112358400702021.biz.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000018; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"113.164.17.147"; content:"Host"; http_header; classtype:attempted-recon; sid:200000019; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"121techyard.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000020; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"130.211.30.154"; content:"Host"; http_header; classtype:attempted-recon; sid:200000021; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"138.68.69.90"; content:"Host"; http_header; classtype:attempted-recon; sid:200000022; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"14.98.234.77"; content:"Host"; http_header; classtype:attempted-recon; sid:200000023; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"149-210-143-165.colo.transip.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000024; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"149.210.143.165"; content:"Host"; http_header; classtype:attempted-recon; sid:200000025; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"15004083383734.data-store-company.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000026; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"154.30.211.130.bc.googleusercontent.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000027; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"161.35.142.2"; content:"Host"; http_header; classtype:attempted-recon; sid:200000028; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"165.227.122.125"; content:"Host"; http_header; classtype:attempted-recon; sid:200000029; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"16park.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000030; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"173.82.154.253"; content:"Host"; http_header; classtype:attempted-recon; sid:200000031; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"178.128.108.233.dsl.dyn.forthnet.gr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000032; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"179.43.140.208"; content:"Host"; http_header; classtype:attempted-recon; sid:200000033; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"179.48.65.130"; content:"Host"; http_header; classtype:attempted-recon; sid:200000034; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"18.217.56.169"; content:"Host"; http_header; classtype:attempted-recon; sid:200000035; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1800poolservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000036; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"182.73.136.210"; content:"Host"; http_header; classtype:attempted-recon; sid:200000037; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"185-46-10-159.cloudvps.regruhosting.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000038; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"18sitedev.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000039; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"190854.8b.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000040; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1inch.party"; content:"Host"; http_header; classtype:attempted-recon; sid:200000041; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1inhc.exchange"; content:"Host"; http_header; classtype:attempted-recon; sid:200000042; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1inich.exchange"; content:"Host"; http_header; classtype:attempted-recon; sid:200000043; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1ncih.exchange"; content:"Host"; http_header; classtype:attempted-recon; sid:200000044; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2.136.95.251"; content:"Host"; http_header; classtype:attempted-recon; sid:200000045; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"20140301.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000046; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2022-exodus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000047; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2022-girobanken-sparkassen.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000048; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2022.intrebrkprsonas.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000049; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1000000000347789523698546.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000008; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1000000000347789523698547.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000009; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"103.114.16.4"; content:"Host"; http_header; classtype:attempted-recon; sid:200000010; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"104.168.173.244"; content:"Host"; http_header; classtype:attempted-recon; sid:200000011; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"104.168.173.248"; content:"Host"; http_header; classtype:attempted-recon; sid:200000012; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"107.172.198.119"; content:"Host"; http_header; classtype:attempted-recon; sid:200000013; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"109edc5b.ssdtfgyb09.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000014; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"112358400702021.biz.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000015; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"113.164.17.147"; content:"Host"; http_header; classtype:attempted-recon; sid:200000016; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"121techyard.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000017; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"130.211.30.154"; content:"Host"; http_header; classtype:attempted-recon; sid:200000018; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"138.68.69.90"; content:"Host"; http_header; classtype:attempted-recon; sid:200000019; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"14.98.234.77"; content:"Host"; http_header; classtype:attempted-recon; sid:200000020; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"149-210-143-165.colo.transip.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000021; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"149.210.143.165"; content:"Host"; http_header; classtype:attempted-recon; sid:200000022; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"15004083383734.data-store-company.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000023; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"154.222.224.81"; content:"Host"; http_header; classtype:attempted-recon; sid:200000024; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"154.30.211.130.bc.googleusercontent.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000025; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"161.35.142.2"; content:"Host"; http_header; classtype:attempted-recon; sid:200000026; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"165.227.122.125"; content:"Host"; http_header; classtype:attempted-recon; sid:200000027; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"16park.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000028; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1727365.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000029; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"173.82.154.253"; content:"Host"; http_header; classtype:attempted-recon; sid:200000030; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"178.128.108.233.dsl.dyn.forthnet.gr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000031; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"179.43.140.208"; content:"Host"; http_header; classtype:attempted-recon; sid:200000032; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"179.48.65.130"; content:"Host"; http_header; classtype:attempted-recon; sid:200000033; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"18.217.56.169"; content:"Host"; http_header; classtype:attempted-recon; sid:200000034; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1800poolservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000035; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"182.73.136.210"; content:"Host"; http_header; classtype:attempted-recon; sid:200000036; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"185-46-10-159.cloudvps.regruhosting.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000037; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"18sitedev.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000038; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"190854.8b.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000039; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1inch.party"; content:"Host"; http_header; classtype:attempted-recon; sid:200000040; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1inhc.exchange"; content:"Host"; http_header; classtype:attempted-recon; sid:200000041; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1inich.exchange"; content:"Host"; http_header; classtype:attempted-recon; sid:200000042; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"1ncih.exchange"; content:"Host"; http_header; classtype:attempted-recon; sid:200000043; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2.136.95.251"; content:"Host"; http_header; classtype:attempted-recon; sid:200000044; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"20140301.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000045; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2022-exodus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000046; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2022-girobanken-sparkassen.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000047; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2022.intrebrkprsonas.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000048; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"205.185.113.221"; content:"Host"; http_header; classtype:attempted-recon; sid:200000049; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"208.82.115.230"; content:"Host"; http_header; classtype:attempted-recon; sid:200000050; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"217651.8b.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000051; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2247317.verifyinguser426128734570198363.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000052; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"228.94.92.rev.sfr.net.gghost.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000053; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"24611250.sibforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000054; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2482689012.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000055; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"299kensingtonroad.my.webex.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000056; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2ex2cfu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000057; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2fa.bthei.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000058; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2pil.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000059; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2rakuten.co.jp.happyyear.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000060; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"228.94.92.rev.sfr.net.gghost.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000052; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"24611250.sibforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000053; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2482689012.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000054; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"299kensingtonroad.my.webex.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000055; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2ex2cfu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000056; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2fa.bthei.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000057; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2pil.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000058; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2rakuten.co.jp.happyyear.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000059; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"2yfh.short.gy"; content:"Host"; http_header; classtype:attempted-recon; sid:200000060; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3-139-75-158.cprapid.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000061; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"343i.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000062; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"343t3dv9qdufp.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000063; rev:1;)
@@ -73,847 +73,847 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"35.199.84.117"; content:"Host"; http_header; classtype:attempted-recon; sid:200000065; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"35.225.222.142"; content:"Host"; http_header; classtype:attempted-recon; sid:200000066; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3568365.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000067; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3a10a178.s6t6sj4s46tu4sys54y5.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000068; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3bvjh.sbs"; content:"Host"; http_header; classtype:attempted-recon; sid:200000069; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3ck.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000070; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3dprintersupplies.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200000071; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3dsecure-update-service-info-live.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000072; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3ff7c459-86b2-4f6d-b6b0-ba6402ef6cb0.htmlcomponentservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000073; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3j124.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000074; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"42.193.110.254"; content:"Host"; http_header; classtype:attempted-recon; sid:200000075; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"45.186.132.130"; content:"Host"; http_header; classtype:attempted-recon; sid:200000076; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"45.9.20.146"; content:"Host"; http_header; classtype:attempted-recon; sid:200000077; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"48tlp.codesandbox.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000078; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"4a14def9.sibforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000079; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"4c0mr.93.8934.easyflv.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000080; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"4lxkd.r.ag.d.sendibm3.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000081; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"4r1un.app.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000082; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"4w8bmmjcw86e.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000083; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"5.qarshishxtb.uz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000084; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"51.fi"; content:"Host"; http_header; classtype:attempted-recon; sid:200000085; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"5181365.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000086; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"52.148.252.166"; content:"Host"; http_header; classtype:attempted-recon; sid:200000087; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"52292936869418365.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000088; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"53vzxcnk6rwp.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000089; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"54-160-232-146.cprapid.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000090; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"5736365.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000091; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"5b0f6cb9-0485-4fc7-9775-eb74bb45bbf6.htmlcomponentservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000092; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"5e841ae2.srvr-cloudmail-srvr6765e7tg.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000093; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"613707.selcdn.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000094; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"61da8ae6.6u6566hrrthsh45.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000095; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"638ca12d-ba2f-451c-8418-faf56b7de7ff.htmlcomponentservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000096; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"65451440241544.hyperphp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000097; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"664876.verifyinguser426128734570198363.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000098; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"67lksxgjd.bttmassage-thai-tanger.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000099; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"6a7zu9he6mqh.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000100; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"6c7f0acc.sibforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000101; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"78.108.89.240"; content:"Host"; http_header; classtype:attempted-recon; sid:200000102; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"7837365.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000103; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"7a4298b9.sso-mail-secure234ds23d23wd1.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000104; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"7wr4u.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000105; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"7yu3v.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000106; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"8.215.32.173"; content:"Host"; http_header; classtype:attempted-recon; sid:200000107; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"8010361370310234068010361370310234.blogspot.be"; content:"Host"; http_header; classtype:attempted-recon; sid:200000108; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"859411.icu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000109; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"8760365.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000110; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"889381.icu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000111; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"8899.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200000112; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"89ix7y0.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000113; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"92.rev.sfr.net.gghost.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000114; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"94183655229293686.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000115; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"98yiujh.9peop5jzad1945.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000116; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"9d62cfee-59b3-42a8-9542-4b3a32692792.htmlcomponentservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000117; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"9faf19faf1.virkrupaengg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000118; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"9ftytucsh4ph.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000119; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a.2827e82ca6640ef29594fb288383c901159970954a6ca74d562cd3aa.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000120; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a.insecurpage.recovery-safty.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000121; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a.mauofeg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000122; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a.mauofog.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000123; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000124; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a.snadc-oecddo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000125; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a0570626.xsph.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000126; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a4d3b42c.chgmar-d8y.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000127; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a71843c1.mailssocloud-srvr65e5rd.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000128; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a894ec7f.46t33454t4.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000129; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aa.snadc-oecddo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000130; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aagamsteelcorporation.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000131; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aar.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000132; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"abeermultimediadesign.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000133; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"absaonline2021.website2.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000134; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"absolute-containers-sip.business.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200000135; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"absolutepleasure.com.my"; content:"Host"; http_header; classtype:attempted-recon; sid:200000136; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"acacia.webdevonline.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000137; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"account.herephyshy.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200000138; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"account.verifications.help-page.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000139; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"accounts-autoscout24.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200000140; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"acessobradesco.digital"; content:"Host"; http_header; classtype:attempted-recon; sid:200000141; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ach111.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000142; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"activate-hulu-com-activate.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000143; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"adamfeber.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000144; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"adcloudserver.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000145; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"admin-formserviceupdates.weeblysite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000146; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"administraciondefincaspereznovo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000147; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"adorablepomskyhome.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000148; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"adpunemploymentclaims.sharefile.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000149; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"adsmarca.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000150; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ae.snadc-oecddo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000151; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"affixsports.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000152; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"afreemart.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000153; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"africansecrets.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200000154; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"agora.imb.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000155; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"agricolefr-99f918.ingress-erytho.easywp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000156; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"agrimetiersmartinique.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000157; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"agurimu-nagoya.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000158; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ahhhh.pe.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000159; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ai.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000160; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aib-unauthorized-access.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000161; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aid-validation-human.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000162; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aimekidya-recpag.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000163; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"airportprescreening.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000164; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aitsidihamh.my-place.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200000165; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"akanksha3012.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000166; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aks34.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000167; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aksehirelittotel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000168; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aksjdkas.6icmtmbvlj5916.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000169; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aksjoeomraadet.no"; content:"Host"; http_header; classtype:attempted-recon; sid:200000170; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aktualizacja.jst.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000171; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"akun-peringatan03.webnode.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200000172; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alareentading-catalog.page.tl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000173; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"albel.intnet.mu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000174; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aldana.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000175; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alerts.department.improvement.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000176; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alexellis.gr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000177; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alexxou.website2.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000178; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"algotextil.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000179; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aliciabot.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000180; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alkhalilgraphics.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000181; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"allegrolokalnie-pl-3dsafe.id-43051.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000182; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"allegrolokalnie-pl-3dsafe.id-91501.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000183; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"allegrolokalnie-pl-safe.id-43051.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000184; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alliancesuper.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000185; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"almighty.edu.np"; content:"Host"; http_header; classtype:attempted-recon; sid:200000186; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alnajahh.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000187; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aloun.ps"; content:"Host"; http_header; classtype:attempted-recon; sid:200000188; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alphabnkgre.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000189; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alqadi.ps"; content:"Host"; http_header; classtype:attempted-recon; sid:200000190; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alquilervillora.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000191; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alsofft.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000192; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amacez.jyrtery4.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000193; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amacredit.amacardpkey.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000194; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amaenv.fgasdfw6.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000195; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amaozn.ywcimei.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000196; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amaznllo.co.jp.amauioda.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000197; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazom.supesn.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000198; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazom.supwwe.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000199; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazomsse.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000200; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon-gcatech.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000201; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon-interruption.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000202; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon.co.ip.jlig.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000203; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon.co.jp.abaiaccounting.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000204; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon.gousana.casa"; content:"Host"; http_header; classtype:attempted-recon; sid:200000205; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon.jp-m.win"; content:"Host"; http_header; classtype:attempted-recon; sid:200000206; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon.works.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200000207; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazonhome.sfrmobiles.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000208; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazonjapsne.cf"; content:"Host"; http_header; classtype:attempted-recon; sid:200000209; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazoon.co.op.o4j.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000210; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ambil-hadiah-gratis-resmi-dari-freefire.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000211; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amc-training.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000212; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amcgardiennage.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000213; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ameozom.jp.onaworks.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000214; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"americanexpress-auth.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000215; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"americanexpress.heiwakai.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000216; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amguevara.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000217; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amidabuli.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000218; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amlnov7.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000219; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amnzma-jp.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000220; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amnzms1-jp.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000221; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amnzms4-jp.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000222; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amnzmsf-jp.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000223; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amnzmsn3-jp.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000224; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amoazom.rm82j6-t8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000225; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amonzau_co_take.ktbf.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000226; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amosleh.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000227; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amozom.co.ip.taxhod.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200000228; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amreeth.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000229; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amusebouche-bg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000230; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amzcredit.dearva.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000231; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"an.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000232; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anandsr-dev.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000233; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anarchitecturestudio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000234; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anbn.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000235; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"andersonstrategic.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200000236; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"androapk.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000237; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"andromeda-manageer-association-27.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000238; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"angiofsi.page.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000239; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"angryezgames.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000240; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anhduongjsc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000241; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anj-azakp.run.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000242; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anjalijha167.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000243; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anjayredit.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000244; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"annacatania.com.mt"; content:"Host"; http_header; classtype:attempted-recon; sid:200000245; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anon-keep-admin-keep.rvsla.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000246; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ansr.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200000247; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aolmailukhelplinecustomerservice.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000248; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aolmailukhelplinecustomerservice.blogspot.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200000249; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aolpoweredservice.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000250; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aolverixon11dfd.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000251; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aolxperience.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000252; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"api-saisoncard-co-jp.o4ay8.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000253; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"api.florense.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000254; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"api.redirect-bentobot199.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000255; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"api.redirect-safebrowser-online.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000256; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"api.safe-directmail.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000257; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aplintec.com.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200000258; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app-928e4a31-5ecb-44ae-8c1e-5a710ac73f9f.cleverapps.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000259; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app-bombcrypto-io-login-ab.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000260; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app-panckswp.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000261; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app.bydn217.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200000262; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app.duel.network"; content:"Host"; http_header; classtype:attempted-recon; sid:200000263; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app.fiiber.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200000264; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app.moneylinecreditcorporation.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000265; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app.skiff.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000266; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app.sugarsync.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000267; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"appatualizecef.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000268; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"appibsolicitud.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000269; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"appleid-check.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200000270; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"applepichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000271; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"apply.aua.am"; content:"Host"; http_header; classtype:attempted-recon; sid:200000272; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"apps.mobile-form-verification40124572700208277579.xjzsg0tqkl-ewl6ngk8w352.p.runcloud.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000273; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"appttech.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000274; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aquaqualitas.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000275; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"arafathrumman.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000276; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"arcacg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000277; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"archivio-supporto.sitoper.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200000278; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"are.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000279; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"areueaom.gtpzcve.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000280; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"areueaom.gtva.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000281; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aromatic.webenliven.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000282; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"arthamahotels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000283; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"artlux.com.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000284; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"arub-service.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000285; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aruba.fatt.ids-sys.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000286; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"as.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000287; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asaipestcontrol.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000288; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ascom.co.tz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000289; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asd.9sw53wk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000290; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asgard-ampqy.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000291; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asimpwsh.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000292; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asistentetramitadordigitalda.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000293; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"askarmotorluaraclar.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000294; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asrefanavary.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000295; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"at-t-support-service1.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000296; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"at-t-yahoo.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000297; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"atento-fdi.plusoftomni.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000298; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ativacao-online73681.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000299; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"atnr76dxku336szy.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000300; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"attcustomdesk.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000301; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"attinfoser.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000302; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"attonlinemanagementpage.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000303; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"attpage1121.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000304; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"atualizacao-online547864.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000305; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"atualizarmodolo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000306; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"atulrathore-dev.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000307; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aurumship.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000308; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aushfew.tokyo"; content:"Host"; http_header; classtype:attempted-recon; sid:200000309; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aushotel.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200000310; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"auth-task1-m.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000311; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"auth-webmailakeonetcom.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000312; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"authorize-trustvallet-protocol.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000313; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"authorizewallet.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000314; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"authuxeehmutconjxmailssocl.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000315; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"authxntico.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200000316; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"autodiscover.ryder-dutton.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000317; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"autoexprs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000318; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"autoranplususeremailprocessingupdate.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000319; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"autoscurt24.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200000320; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"autumn-sun-4a21.paqesads-scure.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000321; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"avrorganics.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000322; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"awesome-gates-8bdd6f.netlify.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000323; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ax.xiguw.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000324; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"axieinfinity-meta.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000325; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"axieinfinity-supportwallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000326; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"axlr.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000327; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ayguru.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000328; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"az.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000329; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"azb3s.cf"; content:"Host"; http_header; classtype:attempted-recon; sid:200000330; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"azmnsaz.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000331; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"azmznonos_co_long.akys.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000332; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"b.com.0cdb6084fc320a42a6418192753f5960.laremolonarestaurante.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000333; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"b059c86968a6427389952025bcee9886.svc.dynamics.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000334; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"b4e921f0.sso-mailsrvr-4344e5teed.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000335; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"b96f7f93.sibforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000336; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"b97bca39.srvr-cloudmail-srvr6754e5rte.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000337; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bacteralia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000338; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"badnewswegewroighgserhhg.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000339; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bag-macben.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000340; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bakhai.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000341; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"balajihospital.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000342; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"balalabala090.diskstation.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000343; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bamarfoundation.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000344; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"banca-electronica1.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000345; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaenlineal-interbark2.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000346; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporinternet-interbark.pcriot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000347; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporinternet.interban.pe.magictourscancun.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000348; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporinternet.interbrnpe.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000349; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporinternet.lnterbank.pronductos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000350; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporinternetinterbank.pe-promocion.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000351; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporintrnet.interbnkperu.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200000352; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporlnternetlnterbarnk.dominandoagestao.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000353; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporlnternetlnterbarnk.infinitegoldjewelry.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000354; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporlnternetlnterbarnk.jifad.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000355; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporlnternetlnterbarnk.libertycanais.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000356; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancoiinng.site44.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000357; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancooccidentalb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000358; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bank-id.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000359; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bankapolska.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000360; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"banki0wa.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200000361; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bankocaoffo.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000362; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bankofamer86.ddns.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000363; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bannerbank.control-inc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000364; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bannerchampnyc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000365; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"banproseguridadasistenteenlineanic.webnode.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200000366; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"banqsuepoy.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000367; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"baradua.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200000368; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"battlelastmont.cyou"; content:"Host"; http_header; classtype:attempted-recon; sid:200000369; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bc1.paiementervice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000370; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bconclutmjy.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000371; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bcp-marketing.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000372; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bcpzonaseguirabeta.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000373; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-home.web.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200000374; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bearmybrand.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000375; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"beast-blog.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000376; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"beibys.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000377; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"beijing.vfzfy1v.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000378; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"belovedaroma.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000379; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bendmytrend.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000380; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"berketurizm.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000381; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"beupdatedmust.pricesrakutenlogin.buzz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000382; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bexwebmailupdate.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000383; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"beyondsmiles.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000384; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bghgcd.psuxscm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000385; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bharathi1809.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000386; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhavin0077.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000387; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhddf.uwe6ui0.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000388; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhdf.bdc9985.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000389; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhdf.ryhk63.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000390; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhdf.t18v2kr.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000391; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhdf.y0ai5w8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000392; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhgcd.8h391um.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000393; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhgcxz.00e5gfu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000394; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhgd.48ud0ez.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000395; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhgdd.qlljdgs.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000396; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhgxa.eo76sni.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000397; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhhcd.9bzuw49.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000398; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhhxaa.123qi7b.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000399; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhxas.rb0xts7.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000400; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhxdd.2hllf8x.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000401; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bicicentroslezama.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000402; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"biedronka-news.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000403; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"biedronka-news.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200000404; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"biedronkainvest.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000405; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bienlinea.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000406; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bijoycity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000407; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bilacintatakk.institute-pagess.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000408; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bilasajaterjadii.institute-pagess.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000409; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"billingfailure-o2.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000410; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bioenergyevitalite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000411; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"birlacitywaterpark.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000412; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bisanew.20931.repl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200000413; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"biswap.fm"; content:"Host"; http_header; classtype:attempted-recon; sid:200000414; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"biswapdapp.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000415; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bitbaink.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000416; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bitflye87.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000417; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bitflyerfr.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200000418; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bithunnb.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000419; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bitmexinc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000420; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bitso.cm"; content:"Host"; http_header; classtype:attempted-recon; sid:200000421; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bitsrflyer.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000422; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bizlinktek.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000423; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bizzcityinfo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000424; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blanchevetements.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000425; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blllsoth.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000426; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blockchain-fix.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000427; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blockchainwallet-tool.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000428; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blocks.rn86.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000429; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blog.booxium.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000430; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blog.drmostafafouadivf.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000431; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blog.storrea.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000432; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blog.visionconsulting.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200000433; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blog.weiwanjia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000434; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blowfish-ltd.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000435; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blslightinginc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000436; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bmcporlnternet.lnterbamkpe.extracaslh.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000437; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bn-seguridadperu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000438; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bnconacional.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000439; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bncre.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000440; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bncxz.9wx9b27.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000441; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bndigitalpersonas.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000442; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bnpparibas-pl.mob-app.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000443; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"boaupdate.bfaoscr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000444; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bogdonovlerer.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000445; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bogged-finance.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000446; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bokgabanesolutions.co.za"; content:"Host"; http_header; classtype:attempted-recon; sid:200000447; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bookfbs.evangsamuelministries.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000448; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"boxes.com.py"; content:"Host"; http_header; classtype:attempted-recon; sid:200000449; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"br4.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000450; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"br622.teste.website"; content:"Host"; http_header; classtype:attempted-recon; sid:200000451; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brave-knuth-96d329.netlify.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000452; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"breople.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000453; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brigida_cossette.gitlab.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000454; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-forrunning.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000455; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-justforjogging.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000456; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-move.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000457; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-ooke.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000458; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-runfarther.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000459; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-xsdaodab.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000460; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-xsdauofc.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000461; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-xsgdfaja.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000462; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks1984.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000463; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksair.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000464; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksale.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000465; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksboom.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000466; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksdiscount.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000467; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksnewmethod.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000468; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksnewsports.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000469; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksprime.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000470; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksrevel.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000471; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksrunble.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000472; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksrunshoeshopping.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000473; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksshopsft.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000474; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brookssoft.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000475; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bruno-genthial.mykajabi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000476; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bt-108665.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200000477; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btbusinessbilling.wordpress.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000478; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btclickpreview365pdf.1msite.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000479; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btconnect-109798.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200000480; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btconnectfilesecurebthomelogindropboxinupdatetdropboxpdf-logss.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000481; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btconnectfilesecurebthomelogindropboxlinkupdatetdropboxpdf-logs.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000482; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btconnectfilesecurebthomeloginpdropboxupdatepdf-logsssss-websit.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000483; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btconnectfilesecurebthomesloginpdropboxupdatepdf-logsssss-websi.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000484; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bthak.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000485; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btinfoldddasasa.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000486; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bttelecommunicatiiion.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000487; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"budrimon.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000488; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"builmon.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000489; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bujikena.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000490; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bundel-cobragratis2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000491; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"busanopen.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000492; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-action-copyright11022.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000493; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-action-page129591.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000494; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-appeal-copyright8211.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000495; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-appeal-form-18222.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000496; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-copyright-alert100821.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000497; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-copyright-alert198082.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000498; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-copyright-alert19882.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000499; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-copyright-detected920.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000500; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-page-content125882.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000501; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-required-helpcenter82.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000502; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-required-info188221.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000503; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"businessemailss.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000504; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bussines.messages-redirect-to-page.e37uezyquk-rz83y0rwz4d7.p.runcloud.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000505; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"buyelectronicsnyc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000506; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c.curiousmorty.be"; content:"Host"; http_header; classtype:attempted-recon; sid:200000507; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c.jardindemiedo.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200000508; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c.loveawaits.be"; content:"Host"; http_header; classtype:attempted-recon; sid:200000509; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c.mail.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000510; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c0m-r51znzlh8i.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000511; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c10012022j.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000512; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c1christine.tjelmeland2e.cso.gov.tt"; content:"Host"; http_header; classtype:attempted-recon; sid:200000513; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c2dc5b99.chgmar.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000514; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c6ebv708.caspio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000515; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cabsiler.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000516; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cache.nebula.phx3.secureserver.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000517; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cadeau-orange.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000518; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caixaseguradora.quadientcloud.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000519; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cakesbyannemotha.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000520; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cammymiller.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000521; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"canadapost.reschedule.online.portal.services.parcel01868972.mh-group.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000522; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cann-life.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000523; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cannellandcoflooring.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000524; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"capservice.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200000525; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caracasmateriais.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000526; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"carpediemxp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000527; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"carry.reduxservices.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000528; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"carservicessaupdate.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000529; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cartamorin-geometres.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000530; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"carwash.tv"; content:"Host"; http_header; classtype:attempted-recon; sid:200000531; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"casbygroup.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000532; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caseforpage1003496539563.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000533; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"catalogue-orange.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000534; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cateringfoodanddrinksupplies777.business.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200000535; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"catus.cat"; content:"Host"; http_header; classtype:attempted-recon; sid:200000536; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caycos.beispielseite-wmka.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200000537; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caymanreno.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000538; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cbmonlinegroups.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000539; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cc.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000540; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ccjrlaw.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000541; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cdas.nxzigco.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000542; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cdsoa.wuefyta.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000543; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ce33312.tmweb.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000544; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cekpointfacebook.wixsite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000545; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"celikoglumakina.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000546; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cellfunworld.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000547; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cema-fossano.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200000548; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"centralconsulta.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000549; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"centre1.bubbleapps.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000550; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ceresgulf.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000551; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"certifica-montepaschii.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000552; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chalokradocallkakuch.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000553; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"changenotification.pricesamazonlogincard.monster"; content:"Host"; http_header; classtype:attempted-recon; sid:200000554; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"charperimagedesign.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000555; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chat-whatasapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000556; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chat-whatsaap99.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000557; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chat-whatsapp-com-go8i7q-qregrabc-ibuxub.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000558; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chat-whatsapp-group-2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000559; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chat-whatsapp-grupo-invitacion.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000560; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill1.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000561; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill10.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000562; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill11.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000563; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill12.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000564; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill13.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000565; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill14.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000566; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill15.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000567; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill17.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000568; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill18.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000569; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill19.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000570; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill2.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000571; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill20.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000572; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill21.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000573; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill22.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000574; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill23.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000575; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill24.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000576; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill25.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000577; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill3.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000578; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill4.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000579; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill5.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000580; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill6.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000581; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill7.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000582; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill8.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000583; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill9.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000584; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"checkkeyvip.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000585; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"checkverifymyatt.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000586; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chefsenaccion.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000587; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chikkuthomas.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000588; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chinmayavidyalayarspuram.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000589; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chiragrajoria.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000590; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chois.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200000591; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"christienstudystl.wixsite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000592; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"christmas-dhl-express-delvr.hopekosmos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000593; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chtbnk.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000594; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chutomen.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000595; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ciiusea.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000596; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cinemaleftech.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000597; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"citagestionenlineabn.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000598; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"city-of-jazz.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200000599; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ckwgruppe.service-now.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000600; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claiimdiamondgratis84.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000601; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claim-event-freefire-garena-oldfree-a4.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000602; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claim-skingratis-mobailegends161.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000603; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claimgratisff2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000604; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claims-funds-enczj.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000605; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claimseventmlbb.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000606; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claimshopee.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000607; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claro-link.brsafe.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000608; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claus.bz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000609; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"clefman.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000610; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"click-here-help.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000611; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"client-support-page.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000612; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"clientid-h5p8n7f9e6fbmkhbr3i4gbnia7e9zpts4nbk3ebk0zj625t2ol.website.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000613; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"clientid-ij66191jgbm96ujp40bz1gzmpc8iquhoff3ocmbrzs6g5i89t0.website.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000614; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"clients.devtux.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000615; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"clone-7473c.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000616; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"closingdocs9480.myportfolio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000617; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cloud-object-storage-o9-cos-static-web-hocsx2.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000618; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cloud.go4clients.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000619; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cloud102.hostgator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000620; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"clouddoc-authorize.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000621; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cloudflare-rbnuo.run.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000622; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cloudshare-account-auth.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000623; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cloudtracker.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000624; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"club.quomodo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000625; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"clubeamigosdopedrosegundo.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000626; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cms.time-investments.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000627; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cnbxa.1of2o6k.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000628; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cner283829.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000629; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cninflables.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000630; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.azoynfq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000631; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.bh1fgg1.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000632; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.bzkgfzj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000633; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.clblrvh.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000634; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.csfknas.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000635; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.daailrf.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000636; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.eiatphe.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000637; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.fjzzgxx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000638; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.fxdwtxc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000639; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.ghemivv.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000640; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.hivbdco.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000641; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.iiaqjrp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000642; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.rkrabsk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000643; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.rqqidd.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000644; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.rukbcga.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000645; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.sefdvsi.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000646; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.tezkkbp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000647; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.ztxzzup.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000648; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"codwarzonemobile.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000649; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000650; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"collab-land.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000651; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"collabland.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200000652; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"collablandfi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000653; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"colorfastinv.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000654; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"com-3z9m3j9qhp.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000655; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"com-4tfgonrlym.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000656; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"com-dnq84vac.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000657; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"com-h3v9t9zycu.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000658; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"com-l5tpetwb.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000659; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"com-mm2ai86orr.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000660; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"com-r51znzlh8i.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000661; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"com-sauuvazpjo.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000662; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"com-ugsyk69nqb.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000663; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"comefuck.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200000664; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"community.fb-pages-01138913366342885284.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000665; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"community.fb-pages-28202553629866144006.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000666; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"community.fb-pages-44883444930165123303.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000667; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"completeegali.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000668; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"comunicazione-europe.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000669; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"comunity-isue-ideent-andromeda-29.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000670; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"comunity-isue-ideent-andromeda-33.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000671; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"comunity-isue-ideent-andromeda-88.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000672; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"con-firma.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000673; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"confirming-pages-idntitysupport.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000674; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"congresosba.com.ar"; content:"Host"; http_header; classtype:attempted-recon; sid:200000675; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"conhecaonlinedigital.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000676; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"connect.au-login.0662smt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000677; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"connectwallet.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000678; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"conoscofaturahiiiper.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000679; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"consultavirtuai.bieah.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000680; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"contabilidaderabello.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000681; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"contact2acceptpoilcyverifingyouracceptancemailfullinbox.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000682; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"contapessoal.digital"; content:"Host"; http_header; classtype:attempted-recon; sid:200000683; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"content.av1.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200000684; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"content.edgerockwealth.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000685; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"content.meetmagic.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000686; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"continentepecas.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000687; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"contratodeparceria.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000688; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"controlpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000689; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"copyright-center-live.ml"; content:"Host"; http_header; classtype:attempted-recon; sid:200000690; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"corl-inv.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000691; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"correosdemexico-web.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000692; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"corta.ai"; content:"Host"; http_header; classtype:attempted-recon; sid:200000693; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cosemu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000694; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cottonwooddentalg.nimbusweb.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000695; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"courtcase.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000696; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"covid-foyyn.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000697; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cox0.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000698; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cp.digitalprocurements.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000699; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cp45362.tmweb.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000700; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cpanel10wh.bkk1.cloud.z.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000701; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cr24185.tmweb.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000702; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"crackfreekey.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000703; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cranetech.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000704; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"creatorsverificationandsafetybusiness.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000705; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"credcloud-object-storage-o9-cos-static-web-hocsd3d.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000706; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"credicorp-capital.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000707; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"credicorpfiduciariasa.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000708; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"credifinanciera.didacsis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000709; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"crediserfinanza.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000710; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"credita302.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000711; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"creditagricole-sudrhonealpes.blogspot.ba"; content:"Host"; http_header; classtype:attempted-recon; sid:200000712; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"creditagricole-sudrhonealpes.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000713; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"creditagricole-sudrhonealpes.blogspot.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200000714; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"creditinternationalbank.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000715; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"creditiperhabbogratissicuro100.blogspot.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200000716; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cresvin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000717; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"criticalcarevizag.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000718; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cryptocars-plays.buzz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000719; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cryptocarsme.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000720; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cryptscars-logs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000721; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cryqtocars.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000722; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cuans.bkaamiv.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000723; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"currentlyupgrade.mystrikingly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000724; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cxasd.easghbl.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000725; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cxnbas.nmkbmqk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000726; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cxuahs.1wc9bxm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000727; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cyna.rkpmage.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000728; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cyqsnwx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000729; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"czechposta-cz.cz.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000730; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"czvon.4fan.cz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000731; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"czxasd.3ot975v.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000732; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"d.app32150.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000733; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"d18gc1ytkdv37u.cloudfront.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000734; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"d2aae6a6.srvr-cloudmail-srvr675eu6r.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000735; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"d3ncuwwrr82.typeform.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000736; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"daatahomes.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000737; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"damp-f43e.recovery-page-secur.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000738; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"danitraseoexperts.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000739; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dapponlines.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000740; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dappscoins.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000741; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dappsiconnect.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000742; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dappsmainnetverify.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000743; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dappswalletapp.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000744; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dappswalletliveauthenticate.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000745; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dasd.atio2tq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000746; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"date-on-14-01.totaltrackingimproveupscanada.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000747; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"datos-pichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000748; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"davidshopeaz.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000749; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"daycoval.contrato.srv.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000750; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"daycoval.facildepagar.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000751; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"db-web-client.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000752; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dbesmdcjzturhizszllesbthsn-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000753; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dbkuzwes.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200000754; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dbs-interrnet.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200000755; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dbs.limited"; content:"Host"; http_header; classtype:attempted-recon; sid:200000756; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dbs.webdbslistinonline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000757; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dbw.gr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000758; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dcm1.ae.iwc.static.tungmung.co.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000759; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dd90001.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000760; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"de.eurohome.civ.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000761; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"de22c9kukppr.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000762; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"deactivemsnon-8k98-l9k8-98j8-98j78u.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000763; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"deborahholland.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000764; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"debuil.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000765; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"declicgestion.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000766; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"decorcenter.com.pe"; content:"Host"; http_header; classtype:attempted-recon; sid:200000767; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dejpaad.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000768; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"delacproperties.com.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200000769; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"delezhen.mashalezhen.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000770; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"delhiescort69.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000771; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"deltaairlinecourier.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000772; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"demallplot-tra.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000773; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"demiregalos.com.ar"; content:"Host"; http_header; classtype:attempted-recon; sid:200000774; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"demo.bradescocontrol.vertitecnologia.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000775; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"demo2.cloudwp.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000776; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"denuihuongson.com.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000777; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"deportesartiza.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000778; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"deregister-lbpayee.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000779; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"desejoourocard.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000780; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"desidiatech.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000781; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"designerlakehouse.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000782; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"desksellcompany.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000783; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"destinationth.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000784; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"deutsche-post.apurvathespygenesh.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000785; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dev-nadaj.orlenpaczka.ce5.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000786; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dev-secu-credit-union.pantheonsite.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000787; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dev-www.orlenpaczka.ce5.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000788; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dev.shivaxi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000789; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"devicepichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000790; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"devops.help"; content:"Host"; http_header; classtype:attempted-recon; sid:200000791; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dfscord-app.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200000792; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dgi.is"; content:"Host"; http_header; classtype:attempted-recon; sid:200000793; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dgmepunjab.gov.pk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000794; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dgsh2ws45.lovestoblog.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000795; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dhanushr24.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000796; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dhl-event.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000797; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dhl.recruitmentplatform.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000798; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"diamondplate.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200000799; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"die-post-swiss-id-19782635812.psd2any.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000800; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"diginto.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000801; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dilscord.gift"; content:"Host"; http_header; classtype:attempted-recon; sid:200000802; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"directqpuprozaakp.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000803; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dirtyez.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000804; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"disccrdapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000805; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"disckord.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200000806; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"discoord-nittro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000807; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"discorc.gift"; content:"Host"; http_header; classtype:attempted-recon; sid:200000808; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"discordbugs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000809; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dispositivoapp.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000810; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"distinctivei.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000811; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"distrial.ec"; content:"Host"; http_header; classtype:attempted-recon; sid:200000812; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"divinasoutfit.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000813; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"djfh.wmfc241.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000814; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dkb-info.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000815; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dkbtan07.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000816; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dke060122.page.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000817; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dkglobaljobs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000818; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dl.9xu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000819; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dlink.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000820; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dmaxpesca.com.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200000821; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dminer.cloud"; content:"Host"; http_header; classtype:attempted-recon; sid:200000822; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"doclab-console-auth.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000823; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"docs-verify-c671.thajetiase.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000824; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"docs.revv.so"; content:"Host"; http_header; classtype:attempted-recon; sid:200000825; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"docsharex-authorize.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000826; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"docuservice.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200000827; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"docusign-lnc.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200000828; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domaincontroller.pmeimg.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000829; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa100.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000830; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa101.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000831; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa102.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000832; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa103.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000833; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa104.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000834; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa105.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000835; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa108.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000836; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa109.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000837; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa110.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000838; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa111.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000839; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa112.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000840; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa113.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000841; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa114.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000842; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa115.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000843; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa116.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000844; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa117.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000845; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa118.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000846; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa119.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000847; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa120.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000848; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa121.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000849; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa122.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000850; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa123.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000851; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa124.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000852; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa125.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000853; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa126.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000854; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa127.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000855; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa128.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000856; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa129.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000857; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa13.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000858; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa130.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000859; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa131.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000860; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa132.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000861; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa133.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000862; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa134.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000863; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa135.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000864; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa136.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000865; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa137.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000866; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa138.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000867; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa139.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000868; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa14.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000869; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa140.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000870; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa141.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000871; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa142.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000872; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa143.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000873; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa144.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000874; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa145.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000875; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa146.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000876; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa147.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000877; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa148.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000878; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa149.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000879; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa150.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000880; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa151.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000881; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa152.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000882; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa153.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000883; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa154.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000884; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa155.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000885; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa156.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000886; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa157.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000887; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa158.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000888; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa159.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000889; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa160.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000890; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa161.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000891; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa162.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000892; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa163.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000893; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa164.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000894; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa165.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000895; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa166.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000896; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa167.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000897; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa168.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000898; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa169.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000899; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa17.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000900; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa170.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000901; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa171.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000902; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa172.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000903; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa173.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000904; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa174.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000905; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa175.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000906; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa176.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000907; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa177.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000908; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"365unfreezesecurity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000068; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3782365.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000069; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3a10a178.s6t6sj4s46tu4sys54y5.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000070; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3bvjh.sbs"; content:"Host"; http_header; classtype:attempted-recon; sid:200000071; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3c5.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000072; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3ck.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000073; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3dprintersupplies.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200000074; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3dsecure-update-service-info-live.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000075; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3ff7c459-86b2-4f6d-b6b0-ba6402ef6cb0.htmlcomponentservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000076; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"3j124.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000077; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"42.193.110.254"; content:"Host"; http_header; classtype:attempted-recon; sid:200000078; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"45.186.132.130"; content:"Host"; http_header; classtype:attempted-recon; sid:200000079; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"45.9.20.146"; content:"Host"; http_header; classtype:attempted-recon; sid:200000080; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"48tlp.codesandbox.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000081; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"4a14def9.sibforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000082; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"4c0mr.93.8934.easyflv.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000083; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"4lxkd.r.ag.d.sendibm3.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000084; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"4r1un.app.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000085; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"4w8bmmjcw86e.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000086; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"5.qarshishxtb.uz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000087; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"51.fi"; content:"Host"; http_header; classtype:attempted-recon; sid:200000088; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"5181365.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000089; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"52.148.252.166"; content:"Host"; http_header; classtype:attempted-recon; sid:200000090; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"52292936869418365.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000091; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"53vzxcnk6rwp.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000092; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"54-160-232-146.cprapid.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000093; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"5736365.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000094; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"5b0f6cb9-0485-4fc7-9775-eb74bb45bbf6.htmlcomponentservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000095; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"5e841ae2.srvr-cloudmail-srvr6765e7tg.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000096; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"613707.selcdn.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000097; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"61da8ae6.6u6566hrrthsh45.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000098; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"638ca12d-ba2f-451c-8418-faf56b7de7ff.htmlcomponentservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000099; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"6734365.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000100; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"67lksxgjd.bttmassage-thai-tanger.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000101; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"6a7zu9he6mqh.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000102; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"6c7f0acc.sibforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000103; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"6stupefacentevideo2022.pagedemo.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200000104; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"754675377.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000105; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"78.108.89.240"; content:"Host"; http_header; classtype:attempted-recon; sid:200000106; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"7837365.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000107; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"7a4298b9.sso-mail-secure234ds23d23wd1.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000108; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"7wr4u.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000109; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"7yu3v.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000110; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"8.215.32.173"; content:"Host"; http_header; classtype:attempted-recon; sid:200000111; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"859411.icu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000112; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"8760365.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000113; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"885211.icu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000114; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"889381.icu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000115; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"8899.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200000116; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"89ix7y0.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000117; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"92.rev.sfr.net.gghost.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000118; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"94183655229293686.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000119; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"98yiujh.9peop5jzad1945.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000120; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"9d62cfee-59b3-42a8-9542-4b3a32692792.htmlcomponentservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000121; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"9faf19faf1.virkrupaengg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000122; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"9ftytucsh4ph.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000123; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a.2827e82ca6640ef29594fb288383c901159970954a6ca74d562cd3aa.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000124; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a.insecurpage.recovery-safty.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000125; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a.mauofeg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000126; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a.mauofog.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000127; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000128; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a.snadc-oecddo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000129; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a0570626.xsph.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000130; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a4d3b42c.chgmar-d8y.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000131; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a71843c1.mailssocloud-srvr65e5rd.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000132; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"a894ec7f.46t33454t4.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000133; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aa.snadc-oecddo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000134; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aagamsteelcorporation.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000135; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aar.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000136; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"abeermultimediadesign.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000137; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"absaonline2021.website2.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000138; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"absolute-containers-sip.business.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200000139; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"absolutepleasure.com.my"; content:"Host"; http_header; classtype:attempted-recon; sid:200000140; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"acacia.webdevonline.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000141; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"account-recovery.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000142; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"account.herephyshy.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200000143; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"account.verifications.help-page.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000144; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"accounts-autoscout24.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200000145; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"acessobradesco.digital"; content:"Host"; http_header; classtype:attempted-recon; sid:200000146; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ach111.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000147; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"activate-hulu-com-activate.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000148; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"activatingmymainnet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000149; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"adamfeber.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000150; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"adcloudserver.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000151; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"admin-formserviceupdates.weeblysite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000152; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"administer-708aa.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000153; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"administraciondefincaspereznovo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000154; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"adorablepomskyhome.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000155; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"adpunemploymentclaims.sharefile.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000156; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"adsmarca.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000157; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ae.snadc-oecddo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000158; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"affixsports.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000159; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"afreemart.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000160; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"africansecrets.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200000161; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"agora.imb.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000162; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"agrimetiersmartinique.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000163; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"agurimu-nagoya.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000164; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ahhhh.pe.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000165; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ai.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000166; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aid-validation-human.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000167; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aimekidya-recpag.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000168; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"airbnb.book-space-b851927.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200000169; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"airportprescreening.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000170; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aitsidihamh.my-place.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200000171; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"akanksha3012.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000172; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aks34.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000173; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aksehirelittotel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000174; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aksjdkas.6icmtmbvlj5916.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000175; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aksjoeomraadet.no"; content:"Host"; http_header; classtype:attempted-recon; sid:200000176; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aktualizacja.jst.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000177; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"akun-peringatan03.webnode.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200000178; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alareentading-catalog.page.tl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000179; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"albel.intnet.mu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000180; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aldana.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000181; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alerts.department.improvement.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000182; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alexellis.gr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000183; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alexxou.website2.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000184; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"algotextil.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000185; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aliciabot.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000186; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alkhalilgraphics.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000187; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"allegrolokalnie-pl-3dsafe.id-43051.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000188; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"allegrolokalnie-pl-3dsafe.id-91501.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000189; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"allegrolokalnie-pl-3dseif.id-43051.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000190; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"allegrolokalnie-pl-safe.id-43051.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000191; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alliancesuper.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000192; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"almarjantours.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000193; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"almighty.edu.np"; content:"Host"; http_header; classtype:attempted-recon; sid:200000194; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alnajahh.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000195; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aloun.ps"; content:"Host"; http_header; classtype:attempted-recon; sid:200000196; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alphabnkgre.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000197; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alqadi.ps"; content:"Host"; http_header; classtype:attempted-recon; sid:200000198; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alquilervillora.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000199; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alsofft.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000200; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"alupi-frey.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000201; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amacez.jyrtery4.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000202; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amacredit.amacardpkey.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000203; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amaenv.fgasdfw6.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000204; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amaozn.ywcimei.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000205; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amaznllo.co.jp.amauioda.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000206; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazom.supesn.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000207; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazom.supwwe.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000208; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazomsse.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000209; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon-gcatech.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000210; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon-interruption.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000211; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon.co.jp.abaiaccounting.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000212; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon.gousana.casa"; content:"Host"; http_header; classtype:attempted-recon; sid:200000213; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon.logins-co.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200000214; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazon.works.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200000215; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazonhome.sfrmobiles.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000216; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazonjapsne.cf"; content:"Host"; http_header; classtype:attempted-recon; sid:200000217; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazonses.authflows.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000218; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amazoon.co.op.o4j.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000219; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amc-training.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000220; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amecmasmerd.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200000221; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ameozom.jp.onaworks.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000222; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"americanexpress-auth.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000223; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amguevara.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000224; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amhsd.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000225; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amidabuli.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000226; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amlnov7.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000227; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amnzma-jp.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000228; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amnzms1-jp.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000229; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amnzms4-jp.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000230; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amnzmsf-jp.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000231; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amnzmsn3-jp.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000232; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amoazom.rm82j6-t8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000233; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amonzau_co_take.ktbf.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000234; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amosleh.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000235; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amreeth.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000236; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amusebouche-bg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000237; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"amzcredit.dearva.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000238; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"an.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000239; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anandsr-dev.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000240; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anarchitecturestudio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000241; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anbn.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000242; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"andersonstrategic.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200000243; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"androapk.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000244; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"andromeda-manageer-association-27.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000245; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"angiofsi.page.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000246; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"angryezgames.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000247; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anhduongjsc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000248; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anj-azakp.run.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000249; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anjalijha167.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000250; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"annacatania.com.mt"; content:"Host"; http_header; classtype:attempted-recon; sid:200000251; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"anon-keep-admin-keep.rvsla.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000252; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ansr.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200000253; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aolmailukhelplinecustomerservice.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000254; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aolmailukhelplinecustomerservice.blogspot.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200000255; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aolverixon11dfd.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000256; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aolxperience.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000257; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"api-saisoncard-co-jp.md160.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000258; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"api-saisoncard-co-jp.o4ay8.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000259; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"api.florense.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000260; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"api.redirect-bentobot199.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000261; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"api.redirect-safebrowser-online.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000262; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aplintec.com.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200000263; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app-928e4a31-5ecb-44ae-8c1e-5a710ac73f9f.cleverapps.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000264; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app-bombcrypto-io-login-ab.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000265; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app.bydn217.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200000266; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app.duel.network"; content:"Host"; http_header; classtype:attempted-recon; sid:200000267; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app.fiiber.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200000268; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app.moneylinecreditcorporation.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000269; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app.skiff.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000270; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"app.sugarsync.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000271; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"appatualizecef.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000272; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"appibsolicitud.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000273; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"appleid-check.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200000274; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"applekra.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000275; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"applepichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000276; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"apply.aua.am"; content:"Host"; http_header; classtype:attempted-recon; sid:200000277; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"apps.mobile-form-verification40124572700208277579.xjzsg0tqkl-ewl6ngk8w352.p.runcloud.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000278; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aprilgagenesh.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000279; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aquaqualitas.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000280; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"arafathrumman.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000281; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"arcacg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000282; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"archivio-supporto.sitoper.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200000283; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"are.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000284; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"areueaom.gtpzcve.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000285; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"areueaom.gtva.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000286; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"arif.com.bd"; content:"Host"; http_header; classtype:attempted-recon; sid:200000287; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aromatic.webenliven.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000288; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"arthamahotels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000289; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"artlux.com.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000290; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"arub-service.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000291; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aruba.fatt.ids-sys.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000292; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"as.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000293; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"as.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000294; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asaipestcontrol.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000295; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ascom.co.tz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000296; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asd.9sw53wk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000297; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asdxa.p2x11pi.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000298; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asgard-ampqy.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000299; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asimpwsh.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000300; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asistentetramitadordigitalda.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000301; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"askarmotorluaraclar.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000302; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"asrefanavary.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000303; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"at-t-support-service1.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000304; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"at-t-yahoo.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000305; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"atento-fdi.plusoftomni.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000306; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ativacao-online73681.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000307; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"atlanticeconcrete.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000308; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"atnr76dxku336szy.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000309; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"att556.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000310; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"att87.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000311; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"attinfoser.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000312; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"attonlinemanagementpage.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000313; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"attonlineuserverification.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000314; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"attpage1121.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000315; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"atualizacao-online547864.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000316; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"atualizarmodolo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000317; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"atulrathore-dev.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000318; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"auid-japan.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000319; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aurumship.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000320; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"aushotel.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200000321; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"auth-task1-m.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000322; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"auth-webmailakeonetcom.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000323; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"auth.topgamers.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000324; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"authent54-sedure32.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000325; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"authorize-trustvallet-protocol.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000326; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"authorizewallet.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000327; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"authuxeehmutconjxmailssocl.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000328; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"authxntico.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200000329; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"autodiscover.ryder-dutton.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000330; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"autoexprs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000331; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"autoranplususeremailprocessingupdate.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000332; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"autoscurt24.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200000333; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"autumn-sun-4a21.paqesads-scure.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000334; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"avelocidad.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000335; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"avrorganics.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000336; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"awesome-gates-8bdd6f.netlify.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000337; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ax.xiguw.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000338; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"axieinfinity-supportwallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000339; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"axlr.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000340; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ayushenterprise.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000341; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"az.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000342; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"azb3s.cf"; content:"Host"; http_header; classtype:attempted-recon; sid:200000343; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"azmznonos_co_long.akys.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000344; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"b.com.0cdb6084fc320a42a6418192753f5960.laremolonarestaurante.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000345; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"b059c86968a6427389952025bcee9886.svc.dynamics.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000346; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"b4e921f0.sso-mailsrvr-4344e5teed.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000347; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"b96f7f93.sibforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000348; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"b97bca39.srvr-cloudmail-srvr6754e5rte.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000349; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bacteralia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000350; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bag-macben.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000351; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bakhai.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000352; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"balajihospital.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000353; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"balalabala090.diskstation.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000354; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bamarfoundation.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000355; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"banca-electronica1.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000356; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaenlineal-interbark2.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000357; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporinternet-interbark.pcriot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000358; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporinternet.interban.pe.magictourscancun.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000359; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporinternet.interbrnpe.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000360; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporinternet.lnterbank.pronductos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000361; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporinternetinterbank.pe-promocion.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000362; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporintrnet.interbnkperu.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200000363; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporlnternetlnterbarnk.dominandoagestao.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000364; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporlnternetlnterbarnk.infinitegoldjewelry.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000365; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporlnternetlnterbarnk.jifad.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000366; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancaporlnternetlnterbarnk.libertycanais.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000367; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancoiinng.site44.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000368; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bancooccidentalb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000369; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bankapolska.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000370; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"banki0wa.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200000371; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bankocaoffo.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000372; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bankofamer86.ddns.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000373; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bannerbank.control-inc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000374; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bannerchampnyc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000375; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"banproseguridadasistenteenlineanic.webnode.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200000376; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"baradua.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200000377; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"barbecuef.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000378; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"battlelastmont.cyou"; content:"Host"; http_header; classtype:attempted-recon; sid:200000379; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bc1.paiementervice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000380; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bconclutmjy.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000381; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bcp-marketing.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000382; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bcpzonaseguirabeta.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000383; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-home.web.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200000384; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bearmybrand.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000385; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"beast-blog.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000386; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"beccu07.zzux.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000387; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"beijing.vfzfy1v.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000388; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"belovedaroma.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000389; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bendmytrend.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000390; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"berketurizm.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000391; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"beupdatedmust.pricesrakutenlogin.buzz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000392; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bexwebmailupdate.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000393; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"beyondsmiles.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000394; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bghgcd.psuxscm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000395; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bharathi1809.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000396; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhavin0077.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000397; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhddf.uwe6ui0.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000398; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhdf.bdc9985.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000399; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhdf.ryhk63.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000400; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhdf.t18v2kr.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000401; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhdf.y0ai5w8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000402; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhgcd.8h391um.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000403; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhgcxz.00e5gfu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000404; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhgd.48ud0ez.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000405; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhgdd.qlljdgs.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000406; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhgxa.eo76sni.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000407; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhhcd.9bzuw49.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000408; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhhxaa.123qi7b.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000409; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhxas.rb0xts7.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000410; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bhxdd.2hllf8x.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000411; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bicicentroslezama.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000412; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"biedronka-news.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000413; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"biedronka-news.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200000414; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"biedronkainvest.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000415; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bienlinea.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000416; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bijoycity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000417; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bilacintatakk.institute-pagess.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000418; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bilasajaterjadii.institute-pagess.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000419; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"billingfailure-o2.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000420; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bioenergyevitalite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000421; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"birlacitywaterpark.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000422; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bisanew.20931.repl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200000423; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"biswap.fm"; content:"Host"; http_header; classtype:attempted-recon; sid:200000424; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"biswapdapp.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000425; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bitbaink.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000426; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bitflye87.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000427; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bitflyerfr.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200000428; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bithunnb.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000429; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bitmexinc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000430; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bitso.cm"; content:"Host"; http_header; classtype:attempted-recon; sid:200000431; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bitsrflyer.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000432; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bizlinktek.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000433; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bizzcityinfo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000434; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blanchevetements.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000435; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blllsoth.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000436; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blockchain-fix.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000437; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blockchainwallet-tool.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000438; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blocks.rn86.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000439; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blog.booxium.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000440; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blog.drmostafafouadivf.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000441; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blog.storrea.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000442; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blog.visionconsulting.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200000443; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blog.weiwanjia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000444; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blowfish-ltd.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000445; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"blslightinginc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000446; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bmcporlnternet.lnterbamkpe.extracaslh.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000447; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bn-seguridadperu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000448; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bnconacional.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000449; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bncre.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000450; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bncxz.9wx9b27.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000451; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bndigitalpersonas.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000452; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"boaupdate.bfaoscr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000453; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bogdonovlerer.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000454; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bogged-finance.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000455; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"boi.365online-replacement.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000456; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"boke4-indonesia-2022a7whatsapp.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000457; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bokep-virall-sange33.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000458; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bokgabanesolutions.co.za"; content:"Host"; http_header; classtype:attempted-recon; sid:200000459; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bold-lichterman.45-81-232-15.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200000460; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bookfbs.evangsamuelministries.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000461; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"boxes.com.py"; content:"Host"; http_header; classtype:attempted-recon; sid:200000462; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"br4.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000463; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"br622.teste.website"; content:"Host"; http_header; classtype:attempted-recon; sid:200000464; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"breople.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000465; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-forrunning.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000466; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-justforjogging.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000467; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-move.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000468; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-ooke.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000469; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-runfarther.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000470; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-xsdaodab.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000471; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-xsdauofc.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000472; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks-xsgdfaja.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000473; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooks1984.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200000474; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksair.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000475; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksale.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000476; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksboom.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000477; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksdiscount.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000478; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksnewmethod.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000479; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksnewsports.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000480; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksprime.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000481; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksrevel.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000482; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksrunble.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000483; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksrunshoeshopping.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000484; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brooksshopsft.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000485; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"brookssoft.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200000486; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bruno-genthial.mykajabi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000487; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bt-108665.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200000488; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btbusinessbilling.wordpress.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000489; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btclickpreview365pdf.1msite.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000490; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btconnect-109798.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200000491; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btconnectfilesecurebthomelogindropboxinupdatetdropboxpdf-logss.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000492; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btconnectfilesecurebthomelogindropboxlinkupdatetdropboxpdf-logs.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000493; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btconnectfilesecurebthomeloginpdropboxupdatepdf-logsssss-websit.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000494; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btconnectfilesecurebthomesloginpdropboxupdatepdf-logsssss-websi.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000495; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bthak.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000496; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"btinfoldddasasa.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000497; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bttelecommunicatiiion.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000498; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"budrimon.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000499; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"builmon.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000500; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bujikena.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000501; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"bundel-cobragratis2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000502; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"busanopen.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000503; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-action-page129591.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000504; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-appeal-copyright8211.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000505; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-appeal-form-18222.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000506; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-copyright-alert100821.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000507; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-copyright-alert198082.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000508; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-copyright-alert19882.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000509; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-copyright-detected920.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000510; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-required-helpcenter82.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000511; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"business-required-info188221.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000512; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"businessemailss.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000513; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"buyelectronicsnyc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000514; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c.curiousmorty.be"; content:"Host"; http_header; classtype:attempted-recon; sid:200000515; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c.jardindemiedo.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200000516; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c.loveawaits.be"; content:"Host"; http_header; classtype:attempted-recon; sid:200000517; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c.mail.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000518; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c0m-r51znzlh8i.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000519; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c1christine.tjelmeland2e.cso.gov.tt"; content:"Host"; http_header; classtype:attempted-recon; sid:200000520; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c2dc5b99.chgmar.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000521; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"c6ebv708.caspio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000522; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cabsiler.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000523; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cache.nebula.phx3.secureserver.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000524; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cadeau-orange.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000525; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caixabanki.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000526; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caixaseguradora.quadientcloud.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000527; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cakesbyannemotha.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000528; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cammymiller.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000529; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"canadapost.reschedule.online.portal.services.parcel01868972.mh-group.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000530; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cann-life.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000531; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cannellandcoflooring.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000532; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"capservice.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200000533; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caracasmateriais.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000534; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"carpediemxp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000535; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"carservicessaupdate.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000536; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cartamorin-geometres.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000537; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"carwash.tv"; content:"Host"; http_header; classtype:attempted-recon; sid:200000538; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"casbygroup.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000539; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caseforpage1003496539563.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000540; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"catalogue-orange.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000541; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cateringfoodanddrinksupplies777.business.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200000542; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"catus.cat"; content:"Host"; http_header; classtype:attempted-recon; sid:200000543; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caycos.beispielseite-wmka.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200000544; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"caymanreno.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000545; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cbmonlinegroups.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000546; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cc.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000547; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cc23674.tmweb.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000548; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ccjrlaw.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000549; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cdas.nxzigco.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000550; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cdsoa.wuefyta.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000551; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ce33312.tmweb.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000552; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cekpointfacebook.wixsite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000553; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"celikoglumakina.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000554; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cellfunworld.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000555; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cema-fossano.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200000556; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"centralconsulta.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000557; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"centre1.bubbleapps.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000558; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ceresgulf.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000559; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"certifica-montepaschii.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000560; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"charitascb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000561; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"charperimagedesign.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000562; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chat-whatasapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000563; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chat-whatsaap99.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000564; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chat-whatsapp-com-go8i7q-qregrabc-ibuxub.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000565; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chat-whatsapp-grupo-invitacion.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000566; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chat-whatsapp-gscfghjsgsu.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000567; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill1.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000568; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill10.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000569; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill11.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000570; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill12.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000571; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill13.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000572; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill14.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000573; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill15.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000574; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill17.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000575; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill18.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000576; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill19.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000577; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill2.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000578; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill20.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000579; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill21.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000580; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill22.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000581; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill23.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000582; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill24.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000583; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill25.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000584; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill3.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000585; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill4.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000586; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill5.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000587; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill6.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000588; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill7.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000589; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill8.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000590; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chckmaill9.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000591; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"checkkeyvip.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000592; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"checkverifymyatt.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000593; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chefsenaccion.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000594; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chikkuthomas.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000595; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chinmayavidyalayarspuram.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000596; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chiragrajoria.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000597; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chois.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200000598; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"christienstudystl.wixsite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000599; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"christmas-dhl-express-delvr.hopekosmos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000600; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chronopostaws.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000601; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chtbnk.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000602; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"chutomen.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000603; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cinemaleftech.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000604; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"citagestionenlineabn.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000605; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"city-of-jazz.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200000606; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ckwgruppe.service-now.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000607; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claiimdiamondgratis84.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000608; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claim-event-freefire-garena-oldfree-a4.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000609; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claim-skingratis-mobailegends161.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000610; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claims-funds-enczj.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000611; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claimseventmlbb.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000612; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claimshopee.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000613; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claro-link.brsafe.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000614; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"claus.bz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000615; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"click-here-help.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000616; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"client-support-page.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000617; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"clientid-h5p8n7f9e6fbmkhbr3i4gbnia7e9zpts4nbk3ebk0zj625t2ol.website.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000618; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"clientid-ij66191jgbm96ujp40bz1gzmpc8iquhoff3ocmbrzs6g5i89t0.website.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000619; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"clients.devtux.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000620; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"clone-7473c.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000621; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"closingdocs9480.myportfolio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000622; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cloud-object-storage-o9-cos-static-web-hocsx2.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000623; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cloud.go4clients.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000624; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cloud102.hostgator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000625; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"clouddoc-authorize.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000626; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cloudflare-rbnuo.run.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000627; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cloudshare-account-auth.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000628; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cloudtracker.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000629; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"club.quomodo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000630; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"clubeamigosdopedrosegundo.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000631; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cms.time-investments.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000632; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cnbxa.1of2o6k.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000633; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cner283829.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000634; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cninflables.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000635; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.azoynfq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000636; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.bh1fgg1.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000637; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.bzkgfzj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000638; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.clblrvh.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000639; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.csfknas.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000640; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.daailrf.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000641; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.eiatphe.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000642; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.fjzzgxx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000643; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.fxdwtxc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000644; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.ghemivv.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000645; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.hivbdco.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000646; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.iiaqjrp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000647; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.rkrabsk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000648; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.rqqidd.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000649; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.rukbcga.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000650; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.sefdvsi.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000651; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.tezkkbp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000652; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"co.jp.ztxzzup.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000653; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cobaincurlduluom.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000654; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"codwarzonemobile.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000655; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"coindappsync.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200000656; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000657; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"collab-land.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000658; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"collabland.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200000659; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"collablandfi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000660; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"colorfastinv.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000661; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"com-3z9m3j9qhp.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000662; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"com-4tfgonrlym.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000663; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"com-dnq84vac.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000664; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"com-h3v9t9zycu.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000665; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"com-l5tpetwb.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000666; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"com-mm2ai86orr.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000667; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"com-r51znzlh8i.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000668; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"com-sauuvazpjo.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000669; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"com-ugsyk69nqb.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200000670; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"community.fb-pages-01138913366342885284.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000671; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"community.fb-pages-28202553629866144006.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000672; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"community.fb-pages-44883444930165123303.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000673; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"completeegali.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000674; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"completeyorcorp.lunsrgovert.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000675; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"comunicazione-europe.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000676; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"comunity-isue-ideent-andromeda-29.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000677; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"comunity-isue-ideent-andromeda-33.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000678; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"con-firma.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000679; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"congresosba.com.ar"; content:"Host"; http_header; classtype:attempted-recon; sid:200000680; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"conhecaonlinedigital.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000681; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"connect.au-login.0662smt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000682; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"connect.auone.jp-login.kddi-sys.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000683; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"connect.myauone.jp-auid.jp-auid.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000684; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"connect.myauone.jp-auid.kddi-mail.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000685; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"connectlivewallet.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000686; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"connectwallet.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000687; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"conoscofaturahiiiper.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000688; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"contabilidaderabello.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000689; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"contact2acceptpoilcyverifingyouracceptancemailfullinbox.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000690; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"contapessoal.digital"; content:"Host"; http_header; classtype:attempted-recon; sid:200000691; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"content.av1.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200000692; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"content.edgerockwealth.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000693; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"content.meetmagic.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000694; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"continentepecas.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000695; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"contratodeparceria.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000696; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"controlpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000697; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"copyright-center-live.ml"; content:"Host"; http_header; classtype:attempted-recon; sid:200000698; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"coroplastusa.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000699; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"correosdemexico-web.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000700; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"corta.ai"; content:"Host"; http_header; classtype:attempted-recon; sid:200000701; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cosemu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000702; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cottonwooddentalg.nimbusweb.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000703; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"courtcase.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200000704; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"covid-foyyn.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000705; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cox0.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000706; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cp.digitalprocurements.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000707; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cp45362.tmweb.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000708; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cpanel10wh.bkk1.cloud.z.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000709; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cr24185.tmweb.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000710; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"crackfreekey.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000711; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cranetech.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000712; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"creatorsverificationandsafetybusiness.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200000713; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"credcloud-object-storage-o9-cos-static-web-hocsd3d.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000714; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"credicorp-capital.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000715; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"credicorpfiduciariasa.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000716; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"credifinanciera.didacsis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000717; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"crediserfinanza.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000718; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"creditagricole-sudrhonealpes.blogspot.ba"; content:"Host"; http_header; classtype:attempted-recon; sid:200000719; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"creditagricole-sudrhonealpes.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000720; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"creditagricole-sudrhonealpes.blogspot.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200000721; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"creditinternationalbank.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000722; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"creditiperhabbogratissicuro100.blogspot.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200000723; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cresvin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000724; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"criticalcarevizag.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000725; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"crrdxwjap7t.typeform.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000726; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cryptocars-plays.buzz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000727; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cryptocarsme.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000728; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cryptscars-logs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000729; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cryqtocars.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000730; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cuans.bkaamiv.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000731; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"currentlyupgrade.mystrikingly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000732; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cusnas.366wuv.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000733; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cxas.bvd2q18.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000734; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cxas.zk6w4dt.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000735; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cxasd.easghbl.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000736; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cxmnsa.04frh0w.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000737; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cxnbas.nmkbmqk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000738; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cxuahs.1wc9bxm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000739; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cyna.rkpmage.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000740; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"cyqsnwx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000741; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"czechposta-cz.cz.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000742; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"czvon.4fan.cz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000743; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"czxasd.3ot975v.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000744; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"d.app32150.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000745; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"d18gc1ytkdv37u.cloudfront.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000746; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"d2aae6a6.srvr-cloudmail-srvr675eu6r.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000747; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"d3ncuwwrr82.typeform.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000748; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"daatahomes.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000749; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dadafa88.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000750; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"damp-f43e.recovery-page-secur.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000751; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"danitraseoexperts.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000752; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dappconnecttvalidator.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000753; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dapponlines.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000754; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dappscoins.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000755; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dappsiconnect.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000756; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dappsmainnetverify.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000757; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dappswalletapp.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000758; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dappswalletliveauthenticate.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000759; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dasd.atio2tq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000760; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"date-on-14-01.totaltrackingimproveupscanada.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000761; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"datos-pichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000762; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"davidshopeaz.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000763; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"daycoval.contrato.srv.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000764; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"daycoval.facildepagar.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000765; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"db-web-client.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000766; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dbesmdcjzturhizszllesbthsn-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000767; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dbkuzwes.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200000768; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dbs.limited"; content:"Host"; http_header; classtype:attempted-recon; sid:200000769; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dbs.online.webdbslistinonline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000770; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dbs.webdbslistinonline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000771; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dbw.gr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000772; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dcm1.ae.iwc.static.tungmung.co.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200000773; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dd90001.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000774; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"de.eurohome.civ.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000775; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"de22c9kukppr.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000776; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"deactivemsnon-8k98-l9k8-98j8-98j78u.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000777; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"deborahholland.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000778; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"debuil.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200000779; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"declicgestion.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200000780; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"decorcenter.com.pe"; content:"Host"; http_header; classtype:attempted-recon; sid:200000781; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dejpaad.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000782; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"delacproperties.com.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200000783; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"delezhen.mashalezhen.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000784; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"delhiescort69.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000785; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"deltaairlinecourier.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000786; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"demallplot-tra.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000787; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"demiregalos.com.ar"; content:"Host"; http_header; classtype:attempted-recon; sid:200000788; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"demo.bradescocontrol.vertitecnologia.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000789; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"demo2.cloudwp.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000790; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"denuihuongson.com.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000791; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"deportesartiza.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000792; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"deregister-lbpayee.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000793; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"desejoourocard.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200000794; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"desidiatech.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000795; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"designerlakehouse.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000796; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"desksellcompany.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000797; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"destinationth.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000798; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"deutsche-post.apurvathespygenesh.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000799; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dev-nadaj.orlenpaczka.ce5.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000800; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dev-secu-credit-union.pantheonsite.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000801; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dev-www.orlenpaczka.ce5.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000802; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dev.massageliabilityinsurancegroup.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000803; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dev.shivaxi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000804; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"devicepichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000805; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"devops.help"; content:"Host"; http_header; classtype:attempted-recon; sid:200000806; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dfscord-app.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200000807; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dgi.is"; content:"Host"; http_header; classtype:attempted-recon; sid:200000808; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dgmepunjab.gov.pk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000809; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dgsh2ws45.lovestoblog.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000810; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dhanushr24.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200000811; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dhl-event.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000812; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dhl.recruitmentplatform.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000813; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"diamondplate.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200000814; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"die-post-swiss-id-19782635812.psd2any.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000815; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"diepost-paketevhost207932.lowhost.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200000816; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"diginto.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200000817; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"diligentverify.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000818; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"directqpuprozaakp.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000819; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dirtyez.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000820; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"disccrdapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000821; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"disckord.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200000822; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"discoord-nittro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000823; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"discordbugs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000824; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"discordnitroos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000825; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"discrods.gift"; content:"Host"; http_header; classtype:attempted-recon; sid:200000826; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dispositivoapp.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200000827; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"distinctivei.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000828; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"distrial.ec"; content:"Host"; http_header; classtype:attempted-recon; sid:200000829; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"divinasoutfit.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200000830; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"djfh.wmfc241.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200000831; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dkb-info.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000832; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dkbtan07.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000833; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dke060122.page.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200000834; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dkglobaljobs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000835; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dl.9xu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000836; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dlink.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200000837; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dmaxpesca.com.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200000838; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"doclab-console-auth.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000839; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"docs-verify-c671.thajetiase.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200000840; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"docs.revv.so"; content:"Host"; http_header; classtype:attempted-recon; sid:200000841; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"docsharex-authorize.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200000842; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"docuservice.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200000843; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"docusign-lnc.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200000844; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domaincontroller.pmeimg.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200000845; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa100.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000846; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa101.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000847; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa102.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000848; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa103.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000849; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa104.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000850; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa105.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000851; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa108.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000852; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa109.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000853; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa110.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000854; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa111.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000855; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa112.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000856; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa113.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000857; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa114.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000858; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa115.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000859; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa116.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000860; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa117.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000861; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa118.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000862; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa119.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000863; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa122.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000864; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa123.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000865; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa124.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000866; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa126.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000867; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa127.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000868; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa128.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000869; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa129.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000870; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa13.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000871; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa130.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000872; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa131.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000873; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa132.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000874; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa134.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000875; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa135.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000876; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa136.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000877; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa137.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000878; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa139.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000879; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa14.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000880; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa142.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000881; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa143.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000882; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa144.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000883; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa145.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000884; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa146.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000885; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa148.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000886; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa149.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000887; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa150.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000888; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa152.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000889; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa153.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000890; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa155.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000891; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa156.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000892; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa158.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000893; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa159.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000894; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa160.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000895; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa161.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000896; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa162.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000897; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa163.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000898; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa164.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000899; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa166.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000900; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa167.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000901; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa168.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000902; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa169.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000903; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa171.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000904; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa172.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000905; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa173.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000906; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa174.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000907; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa176.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000908; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa178.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000909; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa179.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000910; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa18.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000911; rev:1;)
@@ -922,4415 +922,4235 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa182.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000914; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa183.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000915; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa184.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000916; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa185.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000917; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa186.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000918; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa187.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000919; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa188.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000920; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa189.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000921; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa19.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000922; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa190.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000923; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa191.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000924; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa193.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000925; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa194.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000926; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa195.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000927; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa196.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000928; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa197.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000929; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa198.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000930; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa199.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000931; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa20.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000932; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa200.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000933; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa201.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000934; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa202.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000935; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa203.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000936; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa204.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000937; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa205.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000938; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa206.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000939; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa207.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000940; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa208.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000941; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa209.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000942; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa21.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000943; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa210.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000944; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa211.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000945; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa212.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000946; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa213.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000947; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa214.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000948; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa215.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000949; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa216.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000950; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa217.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000951; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa218.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000952; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa219.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000953; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa220.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000954; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa221.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000955; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa222.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000956; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa223.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000957; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa224.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000958; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa225.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000959; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa226.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000960; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa227.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000961; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa228.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000962; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa229.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000963; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa230.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000964; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa231.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000965; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa232.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000966; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa233.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000967; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa234.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000968; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa235.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000969; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa237.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000970; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa238.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000971; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa239.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000972; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa240.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000973; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa241.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000974; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa242.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000975; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa243.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000976; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa244.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000977; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa245.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000978; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa246.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000979; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa247.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000980; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa248.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000981; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa249.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000982; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa25.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000983; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa250.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000984; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa251.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000985; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa252.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000986; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa253.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000987; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa254.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000988; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa255.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000989; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa256.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000990; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa257.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000991; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa258.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000992; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa259.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000993; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa26.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000994; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa260.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000995; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa261.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000996; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa262.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000997; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa263.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000998; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa264.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000999; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa265.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001000; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa266.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001001; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa267.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001002; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa268.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001003; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa269.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001004; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa270.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001005; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa271.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001006; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa272.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001007; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa273.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001008; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa274.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001009; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa275.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001010; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa276.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001011; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa277.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001012; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa278.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001013; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa279.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001014; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa280.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001015; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa281.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001016; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa282.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001017; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa283.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001018; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa284.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001019; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa285.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001020; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa286.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001021; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa287.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001022; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa289.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001023; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa29.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001024; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa290.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001025; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa292.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001026; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa293.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001027; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa294.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001028; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa295.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001029; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa296.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001030; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa297.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001031; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa298.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001032; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa299.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001033; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa30.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001034; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa300.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001035; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa301.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001036; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa302.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001037; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa303.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001038; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa304.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001039; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa305.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001040; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa306.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001041; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa307.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001042; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa308.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001043; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa309.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001044; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa31.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001045; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa310.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001046; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa311.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001047; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa312.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001048; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa313.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001049; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa314.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001050; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa315.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001051; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa316.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001052; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa317.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001053; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa318.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001054; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa319.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001055; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa32.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001056; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa320.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001057; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa321.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001058; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa322.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001059; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa323.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001060; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa324.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001061; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa325.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001062; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa326.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001063; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa327.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001064; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa328.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001065; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa329.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001066; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa33.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001067; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa330.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001068; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa331.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001069; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa332.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001070; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa333.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001071; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa334.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001072; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa335.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001073; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa336.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001074; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa337.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001075; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa338.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001076; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa339.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001077; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa34.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001078; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa340.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001079; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa341.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001080; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa342.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001081; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa343.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001082; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa344.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001083; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa345.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001084; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa346.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001085; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa347.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001086; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa348.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001087; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa35.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001088; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa350.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001089; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa351.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001090; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa352.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001091; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa353.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001092; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa354.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001093; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa355.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001094; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa356.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001095; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa357.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001096; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa358.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001097; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa359.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001098; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa36.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001099; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa360.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001100; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa361.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001101; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa362.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001102; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa363.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001103; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa364.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001104; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa365.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001105; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa367.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001106; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa368.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001107; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa369.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001108; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa37.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001109; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa370.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001110; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa371.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001111; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa372.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001112; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa373.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001113; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa374.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001114; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa375.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001115; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa376.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001116; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa377.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001117; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa378.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001118; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa379.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001119; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa38.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001120; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa380.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001121; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa381.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001122; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa382.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001123; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa383.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001124; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa384.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001125; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa385.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001126; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa386.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001127; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa387.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001128; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa388.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001129; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa389.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001130; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa39.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001131; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa390.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001132; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa391.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001133; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa392.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001134; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa393.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001135; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa394.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001136; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa395.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001137; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa396.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001138; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa397.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001139; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa398.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001140; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa40.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001141; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa400.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001142; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa401.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001143; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa402.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001144; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa403.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001145; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa404.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001146; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa405.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001147; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa406.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001148; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa407.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001149; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa408.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001150; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa409.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001151; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa41.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001152; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa410.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001153; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa411.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001154; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa412.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001155; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa413.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001156; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa414.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001157; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa415.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001158; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa416.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001159; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa417.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001160; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa418.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001161; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa419.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001162; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa42.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001163; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa420.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001164; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa421.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001165; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa422.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001166; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa423.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001167; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa424.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001168; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa425.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001169; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa426.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001170; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa427.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001171; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa428.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001172; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa429.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001173; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa43.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001174; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa430.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001175; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa431.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001176; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa432.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001177; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa433.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001178; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa434.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001179; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa435.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001180; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa436.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001181; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa437.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001182; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa438.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001183; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa439.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001184; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa44.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001185; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa440.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001186; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa441.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001187; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa442.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001188; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa443.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001189; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa444.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001190; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa445.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001191; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa446.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001192; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa447.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001193; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa448.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001194; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa449.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001195; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa45.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001196; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa450.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001197; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa451.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001198; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa452.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001199; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa453.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001200; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa454.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001201; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa455.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001202; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa456.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001203; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa457.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001204; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa458.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001205; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa459.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001206; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa46.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001207; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa460.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001208; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa461.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001209; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa462.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001210; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa463.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001211; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa464.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001212; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa465.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001213; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa466.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001214; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa467.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001215; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa468.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001216; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa469.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001217; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa47.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001218; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa470.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001219; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa471.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001220; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa472.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001221; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa473.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001222; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa474.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001223; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa475.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001224; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa476.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001225; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa477.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001226; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa478.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001227; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa479.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001228; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa480.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001229; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa481.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001230; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa482.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001231; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa483.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001232; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa484.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001233; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa485.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001234; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa486.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001235; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa487.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001236; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa488.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001237; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa489.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001238; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa49.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001239; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa490.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001240; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa491.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001241; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa492.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001242; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa493.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001243; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa494.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001244; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa495.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001245; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa496.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001246; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa497.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001247; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa498.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001248; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa499.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001249; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa50.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001250; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa500.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001251; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa501.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001252; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa502.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001253; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa503.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001254; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa504.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001255; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa505.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001256; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa506.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001257; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa507.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001258; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa508.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001259; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa509.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001260; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa51.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001261; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa510.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001262; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa511.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001263; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa513.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001264; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa514.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001265; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa515.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001266; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa516.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001267; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa517.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001268; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa518.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001269; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa519.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001270; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa52.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001271; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa520.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001272; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa521.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001273; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa522.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001274; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa523.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001275; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa524.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001276; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa525.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001277; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa526.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001278; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa527.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001279; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa528.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001280; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa529.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001281; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa53.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001282; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa530.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001283; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa531.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001284; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa532.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001285; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa533.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001286; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa534.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001287; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa535.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001288; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa536.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001289; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa537.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001290; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa538.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001291; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa539.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001292; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa54.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001293; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa540.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001294; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa541.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001295; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa542.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001296; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa543.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001297; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa544.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001298; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa545.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001299; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa546.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001300; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa547.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001301; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa548.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001302; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa549.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001303; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa550.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001304; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa551.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001305; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa552.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001306; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa553.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001307; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa554.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001308; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa555.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001309; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa556.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001310; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa557.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001311; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa558.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001312; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa559.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001313; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa56.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001314; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa560.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001315; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa561.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001316; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa562.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001317; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa563.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001318; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa564.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001319; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa565.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001320; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa566.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001321; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa567.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001322; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa568.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001323; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa569.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001324; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa57.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001325; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa570.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001326; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa571.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001327; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa572.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001328; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa573.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001329; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa574.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001330; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa575.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001331; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa576.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001332; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa577.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001333; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa578.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001334; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa579.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001335; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa58.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001336; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa580.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001337; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa581.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001338; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa582.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001339; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa583.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001340; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa584.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001341; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa585.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001342; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa586.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001343; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa587.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001344; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa588.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001345; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa589.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001346; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa59.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001347; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa590.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001348; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa591.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001349; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa592.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001350; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa593.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001351; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa594.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001352; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa595.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001353; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa596.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001354; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa597.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001355; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa598.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001356; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa599.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001357; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa60.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001358; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa600.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001359; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa601.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001360; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa602.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001361; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa603.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001362; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa604.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001363; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa605.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001364; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa606.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001365; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa607.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001366; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa608.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001367; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa609.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001368; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa61.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001369; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa610.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001370; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa611.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001371; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa612.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001372; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa613.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001373; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa614.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001374; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa615.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001375; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa616.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001376; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa617.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001377; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa618.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001378; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa619.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001379; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa62.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001380; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa620.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001381; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa621.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001382; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa622.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001383; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa623.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001384; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa624.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001385; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa625.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001386; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa626.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001387; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa627.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001388; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa628.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001389; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa629.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001390; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa63.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001391; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa630.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001392; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa631.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001393; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa632.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001394; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa633.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001395; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa634.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001396; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa635.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001397; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa636.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001398; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa637.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001399; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa638.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001400; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa639.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001401; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa64.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001402; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa640.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001403; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa641.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001404; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa642.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001405; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa643.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001406; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa644.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001407; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa645.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001408; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa646.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001409; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa647.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001410; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa648.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001411; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa649.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001412; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa65.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001413; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa650.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001414; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa651.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001415; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa652.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001416; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa653.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001417; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa654.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001418; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa655.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001419; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa656.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001420; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa657.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001421; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa658.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001422; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa659.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001423; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa66.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001424; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa660.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001425; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa661.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001426; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa662.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001427; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa663.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001428; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa664.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001429; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa665.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001430; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa666.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001431; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa667.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001432; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa668.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001433; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa669.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001434; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa67.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001435; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa670.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001436; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa671.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001437; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa672.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001438; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa673.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001439; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa674.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001440; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa675.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001441; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa676.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001442; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa677.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001443; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa678.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001444; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa679.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001445; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa68.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001446; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa680.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001447; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa681.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001448; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa682.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001449; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa683.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001450; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa684.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001451; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa685.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001452; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa686.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001453; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa687.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001454; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa688.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001455; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa689.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001456; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa69.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001457; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa690.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001458; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa691.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001459; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa692.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001460; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa693.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001461; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa694.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001462; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa695.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001463; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa696.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001464; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa697.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001465; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa698.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001466; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa699.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001467; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa70.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001468; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa700.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001469; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa701.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001470; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa702.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001471; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa703.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001472; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa704.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001473; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa705.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001474; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa706.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001475; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa707.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001476; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa708.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001477; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa709.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001478; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa71.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001479; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa710.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001480; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa711.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001481; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa712.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001482; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa713.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001483; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa714.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001484; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa715.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001485; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa716.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001486; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa717.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001487; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa718.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001488; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa719.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001489; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa72.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001490; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa720.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001491; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa721.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001492; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa722.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001493; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa723.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001494; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa724.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001495; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa725.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001496; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa726.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001497; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa727.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001498; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa728.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001499; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa729.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001500; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa73.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001501; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa730.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001502; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa731.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001503; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa732.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001504; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa733.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001505; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa734.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001506; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa735.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001507; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa736.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001508; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa737.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001509; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa738.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001510; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa739.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001511; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa74.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001512; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa740.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001513; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa741.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001514; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa742.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001515; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa743.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001516; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa744.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001517; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa745.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001518; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa746.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001519; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa747.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001520; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa748.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001521; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa749.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001522; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa75.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001523; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa750.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001524; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa751.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001525; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa752.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001526; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa753.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001527; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa754.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001528; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa755.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001529; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa756.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001530; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa757.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001531; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa758.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001532; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa759.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001533; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa76.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001534; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa760.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001535; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa761.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001536; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa762.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001537; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa763.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001538; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa764.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001539; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa765.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001540; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa766.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001541; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa767.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001542; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa768.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001543; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa769.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001544; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa77.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001545; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa770.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001546; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa771.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001547; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa772.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001548; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa773.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001549; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa774.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001550; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa775.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001551; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa776.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001552; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa777.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001553; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa778.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001554; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa779.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001555; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa78.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001556; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa780.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001557; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa781.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001558; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa782.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001559; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa783.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001560; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa784.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001561; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa785.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001562; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa786.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001563; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa787.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001564; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa788.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001565; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa789.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001566; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa79.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001567; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa790.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001568; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa791.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001569; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa792.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001570; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa793.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001571; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa794.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001572; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa795.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001573; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa796.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001574; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa797.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001575; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa798.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001576; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa799.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001577; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa80.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001578; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa800.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001579; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa801.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001580; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa802.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001581; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa803.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001582; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa804.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001583; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa806.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001584; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa807.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001585; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa808.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001586; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa809.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001587; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa81.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001588; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa810.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001589; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa811.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001590; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa812.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001591; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa813.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001592; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa814.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001593; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa815.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001594; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa816.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001595; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa817.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001596; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa818.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001597; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa819.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001598; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa82.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001599; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa820.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001600; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa821.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001601; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa822.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001602; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa823.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001603; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa824.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001604; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa825.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001605; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa826.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001606; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa827.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001607; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa828.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001608; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa829.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001609; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa83.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001610; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa830.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001611; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa831.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001612; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa832.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001613; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa833.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001614; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa834.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001615; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa835.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001616; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa836.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001617; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa837.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001618; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa838.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001619; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa839.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001620; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa84.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001621; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa840.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001622; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa841.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001623; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa842.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001624; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa843.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001625; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa844.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001626; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa845.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001627; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa846.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001628; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa847.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001629; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa848.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001630; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa849.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001631; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa85.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001632; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa850.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001633; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa851.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001634; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa852.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001635; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa853.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001636; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa854.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001637; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa855.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001638; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa856.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001639; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa857.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001640; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa858.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001641; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa859.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001642; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa86.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001643; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa860.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001644; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa861.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001645; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa862.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001646; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa863.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001647; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa864.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001648; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa865.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001649; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa866.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001650; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa867.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001651; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa868.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001652; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa869.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001653; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa87.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001654; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa870.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001655; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa871.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001656; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa872.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001657; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa873.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001658; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa874.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001659; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa875.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001660; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa877.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001661; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa878.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001662; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa879.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001663; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa88.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001664; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa880.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001665; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa881.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001666; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa882.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001667; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa883.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001668; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa884.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001669; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa885.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001670; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa886.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001671; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa888.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001672; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa889.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001673; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa89.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001674; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa890.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001675; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa891.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001676; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa892.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001677; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa894.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001678; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa895.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001679; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa896.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001680; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa897.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001681; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa898.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001682; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa899.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001683; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa90.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001684; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa900.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001685; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa901.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001686; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa902.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001687; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa903.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001688; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa904.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001689; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa905.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001690; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa906.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001691; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa907.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001692; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa908.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001693; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa909.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001694; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa91.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001695; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa910.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001696; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa911.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001697; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa912.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001698; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa913.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001699; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa914.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001700; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa915.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001701; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa916.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001702; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa917.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001703; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa918.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001704; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa92.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001705; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa920.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001706; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa921.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001707; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa922.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001708; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa923.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001709; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa924.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001710; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa925.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001711; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa926.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001712; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa927.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001713; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa929.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001714; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa93.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001715; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa930.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001716; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa931.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001717; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa932.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001718; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa933.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001719; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa934.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001720; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa935.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001721; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa936.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001722; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa937.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001723; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa938.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001724; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa939.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001725; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa94.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001726; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa940.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001727; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa941.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001728; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa942.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001729; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa943.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001730; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa944.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001731; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa945.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001732; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa946.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001733; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa947.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001734; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa948.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001735; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa949.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001736; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa95.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001737; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa950.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001738; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa951.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001739; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa952.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001740; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa953.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001741; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa954.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001742; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa955.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001743; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa957.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001744; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa958.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001745; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa959.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001746; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa96.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001747; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa960.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001748; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa961.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001749; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa962.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001750; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa963.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001751; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa964.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001752; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa965.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001753; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa966.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001754; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa967.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001755; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa968.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001756; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa969.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001757; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa97.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001758; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa970.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001759; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa971.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001760; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa972.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001761; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa973.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001762; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa974.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001763; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa975.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001764; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa976.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001765; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa977.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001766; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa978.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001767; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa979.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001768; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa98.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001769; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa980.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001770; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa981.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001771; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa982.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001772; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa983.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001773; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa984.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001774; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa985.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001775; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa986.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001776; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa987.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001777; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa988.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001778; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa989.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001779; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa99.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001780; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa990.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001781; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa991.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001782; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa992.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001783; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa993.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001784; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa994.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001785; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa995.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001786; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa996.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001787; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa997.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001788; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa998.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001789; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa999.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001790; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"doooog.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001791; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dopeydog.co.nz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001792; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dorouscom.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001793; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"douuodwoman.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001794; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dowaba-s2dhl.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001795; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"doz.tode.cz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001796; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dpasdasfasfasfas.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001797; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dpd-redelivery-uk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001798; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dpmasdaskj.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001799; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dr-joannepeeler.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001800; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dr3aq.byethost32.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001801; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dreamotion-jp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001802; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"drivingschoolglasgow.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001803; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"drmarciovaleriano.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200001804; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dsadsadsa.diskstation.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200001805; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dsgcbeonline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001806; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dsp2codemdp.t.justns.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001807; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dswboot.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200001808; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dtpprtmwbtudyquwgytcqcthzc-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001809; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dtrpsystasfasgas.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001810; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"duanemanor.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001811; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dukhovnist.in.ua"; content:"Host"; http_header; classtype:attempted-recon; sid:200001812; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"durecorpperu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001813; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dwrat.andalous.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001814; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dwvwq.cwfc.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001815; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dydex.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001816; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dyn.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200001817; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dynastyclinic.ae"; content:"Host"; http_header; classtype:attempted-recon; sid:200001818; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"e-cassare.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001819; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"e4ff557e.sso-secure-mail04wtwdw4.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001820; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"e4ra.byethost8.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001821; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"e63q45f9h5fr.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001822; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eagleeyeapparel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001823; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"earth01.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200001824; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"easy-webtdapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001825; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"easywalletfix.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001826; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"easywalletsfix.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001827; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eba0200d0c.nxcli.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001828; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ebay-de.ad49103.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001829; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ebay.com.dashboard-seller.center"; content:"Host"; http_header; classtype:attempted-recon; sid:200001830; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eberhardtedwige.wixsite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001831; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ebuddynews.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001832; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ec.snadc-oecddo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001833; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ecloanmoney.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001834; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ecogreenjanitorial.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001835; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ecomcrew.staging.wpengine.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001836; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ecosteelsolution.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200001837; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"editpdfonline.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001838; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"edje.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001839; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"edukickmexico.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001840; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ee-sms.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001841; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ee.mseocri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001842; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ee.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001843; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"efarms.com.ng"; content:"Host"; http_header; classtype:attempted-recon; sid:200001844; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eharmonyservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001845; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ekabel.hu"; content:"Host"; http_header; classtype:attempted-recon; sid:200001846; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ekbofexjlnsdsfaqxbcfpnfift-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001847; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ekobebe.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001848; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"electrocoolhvacr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001849; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"electronicanehuen.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001850; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"elektroonline.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001851; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ellatinodigital.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001852; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"elomo.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200001853; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eluniversallatinworld.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001854; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"email302.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001855; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"emailsettings.webflow.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001856; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"emailwebaccess.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001857; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"embarquefloripa.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200001858; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"emlink.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001859; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"emojis.bons.bar"; content:"Host"; http_header; classtype:attempted-recon; sid:200001860; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"emojis.dels.bar"; content:"Host"; http_header; classtype:attempted-recon; sid:200001861; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"emsi-lobo.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001862; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"en-template-solicito-16414253314897.onepage.website"; content:"Host"; http_header; classtype:attempted-recon; sid:200001863; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"enbolivia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001864; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"enchanting-guiltless-suede.glitch.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001865; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"encryptdrive.booogle.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001866; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"engcamp.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001867; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"enoman.fqzsdgtg.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001868; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"erinaflorist.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001869; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ershamshad.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001870; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"escortinraipur.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001871; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eseax.ws"; content:"Host"; http_header; classtype:attempted-recon; sid:200001872; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"esfdesentakip.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001873; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eshetkari.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001874; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"esi-texas.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001875; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"esinnovativeinteriors.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001876; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"establecimientoscolonia-uy.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001877; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"estorneaqui.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001878; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc-co-jp.f2ss.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200001879; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc-co-jp.f3ss.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200001880; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc-meisfrq.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001881; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc-uhfjk.monster"; content:"Host"; http_header; classtype:attempted-recon; sid:200001882; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc.jp.anzhanfrp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001883; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc.kcjis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001884; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc.oxqk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001885; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc.synwy.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001886; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eth-coinwallet.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001887; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eth.coinscout.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200001888; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ethnictrendz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001889; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ets.jwr.pa-fakfak.go.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200001890; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etwtny.cf"; content:"Host"; http_header; classtype:attempted-recon; sid:200001891; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eucriomeumundo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001892; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eugnerally-wixsite-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001893; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"euraby.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001894; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eusa-lombo.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001895; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"evashoes.com.ua"; content:"Host"; http_header; classtype:attempted-recon; sid:200001896; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"even-ff-gratisterbaru2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001897; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"even-ff-terbarugratis2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001898; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"event-freefire728.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001899; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"event-garenafreefire263.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001900; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"event-skin-resmi-2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001901; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eventclaimfreefiregratis2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001902; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eventclaimsff0.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001903; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eventgarenafreefiremax2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001904; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"everestmotors.com.np"; content:"Host"; http_header; classtype:attempted-recon; sid:200001905; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"evo-revolutioncups.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001906; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"evolbithman.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001907; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"excel-cloud-document-2021.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200001908; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"excelhana.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001909; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exchange-pancakeswaps.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001910; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exchangedictionary.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001911; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exodlus.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001912; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exodus.com-wallet-signin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001913; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exodus.com-web-wallet-online.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001914; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exodus.com.tccaponline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001915; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exoduspool.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001916; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exondus-lokin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001917; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exploretrace.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001918; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"expocid.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200001919; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"extracash-interlbankonline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001920; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"extracloud.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200001921; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ezblox.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200001922; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ezssausage.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001923; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"f6fr7.codesandbox.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001924; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"f9w1lned0ruqblxi6jahwotak.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001925; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"faccebook.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001926; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook--videos----app----today.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001927; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook-0.se.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200001928; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook-accts.pages-recovery.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001929; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook-login.tbit.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001930; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook.com-4tfgonrlym.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200001931; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook.com-j706zmy49r.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200001932; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook.com-qze9zt75vm.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200001933; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook.com-r51znzih8i.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200001934; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook.com-zxsrf038k.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200001935; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook.eventspinff.wtf"; content:"Host"; http_header; classtype:attempted-recon; sid:200001936; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook.kingstopup.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001937; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebookk.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001938; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebooks.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001939; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"faic.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001940; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"faizankhan0408.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001941; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"falling-scene-3ac3.updatelogaccountprogramedrfwerwrdhskk.workers.dev#winnie@soupro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001942; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fancy-rain-22bf.vakagew948.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001943; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fantech.co.il"; content:"Host"; http_header; classtype:attempted-recon; sid:200001944; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fanxtv.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200001945; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fassilneit.ultimatefreehost.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001946; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fassilnet.ultimatefreehost.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001947; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fassilnet5.ultimatefreehost.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001948; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fax.gruppobiesse.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200001949; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fb-case-id-28031803-fcdc-48af.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001950; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fb-pages.proteksion-help.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001951; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fb.expressturkeyi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001952; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fb7927.bget.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001953; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fdasd.2e4jept.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001954; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fdhgf.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001955; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"feceboolk.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001956; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"federalaccesscredit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001957; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fedner.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001958; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fer-brooks.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001959; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"feriadempleos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001960; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ferienhof-gempel.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200001961; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ff-anivesary225.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001962; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ff-membership-garena.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001963; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ff-membershipz-garena.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200001964; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ff.membership.garenaj.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001965; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ffim-event-2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001966; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fghjr74rhudfguhtfguji.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001967; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fi.uy"; content:"Host"; http_header; classtype:attempted-recon; sid:200001968; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fiber10.iaasdns.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001969; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fidelitybank-mn.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001970; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fighting40s.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001971; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fikir.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200001972; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fileundelete.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001973; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"filmkenner.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001974; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"filtrosmil.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200001975; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"finalfantasyguide.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001976; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"finiiishingedgex.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001977; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fir-9s-0s.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001978; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"firstsourcesbus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001979; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fixi.rest"; content:"Host"; http_header; classtype:attempted-recon; sid:200001980; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fixingtodaymailuserupdates.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001981; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fixwalletissues.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001982; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"flcancer39-px.rtrk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001983; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"flowerfactoryonline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001984; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fluksrv.mycpanel.rs"; content:"Host"; http_header; classtype:attempted-recon; sid:200001985; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fmwebapp.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001986; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"foliar.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001987; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"foma-ura-lote.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001988; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"foresta-mod.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001989; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"forhimself9999.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200001990; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"formbuddy.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001991; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"forms.formium.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001992; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"formtools.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001993; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"forum-dofus.com.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200001994; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"foryour.gov-information.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200001995; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fpalpha.myportfolio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001996; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fpmaam.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001997; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fr-europe564598-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001998; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"frankfurtertsparkasse.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001999; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"free-covid-19-stimulus-bonus.nethouse.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002000; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"free-firecoderedem.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002001; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"free-mail4.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002002; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"freefire.pontorecargajogo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002003; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"freefiredot-comerhadiah.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002004; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"freefireevent-codashop2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002005; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"freeitemff-allreward.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002006; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"freeliker.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002007; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"frefire-membership-garena.sukienfreefire2021.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002008; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"freg-nine.pt"; content:"Host"; http_header; classtype:attempted-recon; sid:200002009; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"friendsofnechockey.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002010; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fromtheofficial.pricesrakutenlogin.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002011; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-ca.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002012; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-exchangex.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002013; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-me.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002014; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-register-pro.world"; content:"Host"; http_header; classtype:attempted-recon; sid:200002015; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-register.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002016; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-register.website"; content:"Host"; http_header; classtype:attempted-recon; sid:200002017; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-signup.click"; content:"Host"; http_header; classtype:attempted-recon; sid:200002018; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx.com.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002019; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx.cool"; content:"Host"; http_header; classtype:attempted-recon; sid:200002020; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftxbonus.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002021; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"funiswap.exchange"; content:"Host"; http_header; classtype:attempted-recon; sid:200002022; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fusionrestobar.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200002023; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fxhalifax.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002024; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fxxmpavktyihgyqitmuaimubui-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002025; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"g-mtcc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002026; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"g.greatsubstance.com.my"; content:"Host"; http_header; classtype:attempted-recon; sid:200002027; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ga.teesmith.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200002028; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gabrielamims.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002029; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gabung-grubnew1342.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002030; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gagaclinic.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002031; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gakrvwufrvhxjaabezdbltlhff-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002032; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gallciaonllne.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002033; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"garena-xacminhtaikhoan.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002034; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"garenafreefire728.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002035; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gastronomiarobertos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002036; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gasunige.mfs.gg"; content:"Host"; http_header; classtype:attempted-recon; sid:200002037; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gedfdfsd.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002038; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"geg.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200002039; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"generali-italia-ag.hrweb.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200002040; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"genie-alba.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002041; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"getapps.vip"; content:"Host"; http_header; classtype:attempted-recon; sid:200002042; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"getimpacteipay.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002043; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"getitapprovedacceptourterms2021.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002044; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"getlikesfree.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002045; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gfxx.creatorlink.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002046; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ghorana.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002047; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gif-discorde.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002048; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"giris-papara.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002049; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"girleatsworld.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002050; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002051; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"glogo.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002052; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"glsword.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002053; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gmailposteingangi.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200002054; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gmgroupllc.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002055; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gmxmailme.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002056; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"go.simplify.co.nz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002057; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"go24link.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002058; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"goldenlasgidi10.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002059; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"golkondaresorts.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002060; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"goo-gl.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002061; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"good12345.tripod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002062; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"goofy-wozniak.192-210-226-164.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002063; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gorol-cost.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002064; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gorol-investor.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002065; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gosafes.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002066; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gosteveshawtraining.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002067; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gov.pl-covid.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200002068; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gramarcales.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002069; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"greekinfra.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002070; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"greenclasses.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002071; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grosshandel-mevida.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200002072; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"group-mantap-seger.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002073; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"group-wa-1.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002074; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"groupbkep-vral15.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002075; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"groworldinternational.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002076; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grp02.member.mycld-rakuten.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002077; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grub-sangex.wikaba.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002078; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grubgabung.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002079; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grubnatajadeh12.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002080; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grubviralterbaru65c.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002081; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grup-bokephot-terbaru2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002082; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grup-bokepviral4.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002083; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grup-dwsa-indomesia845.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002084; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grup-viral-seleb.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002085; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grup-viralbokep111.myftp.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002086; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grup-viralbokep2.ddns.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002087; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grup-whatsapp121.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002088; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grup-whatsappbokep1.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002089; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grup-whatsappbokep2.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002090; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grupbokeppadacantik.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002091; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grupofsp.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002092; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gruposanpio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002093; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gruptiktok.wikaba.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002094; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grupviral-xx.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002095; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grupviral109.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002096; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grupviralterbaru.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002097; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grupwhatsappnobar-2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002098; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gscommunityspirit.greenschool.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002099; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gstsolutions.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200002100; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gunatanahku.perkimtan.sumbarprov.go.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002101; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gurukanth.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002102; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gwenet.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002103; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gyfnqyk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002104; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gymjaokhanakho.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002105; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"habbocreditosparati.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002106; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"haftteam.ir"; content:"Host"; http_header; classtype:attempted-recon; sid:200002107; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hahdaeupdate.es.tl"; content:"Host"; http_header; classtype:attempted-recon; sid:200002108; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"halaisabudhabi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002109; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"halifax-securelink.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002110; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"halisdurum.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002111; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"haliuk-secure-device.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002112; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"handakai.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002113; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hangovertest1.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002114; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hans-ledlite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002115; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"happycabbagechicago.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200002116; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"haroldhazard1-wixsite-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002117; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hasseanhannitybeenwaterboarded.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002118; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"haunlimited.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002119; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hcnprdvz.azureedge.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002120; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hdmediahub.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200002121; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hdss-stream.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002122; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"heinthu1.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002123; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hellenic-postbank.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002124; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"helloparis.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002125; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"help-account-bxsfe.ondigitalocean.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002126; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"help-notice-center-identity-6532.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002127; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"help.insecur.saftyalert.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002128; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"help.validation-page.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002129; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"henan.vxim58i.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002130; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hermes.parcel-tracker.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002131; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hetershaven.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002132; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"heuristic-gagarin.45-88-108-231.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002133; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hfemail.ntneancns.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002134; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hgda.db0u4hs.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002135; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hgdaa.lfoxcct.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002136; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hghgda.erjl0hx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002137; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hhdd.mzhemfi.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002138; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hi.switchy.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002139; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hidzzs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002140; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly01721.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002141; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly06356.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002142; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly31916.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002143; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly32053.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002144; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly38926.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002145; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly39091.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002146; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly61215.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002147; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly71191.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002148; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hikaheal.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002149; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"himalayansherpa.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200002150; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"himbauane.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002151; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hitman71hd-wixsite-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002152; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hjhjjhjhjh.pagedemo.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002153; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hockian.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002154; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"holobeam.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002155; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"home.ei1ns.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200002156; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"home.myfairpoint.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002157; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"homepichilinea2.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002158; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"homesinlogin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002159; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"homestaylongho.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002160; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hostnix.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002161; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hostpoint.ch.17a902ef.tcorner.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002162; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hotbrooks.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002163; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hotel-pontos.gr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002164; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hoteltigerplus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002165; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hounbvc-c7661.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002166; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"houseofscotland.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200002167; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hpnepgnmwrgdrrsdshzrvyirlx-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002168; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hpplotters.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002169; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hs-giveaways.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200002170; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ht-cargo.com.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002171; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"htlgroup.com.my"; content:"Host"; http_header; classtype:attempted-recon; sid:200002172; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"httpeugnerally-wixsite-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002173; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"https-scert-con04.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002174; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"https-scert-srv02.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002175; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"https-scert-srv06.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002176; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"https-scert-srv08.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002177; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"httpsfaceb00k.com-r51znzih8l.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002178; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"httpsfacebo0k.com-r51znzlh8i.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002179; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"httpsfacebook.com-r51znzih8i.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002180; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"httpsfacebook.com-r51znzlh8i.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002181; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"httpsmarketplace.facebook.com-wd5sulr0f5.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002182; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hubcare.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002183; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hulu-com-activate.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002184; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hulu-hulu-com-activate.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002185; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hulu.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002186; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"humc.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002187; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hutoknepper.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200002188; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"huxleyfran.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002189; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"huynguyen2k.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002190; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hypegames.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200002191; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"i-ask332.dga.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200002192; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"i.violationspage.validationspege.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002193; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ialvkqkadlmcdltczoqpwoociz-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002194; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ibpm.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002195; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"icloud-map-live.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002196; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"icloudstatus.com.ng"; content:"Host"; http_header; classtype:attempted-recon; sid:200002197; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"icy.martulangbelulalng.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002198; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"idappswallets.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002199; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"identifiez-vous-avec-votre-compte.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002200; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"identifiez-vous598.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002201; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"identify.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002202; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"idhuman-verification.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002203; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"idnpokerweb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002204; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ieqdlhv.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002205; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iframejld.avent-media.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002206; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ighk.umjlrs7uci2751.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002207; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iipvit.by"; content:"Host"; http_header; classtype:attempted-recon; sid:200002208; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijcda.bukkats.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002209; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijeioqhawdqioqho.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002210; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijhca.0gb0h7z.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002211; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijjd.h8nmtcc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002212; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijmna.p2y00vd.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002213; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijmnc.x7o1tut.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002214; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijnssa.w005zmk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002215; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijsa.x3585z7.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002216; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikcda.a2g5xvs.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002217; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikcsa.ajiqvjf.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002218; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikdff.jmo904i.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002219; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikja.lbanwqp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002220; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikjd.uk0xnp8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002221; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikjgd.rg6bzk7.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002222; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikmcd.u4jdbxm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002223; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikmxaa.qcqxlrq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002224; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iloveyourglasses.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002225; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ilpconnect.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002226; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"imersao.impulseingles.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002227; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"imf0rm4t10nc3nt3r-1d3nt1tys.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002228; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"imi-ksa.jajainfo.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002229; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"imobiliaria-cardinali-com-br.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002230; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"impostazionebper.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002231; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"in.deraya.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002232; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"inaueab.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002233; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"indo-viral2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002234; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"info.lionnets.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002235; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"infohypesquad.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002236; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"infopichinchaweb.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002237; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"informations.recovery.confiryourpage.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002238; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"infos00001.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002239; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"infosecplace.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002240; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"infosprologinmatrisemomols.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002241; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ing.ingdirect-app.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002242; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ingaveiculos.creatorlink.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002243; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ingresadatosbono210.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002244; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"inicia-bancalnterbank.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002245; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"inna.cedymll.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002246; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"innca.ol90k56.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002247; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"innovasjon.as"; content:"Host"; http_header; classtype:attempted-recon; sid:200002248; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"inps-ep.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002249; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"instagram-9.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002250; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"instagramhelpp.agency"; content:"Host"; http_header; classtype:attempted-recon; sid:200002251; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"intellidata-analytica.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002252; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"interbankempresahome.rankforever.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002253; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"interbankempresas.pe-il.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002254; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"intern.unibas-com.ch"; content:"Host"; http_header; classtype:attempted-recon; sid:200002255; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"international-formulier.91-218-65-223.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002256; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"internetbanking-caixa-gov.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002257; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"internetbankinghelp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002258; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"internetservicetech.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002259; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"intexargentina.com.ar"; content:"Host"; http_header; classtype:attempted-recon; sid:200002260; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"inthewildproductions.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002261; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"intoli.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002262; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"intrafloraplants.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002263; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"intranet.sztpe.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002264; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"investpl.work"; content:"Host"; http_header; classtype:attempted-recon; sid:200002265; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iplogger.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002266; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ironmantech.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200002267; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"irs-gov.us-get-funds-assistance.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002268; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"isfirsatibul.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002269; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ismamorlin.my-place.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200002270; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"istudyalumni.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002271; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"it-europe564598-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002272; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"it.melnikhotels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002273; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"itcentralsupport.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002274; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"its.tikkycloud.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002275; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"itsmdshahin.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002276; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iuhkj.r4f4vmtlso.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002277; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iuhs.tyopfhn.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002278; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iujdas.yfwxlc9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002279; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iuyydd.ebeg6uk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002280; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"j9w77d0.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002281; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jacobliston.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002282; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jadaart.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002283; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jagex-rewards.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002284; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jam-023d.gitlab.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002285; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"james8.aidaform.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002286; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"javarockingland.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002287; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jax.bz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002288; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jbwbzta.alfens8.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200002289; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jeanbaileyrobor.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002290; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jendelajogja.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002291; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jerinja.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002292; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jessicasproul.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002293; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jetser-electrical-supply.business.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002294; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jetstoop.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002295; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jett.gator.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002296; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jflkp.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002297; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jfovukvysqnglcjghfxncklqih-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002298; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jhda.wfdyk9p.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002299; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jhdd.fjcslad.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002300; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jhff.93oe0u9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002301; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jiwanramchemical.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002302; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jjhcd.27ke98i.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002303; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jk99j.sbs"; content:"Host"; http_header; classtype:attempted-recon; sid:200002304; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jkhkjjkjk.pagedemo.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002305; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jlogine.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002306; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jnlope.tangguakrapekpuik.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200002307; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jnnc.grnxkoj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002308; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"job-type.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002309; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jobs.job.com.bd"; content:"Host"; http_header; classtype:attempted-recon; sid:200002310; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joecamera.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002311; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"john-ashley.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200002312; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"join-chat-whatssap-viral-2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002313; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"join-group-wa2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002314; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"join-grub-bokep-gratis.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002315; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"join-grubkienzy849.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002316; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"join-whatsapp-tante-hot18.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002317; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joingrupp-bkep156.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002318; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joingrupterbaru-0.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002319; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joinlinkviral729.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002320; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joinssgropshot18.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002321; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joinssgropssney6.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002322; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jow-japan.or.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200002323; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joyeriajireh.com.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200002324; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jp-bnnk.japappoit.asdwb.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002325; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jp-bnnk.japappoit.asdwd.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002326; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jptechdocsign.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002327; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jrhayley.plus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002328; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"juandfar.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002329; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jurlebedev.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002330; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"justgot.gonevis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002331; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"justsayingbro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002332; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jvk.zultifarza.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002333; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jyeue43rm95p.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002334; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jz2bab.webwave.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002335; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"k3ja6d.webwave.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002336; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kaamwalibais.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002337; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kamdhenurealities.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002338; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kargonova.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002339; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kartaltepespor.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002340; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kasba.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002341; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"katanaroninchains.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002342; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kbstitchdesigns.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002343; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kcas.ygvlrlo.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002344; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kdhdf34j6dfh.dealerwebsite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002345; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kdlscaffolding.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002346; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kecc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002347; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kecmanijada.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002348; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"keep-passw0rd-supp0rt20211129-0106.supp0rtaaqkadq2zgnizte3ltbly2etnge5yi05ntm3lty2yjcwyzywzdjhmwa.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002349; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"keepactive-8k98-l9k8-98j8-98j78u-d3d3-fr3d34d-2.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002350; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"keepboxactive-msoe3e3-osd2rrf432-d342f4-3f34e32edetferef.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002351; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kevinsmovingservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002352; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kex81.sbs"; content:"Host"; http_header; classtype:attempted-recon; sid:200002353; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"key-drcp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002354; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kghm-invest.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002355; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ki89.pckmlc0cus5667.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002356; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kienthucykhoa.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002357; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kimaki.001www.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002358; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kingfaisalprize.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002359; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kingmhd95p.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002360; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kissapps.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002361; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kit.mishkanhakavana.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002362; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kjhdda.tetfeec.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002363; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"klaim-item-mlbb-terbaru8.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002364; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kleinsigns.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002365; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"klockorochsmycken.se"; content:"Host"; http_header; classtype:attempted-recon; sid:200002366; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"knocktheskool.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002367; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"koerich-c-empresarial.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002368; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"koji.to"; content:"Host"; http_header; classtype:attempted-recon; sid:200002369; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kone-ali123-mon-site-web-cheetah-5.cheetah.builderall.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002370; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"konfirmasi-identitas-2022.webnode.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002371; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"konnect2kamadhenu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002372; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"koteng.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002373; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kr-bithumb.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002374; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kraftongame.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002375; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"krupije.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002376; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"krx887.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002377; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ksschool.org.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002378; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kuchkuchnights.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002379; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kurortnoye.com.ua"; content:"Host"; http_header; classtype:attempted-recon; sid:200002380; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"l-abe.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002381; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"l-q.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002382; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lambdaweb.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002383; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"laposada.roncesvalles.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200002384; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"laposte-france.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002385; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lapotosinaexpress.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002386; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"larindbr.creatorlink.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002387; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"larvalab.to"; content:"Host"; http_header; classtype:attempted-recon; sid:200002388; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lasyaja.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002389; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"latelevitation.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002390; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"latest-recharge-reorder.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002391; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"latestnews.pricesrakutenlogin.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002392; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"latinotravel.cz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002393; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lazada889.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002394; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lbce.lecservilbc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002395; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ldsplanettt.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002396; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"le-diablotin-rouen.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002397; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"leadershipmail.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002398; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"learningimpactmodel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002399; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"leboncoiinlbc.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002400; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"leboncoin.delivery01588.icu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002401; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lemeiesta.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002402; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lenagruessdich.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002403; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"leroycu.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200002404; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lettertracing4kids.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002405; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lexnotes.com.ng"; content:"Host"; http_header; classtype:attempted-recon; sid:200002406; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lg-bluebadgecenter.ml"; content:"Host"; http_header; classtype:attempted-recon; sid:200002407; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lg-onecom-io.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002408; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"liberasrl.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200002409; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lihi3.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200002410; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"linkcontract.tech"; content:"Host"; http_header; classtype:attempted-recon; sid:200002411; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"liongear.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002412; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lirc.cep.edu.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002413; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"little-frost-1a15.chrisc11004842.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002414; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"little-rain-39c4.newdhlacceslogins.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002415; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"little-wood-23ca.abssupdatedlogin.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002416; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"litty.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200002417; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"liusanchuan.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002418; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"live-site.hopto.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002419; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"live.rawfednews.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002420; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"livechat-ronin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002421; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"livecryptolab.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002422; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"livelifelimitless.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200002423; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ljkds.hvkmjdq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002424; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lkjds.nlmwjta.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002425; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydbank-accountbreach.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002426; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydbank-secure-customers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002427; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydbank-support-team.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002428; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydbanking-securelogin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002429; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydsbank.deregister-payee-secure-auth.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002430; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydsbank.secure-online-deregister.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002431; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydsbank.secure-personal-device-login.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002432; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloyduk-newdevice-registered-online.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002433; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"llsckhuhskcamuqwbonsrhwpvk-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002434; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lnkd.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002435; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lnterbancape-lbk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002436; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lnterbank.pe.starneonsignsug.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002437; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"localwithg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002438; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lockpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002439; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"loengregkuetngferu.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200002440; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lofon-add.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002441; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"loftywallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002442; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login-a5x1ir9bkd0dfo9nrbe2akijf3ux35u2gard0djpitipusxxc8.website.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002443; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login-facebook18.webnode.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002444; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login-live.com-s02.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002445; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login-np6hh1hdf6csg7hcskopd44b7e7z4clqa8lput68g5abukevka.website.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002446; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login-postfinance.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002447; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login.dbs.webdbslistinonline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002448; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login.privategold.uytrtyuhij987.gowithapex.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002449; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login.smbc.weddirecttop.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002450; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"logindhlaccess.dhlupdatelogin.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002451; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"logverify-df12e-verify-1230-eu.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002452; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"loinesports.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002453; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lomadesarrollos.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200002454; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lombard11.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002455; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lot-lp-x.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002456; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lp.vp4.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002457; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lrs.financial"; content:"Host"; http_header; classtype:attempted-recon; sid:200002458; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lrs.foundation"; content:"Host"; http_header; classtype:attempted-recon; sid:200002459; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lrs.fund"; content:"Host"; http_header; classtype:attempted-recon; sid:200002460; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ltdv1signinui.website.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002461; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lucid-lichterman.45-81-232-17.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002462; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"luciolee17.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002463; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lucky-glitter-f89f.jimmysitt.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002464; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lucy-walker.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002465; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lukysepinfreefire2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002466; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lunugrcpujwcfnajuctkojawrh-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002467; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lydab.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002468; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.help.insecurpage.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002469; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.maseocoad.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002470; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.mauofcg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002471; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.protc.safty-pege.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002472; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.recovery.safetyacount.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002473; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.recovery.saftypageupdate.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002474; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.salsomascard.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002475; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m4-appcaixia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002476; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m42club.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002477; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m5bundle.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002478; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"machineryzoneservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002479; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"macjakarta.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002480; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"macst.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200002481; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"madamailru.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002482; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"madens.com.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200002483; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"madrhinoconsulting.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002484; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maestro.my.prod.dfg152.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002485; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"magyar-posta.ddns.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002486; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"magyar-posta.sytes.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002487; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mahikapur.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002488; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mahud.globizsapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002489; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail-account-verify-f4723.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002490; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail-gmxaktualisierung.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002491; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail-ovhcloud.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002492; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail-ssocloud-srvr67yhguh.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002493; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.enrollmoreclientsbootcamp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002494; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.gov-taxid.completofyours.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002495; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.grup-dwsa-indomesia845.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002496; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.ims-fe.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002497; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.kuttabalfatih.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002498; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.santepluspharma.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002499; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.sweetshopspecialtycoffee.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200002500; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.tariqalaraimi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002501; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.updateinfo-billingo2.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002502; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.wheel1factory.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002503; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.zenstream.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002504; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck1.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002505; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck10.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002506; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck11.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002507; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck12.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002508; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck13.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002509; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck14.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002510; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck15.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002511; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck16.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002512; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck17.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002513; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck18.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002514; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck19.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002515; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck2.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002516; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck20.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002517; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck4.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002518; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck5.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002519; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck6.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002520; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck7.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002521; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck8.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002522; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck9.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002523; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailgmxaktualiisieren.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002524; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailplusrolerequestedprivatemailupdates.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002525; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailserver7656566.blob.core.windows.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002526; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee10.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002527; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee11.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002528; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee12.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002529; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee13.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002530; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee14.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002531; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee15.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002532; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee16.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002533; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee17.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002534; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee18.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002535; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee19.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002536; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee20.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002537; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee21.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002538; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee22.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002539; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee23.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002540; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee24.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002541; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee26.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002542; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee27.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002543; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee28.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002544; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee29.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002545; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee32.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002546; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee34.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002547; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee35.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002548; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee40.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002549; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee5.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002550; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee6.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002551; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee7.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002552; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee8.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002553; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee9.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002554; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maintoken.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002555; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mainwalletappconnect.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002556; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"makcts-go.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002557; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"make-anon-keep-past.rvsla.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002558; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mala-riba.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002559; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"malaprontaargentina.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002560; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"malehaenterprises.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002561; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"malukutenggarakab.go.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002562; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mandirilivinlinksystem.brizy.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002563; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mandirilivinlinksystem2.brizy.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002564; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mandirilivinlinksystem3.brizy.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002565; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"manthsedty.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200002566; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"manualsync.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002567; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mapsa.com.pe"; content:"Host"; http_header; classtype:attempted-recon; sid:200002568; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marinthe.poingaitongamlm.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200002569; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace-axieinfinity.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002570; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace-axlelnfiniity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002571; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-1b6x8r3ep.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002572; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-29ta3qbv.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002573; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-hzup1bae.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002574; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-kq1oh2ae.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002575; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-qze9zt75vm.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002576; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-sauuvazpjo.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002577; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-tyeuieb7.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002578; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-wd5sulr0f5.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002579; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-z1au8cxghl.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002580; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplaceaxieinfiniity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002581; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marmardian.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002582; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marylkmatzenger.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002583; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"masdas0932.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002584; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"masum.lawyer"; content:"Host"; http_header; classtype:attempted-recon; sid:200002585; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"match.lookatmynewphotos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002586; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"matchoklahoma.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002587; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"matelamsiska.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002588; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"matiruys.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002589; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maxclinic.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002590; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maxis-winner-2020.webs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002591; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mayormoveis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002592; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mboutique.cfd"; content:"Host"; http_header; classtype:attempted-recon; sid:200002593; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mccarthyelectrical.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002594; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mcconcep.cluster005.ovh.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002595; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mchganistore.solofolio.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002596; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mdex.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200002597; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mdurucan.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002598; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"medelinahealth.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002599; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"medeniyetakademisi.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002600; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediasystembusiness.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002601; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mednungtanpoudan-acvwe3.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200002602; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"medo.world"; content:"Host"; http_header; classtype:attempted-recon; sid:200002603; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"medtamr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002604; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"meeting-23900123090123.bitbucket.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002605; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"memestock.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002606; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mercani.pomyt.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002607; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mercariz.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002608; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"meremanovegabana.website2.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002609; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mbudeu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002610; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mg0gbo1.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002611; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mgeukpx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002612; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mglsffs.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002613; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mksydb.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002614; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mktbbr.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002615; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mlyffa.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002616; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mnfjwy.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002617; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mnheijt.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002618; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mrzcafk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002619; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.msnygk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002620; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericorci-logining.sfhs26r.lyb6srb.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002621; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"meriocori-logining.2y3uio.pyqbas.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002622; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mestertignseekjet4.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002623; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mestertignseekjet5.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002624; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mestertignseekjet6.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002625; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mestredaobra.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002626; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metalurgicagiom.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002627; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamasc.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200002628; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask-connect.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002629; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask-connect.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002630; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask-extension.com.hsurge.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002631; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask-wallets-protection.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002632; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask-wallets.yahoosites.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002633; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.cam"; content:"Host"; http_header; classtype:attempted-recon; sid:200002634; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.io-php.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002635; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.kiwi"; content:"Host"; http_header; classtype:attempted-recon; sid:200002636; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.protocol-process.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002637; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.security-information.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200002638; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.social"; content:"Host"; http_header; classtype:attempted-recon; sid:200002639; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.wallets-reauth.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002640; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamaskdownloadandroid.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002641; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamassklogins-us.tumblr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002642; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metaversepadapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002643; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"meusabor.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002644; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mfacebook.blogspot.com.cy"; content:"Host"; http_header; classtype:attempted-recon; sid:200002645; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mfacebook.blogspot.lt"; content:"Host"; http_header; classtype:attempted-recon; sid:200002646; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mfacebook.blogspot.rs"; content:"Host"; http_header; classtype:attempted-recon; sid:200002647; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mgpskartarpur.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002648; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mibancocrece.com.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002649; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"micacd.elshov.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002650; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"michaelxrandazzo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002651; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"michiyado.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002652; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"microcav.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002653; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"microsoftonline.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002654; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"microsoftwebserver.mfs.gg"; content:"Host"; http_header; classtype:attempted-recon; sid:200002655; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"micuenta01.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002656; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mijnics-actualisatie.185-236-231-64.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002657; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mikhali.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002658; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"milanobet301.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002659; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"militarybikers.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002660; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"minamikaga.or.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200002661; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mingming20160152.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002662; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"miozpro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002663; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"miracdoviz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002664; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"miss-paym02.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002665; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"missionshashank.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002666; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjayme9jdg9izxixmjeydgg.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002667; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjayme9jdg9izxiymjnyza.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002668; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1heta1dgg.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002669; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1hetezmtj0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002670; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1hetgym3jk.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002671; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1hetizmtl0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002672; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1hetqymhro.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002673; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1hetu3dgg.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002674; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1hetuymhro.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002675; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu5vdmvtymvymji5dgg.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002676; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu5vdmvtymvymtexdgg.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002677; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymuf1z3vzdde4mtf0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002678; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymufwcmlsmde5dgg.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002679; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymup1bhk0mtf0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002680; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymup1bhk1mtr0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002681; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymup1bhkzmtn0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002682; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymup1bmu0mtf0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002683; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymup1bmuymzfzda.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002684; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymuphbnvhcnkxmzv0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002685; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymurly2vtymvymjiyn3ro.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002686; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymvnlchrlbwjlcjizmxn0.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002687; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mk2.ge"; content:"Host"; http_header; classtype:attempted-recon; sid:200002688; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mkjiool.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002689; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mnbxa.73kfer9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002690; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mncxx.qbeepor.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002691; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mnnbx.r1rpj09.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002692; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiile.systemredirect-pages.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200002693; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobil-singaporre.digital-online-login-opportunity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002694; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobile-orange-forever.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002695; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobile-portail.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200002696; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobile.hedgesportst.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002697; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"moccasinyellowbetatest--josekkk.repl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002698; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"moccasinyellowbetatest.josekkk.repl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002699; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"modest-hertz.45-81-232-15.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002700; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mon-token.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002701; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mon.espace.lcl.fr.certosini.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002702; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monbudri.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002703; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mondrive.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002704; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monedri.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002705; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monirshouvo.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002706; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monomobileservice.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002707; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monprofilclient.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002708; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monstercarp.rn86.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002709; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"montenegrolandscape.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002710; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"montrealidiomas.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002711; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monyeward.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002712; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"morcario.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002713; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"morfybox.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002714; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mqzlsim.mindlogicinfotech.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002715; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mrpitchman.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002716; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"msc-doelsach.at"; content:"Host"; http_header; classtype:attempted-recon; sid:200002717; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mscc1s.ultimatefreehost.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002718; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"msnserviceverifivation.wordpress.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002719; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"msofficemessagescenter-1.mfs.gg"; content:"Host"; http_header; classtype:attempted-recon; sid:200002720; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mtngifts2021.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002721; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mtron.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002722; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mtsn1kotabekasi.sch.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002723; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"muddy-credit-ea7b.0fflce-mlcr0sfot-online-supposrts3jp-tokcloud.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002724; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mudraloans.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002725; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mufg.jp.yjfszs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002726; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"muriiityua.krywanbobaanja.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200002727; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mxrr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002728; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my-bithumb.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002729; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my-gmail.ir"; content:"Host"; http_header; classtype:attempted-recon; sid:200002730; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my-site219.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002731; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my.jcpwb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002732; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my.nhs-get-pass.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002733; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my.paydi.login-index-home.x4typfc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002734; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my.paydi.logining-nexy-home.en6cnm.asia"; content:"Host"; http_header; classtype:attempted-recon; sid:200002735; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my02billing-login.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002736; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"myaccount.aol.wallat-billing.com.authlog.gq"; content:"Host"; http_header; classtype:attempted-recon; sid:200002737; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mycoerver.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200002738; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mygoogleaccount.stantrade.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002739; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"myjcb.cyyptoi.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002740; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"myjcb.thxpj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002741; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mymbg-aa2e2.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002742; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mymeta-securearea.plesk07.zap-webspace.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002743; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mymetamask-clientarea.185-236-231-227.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002744; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mymweb-owner.at.ua"; content:"Host"; http_header; classtype:attempted-recon; sid:200002745; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mypo-delivery.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002746; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mypsm.psm.edu.mm"; content:"Host"; http_header; classtype:attempted-recon; sid:200002747; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"myshedbuilder.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002748; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mytheamsauthecent.wapgem.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002749; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"myupdates-mynetflix.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002750; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mywalletsvalidation.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002751; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mzqualitycleaning.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002752; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"n-naoko-0319.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002753; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"n.salsomascard.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002754; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"n26.sa-france.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002755; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"n26servicetechnique.click"; content:"Host"; http_header; classtype:attempted-recon; sid:200002756; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"n7orton.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002757; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nab-access-breach.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002758; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nab-alert.mobi"; content:"Host"; http_header; classtype:attempted-recon; sid:200002759; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nab-www.303.si"; content:"Host"; http_header; classtype:attempted-recon; sid:200002760; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"naderkhani.ir"; content:"Host"; http_header; classtype:attempted-recon; sid:200002761; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"najboljeuslugezavas.betterservicesforyou.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002762; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nalandaias.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002763; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nalodke.com.ua"; content:"Host"; http_header; classtype:attempted-recon; sid:200002764; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nanjing.itud167.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002765; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"napgamelienquan.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002766; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"naranja-users.auth0.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002767; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"native-possession-josh-asks.trycloudflare.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002768; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nattionaliy.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002769; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"natu-mx.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002770; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"naturalrocksand.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002771; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"natwest.nwolb-login-auth.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002772; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"natwest.secure-auth-personal-device.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002773; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"natwest.secured-online-verify.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002774; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"natwest.secured-personal-verify.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002775; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nayablabs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002776; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nayameehomes.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002777; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbcc.0bit08a.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002778; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbcvs.gd65y69.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002779; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbcxa.lctlfdq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002780; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbhjxa.hblhi96.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002781; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbnonres.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002782; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbxaa.b1b6nac.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002783; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbxas.uabzfbm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002784; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbxasd.rm625b.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002785; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbxha.74zdws.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002786; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbxza.giodzij.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002787; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ncgroup.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200002788; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"necessitymag.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002789; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nedbankqa.flowblocks.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002790; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nedriw.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002791; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"neftlexi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002792; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"negociebra.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002793; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"neptuneinnovations.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002794; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"netciti.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002795; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"netf1ix.us-891691712-local-781652.airalgeriecanada.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200002796; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"netfl-lixids938mailmealkas.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002797; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"netflix-techarmy.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002798; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"netflixus-uwm-916726-sbi-917827.kamaliakhaddar.pk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002799; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"networksol-f35e7.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002800; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"neversencommun.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002801; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"newlifenursery.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002802; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"newrydramafestival.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002803; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"newsletter.pagueonlinebra.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002804; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"newsodisha.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002805; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nextgensoftbd.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002806; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nftsmainnet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002807; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhattinsteel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002808; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhbcd.40ggify.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002809; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhbcd.xitgfmh.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002810; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhbcda.g4g5mgc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002811; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhbd.yl7g7qz.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002812; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhbdd.ncoavvx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002813; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhfactor.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002814; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhgcs.ugvvluf.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002815; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhhvd.zb06w77.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002816; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhri.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002817; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhs.my-vaccine-status.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002818; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"niagarapower.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002819; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nic-home.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002820; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nisuper.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002821; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nizotchauffage.bilty.be"; content:"Host"; http_header; classtype:attempted-recon; sid:200002822; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nontonvidioviral2022nohoax.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002823; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"northlane.esy.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200002824; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"notife.help.institutepages.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002825; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"notification-fb.secure-pages.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002826; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"notificationmember.mystrikingly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002827; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nour-ala-nour.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002828; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"novolimitenu.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002829; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nserviceserviceat.mystrikingly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002830; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nslg8.codesandbox.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002831; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nt.embluemail.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002832; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nueva-acropolis.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200002833; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nutroquin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002834; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nw-securedfailure.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002835; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ny989.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002836; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nyhet.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200002837; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"o.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002838; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"o2-failure-billing-update.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002839; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"o2-updatebillingvia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002840; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"o2billingauth-update.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002841; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"o2phone-billingupdate.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002842; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oanmce.hjwxkugs.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002843; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ocareportesweb.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002844; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ocaxvefific.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002845; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oceantires.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002846; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ocioturismogalicia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002847; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oco.or.tz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002848; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oddplug.cfd"; content:"Host"; http_header; classtype:attempted-recon; sid:200002849; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"odiasamaj.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002850; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"offic365.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200002851; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"offic4046217.sitebuilder.name.tools"; content:"Host"; http_header; classtype:attempted-recon; sid:200002852; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"officeee.bubbleapps.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002853; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"officialevent.way.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200002854; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"officialliker.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002855; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ogrodywlochy.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200002856; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oiasasca.asiocsacszc.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002857; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oiasd.herorny.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002858; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oicm.oobqrxh.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002859; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oidda.5s2iamp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002860; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oijcd.qvjcddv.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002861; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oikca.smwceku.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002862; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oikcas.6b914ty.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002863; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oikcxa.zvvx01z.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002864; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oivac.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002865; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okcs.qj8yua.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002866; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okds.bbtlcve.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002867; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okep-terbaru-viral-2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002868; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okmca.8xcrn6w.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002869; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okmca.bxkfham.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002870; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okmca.uwudagu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002871; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okmxa.lfgpror.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002872; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okpwtu.webwave.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002873; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"olidooo.waca.tw"; content:"Host"; http_header; classtype:attempted-recon; sid:200002874; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"olk.us7apye.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002875; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"olmnxa.wc2ikux.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002876; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"olx-pay-pl.pay-id22343.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002877; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"olx.saferegulatory.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002878; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"omesqiwines.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200002879; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"omicronvariat.pagedemo.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002880; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oncopharma-ae.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002881; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onecreator.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002882; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onedrive.zhaoge.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002883; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onee-a0488.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002884; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oneisallandone.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002885; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oneone-19cd8.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002886; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oneone-a38ef.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002887; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"online-sistem.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002888; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlineasesor01.hostfree.pw"; content:"Host"; http_header; classtype:attempted-recon; sid:200002889; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlineffn2.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002890; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlysportplus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002891; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ooxvocalor.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002892; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"opansea.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200002893; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"open24.ie-tsb.email"; content:"Host"; http_header; classtype:attempted-recon; sid:200002894; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"opticabattilana.com.ar"; content:"Host"; http_header; classtype:attempted-recon; sid:200002895; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"optika-anda.hr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002896; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ora-n.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002897; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orabu.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200002898; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orange-dcr.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002899; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orange-security.cloud.coreoz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002900; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orange.iobeya.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002901; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orange.sphinxonline.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002902; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orange2k22.wixsite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002903; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orangeb191.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002904; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orangess.contactin.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200002905; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"org-nr.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002906; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orlen-inwe.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002907; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orlen-x.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002908; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orlen.digital"; content:"Host"; http_header; classtype:attempted-recon; sid:200002909; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ormantencs112.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002910; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oryxcaracalsecurity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002911; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"osis.world"; content:"Host"; http_header; classtype:attempted-recon; sid:200002912; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"otomoto-h229.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002913; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"otomoto3452.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002914; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"otwmaxx.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002915; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oudczfbniitcqdsrmaapdztwqo-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002916; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ourgarden.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200002917; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"outlook1541489.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002918; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"outlookcom119.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002919; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002920; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"p1c.servleboncoinser.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002921; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"package2021.blogspot.ba"; content:"Host"; http_header; classtype:attempted-recon; sid:200002922; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"package2021.blogspot.bg"; content:"Host"; http_header; classtype:attempted-recon; sid:200002923; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"package2021.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002924; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"page-restrict-case22456548.help"; content:"Host"; http_header; classtype:attempted-recon; sid:200002925; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages-1008009999700022199021.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002926; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages-1008097555214021.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002927; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages-alert-facebook.ezyro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002928; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages-community-standart-2022.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002929; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages-marvelous-project.webflow.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002930; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages-support-office-2021.gq"; content:"Host"; http_header; classtype:attempted-recon; sid:200002931; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages-support-office-2021.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002932; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages.secure-accts.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002933; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pagesdetectscopyrightpostingactivitiesreported.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002934; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pagos.sinpemovil.cr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002935; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paleyeer.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002936; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"palmm.ps"; content:"Host"; http_header; classtype:attempted-recon; sid:200002937; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancaakesvap.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002938; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancake-sawp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002939; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancake.ellipsis.finance"; content:"Host"; http_header; classtype:attempted-recon; sid:200002940; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancake7wop.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002941; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakesawpes.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002942; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakesfinances.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002943; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakesvvap-finance.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002944; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswap.finance.tradechange.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002945; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswap.men"; content:"Host"; http_header; classtype:attempted-recon; sid:200002946; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswap.multi-wallet.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002947; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswap.salsasourcing.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002948; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswapes.company"; content:"Host"; http_header; classtype:attempted-recon; sid:200002949; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswapex.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002950; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswapexcgn.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002951; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswapexch.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002952; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswapexchage.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002953; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswapexchg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002954; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswappshop.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002955; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancaku-swap.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002956; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancalteswap.finance"; content:"Host"; http_header; classtype:attempted-recon; sid:200002957; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"panckaceswap.finance"; content:"Host"; http_header; classtype:attempted-recon; sid:200002958; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancoke.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002959; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaskin.ru.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002960; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"panelweb-4cae2.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002961; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pankaceeswap.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002962; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pankaceswapes.finance"; content:"Host"; http_header; classtype:attempted-recon; sid:200002963; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pankakeswap.ledgity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002964; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pannelpub-benin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002965; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pansccakeswap.finance"; content:"Host"; http_header; classtype:attempted-recon; sid:200002966; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pantazisezopiiuurmail1.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002967; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pantekkalisakitkepalaku.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002968; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"parcel-support018.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002969; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pardot.assemblecommunities.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002970; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pasarbta.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002971; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"passionfruit4576261.brizy.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002972; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pateltutorials.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002973; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"path.faithbible.institute"; content:"Host"; http_header; classtype:attempted-recon; sid:200002974; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pathospitals.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002975; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"patient-cell-40f5.updatedlogmylogin.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002976; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"patwise.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002977; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paws.org.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200002978; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paxfulmenu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002979; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pay-sera.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002980; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pay16-olx.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200002981; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paymentnotificationnow.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002982; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paypal-online-2deposits-paymentaccept.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002983; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paypal-opladen.be"; content:"Host"; http_header; classtype:attempted-recon; sid:200002984; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paypalforex.co.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002985; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pdf-cloud-document.weeblysite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002986; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pdf-sharefile-doc.weeblysite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002987; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pdflogincnvwo.app.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200002988; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pdfsecured.mystrikingly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002989; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"peaceful-black.193-70-50-31.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002990; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pembatalanakundinonaktifkan.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002991; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pencakecwap.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002992; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"perfectliker.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002993; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"peringatanakunfb2k214.webnode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002994; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"phantom-walletweb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002995; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"phantomaa.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002996; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"phishingloginmicrosoftonlinecom.zerotrustcorp.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002997; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"phlexx.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002998; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"phreshphoto.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002999; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichincha-datos1.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003000; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichincha-datos2.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003001; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichincha-datos3.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003002; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichincha-datos5.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003003; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichinchabank.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003004; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichinchacomfi.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003005; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichinchaecori.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003006; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichinchauser.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003007; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichinchverify.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003008; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"picnic.industries"; content:"Host"; http_header; classtype:attempted-recon; sid:200003009; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pics.lookatmynewphotos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003010; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"piermontbridge.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003011; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"piffvancouver.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003012; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pikaresailing.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003013; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pikay13.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003014; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pilmezorda.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003015; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pinchinchaverify.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003016; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pirana.co.rs"; content:"Host"; http_header; classtype:attempted-recon; sid:200003017; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pl-swiatowe-wiadomosci.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003018; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pla1060604.nichost.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003019; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"plan-o2-monthlypayments.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003020; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"planetaamor.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003021; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"plasticaindia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003022; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"platinumserviceac.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003023; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"playgirlgold.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003024; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ploferta.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003025; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"plugmailextraexpiredoldpolicynotificationscenter.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003026; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"plwiadomosciwszystkie.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003027; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"po-deliver-fees.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003028; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"po-service-page.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003029; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"poc-rewards-program-c2dfc.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003030; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"podpiska-darom.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003031; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pokajca.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003032; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pokcda.lnizi9c.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003033; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"poklsa.slodddz.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003034; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polcas.et0bgyf.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003035; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polcd.op59bk5.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003036; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polcda.qcgjwj7.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003037; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"poldf.gejzesp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003038; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polds.gmj6f2.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003039; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"poliambulatorioadriatico.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200003040; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"poligrafiapias.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003041; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polkadot-france.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003042; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polkastarter.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003043; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polsd.pa0cpof.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003044; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polxa.uh8dg67.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003045; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polygon-pro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003046; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polygon-secure.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003047; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polygon-technologyes.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003048; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pomnxaa.181gh1c.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003049; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"post-ch-de.34224.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200003050; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"post-ch-de.65241.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003051; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"post-ch.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003052; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"post-track.ch"; content:"Host"; http_header; classtype:attempted-recon; sid:200003053; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"posta-romana.cameleon-digital.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200003054; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"postaledsp2.conexion.fr.savealifemw.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003055; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"postalfees-uk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003056; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"postalukservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003057; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"postch9192.cargo.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003058; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"postechsuivre.ileanamlaw.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003059; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"postnl.post-tracking-delivery.etelinfra.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003060; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"poww.6hkjmb.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003061; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ppkllp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003062; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ppnnttcc.ppcnthsc.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200003063; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"precisionimpex.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003064; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"preg.dspearhead.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003065; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"preg.marketingvici.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003066; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"prepaid-leboncoin.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003067; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"preppingconfidence.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003068; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"prernaindustries.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003069; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"priceless-goldstine.35-185-184-61.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200003070; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"priceless-mccarthy-8674db.netlify.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003071; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"primarypagesmetasecure.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003072; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"primeassi5.sslblindado.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003073; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"primecentral.jihanjiaopo6.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200003074; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"primecentral.jixinggaozhao2.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200003075; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"primecentral.qiourn.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200003076; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"primeone.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003077; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"printtoner.com.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200003078; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"privacy-update-page-prtections-association-recovry-secu.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003079; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"privacy-update-secu-recovry-page-protection-4565544.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003080; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"privacy-update-secu-recovry-page-protection-comunity-45.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003081; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"priyankasandokar1606.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003082; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pro.icloudremovaltool.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003083; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"procservautomatizacion.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003084; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.anon-rest-keep-reset.sales18130.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003085; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.anon-step-keep-object.sales18130.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003086; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.calm-limit-671e.ralph2481.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003087; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.dry-snow-ddc20ffice.deuceice2.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003088; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.keep-paper-account.sales18130.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003089; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.lively-salad-1c42.updatelogaccountprogramedrfwerwrdhsmc.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003090; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.passtruth-truth-5df4.pass-morn-reset-todaybringsjoy.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003091; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.steep-poetry-1ba3.updatelogaccountprogramedrfwerwrdhscsw.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003092; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.try-murpheos-keep.sales18130.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003093; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.twilight-darkness-9e4b.updatelogaccountprogramedrfwerwrdhscsw.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003094; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"project1-df3e9.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003095; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"projectlovewell.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003096; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"promehedinti.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200003097; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"promerica-sv.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003098; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"promericalinea01.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003099; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"promo.mycorporate-rewards.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003100; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"prosmate.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003101; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"prosxsiuser.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003102; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"prosys.poweredbygravit-e.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003103; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"protect-4d56vca.surge.sh"; content:"Host"; http_header; classtype:attempted-recon; sid:200003104; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"proteczzguuaaardzzzpagess.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003105; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"proteczzpagezzguarddzzz.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003106; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"provodi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003107; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"proximus-account.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003108; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ptxx.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200003109; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pubgmobilevn.mobi"; content:"Host"; http_header; classtype:attempted-recon; sid:200003110; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"publish-p43452-e180057.adobeaemcloud.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003111; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"puffing.com.pk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003112; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pulihkan-accountt20001.webnode.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200003113; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"puroxymembrane.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003114; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pvr0k.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003115; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pydttuxozmzjmjqxayxfxhycfr-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003116; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qbocd.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003117; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qevwisdfztymporlndsckabdil-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003118; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qf3nt.codesandbox.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003119; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qfw.tosex35238.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003120; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qhj39hfxqftr.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003121; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qhmqhgnfqbcoxkwamsioilhdmv-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003122; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qsh74pekkv5e8.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003123; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qssa.x5yrlr.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003124; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"quinaroja.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003125; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"quotex-qx.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003126; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qwas.nfi71vw.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003127; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qwea.wvhee0w.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003128; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qweas.hi5g95r.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003129; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qweas.p6rhddj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003130; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qweas.zwfaclq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003131; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qxluatbght.cfolks.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003132; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"r3c31v30n3-1d3nt1ty.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003133; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rabellartz.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003134; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rabofree.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003135; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rabofree.blogspot.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200003136; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rackenfordlabs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003137; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"racuten.nuef.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200003138; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"radhikamd.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003139; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rafbbmx.ml"; content:"Host"; http_header; classtype:attempted-recon; sid:200003140; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"raipurrussianescorts.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003141; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakoten-card.buogfbizkugf.gq"; content:"Host"; http_header; classtype:attempted-recon; sid:200003142; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakoten-card.bycsaxwdqunhh.gq"; content:"Host"; http_header; classtype:attempted-recon; sid:200003143; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakoten-card.motpefhnpvyz.gq"; content:"Host"; http_header; classtype:attempted-recon; sid:200003144; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakoten.potex.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200003145; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"raktuen.laobanlocker.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003146; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakuitan-card.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200003147; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakuten.awjoadc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003148; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakuten.card.nuosreaoms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003149; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakuten.card.uosmcoua.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003150; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakuthn.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200003151; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakuttm.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200003152; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ramgarhiamatrimonial.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200003153; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rareelements.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003154; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rasmer.fi"; content:"Host"; http_header; classtype:attempted-recon; sid:200003155; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ratewatch.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003156; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"raycargo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003157; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"raydiom.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003158; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"razcjjf.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200003159; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"razcjjf.ml"; content:"Host"; http_header; classtype:attempted-recon; sid:200003160; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rbcmontgomery.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003161; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rd8um.app.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200003162; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rdirtfuo6t.vov.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003163; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"re-direct-me.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003164; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"re-redirection-acc-id923872635122.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003165; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"real-anon-keep-passing-word.rvsla.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003166; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"realestate-page-10843446024.expresspestcontrol.co.nz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003167; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"realindiatravel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003168; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reconfirmpost287846656.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200003169; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"recover-pages-media-problems-secur-782.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003170; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"recover-pages-secur-media-problems-393.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003171; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"recover-pages-secur-media-problems-397.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003172; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"recovery-chain.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003173; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"recovery-fb.secure-acct.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003174; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"red-limit-db0e.chseonlinelogins.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003175; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"redbysfrgroupebox.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003176; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"redeem-microsoft-code.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200003177; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rediractionid547012016089540218057.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003178; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"redpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003179; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reg-3da7f.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003180; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reg.chaindaohang.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003181; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"regisdrive.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003182; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"register-my-device.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003183; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"registerdrive.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003184; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reglic.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003185; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"regularsweeps.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003186; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reignbike.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003187; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reikisadhna.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003188; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"relevant.systems"; content:"Host"; http_header; classtype:attempted-recon; sid:200003189; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"remittance369297292749.goshly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003190; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"renovkonstruksi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003191; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"repl-mess.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003192; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"restore.exodusapp.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003193; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"restoredabefore-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003194; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"restorewallet-activation.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003195; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"retiro-extracash.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003196; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"retiro.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003197; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"retraiteenaction.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200003198; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"retrospectiveplanningenforcementwestsussex.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003199; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"retrouve-particulier-mailaccord.globaltvnepal.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003200; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rev.sfr.net.gghost.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003201; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"review-mynew-device.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003202; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reviewbook.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003203; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"revistametro.com.ar"; content:"Host"; http_header; classtype:attempted-recon; sid:200003204; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reximane.cf"; content:"Host"; http_header; classtype:attempted-recon; sid:200003205; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"riptide-operation.ru.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003206; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"riveroflife.org.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003207; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rizarichempire.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003208; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rizkyinterior.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003209; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rkanet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003210; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rkt-co.f1ss.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003211; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rlink.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003212; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rmsfcc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003213; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rnercarl-security.co.ip.rnamso.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200003214; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rnercarl.co.jp.merinosimo.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200003215; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roadgo.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003216; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"robloxrun.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003217; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roccobonheur1-my-cheetah-website-copy.cheetah.builderall.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003218; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roisnoob.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003219; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rokulinktechnology.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003220; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rolinadd.surveysparrow.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003221; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"romanceify.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003222; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rondalowa.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003223; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rondelbarrilito.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003224; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ronin-help.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003225; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roninwallet-connect.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003226; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roninwallet.cm"; content:"Host"; http_header; classtype:attempted-recon; sid:200003227; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rotimi.pandaform.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003228; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roundcube-2c46f.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003229; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roundcube-production-cf.tx1.mailhostbox.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003230; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"routeksa.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003231; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"royalwindsorpub.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003232; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roygijvhluozwnflsypmewrstt-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003233; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rplg.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003234; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rrakutenn.co.jp.azii.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003235; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rrakutenn.co.jp.nanofresh.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003236; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rsujkblokqlyqfonpzgztejdji-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003237; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rufoxxy.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003238; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"runescape-info.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003239; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ruth.martulangbelulalng.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003240; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ryanicolehoward.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003241; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rymproducciones.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003242; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"s-sarfati.co.il"; content:"Host"; http_header; classtype:attempted-recon; sid:200003243; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"s.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003244; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"s5vzr.app.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200003245; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"s787v.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003246; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sa.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003247; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sadervoyages.intnet.mu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003248; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"safty.summarycheck.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003249; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"saintbarkleyshoes.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003250; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"saitadobrasil.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200003251; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"saldospc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003252; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"saliksnas.lojaintegrada.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200003253; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"salmanfarsi01.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003254; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"saludypension.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003255; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"samarahonda.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003256; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"samihalyaman.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003257; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"samvoktor.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003258; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sanasunty.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003259; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sandeeppk03.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003260; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sandhu.codebucketitsolutions.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003261; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sanjilkumar.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003262; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sankyo-rz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003263; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sanru.cd"; content:"Host"; http_header; classtype:attempted-recon; sid:200003264; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"santander.secured-auth-login.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003265; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"santanverifyfunction.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003266; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"santepluspharma.eclatmediasolution.website"; content:"Host"; http_header; classtype:attempted-recon; sid:200003267; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"santoshdangi.com.np"; content:"Host"; http_header; classtype:attempted-recon; sid:200003268; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"saritapariyar.com.np"; content:"Host"; http_header; classtype:attempted-recon; sid:200003269; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"satay-secur.reconfimations.pagedisabled.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003270; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"satemi.com.ve"; content:"Host"; http_header; classtype:attempted-recon; sid:200003271; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"satonteams.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003272; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"savingsfordentalcare.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003273; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sbi.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200003274; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sbs-siebanlagen.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003275; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sc.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003276; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sc.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003277; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sca.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003278; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sdgvsdvsdvs.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003279; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"se.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003280; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sebat-dhl.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003281; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sebene27.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003282; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secur-standard-media-recover-pages-problems-159.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003283; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-boncoincontrol.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003284; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-halifax-device.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003285; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-mynew-devices.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003286; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-runescape.xgm.rnp.mybluehost.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200003287; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-service-gateway.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003288; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-zirox.s3.ap-southeast-2.amazonaws.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003289; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.legalmetric.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003290; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.oldschool.com-cl.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003291; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.oldschool.com-cu.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003292; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.oldschool.com-cv.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003293; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.oldschool.com-oz.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003294; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.oldschool.com-rsu.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003295; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-as.cz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003296; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-az.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003297; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-cl.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003298; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-co.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003299; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-cu.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003300; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-cv.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003301; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-or.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003302; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-oz.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003303; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-rse.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003304; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-rsu.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003305; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-vs.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003306; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure300.inmotionhosting.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003307; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure303.inmotionhosting.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003308; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure55.webhostinghub.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003309; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure7-servr01-log-in.4nmn.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003310; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"securee37-authen21.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003311; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"securegateway-ovhcloud.csl-sl.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003312; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"securelloyd-help-app.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003313; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"security-page-community-standards.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003314; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"seguridad-oca.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003315; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"seleb-indo.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003316; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"selector26.gg"; content:"Host"; http_header; classtype:attempted-recon; sid:200003317; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"selector28.gg"; content:"Host"; http_header; classtype:attempted-recon; sid:200003318; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sem.my-drs.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003319; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sen-manole.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003320; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sendo-meso.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003321; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sendung.eyecatch.ch"; content:"Host"; http_header; classtype:attempted-recon; sid:200003322; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sergebubnin.space"; content:"Host"; http_header; classtype:attempted-recon; sid:200003323; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sertyxese.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003324; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"server-networksolutions.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003325; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"serverprotocols.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003326; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck103.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003327; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck104.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003328; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck105.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003329; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck107.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003330; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck108.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003331; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck111.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003332; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck112.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003333; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck117.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003334; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck118.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003335; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck121.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003336; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck122.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003337; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck123.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003338; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck126.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003339; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck127.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003340; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck129.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003341; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck13.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003342; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck130.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003343; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck134.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003344; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck135.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003345; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck137.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003346; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck138.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003347; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck139.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003348; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck14.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003349; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck140.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003350; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck142.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003351; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck143.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003352; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck145.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003353; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck149.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003354; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck155.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003355; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck207.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003356; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck21.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003357; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck23.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003358; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck334.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003359; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck36.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003360; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck410.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003361; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck429.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003362; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck442.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003363; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck443.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003364; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck46.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003365; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck54.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003366; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck60.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003367; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck70.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003368; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck736.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003369; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck74.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003370; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck75.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003371; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck77.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003372; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck8.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003373; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck87.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003374; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck995.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003375; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"service-lkdn2020.gacconstrutora.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200003376; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"serviceinfo-securehost.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003377; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servicepage.service-page.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003378; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servicepichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003379; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"services.runescape.com-as.cz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003380; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"services.runescape.com-oc.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003381; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"services.runescape.com-rse.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003382; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"services.runescape.com-rsu.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003383; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servicesbancaire.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003384; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"serviciosbndigitales.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003385; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servics.validationsecuradm.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003386; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servinform.quadientcloud.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003387; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"setupmynorton.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003388; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"seul.unilurio.ac.mz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003389; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sevoudryserviciobomail.dudaone.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003390; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sfc.com.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003391; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sfex12sec.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003392; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sfirstrepublic.coms.cso.gov.tt"; content:"Host"; http_header; classtype:attempted-recon; sid:200003393; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sfr.provad.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003394; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sfrpanel.lws.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003395; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sgtbalde991-dot-still-dynamics-321006.ue.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003396; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shafischools.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003397; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shamajastore.co.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200003398; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shanky0.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003399; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shanza.epos.com.pk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003400; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"share-eu1.hsforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003401; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"share.chamaileon.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003402; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shared-file.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003403; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sharedfax815201376.wordpress.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003404; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sharedtris.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003405; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sharelink.sn.am"; content:"Host"; http_header; classtype:attempted-recon; sid:200003406; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shayvardphoto.ir"; content:"Host"; http_header; classtype:attempted-recon; sid:200003407; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shinex.lk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003408; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shirhokos-mhalskbsiaoutfew43535.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003409; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shirtshanger.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003410; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shiye666.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003411; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shop.cmfurnituremall.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003412; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shop.ewerest-stroi.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003413; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopeecoins.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003414; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shrutidhall.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003415; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sidneyfcuorg.freshy.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003416; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sign-trk.empressmd.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003417; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"signin-gcq7uwojrw58brcckylebjuy39nk2ivt65ol39k6ut6ura94zk.website.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003418; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"signin-payeer.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003419; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"signin.eday.ed.ws.eday.ispi.dll.signin.using.ssl.hors-stade.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003420; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"silkroadwines.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003421; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"silpovsatb-ua.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200003422; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"silverberrygroup.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003423; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sim0nt0k-viral-terbaru-2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003424; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"simpkk.karanganyarkab.go.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003425; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sindarspen.org.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200003426; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"siporados15585.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003427; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sirak.se"; content:"Host"; http_header; classtype:attempted-recon; sid:200003428; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site-4403463-3995-6112.mystrikingly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003429; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9423623.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003430; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9423773.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003431; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9434107.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003432; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9548676.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003433; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9551459.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003434; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9552191.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003435; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9606042.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003436; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sitebrasil.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003437; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sitebuilder152832.dynadot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003438; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sitebuilder152935.dynadot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003439; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sitemodify.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003440; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"situs-facebook-resmi21.webnode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003441; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"situs-layanan-pemulihan4.webnode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003442; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"situs-pemulihan-resmi0.webnode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003443; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"six-group.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003444; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sk128.sbs"; content:"Host"; http_header; classtype:attempted-recon; sid:200003445; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sklepkody.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003446; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skradvanidance.business.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003447; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skybttv.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003448; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skygobank.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003449; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skylerclarkmusic.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003450; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skymavis-accountupdate.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003451; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skymavisupport.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003452; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"slavamel.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003453; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sleepmaskz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003454; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"slickparties.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003455; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"slmkufeckf.jon-jensen.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003456; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"slovenska-posta.sytes.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003457; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"slowlinebag.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200003458; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sm.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003459; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sm777.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003460; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smbc-accout.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003461; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smbc-credit.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200003462; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smbc-veaiana.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003463; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smbcbc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003464; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smbccjp.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200003465; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smbcr.mrtka.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200003466; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smbcwodeqingguoshoujicojp.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200003467; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smeo.org.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200003468; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smgolamalif.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003469; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smirl.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003470; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smkkesehatanjember.sch.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003471; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smmsvocal.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003472; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sms-check.sc-q.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200003473; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sms-shorter.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003474; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smsbc-info5.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003475; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smsenligne.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003476; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smsorangephonemail.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003477; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smsorangesmsmessage.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003478; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smss-mms.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003479; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smsverificationmms.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003480; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smwam.coms.cso.gov.tt"; content:"Host"; http_header; classtype:attempted-recon; sid:200003481; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"so.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003482; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soaringskiesrentals.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003483; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soci-molen.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003484; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"socialpinch.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003485; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sofe-firma.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003486; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soft-cell-8148.updateloginprogram.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003487; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soft-grass-1edd.acc-update.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003488; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sognointerno.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003489; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"solicitarfirmaelectronica-sv.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003490; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"solyanayakomnata.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003491; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sopac.org.py"; content:"Host"; http_header; classtype:attempted-recon; sid:200003492; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soracoes.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003493; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"souaxwaoh.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003494; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soude-masi.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003495; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soufsont.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003496; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soulocaredirect.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003497; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soumya252000.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003498; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"souravtech.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003499; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"southamerica-east1-hardy-magpie-334101.cloudfunctions.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003500; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"southamerica-east1-manifest-design-330523.cloudfunctions.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003501; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"southamerica-east1-my-project-90086352.cloudfunctions.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003502; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"southamerica-east1-noted-minutia-330211.cloudfunctions.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003503; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sp477389.sitebeat.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003504; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sp701876.sitebeat.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003505; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spacemanagerent.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003506; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spark.shaheenwrites.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003507; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sparkasse-vereinsbanken.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003508; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sparkasse.de.internet-filiale.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003509; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sparxinteriors.co.zw"; content:"Host"; http_header; classtype:attempted-recon; sid:200003510; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"specialnotice.pricesamazonlogincard.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200003511; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spectrumstorageaccess.yahoosites.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003512; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spentamultimedia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003513; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spidertvapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003514; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spirit.gtwozone.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003515; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spk-entsperren.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003516; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spk-jahreswechsel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003517; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spk-secure-de.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003518; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sport.protected-secur.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003519; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sportshoes.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200003520; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sportybetpremium.wapka.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003521; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spring-pond-62c4.autocreative.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003522; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spring-pond-62c4.autocreative.workers.dev#eimaste@stinpriza.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003523; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"squeeze-airwcmalznoun.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003524; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"squeeze-amieazoeon.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003525; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sr.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003526; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"srisritextiles.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003527; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"srvr-cloudmail-srvr5s5wd3.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003528; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ssdaz.sqqaepr.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003529; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sse.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003530; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ssia.org.sg"; content:"Host"; http_header; classtype:attempted-recon; sid:200003531; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ssl.dsl.isl.mll.aqmst6.stockestan.ir"; content:"Host"; http_header; classtype:attempted-recon; sid:200003532; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sso-garena.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003533; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sswebmail-4w5twsr.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003534; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stage.vannaryfowler.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003535; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"staging.eliteautomotive.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200003536; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"standardupdatesupportandhelpcenter2021.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200003537; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"starforsure.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003538; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"starliker.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003539; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"starsoftheindustry.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003540; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"starttsboxfile.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003541; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"static-ak-fbcdn.atspace.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003542; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"static-dev.o2alerts.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003543; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"static-promote.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003544; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"status-dev.o2alerts.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003545; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stbkcoltria.atwebpages.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003546; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stclarechurch.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003547; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"steamcommunites.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003548; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"steamcommunitj.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003549; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"steamnitrof.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003550; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"steampoweredtrade.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003551; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"steampoweredtrades.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003552; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stevemadden-sverige.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003553; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stevemaddenbutik.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003554; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stevemaddenserbia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003555; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stevemaddenshoe.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003556; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"steven-coldwellbth9965.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003557; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stevencrews.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003558; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stgrp.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003559; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"still-star-c948.updatelogaccountprogramedrfwerwrdhsjy.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003560; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stimulus-claim.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003561; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stjohnmarol.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003562; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stjudes.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003563; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stolizaparketa.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003564; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stollgroup.coms.cso.gov.tt"; content:"Host"; http_header; classtype:attempted-recon; sid:200003565; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"storage.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003566; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"storenike365.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200003567; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"studio-lol.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003568; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stylifehomedecors.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003569; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stz-fmba.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003570; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"submit8099.page.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200003571; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"successgroup.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003572; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sucses-gov.nomtiluy.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200003573; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sucuvirtcolba.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003574; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"suelunn.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003575; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"suiviticket.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003576; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sukien-pubgmoblevng.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200003577; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sultan-raza.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003578; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sumpandtankcleaners.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003579; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sunami.pagedemo.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003580; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sunbeltmembers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003581; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sunge-ode.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003582; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sunshineteam.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003583; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"super-dawn-3035.ddahluwalia.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003584; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"supermilhas.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003585; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"suportecxacesso2020.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003586; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"supotsstunes.servehttp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003587; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"suppliers.bitshepherd.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003588; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"support-auwebaccessjpnaikpanggung.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003589; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"support-axiewallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003590; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"support-dapps.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200003591; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"support-process-manager.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003592; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"support-verify-mydevices.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003593; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"support.atimazo.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200003594; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"supportpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003595; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"survey18-aws.surveycenter.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003596; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"survey18-aws.toluna.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003597; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"surveys.adytude.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003598; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"suspicious-williamson.193-70-50-31.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200003599; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"suumc-one.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003600; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sv.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003601; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"svelte-kdy6dk.stackblitz.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003602; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"swanholm.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003603; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"swannatural.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003604; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"swap.elena.finance"; content:"Host"; http_header; classtype:attempted-recon; sid:200003605; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"swappauto.staging.lcsolutions.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200003606; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"swedbank-apsauga.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200003607; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"swisscom.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003608; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sxb1plvwcpnl489779.prod.sxb1.secureserver.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003609; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"synaxisreadymix.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003610; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncdappconnect.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003611; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncmultidapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003612; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"syr.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200003613; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sysm5rn.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003614; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"system-fassil-net-2-3242353453453--12344443.repl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003615; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"t0nline0de0login-001-site1.itempurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003616; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"taher-mohamed-ahmed-saad.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003617; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"taoistw345ie.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003618; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tarik-fitness.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003619; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"taxcare.page.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200003620; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"taxopus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003621; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tb915hdh89.mfs.gg"; content:"Host"; http_header; classtype:attempted-recon; sid:200003622; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tby.eb-sites.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003623; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tcaconnect.ac-page.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003624; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"teamgameswild.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003625; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"teamgoogle125590.psee.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003626; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"teamomni4life.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003627; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tebapit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003628; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tecmachine.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200003629; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tecnominproductos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003630; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"teekitstorage.blob.core.windows.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003631; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tejalashikaindiagrocery.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003632; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"telecredutobcp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003633; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"telegramsecurityhelp.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003634; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tellmeliu.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003635; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"templat65sldh.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003636; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"temporary-url.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003637; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"terpelsicumple.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003638; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"terracontiles.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003639; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"test.bayoucitybadges.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003640; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"test.bitflye87.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003641; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"test.dxbproductions.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003642; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"test.webclient4.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003643; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"texasfreedomrun.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003644; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tgpafasfsakkk.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003645; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"theaceofspaeder.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003646; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"theaudazity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003647; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"theavon.co.zw"; content:"Host"; http_header; classtype:attempted-recon; sid:200003648; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thebeachleague.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003649; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thechillipicklecanteen.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003650; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thedecorindia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003651; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thedom.kg"; content:"Host"; http_header; classtype:attempted-recon; sid:200003652; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"theironinnparlour.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003653; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"theneontree.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003654; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thepointcj.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200003655; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thespiritualtransformation.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003656; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thetimecenter.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003657; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thomasdentalcentre.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003658; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"three-retail-live.devicetradein.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003659; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tianyuiyu.uihaish.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003660; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tieganford.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200003661; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tighi.creatorlink.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003662; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tight-samiuboc.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003663; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tikitaps.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003664; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tinhtrangdon.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003665; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tinyurl.mobi"; content:"Host"; http_header; classtype:attempted-recon; sid:200003666; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tipografieonline.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200003667; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tirozhjewelry.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003668; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"titelinedrillingintl.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003669; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tktrailerparts.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003670; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tlatx.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003671; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tlcbcp.com-segurospe.buzz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003672; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"to-ken.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003673; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"toanhoc247.edu.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003674; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"toddler-town.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003675; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tongdaiviettelbienhoa.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003676; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tooljerejin.airsite.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003677; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"top10cheapairlinesreview.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003678; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"top10songsnews.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003679; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"topearnersafrica.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003680; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"topskills.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003681; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"torccolborrachas.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003682; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"torrinwine.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003683; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"touchidea.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200003684; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"touronline2022.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003685; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tovowhuqeojweawmubmaqmqlv.hofferflow.icu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003686; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tpayleboncoin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003687; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"traders-joesxyz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003688; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tradeswarehouse.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003689; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"trams.mot.go.th"; content:"Host"; http_header; classtype:attempted-recon; sid:200003690; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"transfertconfirmer-payalfrance.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003691; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"triangarena-membership.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200003692; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tribratanewsbondowoso.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003693; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tribunbalikpapan.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003694; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"truegrip.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003695; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"trust-wallet.com.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003696; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"trustinpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003697; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"trustpress.gr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003698; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"trustypichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003699; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ts3cacd.jhfshm.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003700; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ts3cacd.rzjxbv.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003701; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"turntekcnc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003702; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"twoje-zdjecia-622.herokuapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003703; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tx.vc"; content:"Host"; http_header; classtype:attempted-recon; sid:200003704; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"txwnmdsbqghviqxpglgzjrgbzv-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003705; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"typedream.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003706; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"typesmartlyocr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003707; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tyrecentre.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003708; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"u08qv44zu5h.typeform.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003709; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"u1571226.cp.regruhosting.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003710; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"u1571630.cp.regruhosting.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003711; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"u1571652.cp.regruhosting.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003712; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"u18741649.ct.sendgrid.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003713; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"u827857uw6.ha004.t.justns.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003714; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uabaiieo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003715; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ualsemantic.dualsemantics.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003716; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ug7jv.sbs"; content:"Host"; http_header; classtype:attempted-recon; sid:200003717; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uglcsonfonia.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003718; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhasd.au6bu8m.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003719; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhdss.xkrx0o.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003720; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhfddsa.t0xpo42.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003721; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhhd.rox847t.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003722; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhhff.cnza7b8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003723; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhna.5m4zhvd.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003724; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhnas.ib8b40d.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003725; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhnca.yrk1du9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003726; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhncd.n26k1al.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003727; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhncda.xmilwwp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003728; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhndd.9943s82.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003729; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhns.mxyzy7i.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003730; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhnsa.sdmpo0s.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003731; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhnxa.d23xsru.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003732; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhnxa.q83itv9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003733; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhnxas.rvw56l.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003734; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uiuui.pagedemo.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003735; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujcd.um2nlru.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003736; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujdaa.fn3m4en.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003737; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujds.5e8tn13.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003738; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhca.oioqmsh.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003739; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhca.xsevdat.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003740; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhcd.8burgvo.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003741; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhd.21k0qik.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003742; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhd.c0c4m46.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003743; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhd.j419kr0.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003744; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhd.kdsiuuc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003745; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhd.zkshmxt.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003746; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhdca.mdwclcb.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003747; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhdd.cotf8p5.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003748; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhf.m45h2q0.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003749; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhff.nkxefqp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003750; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhs.o2klowf.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003751; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujnca.wxuqxb7.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003752; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujnca.zgbo0g.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003753; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujncd.kzi68ra.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003754; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujncd.lw2djbm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003755; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ukcare.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003756; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"umbrellaclubla.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003757; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unam.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003758; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unbxa.byjmcpy.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003759; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"undefinedtrack.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003760; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unga.c76sioq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003761; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniassessoria.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200003762; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unicreditaustria.ucs.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200003763; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unifacema.edu.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200003764; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unifacvest.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003765; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unillantas.com.sv"; content:"Host"; http_header; classtype:attempted-recon; sid:200003766; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unionheightsresidental.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003767; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unipo-a.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003768; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unisons.store"; content:"Host"; http_header; classtype:attempted-recon; sid:200003769; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unisonsouthayr.org.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003770; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.ch"; content:"Host"; http_header; classtype:attempted-recon; sid:200003771; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.financial"; content:"Host"; http_header; classtype:attempted-recon; sid:200003772; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.openwallet.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003773; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003774; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.seal.finance"; content:"Host"; http_header; classtype:attempted-recon; sid:200003775; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.token.im"; content:"Host"; http_header; classtype:attempted-recon; sid:200003776; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.trading"; content:"Host"; http_header; classtype:attempted-recon; sid:200003777; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003778; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswapfinancing.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200003779; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswaps.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003780; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unitedalliance-online.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003781; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unitus.mk.ua"; content:"Host"; http_header; classtype:attempted-recon; sid:200003782; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"universidadsanjuan.ac"; content:"Host"; http_header; classtype:attempted-recon; sid:200003783; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unnca.bbh672u.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003784; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unnxa.pqpchqo.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003785; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unpocodearte.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003786; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unregpayee-lb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003787; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unsub.listhandlr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003788; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"upbeat-dhawan.179-43-173-14.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200003789; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"updateinfo-billingo2.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003790; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"updateseason.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003791; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"updatestory2022.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003792; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"updatevoda-billing.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003793; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"upgrade-25gb-email.thecornerstudio.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200003794; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"upgradedserver.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200003795; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"upgradingattonlinee.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003796; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uploadpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003797; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uploads.codesandbox.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003798; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"upnew.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003799; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uppledpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003800; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"urbenorte.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003801; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"urgent-halifaxlogin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003802; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"userboitevocalweb.flazio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003803; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"userinformationstoreupdatesmail.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003804; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"usfn.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003805; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uspsconfirm.iconoomikert.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003806; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uspsexpressdeliveryline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003807; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uswowgame.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003808; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uueer.7jgy5xe.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003809; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uuid-validation.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003810; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uukx0h0.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003811; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uyhnxx.urpzkva.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003812; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uyqw.dykowec.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003813; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uz154.sbs"; content:"Host"; http_header; classtype:attempted-recon; sid:200003814; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"v.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003815; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"v3r1f1c4t10ns-c3nt3rp4g3.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003816; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vaccine-status-info.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003817; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vakif.albay-arnold.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003818; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"valax-wallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003819; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"valenciaoptometry.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003820; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"valenteplay.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200003821; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"validacionpichincha.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003822; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"validate-solana.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003823; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"validator-fzkiy.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003824; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vallion.motiffliterature.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200003825; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vcz.gmoqkzu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003826; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"velvish.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003827; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ventas.lnterbarnk.pe.jifad.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003828; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verfybadgeappform.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003829; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"veri-pichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003830; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verificaciondeprioridad.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003831; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verification-trustwallet.4bl-eg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003832; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verification.fb-page.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003833; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verificationmessage.blob.core.windows.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003834; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verififacebookid.wixsite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003835; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verifiikasi-accounts.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003836; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verifikasi-akun-anda0011.weeblysite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003837; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verifikasi-akun-facebook0022.weeblysite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003838; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verifikasi-identitas47.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003839; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verifocaoffa.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003840; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vgiuhkjnm.b9u6vh5l7g1797.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003841; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"victorarath99.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003842; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"videobigo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003843; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vietlime.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003844; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vietschi.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003845; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"viettel-com-dot-c2c01-531c7.uc.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003846; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vigortech.com.np"; content:"Host"; http_header; classtype:attempted-recon; sid:200003847; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"viguohilkasdsd.izwe6g6lyc.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003848; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vilaanimalviana.pt"; content:"Host"; http_header; classtype:attempted-recon; sid:200003849; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vinbpcfatfnkjftetwwkucfqsi-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003850; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vinivet.mk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003851; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vipfbtools.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003852; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vipprofessional.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003853; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"viral-groub.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003854; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"virginia-spi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003855; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"virtual1dattss.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003856; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vis-stort.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003857; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"visa-band.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003858; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vishaljangale01.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003859; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"visione.co.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003860; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"visionproperty.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003861; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vk-posters.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003862; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vk-vhods.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003863; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vkjbm.4nt4nb464e6113.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003864; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vodaupdatepayment.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003865; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"volvocarskc.us1.list-manage.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003866; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vps56290.servconfig.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003867; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vqed.5xcv81zrx0530.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003868; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vqwd.soboja1994.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003869; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vr-banking-app.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003870; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vr-neu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003871; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vr-system89394.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003872; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vr-system98622.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003873; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vtekllc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003874; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vtxmail2018.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003875; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vugik.mecil33784.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003876; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vv.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003877; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vvjde0h0ttttf9hay.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003878; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vvpaes-me-index.egvtpp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003879; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vxdse.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003880; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"w2.deraya.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003881; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"w5aproject.s3.us-east.cloud-object-storage.appdomain.cloud"; content:"Host"; http_header; classtype:attempted-recon; sid:200003882; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"w5czf.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003883; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wahed-koudsi2001.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003884; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walkers-dot-composite-store-326315.uk.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003885; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallcertifyonmesh.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003886; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walldesign.com.tr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003887; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallet-connect012.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003888; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallet-reconnection.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003889; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallet.silesiacoin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003890; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallet22.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003891; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletconnectonline.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003892; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletconnectors.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003893; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walleterrorsupport.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003894; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletsconnex.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003895; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletsliveconnects.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003896; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletsreauth.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003897; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletsvalidator.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003898; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletsynclive.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003899; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletvalidation.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200003900; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletvalidators.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003901; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallletsconnectts.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003902; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallsynchvalidatevd.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003903; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wana78420.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003904; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wap.bitffybtcer.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200003905; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wap.bitffybtcer.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003906; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wap.bitflyer.plus"; content:"Host"; http_header; classtype:attempted-recon; sid:200003907; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wap.bitflyer.venus.kim"; content:"Host"; http_header; classtype:attempted-recon; sid:200003908; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wap.btcffybtcer.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003909; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"warbonus.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003910; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"warningshadows.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003911; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"warsa.bandungkab.go.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003912; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wasites.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003913; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"we-exodus-wallet.yahoosites.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003914; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-armas.royale-freefire1garena-bonus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003915; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-b4119.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003916; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-e1f6d.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003917; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-exoduss.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003918; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-f6612.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003919; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-ml01.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003920; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-my-app.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003921; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-online-cancel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003922; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-verifi01.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003923; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-verifi02.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003924; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-verifi03.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003925; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-verifi04.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003926; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-verifi05.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003927; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-verifi06.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003928; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web.bredbanque.trans.sylog.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003929; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web.royale-freefire1garena-bonus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003930; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web7320.web07.bero-webspace.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003931; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webbbb.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003932; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webbl.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003933; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webdatamltrainingdiag842.blob.core.windows.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003934; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webdesecure.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003935; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webip.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003936; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmail-2aaa0.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003937; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmail-sso8uyg.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003938; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmail.gourmer.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003939; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmail.login.access.docs67.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200003940; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmailadmin0.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003941; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmailstoragesrvr4567-supportdev.codeanyapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003942; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webpres.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003943; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webregular.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003944; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webservice-verify.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003945; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"websitefun.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200003946; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"websiteorange.wixsite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003947; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webstories.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003948; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webvalidity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003949; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"well-42d74.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003950; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wellsfargo-online06.herokuapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003951; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"weryfikacja-facebookowa-27.herokuapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003952; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"weryfikacja-facebookowa-28.herokuapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003953; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"weteachbh.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003954; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"whare.100webspace.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003955; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wheelsofmercy.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003956; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"whitelist-network.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003957; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"widadkamillah.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003958; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wiki.oceanreeflifegame.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003959; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wildcard.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200003960; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"windstream-net.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003961; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"winville.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003962; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wireconfirmation68c10a25442a3e13.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003963; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wires-business-starter.webflow.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003964; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wirtschaft.baesweiler.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003965; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wizmi.service-now.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003966; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wkazisan.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003967; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"womancreatorofman.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003968; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"woofle.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003969; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"workforcerelief.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003970; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"workprotocoles-com.webs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003971; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wp-login.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003972; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wpsoar.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003973; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wqass-index.chobqu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003974; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wqass-index.dccigq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003975; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wqass-index.gbswz.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003976; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wqass-index.jeewiki.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003977; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wqass-index.pygbw.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003978; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wrww-roblox.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003979; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wteeoq.pfinanceiro.com.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003980; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ww.lnterbank.pe.personas.onlinesocket.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003981; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ww16.inpost-pl-3dsecure.clear-id.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003982; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-cursosdigitalesmx-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003983; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-degelyehuda-org-il.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003984; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-europe564598-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003985; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-europessign-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003986; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-key-com.test.edgekey.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003987; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-mufg-jp.handicraft.ltd"; content:"Host"; http_header; classtype:attempted-recon; sid:200003988; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-mufg-jp.kaiqi.ink"; content:"Host"; http_header; classtype:attempted-recon; sid:200003989; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-wattsapcom.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003990; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www2.rakutan.co.jploginffd9dfg7.carwork.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003991; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www2.rakutan.co.jploginffd9dfg7h.iotbaas.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003992; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www2.rakutan.co.jploginvcx8ds.nanoart.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003993; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www2.rakuten-card.co.jp.wzsrc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003994; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www2.rakutenn.co.jp.nanopark.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003995; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www2.rakutenn.co.jp.zgyo.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003996; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www3.lejournaldugrandparis.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003997; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www3.plenainclusion.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003998; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wxsohu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003999; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"x.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004000; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"x.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004001; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcas.xoh29oz.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004002; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcasd.7vo6bt.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004003; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcasd.b204uje.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004004; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcasd.yikn2gd.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004005; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcryptocars.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004006; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcvdsd.page.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200004007; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xhgs.epgegxj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004008; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xiajs.0dow0l.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004009; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xid-human-validation.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200004010; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj333.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200004011; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj33s.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200004012; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj33w.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200004013; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj3pr.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200004014; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj45g.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200004015; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj45o.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200004016; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj4og.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200004017; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xjm7s.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200004018; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xjmr7.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200004019; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xjpyyds.pem4yp3.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004020; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xkljfg.ml"; content:"Host"; http_header; classtype:attempted-recon; sid:200004021; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xn--gmal-sya.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004022; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xn--instagam-sf0d.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004023; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xn--ltappen-80a.se"; content:"Host"; http_header; classtype:attempted-recon; sid:200004024; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xn--metamsk-lwa.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200004025; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xn--rpondeur-sfr2-bhb.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004026; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xqr3i.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200004027; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xqr3n.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200004028; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xqr3u.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200004029; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xrx6r.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200004030; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xrxh1.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200004031; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xrxh2.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200004032; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xrxhl.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200004033; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xsbrookshhjx.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200004034; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xtio.ch"; content:"Host"; http_header; classtype:attempted-recon; sid:200004035; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xtw42.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200004036; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xx.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004037; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xxaas.tp00jv9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004038; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xxasd.sf29hrg.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004039; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xxx-com-dot-c2c01-531c7.uc.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004040; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xyproject.xtensio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004041; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xzasd.uz64g3.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004042; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@bghgcd.psuxscm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004043; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@bhgxa.eo76sni.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004044; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@cdas.nxzigco.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004045; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@cxasd.easghbl.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004046; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@hghgda.erjl0hx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004047; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@inna.cedymll.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004048; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@jhdd.fjcslad.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004049; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@kjhdda.tetfeec.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004050; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@lkjds.nlmwjta.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004051; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@nhbcda.g4g5mgc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004052; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@poklsa.slodddz.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004053; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@qweas.p6rhddj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004054; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@ssdaz.sqqaepr.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004055; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@uhncda.xmilwwp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004056; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@uhnxa.q83itv9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004057; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@ujdaa.fn3m4en.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004058; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@ujds.5e8tn13.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004059; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@ujhdca.mdwclcb.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004060; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@uyhnxx.urpzkva.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004061; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@zxas.2nd0g8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004062; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@zxass.jbkyj0o.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004063; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoopoweredservice.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200004064; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahuomall.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200004065; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yairix.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200004066; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yalena.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200004067; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yaqoobi.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200004068; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yaranfayez.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004069; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yayanti.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004070; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ybdaa.oqsgm9r.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004071; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ybggd.fjgjoux.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004072; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yellow-surf-7b04.voiceovermade-today.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200004073; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yerelyonetim.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200004074; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ygbda.ffeufka.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004075; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhbca.pfs8ylv.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004076; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhbndd.ryyswjn.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004077; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhcd.gabprnx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004078; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhddf.vtf23ic.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004079; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhdff.iw6fwu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004080; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhnbd.5u3z9i2.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004081; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhncd.3ycuxr1.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004082; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yiaswqjdtcyeqpvyqthijepeai-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004083; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ykyevmqxaktnfgrtuufymkhnce-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004084; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yma1ll0g0n.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004085; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ynbgdc.woprkzp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004086; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ynbxa.pvgulkz.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004087; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yndda.m117s1s.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004088; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yogeshwarwiremesh.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004089; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"youknowar.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004090; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"young-snow-7447.tcheviron5269.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200004091; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"youreasygoing2022.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200004092; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yqlpeitost.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200004093; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yuhjjkss.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200004094; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yumpai.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004095; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"z.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004096; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"z.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004097; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"z0massegurabclp1.shreeramwoodindustries.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004098; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"z2qje.codesandbox.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200004099; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"z3voicrxxvs.typeform.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004100; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zackselectronics.co.zw"; content:"Host"; http_header; classtype:attempted-recon; sid:200004101; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zaktualizacja-platnosci.netfxtv.co.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004102; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zasd.yhxmd30.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004103; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zb2-home.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200004104; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zenvinyl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004105; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zepe.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200004106; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zeroquiz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004107; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zgyyds.mm5p1ch.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004108; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zgyyds.nebl4zw.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004109; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zhrmghgyyds.h0tlexl.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004110; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zjzj6688.yihang.ren"; content:"Host"; http_header; classtype:attempted-recon; sid:200004111; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zmpcoaca.cyou"; content:"Host"; http_header; classtype:attempted-recon; sid:200004112; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zmpcoacu.cyou"; content:"Host"; http_header; classtype:attempted-recon; sid:200004113; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zmpcoado.cyou"; content:"Host"; http_header; classtype:attempted-recon; sid:200004114; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zoho-online.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200004115; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zoho-validationserv.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200004116; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zonalnterbank.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004117; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zonmca.hxljatvw.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004118; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zshrvvo.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004119; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zuiunsya.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004120; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxas.2nd0g8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004121; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxas.hs0rgq8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004122; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxass.jbkyj0o.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004123; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxcas.ywqfz8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004124; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxcaspx.aghwlup.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004125; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxcnash.seufhsk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004126; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxcod.01l241.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004127; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxcuashs.e0n0gh5.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004128; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxdlbny.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004129; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxnahs.3cze6ri.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200004130; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zz.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004131; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/comcast/xfinity.php?d1193169ba22c33594765d16035661b1=&amp\;email=a@a.c&amp\;.rand=login.xfinity.com.aspx"; http_uri; nocase; content:"0333fa5.netsolhost.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004132; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ameli-assurance/remboursement/login/"; http_uri; nocase; content:"045a3c0.wcomhost.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004133; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ameli-assurance/remboursement/login/iframe-page2.html"; http_uri; nocase; content:"045a3c0.wcomhost.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004134; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ameli-assurance/remboursement/login"; http_uri; nocase; content:"048d7b4.wcomhost.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004135; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ameli-assurance/remboursement/login/"; http_uri; nocase; content:"048d7b4.wcomhost.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004136; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ads/c/"; http_uri; nocase; content:"108ideashop.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004137; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bbva/592cf4/425bdbd3-91cf-4e9f-9498-7a06b3ad75ec/?test=1"; http_uri; nocase; content:"28ecne20f9u.securetnet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004138; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0%5c"; http_uri; nocase; content:"377080202567359722137708020256735972.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004139; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/tnrxs"; http_uri; nocase; content:"3c5.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004140; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/3rdst/8-login-form/"; http_uri; nocase; content:"3rdstreetmarket.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004141; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0%5c"; http_uri; nocase; content:"8010361370310234068010361370310234.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004142; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/openpc/directlogin.do"; http_uri; nocase; content:"a-q-f.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004143; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?passive=1209600&continue=https://sites.google.com/view/viewbill-bt-1/bt&followup=https://sites.google.com/view/viewbill-bt-1/bt"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004144; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/1lordman1man3/oscman2.html&followup=https://storage.cloud.google.com/1lordman1man3/oscman2.html"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004145; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/appspotv450i7r8h9vf9y6yt8uiuft58f7uf5yye36u0jtyf78uuyfyy/index.html&followup=https://storage.cloud.google.com/appspotv450i7r8h9vf9y6yt8uiuft58f7uf5yye36u0jtyf78uuyfyy/index.html"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004146; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/employt44to49cclrlolcrl94lnlxo.appspot.com/index.html&followup=https://storage.cloud.google.com/employt44to49cclrlolcrl94lnlxo.appspot.com/index.html"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004147; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/maintainancecomponeta.appspot.com/mineindex.html&followup=https://storage.cloud.google.com/maintainancecomponeta.appspot.com/mineindex.html"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004148; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/officpcpspbcncuser.appspot.com/index.htm&followup=https://storage.cloud.google.com/officpcpspbcncuser.appspot.com/index.htm"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004149; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/poopnoomprops-oo987700ok/newrbindex.html&followup=https://storage.cloud.google.com/poopnoomprops-oo987700ok/newrbindex.html"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004150; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?page_id=758"; http_uri; nocase; content:"activartransferenciainternacional.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004151; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/en/bellcocreditunion/"; http_uri; nocase; content:"admin.fifoundry.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200004152; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2005/03/colourful-life-of-aij.html"; http_uri; nocase; content:"aijcs.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004153; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ion"; http_uri; nocase; content:"alconexport.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004154; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ion/"; http_uri; nocase; content:"alconexport.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004155; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/venus_gardose_talke_com/_layouts/15/wopiframe.aspx?guestaccesstoken=8extkunxrkqozifs2sycqmk4ox0ntao7cizsavm5mjc=&amp\;docid=1_14abcf62971634e6b8387df30ef7d978b&amp\;wdformid={83a6cfc0-5689-4aa4-ab13-96952b8999ba}&amp\;action=formsubmit"; http_uri; nocase; content:"alfredtalkelogisticservices-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004156; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/wp-content/themes/10/"; http_uri; nocase; content:"alinachopra.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004157; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/our/ourtime/ourtime.html"; http_uri; nocase; content:"ambrosecourt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004158; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/njk/25_40_24_5e_40_26_40_26_28_29_23_23_5e_23_24_26_5e_25_26_40_5e_28_23_26.html"; http_uri; nocase; content:"ams3.digitaloceanspaces.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004159; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jps/webmail_reset.htm"; http_uri; nocase; content:"anekaslot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004160; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/"; http_uri; nocase; content:"api-freewallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004161; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/oexchange/0.8/wrap/opengraph?url=ahr0chm6ly93zxetnmrlodiud2vilmfwcc8znzg1mje5lze1lziwmjfjdw5plmn6nto1nibbttu6ntygqu13zwjtyxn0zxi5lze1lziwmjeznzg1mjfjdw5plmn6nto1nibbttu6ntygqu13zwjtyxn0zxiznzg1mje5lze1lziwmjfjdw5plmn6nto1nibbttu6ntygqu0znzg1mjf3zwjtyxn0zxi5lze1lziwmjfjdw5plmn6nto1nibbttm3oduymtu6ntygqu13zwjtyxn0zxiznzg1mjejd2vibwfzdgvyqgn1bmkuy3o="; http_uri; nocase; content:"api.addthis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004162; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/b9fu9axf9rcv7bhjp80fpcm8zna5wcwi"; http_uri; nocase; content:"app.box.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004163; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/x6agocx9zvj049azirk4aw3xrqdedqhl"; http_uri; nocase; content:"app.box.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004164; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/ymr0ltw3hmn8icxebz16gjhcyhqa49w4"; http_uri; nocase; content:"app.box.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004165; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/public/form/mnzdivok"; http_uri; nocase; content:"app.pipefy.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004166; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/public/form/xlfe4rw2"; http_uri; nocase; content:"app.pipefy.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004167; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/cmxgsj"; http_uri; nocase; content:"app.simplenote.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004168; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/publish/xhrdvc"; http_uri; nocase; content:"app.simplenote.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004169; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/6dfhh1yrol"; http_uri; nocase; content:"appurl.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200004170; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/lsmho6dyl-"; http_uri; nocase; content:"appurl.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200004171; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wywajnlbtl"; http_uri; nocase; content:"appurl.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200004172; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/at&t/"; http_uri; nocase; content:"att-yahoo.meculinkvolt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004173; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"azeioaz.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004174; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/index.html"; http_uri; nocase; content:"baovesusonglcxt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004175; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/listeners/ae/n-nv6588123/ae/ae/verify/sms.php"; http_uri; nocase; content:"bardaiconnect.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004176; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"baritasonte.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004177; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/_layouts/15/wopiframe.aspx?guestaccesstoken=d96ydzq8vuilprdurtucov60qbtyz20222a95vav4da%3d&docid=1_1f81a6ca97d114a5f8e9829362518b16d&wdformid=%7b11b3b6fc%2d6e67%2d434d%2da029%2d3afe98d81a11%7d&action=formsubmit"; http_uri; nocase; content:"bdsfa.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004178; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/_layouts/15/wopiframe.aspx?guestaccesstoken=d96ydzq8vuilprdurtucov60qbtyz20222a95vav4da%3d&docid=1_1f81a6ca97d114a5f8e9829362518b16d&wdformid=%7b11b3b6fc%2d6e67%2d434d%2da029%2d3afe98d81a11%7d&action=formsubmit&cid=57d50783-8fd3-4515-8ab3-24c639533fdf"; http_uri; nocase; content:"bdsfa.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004179; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mp/china/index.php?login=sindy.zhu@swift.com"; http_uri; nocase; content:"bendmytrend.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004180; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fr3kf"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200004181; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/frxsz"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200004182; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fs7cb"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200004183; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fs8cx"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200004184; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fsf6l"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200004185; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftahp"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200004186; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3ijwsm2"; http_uri; nocase; content:"bit.ly."; content:"Host"; http_header; classtype:attempted-recon; sid:200004187; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2iz03nf"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004188; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2kduy2u"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004189; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2nog4ow?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004190; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2nwrbgj"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004191; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2oq6dhz"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004192; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2p28z0h"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004193; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2q7fcpg"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004194; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2uwvcnh"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004195; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2vuwbzk"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004196; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2wqlrea"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004197; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2zaee65"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004198; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2zejaht"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004199; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2zomh31?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004200; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/30ceyfq"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004201; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/30dwddq"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004202; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/30vy89r"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004203; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/319qtui"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004204; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/31cwtqd?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004205; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/31d3mp6?facebook_service"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004206; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/31xebzq"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004207; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/32xotak?l=www.bancoripley.cl"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004208; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/33ipjf7"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004209; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/33pcwtj"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004210; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/34mhgdg"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004211; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/37r8zo3"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004212; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/38xmo4d"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004213; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/392hszz"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004214; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3aetm80"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004215; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3afo6kx"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004216; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3an4lcn"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004217; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3aqvwmn"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004218; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3bdkpfx?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004219; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3bmjhx1?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004220; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3bq4stv?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004221; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3bsgkin"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004222; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3bvwofv?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004223; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3c7nozm"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004224; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3ca8owp?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004225; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3cahvv5help-center-notice-comunity"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004226; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3clopj4"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004227; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3cpqerq"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004228; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3cvl6ir"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004229; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3czqfzo?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004230; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3d7ezub?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004231; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3dj0r1p"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004232; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3dky0ds?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004233; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3e3wjwp"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004234; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3eeiwqv"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004235; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3ego3xw?redirect=system"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004236; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3eoqvcn"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004237; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3eptccr"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004238; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3exbeuu?i=www.bancoripley.cl"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004239; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3fb9f8f"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004240; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3fd8key"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004241; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3fk3blu"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004242; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3fmvby5?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004243; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3fyg9rf"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004244; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3guiinq?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004245; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3gxztog"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004246; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3gyfnlm?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004247; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3hvucnu"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004248; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3hwhrlr"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004249; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3i8tjul"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004250; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jow35g?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004251; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jqfusj?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004252; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jqmbfu"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004253; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jsnadf?i=www.bancoripley.cl"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004254; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jvodhm?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004255; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jxszq1?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004256; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3k2aaqc?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004257; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3kdifqr"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004258; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3kueruz"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004259; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3kxfgbu"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004260; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3l4jpqg?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004261; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3ldovbh"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004262; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3lgmoqh"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004263; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3mgij5v"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004264; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3mkihc9"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004265; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3mrtcap"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004266; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3mryk6q"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004267; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3mvat1h?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004268; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3mwnmia?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004269; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3nddkta"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004270; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3nkpgzq"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004271; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3nvr2mn"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004272; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3phrfct"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004273; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3pqid6z?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004274; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3qc8jtv"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004275; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3qplrme"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004276; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3r49apq?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004277; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3r8xxmg?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004278; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3rd3dgx"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004279; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3reovvv"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004280; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3rkzqb5"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004281; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3rucafb?confirmations"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004282; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3s7gmhf"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004283; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3sdxkuf"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004284; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3tkk6kn"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004285; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3tks2um"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004286; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3tzc89x"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004287; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3vtbyq5"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004288; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3vyh0x9"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004289; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3w8ru6g?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004290; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3wb6m3i"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004291; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3xhfy9m?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004292; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3xkuef1?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004293; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3xrdvez?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004294; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3yatzv9?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004295; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3zbrsmk?|=www.bancoripley.cl"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004296; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3zv9bif"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004297; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bancamps-web"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004298; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/click-confirm"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004299; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/coinspot-claim-bonus"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004300; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/community-details"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004301; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/confirm-click"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004302; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/edoardopolaccoufficiale"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004303; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/i-13orange"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004304; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/i-14orange"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004305; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/id-lockpages"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004306; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/id-locksystem"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004307; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/info-details-notification"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004308; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ip13-orange"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004309; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ip14-orange"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004310; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/lrs-gov1"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004311; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/main-pages"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004312; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mr-pin"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004313; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/orange-id13"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004314; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/orange-id2"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004315; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/orange-id3"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004316; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/orange-id4"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004317; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page-infromation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004318; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pandemicreliefpackage"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004319; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/policy-pages"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004320; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/portale-mps-attivazione"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004321; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/recoveryform"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004322; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/verifikasipemblokiran_id"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004323; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/#/"; http_uri; nocase; content:"bitflyertt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004324; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2p3bbbs"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004325; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3aolo2y"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004326; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3bqoevf"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004327; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3g1epw3"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004328; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jrtmmu"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004329; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3koilft"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004330; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3xmjxs4"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004331; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/taxirsxcy"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004332; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/en/wallets/"; http_uri; nocase; content:"bitwayconnect.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004333; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/accounts_blackbearcc_co_uk/_layouts/15/onedrive.aspx?id=%2fpersonal%2faccounts%5fblackbearcc%5fco%5fuk%2fdocuments%2fngb%20urgente%20substanti%c3%able%20update%20%5f%20voorstel%2epdf&amp\;parent=%2fpersonal%2faccounts%5fblackbearcc%5fco%5fuk%2fdocuments&amp\;originalpath=ahr0chm6ly9ibgfja2jlyxjjy2nvdwstbxkuc2hhcmvwb2ludc5jb20vomi6l2cvcgvyc29uywwvywnjb3vudhnfymxhy2tizwfyy2nfy29fdwsvrve5as01b19mukjbcutzeunhv3eznw9ccfbtmze3b2fsrnrgnhpzuenbvlfiqt9ydgltzt1tqjzyquroodjvzw"; http_uri; nocase; content:"blackbearcccouk-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004334; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/sella/info.html"; http_uri; nocase; content:"bluehorse.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200004335; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/012dsd_fiestamart_com/_layouts/15/wopiframe.aspx?guestaccesstoken=t3v5ldmmhrtlw5cyiohlp9z4yo7ufnrop9j1plyfdkm%3d&docid=1_1d89d259f7e704301aca26ac4dbabaa8d&wdformid=%7bfeb771e5%2d93ee%2d4015%2d8e87%2dd1c30d0f406a%7d&action=formsubmit&cid=f609fe16-56c4-4e2b-a964-75e250d31c99"; http_uri; nocase; content:"bodegalatinacorp-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004336; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nlozan9lgoapq"; http_uri; nocase; content:"bom.to"; content:"Host"; http_header; classtype:attempted-recon; sid:200004337; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?aplicar"; http_uri; nocase; content:"bonomequedoencasa.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004338; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s9x"; http_uri; nocase; content:"bpl.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004339; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2r9pyocy"; http_uri; nocase; content:"bre.is"; content:"Host"; http_header; classtype:attempted-recon; sid:200004340; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/7fde14dcc130f933dfa5c0283d776eb9/?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004341; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/c0e9ccedb57ca77a45d83f9bde98224b/?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004342; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/c0e9ccedb57ca77a45d83f9bde98224b?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004343; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/c4957ef2c1f1801d0506e35cc3b5a6a8/?user=3d{{email}}&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004344; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/c4957ef2c1f1801d0506e35cc3b5a6a8?user=3d{{email}}&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004345; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/d190a3ceefc52c12869c2bee7b9ed710/?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004346; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/d190a3ceefc52c12869c2bee7b9ed710?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004347; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/fcc3a33269bb5f281754c49ab86c3d4e/?user=3d{{email}}&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004348; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/files/1/0533/5367/6992/t/3/assets/home.html"; http_uri; nocase; content:"cdn.shopify.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004349; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/index.php?option=com_content&view=article&id=67"; http_uri; nocase; content:"centromedicoviladomat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004350; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/02/blog-post_12.html"; http_uri; nocase; content:"chronopostvalidation.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004351; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/proxy/rdh-rjsrv9zzrx57iscgov74o1gka4qjdfj01qr7v8-pkjgyvn50tivt7pzqgm5kuqdmonqle3f8eq_t8f4xl6jdozabmf2lxy-888ai8hdji633rg"; http_uri; nocase; content:"ci3.googleusercontent.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004352; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/proxy/djc3ckf7jcnj8l0duyaqyjwffeskzbccy9spjiauj_jwrplgw0ahyaf1xozvm6n_fjn8q1-2vkhqqujjr1en3qej703lyxxujt6tto-ttwsl6hgsggp3ehcc"; http_uri; nocase; content:"ci4.googleusercontent.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004353; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/proxy/zjba9cvtmkfnoveyofx6gqong0kqi3s69d9o2y32fmu_gankb59tj-rb79bolx0bwbsemnonfhh2esy9olfdp-20gybztkzstfhfheqrrjuefxwiwkqws29wxm6tdobikwz-qkzfphpaldfr"; http_uri; nocase; content:"ci4.googleusercontent.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004354; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/eric_cimsltd_com/_layouts/15/wopiframe.aspx?guestaccesstoken=wnhqsp58ikn1qzzozpe2oiw%2fmizdr53wegdbyscml7y%3d&amp\;docid=1_1207bcf2f71094b5cb97dcb5bea3e1a3a&amp\;wdformid=%7bd98de46a%2d2777%2d417f%2dbbcf%2d5f08c8244727%7d&amp\;action=formsubmit"; http_uri; nocase; content:"cimslp-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004355; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yc8bd&post=665308711_37&cc_key"; http_uri; nocase; content:"clck.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200004356; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yzuft&post=665308711_32&cc_key"; http_uri; nocase; content:"clck.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200004357; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/icp/relay.php?r=57372110&amp\;msgid=807563&amp\;act=af7a&amp\;c=1365247&amp\;destination=https://www.linkedin.com/&amp\;cf=17638&amp\;v=6023ca6bc5e4f8b8568ed04ff6a646a7d7757336e750d772ecc1cb2b3b6063b4"; http_uri; nocase; content:"click.icptrack.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004358; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?qs=6541641088c869552ced792d84ee93eabf075e23cd5eba83a7d07a40ad9cf2ce36c931984719b9df7de658999defbc87f999ec46970a0280"; http_uri; nocase; content:"click.message.fruit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004359; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/#moreinfo@widomaker.com"; http_uri; nocase; content:"cloud-dot-chaser-331005.uk.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004360; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/paste/c4tl1sfout2tbkhn5810/raw"; http_uri; nocase; content:"codepasta.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200004361; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/#investor-relations@cyient.com"; http_uri; nocase; content:"cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200004362; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?!=%25_col_email%20address_%25"; http_uri; nocase; content:"community-die.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004363; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:b:/g/personal/infonoreply_communitychurch_tv/eburrky2tklimiiiqf0ia5kbbhkaxaypf06-08wf9wjebq?e=w5jmrb"; http_uri; nocase; content:"communitychurch-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004364; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/discounts_services/writing/loginform2d0e.php"; http_uri; nocase; content:"confabint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004365; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/it/userbcc/indexx.html"; http_uri; nocase; content:"consultorioveterinario7colinas.pt"; content:"Host"; http_header; classtype:attempted-recon; sid:200004366; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/crop/cm"; http_uri; nocase; content:"createchsoft.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004367; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004368; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?.rand=13inboxlight.aspx?n=1774256418"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004369; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?.rand=13inboxlight.aspx?n=1774256418&amp\;email=jackdavis@eureliosollutions.com&amp\;fid=1&amp\;fid=4&amp\;rand=13inboxlightaspxn.1774256418"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004370; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004371; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004372; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;amp"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004373; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;amp\;ampopensource:observable-35835700-0d08-4c25-a188-b8312ba00a941067515"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004374; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;ampopensource:observable-35835700-0d08-4c25-a188-b8312ba00a941067515"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004375; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;fid.4.1252899642&amp\;fid=1&amp\;fav.1&amp\;rand.13inboxlight.aspxn.1774256418&amp\;fid.1252899642&amp\;fid.1&amp\;fav.1&amp\;email=&amp\;.rand=13inboxlight.aspx?n=1774256418&amp\;fid=4"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004376; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;fid.4.1252899642&amp\;fid=4&amp\;fav.1&amp\;rand.13inboxlight.aspxn.1774256418&amp\;fid.1252899642&amp\;fid.1&amp\;email=jsmith@imaphost.com&amp\;.rand=13inboxlight.aspx?n=1774256418"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004377; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13inboxlight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=jackdavis@eureliosollutions.com&.rand=13inboxlight.aspx?n=1774256418&fid=4"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004378; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct?email=jackdavis@eureliosollutions.com"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004379; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/images/verify/update/y.html"; http_uri; nocase; content:"creativeingredient.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004380; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2011/02/habbo-crediti-gratis-sicuro-100.html"; http_uri; nocase; content:"creditiperhabbogratissicuro100.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004381; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"cusstomerservicee.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004382; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2isbc3k"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004383; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3yqokjg"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004384; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3yy01ci"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004385; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/4ypfq09"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004386; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/5yhe1qn"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004387; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/7yqfwsn"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004388; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/aynunsk"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004389; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ayw5mev"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004390; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bundu4e?id/help/pages?ref=cr"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004391; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/byqp8mx"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004392; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/claiminc"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004393; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ctmlfil"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004394; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/cyni5cc"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004395; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/cyqucr4"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004396; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dkvkq49/"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004397; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/gyqdc7m"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004398; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ingdirect-es"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004399; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/iyn1owx"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004400; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/kiiataa"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004401; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mynrk6q"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004402; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ny0rjd4"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004403; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nynglzu"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004404; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nyxbpmv"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004405; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/oyqykkh"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004406; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ptl7kd8"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004407; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/py2rr2z"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004408; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pyqptqe"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004409; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pywuwcj"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004410; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/qyc4svc"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004411; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/qymd2vc"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004412; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/rykpt4j"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004413; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ryzqc5o"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004414; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/tyq6jn2"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004415; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uybigpf"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004416; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uydktcc"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004417; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uyqji5z"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004418; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uyx0po9"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004419; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wyc154r"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004420; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/xynjuem"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004421; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ytv0uzv"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004422; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/oglp"; http_uri; nocase; content:"cy.tc"; content:"Host"; http_header; classtype:attempted-recon; sid:200004423; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/#?act=cl&pid=34515_md&uid=1&vid=25&ofid=1615&lid=126&cid=17171"; http_uri; nocase; content:"d854c624d7.gesundheitundschonheit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004424; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/online/showdocument?documentid=1fce937a-ba39-4053-a83a-f07711ad8efd&invitationid=82f3e840-cd11-4da4-8579-304bd7e930b0"; http_uri; nocase; content:"digisigner.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004425; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vszcwxk6nifthkg32wjxfjgq9yc-jjujkbsumqeeau8uw7xkcutyp0tbgux2mvwu8iqfrxxlunajob8/pub"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004426; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vt_xl-m0ff8yqqhzhgseahgwejo0znh9re6w0qvgbe0qfe084hrebjjg673htphdnvbcdnq6agehncq/pub?mobilelogin"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004427; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vth3iya0ov7p49rk9ejozgqnueuk8fna2mky389hertlwx4mnoyhl1mlhnwbz8sxnsqtk8i5uysmq68/pub?embedded=true"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004428; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vts9czxqycsgi-quifs7m1mqjzmlcjlccnhw3dsahdss5ymnpy6y0vsgwvf3piu6js22ydjyew1oyo_/pub?embedded=true"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004429; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/12467akksjbdxtns1aefg-fo9hlxamtxynf5brvbz5tc/viewform?edit_requested=true"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004430; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/1fpyjsolbptidxpf23lqom1jghfw7qrvbbbfxxi82pzg/viewform?edit_requested=true"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004431; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsc-xysogohjsbzmcnoded8ooar2gz1c5zxobgk8envh3jbpow/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004432; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsc0yyqlieizg0nzouznvhsjfags1h9qi5hpdw3qlgbivm501q/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004433; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsc4bagzjzmstbnjhy7zpy5zsx-xrn7reoouolv54luk5tihha/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004434; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsc8uc5aztlek3s6dqtk1etorhez5m2yvubyw5qmfkpisrelcq/viewform?usp=pp_url"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004435; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsc_enqwhhv1jnvzy55mb4ghvjd4wcz9plnolh2eoitk7qgbra/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004436; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsc_f0pxmnwzrtbck6u06fdzocmhgzvjzlc8cu7c9b456fhccq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004437; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscaoiohhbm7suyz9ol9o9ueunbxn6donxrfjge2cevdw_8jmw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004438; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscc30j0zmjvz0ct-wi59yhnz9gimpj3snofe5vkbovmeykomg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004439; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscc98m5fw4ifog0zeiuquxitizmisrgsdvyxvtxsppunpkwzq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004440; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscclmqirehqtkm3vl4u9gm2zv6xfvrddbrgke9fmsfujqbboq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004441; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscd8t8sjgxqrsa6dq5kjpmrpsxkvi4bl38sfdu7wa3sl32elg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004442; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscda1to5ru4sjeeujg3ki2bimklprvsec6u43kpvhbfyhrldw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004443; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscda1to5ru4sjeeujg3ki2bimklprvsec6u43kpvhbfyhrldw/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004444; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscdct8mue2qq3syjr4tnntol30jfdk8vwpco6yjh7dxnq5nyg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004445; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscdct8mue2qq3syjr4tnntol30jfdk8vwpco6yjh7dxnq5nyg/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004446; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscdkcb2saiqfhtrh2inewegl56-jrv0e_ncfubvdmdprxpzfq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004447; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscdkcb2saiqfhtrh2inewegl56-jrv0e_ncfubvdmdprxpzfq/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004448; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsceoxsfawdsbd2r-jk2sppywnv1bchzjjcw2xkcj7oqkwqriw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004449; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscf9u8nrld-zvu6clr4jcwnw0buqrykdldtzoullbxy8kc1ta/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004450; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscfh2njwrve6_rkxxy1yz83keoeekd4maqcnd-ivq7rkg0uca/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004451; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscfmdl3il-2rcplfeq-12jtre1mwsgbnmh2nhoj9xoflmplew/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004452; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscirilop6_iti0zvvrlsbk8zfaeo-f10otlhj9k5liyervk4g/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004453; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscjtat4fmstlxz3hbfkg4qyi-epfdmun7_avcqwvgscoydytw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004454; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscjvnhykksssaw-kycyrl6ywg_r3fdjuyqhk2mrmxcpgwfxoa/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004455; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscmzyecgbuuccfs_5e5axn9hpruzskqmvseedm0xz1qrqb5vg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004456; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscn6xxq_xvtivggy_4rkibou1i27e0kpiimikafpaavki1vsq/viewform?usp=send_form&usp=embed_facebook"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004457; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscphvypdecdasu-iqnvt4bvkiu5g1fioskjyfi9gk2z69cemq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004458; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscqbbsvkpxnasqgeazpzwxp1ln7qzdurt-nqn4azqa7q14euw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004459; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscrgopduxv2yg9memppi-dzfii70kq8hr8pi5zn9o_5amr3xa/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004460; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscrmsgjymaojts0bfneswvnfekiw6zya5rzyqoa1ydp5wkcrw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004461; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscuttypbph1iazuis8aa6xvrlmagwglmdcrrg8g2oymskvbva/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004462; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscuzwqncl3qs7cwfb7jlimpdueycxy0mv6zknp0uubdbkcu3w/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004463; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscvp9muuu33wgba4h5kugaleeh0onrqzug-b6n5aj5werrmaw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004464; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscvqmhqgwbubzxdynzgvlbmmziyagdiadz2eyhc-s-ro8ndfq/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004465; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscxgbsqs0_gphf4vziykyu_g5rgytw2s9fir3lyfar7kaixew/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004466; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscxgbsqs0_gphf4vziykyu_g5rgytw2s9fir3lyfar7kaixew/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004467; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscz4uf8dtvwhgxggkzsbbhjcgu9npgc6agxpy5o2fwpo6tv5q/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004468; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsczp3nbsyvoj5-wf-7k4xshjczyxvdc-lc679urtbl_k-9x8q/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004469; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd1x00gqusaavdvp5ualsrctsjb80y9oy7yln6wwani40srpw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004470; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd1x00gqusaavdvp5ualsrctsjb80y9oy7yln6wwani40srpw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004471; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd3x6brnru3toiionptordwmc4zorxcky1ebpmeg6bb4jfuca/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004472; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd7jgegqudsjg7blscqgfvdftyvlno6xreg6wjuxl0hnfbwtw/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;gxids=7628"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004473; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd8_xzmknrntxwpeg8bvmvbbzmjsfgejo-vngsmyjx1dnidsg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004474; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd8vkw5fxeroe_pxa7n5cdfpukhahbg_7k7sg0iuosh_xsyoa/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004475; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd9poeb_wmgffgg8taw4z_np0kdbo32gr35k1zxizj7lcdela/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004476; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd_c4wpt0zzouwt5lr9p5kn5cylz3ananv1hlix6u_h36w1rg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004477; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsda4flfi-1_gvwqnbb1dcxz_mb5omo9t2oc-vslzfgh6avrag/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004478; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdbgprbyowwcugqslasnoo-sbqcrgi6ppycsytvsw2_dwfeug/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004479; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdce9c1bqexlzlu9rojtuwtaatyeeshywbkmuiobrw_a-_mga/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004480; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdce9c1bqexlzlu9rojtuwtaatyeeshywbkmuiobrw_a-_mga/viewform?usp=pp_url"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004481; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdcznggxnwia2ct8kmxid1tdqhgerhnmixukxuj7nmq1lqsma/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004482; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdfarxg-0eurkyimsg-ukgl4mbtgvwfhe1wzbdxmb7oaosnyg/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004483; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdfyxb1kjjvkaiwbbpbgr0dfaq1xx2ehhzbxnt3adndssy1yw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004484; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdfyxb1kjjvkaiwbbpbgr0dfaq1xx2ehhzbxnt3adndssy1yw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004485; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdgxybkn7btnmkuuyyoe0rlbw8kmdgbwejv6l52fjbm9vledg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004486; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdinjm_qvdbv3roybqi073rm1pujmrrs7lid7c3qk-4xwweew/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004487; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdlwgxgjcqz_53lnvyfaiibnkptndldhs4vd0c__6lufv81zq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004488; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdmsww4edj2yofwdenmvl3uvyibigishgajtsfa7chvcan0wg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004489; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdmsww4edj2yofwdenmvl3uvyibigishgajtsfa7chvcan0wg/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004490; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdnngh7an2vfxw1k7cotxcb24wwne2qcm3j5deelwsn676z2q/viewform?usp=pp_url"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004491; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdpetadtoy4qkid3frxtq_jkthudhyvm17bkmb8iqonismzvw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004492; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdvo-nueiprck-o5gw7-bnmsz9jvwlyspeqfhfr2g2osbsrba/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004493; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdvwkczn_rxvn1522z1mcojbs40ymrctyizpyuv72_0wbypgq/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004494; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdwbz5hapgqojwjyndeeyjxamg0wnaj3kolh3fb6xf4c-fxjw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004495; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdwbz5hapgqojwjyndeeyjxamg0wnaj3kolh3fb6xf4c-fxjw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004496; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdxm-rwnv41p3wdcbtetukrctoakvuoe1h_uy8jgnxy7kldza/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004497; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdy1071rbhheyidjzo6fw5busqot5eunllw_thawo6udamfaq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004498; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdybqflfptobqslhflytic3g936bnojaljztk6ct1d5mjvnnw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004499; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdyygc4-s_a1dcdvcf9z9n1yhvz2dnehdr2aij-bcetxe2csg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004500; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdzrubbm3nrqdzjs6q7phutjgmn-dm8zquphjg9ge31q7bdhg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004501; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlse3-zgmg83lctfks0egmambwonybkscrvxix--n1azwngkphg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004502; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlse5htthgifmniezokiypnjjhanvkvlehsrk9esgcpoauqutiw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004503; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlse8ds15kxxdcrhfspcfrbvy6sbdhp0e4540zzmhhvzouewvka/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004504; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlse_mo9pzgdahzdgz0wctr7lm0cqm_zwos8ljc4cqgtvnqfmfq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004505; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseaoj1gseoc72inocx9jofb1nqgqm81_firdsookdvnd4fz3q/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004506; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsebpakzyvtprhygwe23jlsdieyoca0jtiyy-f68nqwofparww/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004507; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsebyedalhc7exqq5fljf8x1akbwz0h8l8ojbx5nx3go7bh3sa/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004508; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsebyedalhc7exqq5fljf8x1akbwz0h8l8ojbx5nx3go7bh3sa/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004509; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseck8-g3um70ihw-ajfait5whcec3qdowobizswz8_-et_jkq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004510; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsed7ckwpjf0hndj7zb3qtjmirtkv6pwcrmhplptuczapfmdew/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004511; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseerl98zqhhsjdo_vwhfzft3njmrw-es6isa689uqc2opalkg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004512; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsefdjhvlb8j4f16k5uewfckrm6sxun7mb8kmt6hnsw4twzb1a/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004513; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsefv5nkokmsxbkw84jsid2gwxxq8hhcvvajj-hjwl43irewza/viewform?vc=0&amp\;c=0&amp\;w=1"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004514; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseggxi9u9oxdijtvvfpdkom7-bau-dstzgnovfyndrhxtk_ew/viewform?fbzx=450838898210045776"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004515; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseht4cdltkad8967jjarcb5nafonbaw3dtpynth9mdk94hf-q/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004516; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseirld9oyigwxmec2bc-ax4yd-m-rhezlne00aminsjf0uteq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004517; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseja63wnjv6158neslzqwlnlui4yluhb0nlou-vx0ehpwkexg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004518; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsejavlqdkikylynqlg6p7kyfu4qnlyy31opnfttucuhgmek4a/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004519; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsekx9ewwwdcej4qewpnqgzq3bzhqogrop2ui9vxaeswphzyvq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004520; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsemwyrvcln1ql8uxd0dsiswveuehikz5hwalfeni7jjfaefmg/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004521; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseoz9zpmm0c0fjksklv-p1hsrwsuybmj6bvbd_fkewzzcv_ea/viewform?usp=pp_url"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004522; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsepe4jevfm3mjc-vndxuq_9wjpc7afrjadkxvp8czawh27cqg/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004523; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseq5h3-5stw3bwnpoi6g-gfwcgej7q82incdm01dd1lf182iq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004524; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseqdx2wgybdxlhascsuopq1xqsmwrxjf4erl_cpmvtt96dq_g/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004525; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlser-b6q--nvif2fj7nbn88dh8lj-s2yfbgjyuygwsacbhm6lw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004526; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsesuqyiwovf64ujl8ewzqpw-vq7_ljhh96vouros2rqn1vunw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004527; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseszgantjzuxgteg0dsiizzmadcwjbjqcsri5nidod2rd2_lg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004528; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlset42bzecl3yrdnnffv6f7kecxpd1sy4rbh3h3govwg1k1z1w/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004529; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseumxp-wga1x873upqxmi_hx8nbbllh12zzmxia1xuqp2mgbq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004530; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsevpkt1byhl-oqjptw8wbecnm7-iqnax-mz8zd-mxp0fol3jg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004531; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsewr7-ksdpydhc1tv8tkcxrlad8zrf3q_uqt-rj9a_fmmzxya/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004532; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsewr7-ksdpydhc1tv8tkcxrlad8zrf3q_uqt-rj9a_fmmzxya/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004533; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsewymtg0_yxlw9-prz205ldklpt1q0_aklvlput4ndg_coetq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004534; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsf-exsf9vm0rleksdp46wa2dfca3dhphayf4tl4rktjvmgguw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004535; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsf32hx6ujsi_gqji38udpamxxxnhyrx8qhmqcqnteinj_0cmg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004536; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsf43dgkrjoe0kbhyqzxvaswkmbstzlu6x-40xi-sxxgfevhww/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004537; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsf9wlt_kxvre3b2hhpi0hcx4zia83c9bbkabo4w15nfekvwuw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004538; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfacaqo8c7hsu7mr6zkbsfulv8m710ke2qna_7tyusomgmtjw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004539; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfacaqo8c7hsu7mr6zkbsfulv8m710ke2qna_7tyusomgmtjw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004540; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfanborkr2ivrhpsjdnvnb-jktwkjbuub3wnsxb-md7haddsq/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004541; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfbu-bfa-om2nk21gbc1gbbeoy4veybh7qcrj8jw7nwthmh_w/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004542; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfeoy_w3jwkkz8psgsw4nrja9tmg2lx0x0nvtmv38k0hjzzmq/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004543; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfgomlcpbyhodks1bwjmx6f5jr0tqwhngun_juf2qk0jp8dbq/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004544; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfgrkvxsp4vv3h2jpge8n2rwi_acvt3o91y4av8-nbjpc0xxw/viewform?c=0&amp\;w=1"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004545; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfhzli805cycnlai887dfo6ra8bwbwjbc8uehmv5amiaqdbyq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004546; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfjpx-sxpejnp_q2fmfu0jy8oqoesrx9wbrqplcychw9luupa/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004547; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfjsgjhbjke-mlmni8cfg1tacz-hdpvmy5j2br9upjr1f7nda/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004548; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfjsgjhbjke-mlmni8cfg1tacz-hdpvmy5j2br9upjr1f7nda/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004549; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfk9fn6xlhju27dzlzxp6nzvjlaqbtzb3uf20uakw6ddguvnw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004550; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfk9fn6xlhju27dzlzxp6nzvjlaqbtzb3uf20uakw6ddguvnw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004551; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfk9hpkld9-qwaxs8b0cpslaw2-oomu6bcwpxkmp-fo8kr3ew/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004552; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfksirdejkit-tdeiwrnkf00ygsqdsqth0hmwydiqdik10tna/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004553; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfnjyzbmw-pd1byw4b4opoksx2cealounsnhg5fjc3fk1qocq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004554; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfnlsbejsiacubkj2geltmn7slefoweeczuagp3jfmfkijg4a/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004555; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsforgq2zksc0soenei1m7xcow9surjrynoh6ppsku6_kxvdpw/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004556; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfp1eukgsktriyraz2csynqwfwtv6ehlnbszu69dbxz9lirtq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004557; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfp1eukgsktriyraz2csynqwfwtv6ehlnbszu69dbxz9lirtq/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004558; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfpvmlfha5uwdz_4bnvq19l2mctpltose6aszym6w9ls0hxza/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004559; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfqpqpbuxrrc0ubvtbrr86nxa4pt68zft0bm_2ufdvt1tzvuw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004560; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfrzt6zpkhgtvzqutkypqtjffxaucn3evqpf6ytbqug3t41yw/viewform?usp=pp_urlorganization"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004561; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfsia_g4fb5yg_cu8fjuxcndbgqz1setzfedm0cw0eaonb57g/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004562; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsftriyys-rvphnbmh6v6lyimxjy3rpog8xvtb3v1agqhawiva/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004563; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfuzr1yx2exrzt3ysxszgcawjpp45t9gz3nqtkvhfqslxw_ig/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004564; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfvgwgijgampx2qfseard_pb2bcyonllojnjhrv9qxb8vpeva/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004565; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfvgwgijgampx2qfseard_pb2bcyonllojnjhrv9qxb8vpeva/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004566; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfvhavjlgw4__-x0qdg5tbot5uo9vkn4csn8mx3lpvkdah8ag/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004567; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfwbcfrxuktidm2ctjalngebxbx4k_dijxbekg2y-naausaqw/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004568; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfwdsuczwrih_wnciwh_qjpg1v5p-qk8zyjjoccpbhmyeygrq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004569; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfygwrauuzg0kcnd6w_s42qneyhqpha0zs1rift0akntmlugq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004570; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfzhyjvw1nn6bvqhbwmd3rcrm6gukuzir5u9tmsszmcrr8nyw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004571; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/presentation/d/e/2pacx-1vrp2k-b45tcwcadgwzkulyaqrs1f9vfjs3y19o6fs_7p34ymzwuascr7lkuijhc83-o6fmsbbvehcf2/pub?start=false&amp\;loop=false&amp\;delayms=3000&amp\;slide=id.p"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004572; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2013/12/thereal_dv"; http_uri; nocase; content:"dodgersdigest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004573; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/19zpw90jgon3j5merxi1pauvkjdmx8nfq/edit"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004574; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1bcdyitw2vo5jp6yrbdmiy8cfrkcf4tby/view?usp=drive_web"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004575; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1c5o9_y8_octsepwyojfarn1k-kj4d9fe"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004576; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1cppgzjnodnftsks_w82um_b_ctgzn-ah/edit"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004577; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1fdgs5g6fqqkudcl2meym63ua3yu0o-tb/view?usp=drive_web"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004578; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1fsvmjkcq7ennrsfdufkcxshfhnda_fui/view"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004579; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1ginbnlpvt7kpfnog9a68fqmn7k3aivui"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004580; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1hdvx7j89h5l7yz39idgzhqji93jnkl_c/view"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004581; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1jixb69t_nw9tmkhvfrejkfzof3d-ijet/view"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004582; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1jvfh6wq9ea9kxr1shhwbh3pecflqzppc/edit"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004583; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1mg5asnyoeet7qsg2n0d_2paxc3j7wx3k/edit"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004584; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1qf58h-1lunq1pubplwdhwd3uooj_vjxa/view"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004585; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1robiosanbh8doqa7yuiewn3akz4094ho/edit"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004586; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/alldomain/domain/dmain/index.php?i=i&amp\;0=abuse@optusnet.com.au"; http_uri; nocase; content:"ecomcrew.staging.wpengine.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004587; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/angela_ure_ecusltd_co_uk/_layouts/15/wopiframe.aspx?guestaccesstoken=umwosbguhwaqic3hhtqfly7zjwf8oggrcn6d%2bggohoc%3d&docid=1_1956f6e254d71417a89981b2a1c8d0a99&wdformid=%7be61ca4f5-c461-425a-a52e-4598e7b699e5%7d&action=formsubmit&cid=4ab9a2a7-7cf4-43ae-8149-ffead8d66e7b"; http_uri; nocase; content:"ecusltd-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004588; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/marco_eeverywhere_com/_layouts/15/onedrive.aspx?id=/personal/marco_eeverywhere_com/documents/documents&amp\;originalpath=ahr0chm6ly9lzxzlcnl3agvyzs1tes5zagfyzxbvaw50lmnvbs86zjovcc9tyxjjby9fcwhvbeq1x3hltknorzbdmdvvmgjvvujoy1z3b25futjvejhtlwxqrg9svwvrp3j0aw1lpvduaunytfu4mlvn"; http_uri; nocase; content:"eeverywhere-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004589; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m&#61\;0"; http_uri; nocase; content:"eleoelswka.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004590; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=t6t%2fhn1dkbyhlyx%2beimbazufa43rrgz6%2faaaewnocdi%3d&docid=1_18168db23429e45f29fdf2e7be120efc4&wdformid=%7bb9970f62%2d44c3%2d4d09%2d9929%2d6e1eb652da57%7d&action=formsubmit"; http_uri; nocase; content:"ersfilter-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004591; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=6ywmlbqi9%20sjfgzhadhvte2gyowjf83iqbjrjehik4s=&amp\;docid=1_135f7008dfbfa44e6b09dab0eb165b997&amp\;wdformid={e037f2d9-5daa-4916-ba03-eb11d0aa6dea}&amp\;action=formsubmit"; http_uri; nocase; content:"ersfilter-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004592; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=6ywmlbqi9%2bsjfgzhadhvte2gyowjf83iqbjrjehik4s%3d&docid=1_135f7008dfbfa44e6b09dab0eb165b997&wdformid=%7be037f2d9%2d5daa%2d4916%2dba03%2deb11d0aa6dea%7d&action=formsubmit"; http_uri; nocase; content:"ersfilter-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004593; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/a/takesurvey?tt=/p9xlsw/pwa97qdwq8ubbg%3d%3d"; http_uri; nocase; content:"eu.questionpro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004594; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/t/ab3uufjzb3vk20"; http_uri; nocase; content:"eu.questionpro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004595; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?fbclid=iwar3cu_8pblosqw-rwa7evcrs5jpl6zvzkou0qrf7vl9oqge4h2ctmcxrdyk"; http_uri; nocase; content:"eurobankovnikredit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004596; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/shard/s339/client/snv?noteguid=f48e12fd-48da-e57f-8e76-cdf6e4054e1d&amp\;notekey=02a9fa6bd051dc6b4581ee3b617b3f88&amp\;sn=https://www.evernote.com/shard/s339/sh/f48e12fd-48da-e57f-8e76-cdf6e4054e1d/02a9fa6bd051dc6b4581ee3b617b3f88&amp\;title=optus%20webmail"; http_uri; nocase; content:"evernote.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004597; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/shard/s446/client/snv?noteguid=4dc119ab-57d6-b8e0-4fcb-c11c0a637b94&notekey=9ddb3753cb700b0c86a78176be71f4f5&sn=https%3a%2f%2fwww.evernote.com%2fshard%2fs446%2fsh%2f4dc119ab-57d6-b8e0-4fcb-c11c0a637b94%2f9ddb3753cb700b0c86a78176be71f4f5&title=you%2bhave%2breceived%2ban%2binvoice."; http_uri; nocase; content:"evernote.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004598; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/shard/s446/sh/4dc119ab-57d6-b8e0-4fcb-c11c0a637b94/9ddb3753cb700b0c86a78176be71f4f5"; http_uri; nocase; content:"evernote.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004599; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/jameswaterston_everythingmobilelimited_onmicrosoft_com/_layouts/15/onedrive.aspx"; http_uri; nocase; content:"everythingmobilelimited-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004600; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/tim_hansen_excelelectrical_com/_layouts/15/onedrive.aspx?id=/personal/tim_hansen_excelelectrical_com/documents/open%20to%20view%20shared%20document%20in%20hitech%20sharepoint&amp\;originalpath=ahr0chm6ly9legnlbgvszwn0cmljywwwlw15lnnoyxjlcg9pbnquy29tlzpmoi9nl3blcnnvbmfsl3rpbv9oyw5zzw5fzxhjzwxlbgvjdhjpy2fsx2nvbs9fa2zoazdydndfaettvl9pwulkctdzmejlveeyr3awzwjnsdfkrgdjrfdfttznp3j0aw1lpunrvevzrwxcmlvn"; http_uri; nocase; content:"excelelectrical0-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004601; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/r?us_privacy=&amp\;a=p-w_ayumw3pzr2w&amp\;labels=_qc.clk,_click.adserver.rtb,_click.rand.60541&amp\;rtbip=192.184.70.137&amp\;rtbdata2=eaaaiencvf9odwdnzxrzx1e0mjfftwfuywdlzf9tzxj2awnlimofncj-jtiws_b-ohnodhrwczovl3d3dy5syxcuy29twihbt0llsefpmvdcvwi0vmdxvi1julfbztjdullinvfzuuitwjdutjfpdu3bfukaayfd3aqeoaebqahv4fyeugeawahq-aniadv5u4til9obfllxavhtz0fpaghnqs1sufktuvntqkhlaarzydroawsyaviznracclocbmc4ronaagliagdqas7hhvv4n_fmqqhgagdoagd4agckaxywlnb1yi0xmjyxotkyndq0odazodc1mamaqamasgmejmh7angd_dgd4gmpcc13x0fzdu13m1baujj36gmfcngfefryawu5mjeymfgdaiaeayoedxf1yw50y2fzdc1xyzhybajvuw&amp\;redirecturl3=https://www.cbtnuggets.com/?utm_source=quantcast&amp\;utm_medium=prospecting&amp\;utm_campaign=general_us&amp\;utm_term=testimonial&amp\;qc_campaign=cbt_nuggets_q421_managed_service&amp\;qc_adid=2078771"; http_uri; nocase; content:"exch.quantserve.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004602; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/remote/mandate/4jya9anuerrpmikrph7-j5pl9nyz_uw1bc7q1vvmmhw"; http_uri; nocase; content:"exchange4free.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004603; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/rrefeeieoj.html?erectrcsq@*cthiytvcdx$zsxycuikjmkjivee$terdtygjyvtrre"; http_uri; nocase; content:"explorebathurst.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200004604; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/gvrmpushnotification/nbproject/private/fbapps/melis/"; http_uri; nocase; content:"fbapps.milestoneinternet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004605; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/customercare/_layouts/15/wopiframe.aspx?guestaccesstoken=ce%2fd5uzxeu8hlntd6e5v18nttv4whxgmlwyudt4igom%3d&docid=1_1eb5df03726a240859b223a44b8b16724&wdformid=%7bb8008e00-21bc-4a4a-91dc-1e1b63610c96%7d&action=formsubmit&cid=c766f7bd-9562-4c9e-a9b0-75cf38b33e48"; http_uri; nocase; content:"fclighting.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004606; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/investorway"; http_uri; nocase; content:"feeds.feedburner.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004607; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"//?m=0"; http_uri; nocase; content:"ferferfccezs.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004608; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"ferferfrefe.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004609; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jelxwqrcrvhj&amp\;ijosing&amp\;kontakt@wmb-walther.de.html"; http_uri; nocase; content:"fifit.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200004610; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/f/75h75hd7v"; http_uri; nocase; content:"files.fm"; content:"Host"; http_header; classtype:attempted-recon; sid:200004611; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/biyugbhiuhgy7o900-h9oh98h9-987.appspot.com/o/vnmbvuyt8-8y98yh0%3d890y8iuh9yyh%2f5rtyfghtfyu67-9876trfc%3d9ygv.htm?alt=media&amp\;token=dce6f041-19ff-4e8a-8012-1cfdac4cf369#bv@pplsi.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004612; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/dr-clin-c4f68.appspot.com/o/drweb.html?alt=media&amp\;token=09293ba9-0738-41ea-9cf3-67cb43af2b88&amp\;x=famacas-cfa0appspotappspotmacas-macas-vfwefsaxsppspotcfa0ps&amp\;prox=p2000isolation@aaa.kr"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004613; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/dr-clin-c4f68.appspot.com/o/drweb.html?alt=media&amp\;token=09293ba9-0738-41ea-9cf3-67cb43af2b88&amp\;x=famacas-cfa0appspotappspotmacas-macas-vfwefsaxsppspotcfa0ps&amp\;prox=yourname@yourcompany.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004614; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/goo2-ac630.appspot.com/o/goo%20(2).html?alt=media&amp\;token=2d1281a2-3364-420f-a3b5-c693b7bda1f2#a@b.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004615; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/macryti-109.appspot.com/o/kp-oe0%2fbtt-hash.html?alt=media&amp\;token=02abe8bd-5141-4b5a-a7d4-08120e5f43dd#choiteng@motenghaiplc.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004616; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/ntachi-e1dbe.appspot.com/o/hgigieiciejceinhviejrie95489349%20(19).html?alt=media&amp\;token=5901e369-e71e-416b-9688-b21c62e31587#m.couvee@colasit.nl"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004617; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/odrv-3c4a4.appspot.com/o/index1.html?alt=media&amp\;token=11958c2a-34a6-4ed1-a1b5-081ec066cb95&amp\;data=zxzhbi5ncmvzagftqg1py2hlbglulmnvbq=="; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004618; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/outlook-4c0f2.appspot.com/o/books%2fwebmail.htm?alt=media&amp\;token=216401d2-aba7-42f4-8fd5-9b672cade830#abuse@optusnet.com.au"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004619; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/outlook-4c0f2.appspot.com/o/books%2fwebmail.htm?alt=media&amp\;token=216401d2-aba7-42f4-8fd5-9b672cade830#tiekimas@tidlo.lt"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004620; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rei-rezuio-rexire-565.appspot.com/o/%40%40%40indexv-vb-vau-ry-8%252fbv-yu-er-8f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%20-%20copy.html?alt=media&amp\;token=da92acdd-870d-4049-b9ac-f0d373777f06#info@legalshield.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004621; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rei-rezuio-rexire-565.appspot.com/o/%40%40%40indexv-vb-vau-ry-8%252fbv-yu-er-8f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%20-%20copy.html?alt=media&amp\;token=da92acdd-870d-4049-b9ac-f0d373777f06#support@legalshieldcorp.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004622; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rned-a824v.appspot.com/o/gen%252findex2oli.html?alt=media&amp\;token=828c2259-c86f-442e-91a0-8d43a1fe7d8b#abuse@optusnet.com.au"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004623; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/tei-neriou-reuix-678.appspot.com/o/%40%40%40indexv-vb-veu-ry-8%25433%2569.html?alt=media&amp\;token=6b0a9c43-8711-491b-9f40-50ad280ffb32#ggradnigo@prepaidlegal.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004624; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mc.html"; http_uri; nocase; content:"flavena.co.rs"; content:"Host"; http_header; classtype:attempted-recon; sid:200004625; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/btinternetwebmail"; http_uri; nocase; content:"flow.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200004626; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bttelecoommunication"; http_uri; nocase; content:"flow.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200004627; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/hdhdhdeue"; http_uri; nocase; content:"flow.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200004628; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/hjbsvjhfb"; http_uri; nocase; content:"flow.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200004629; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jhgcfghj"; http_uri; nocase; content:"flow.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200004630; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mnkpo"; http_uri; nocase; content:"flow.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200004631; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nicszdbaiodi"; http_uri; nocase; content:"flow.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200004632; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/vf7vfv9ky?fc=0"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004633; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/btinternetwebmail"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004634; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/btisojtuf"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004635; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/bttelecommunicaation"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004636; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/bttelecoommunication"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004637; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/hjbsvjhfb"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004638; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/mnkpo"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004639; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1mqqu8exzgpptqpl8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004640; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3cyoxmwxqkbfpt2v5"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004641; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/8epxhwdapiab7mfw7"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004642; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/9bwawhpz5vi7ilpe6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004643; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/akohiguxjs9wlpu28?sllqm"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004644; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/b7lqaal42juffiw1a"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004645; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bfz2l7i3wvrp5heb9"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004646; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dncj4btc56n1n71n8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004647; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/edtu6r7rqxqyegcf6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004648; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/egj66jkgwkcd3aat8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004649; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/eozlrnnf7jh84xdp8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004650; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fzlons3fgnjdqdd19?omgbfzrazhlppbtx"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004651; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/goerpntl5tfeumdz6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004652; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/gr4b9sxradtcj7or7"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004653; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/guptjarp2xatzbvo8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004654; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/iai7pzm4pxyb145i9"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004655; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jnkkauxwwbfhtuqz9?hkgotygikyoujp"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004656; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jzxtb9auexgjcewfa"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004657; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/kehch96avaku7oey7?akowgmooutpwa"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004658; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nvljeb1quzaovd8u5"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004659; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/puadbxscibgw5ma79?xfccuwmmhgwrwztd"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004660; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/qhwastfqxg1yehi77"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004661; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/qzopkn9aj2gzaw2g6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004662; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ruaxzqjjzghi8rar9"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004663; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/rwpcmhm8vtfa7f4m8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004664; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/sj21ehdebhkcpvfv6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004665; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/smufgmyhduckbq6ka?fjxhgyroek"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004666; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uqzzznxv4cfhu3yr9"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004667; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v5xtnywt5s6zvpp27"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004668; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v7k2chwbcca59vz27"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004669; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/w6uh9p66tdq6l1m66"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004670; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/x3aasffazsrl8pcr9"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004671; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/x8hybjggubfftabw8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004672; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/xxccjhuzjtg4pr3y8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004673; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/xxjqmu6luzkpnalg6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004674; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yfxkceytox2zuyvb6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004675; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pages/responsepage.aspx?id=60hhzfbtoe-qdzpnyrluyo-ivxb0mexgqufvg5tcyifunzg5uknzne1irjzvt1y3slewrepwnflmvs4u"; http_uri; nocase; content:"forms.office.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004676; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pages/responsepage.aspx?id=dqsikwdsw0yxejajblztrqaaaaaaaaaaaao__tdasqlurfrqmjzxneyxn0g3vexutfvzq0mztu9fms4u"; http_uri; nocase; content:"forms.office.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004677; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pages/responsepage.aspx?id=dqsikwdsw0yxejajblztrqaaaaaaaaaaaao__thg5xvuodnbwtvytzhwwdnctknvovo4tldctexmvi4u"; http_uri; nocase; content:"forms.office.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004678; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pages/responsepage.aspx?id=jrbxvx3x9keewcq72hm6fnkqekonandcsjd9av060h5urepumvvgmks2te41rfewmlletulvufnuqy4u"; http_uri; nocase; content:"forms.office.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004679; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/gmaingt/server.html"; http_uri; nocase; content:"fra1.digitaloceanspaces.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004680; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m&#61\;0"; http_uri; nocase; content:"frdezeredaresafin.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004681; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"fredsamasont.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004682; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fewn4zq5fegh6bf3qpasy44v&amp\;persistence=1&amp\;checksum=3d7975c121a1d514f1b3a9facb177a78f25e1326da6497ae9cf35e33ba436119"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004683; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fewn4zx501vbg1xj6vr2hk10&amp\;persistence=1&amp\;checksum=fc555be29c86e6e13177069b7632770b2cb9f30b36d229624f37be1cb2475704"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004684; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fexfpq10qje7acrftnz6v4zb&amp\;persistence=1&amp\;checksum=5916a09fb5c03e4187a58ae7221dbc20e8568b5840df4b6f3eb57227975bd2ce"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004685; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fey1pewqgha9bqebgbvwe95n&amp\;persistence=1&amp\;checksum=3fefba73b68799e5152bf7031ce8a7b1a300456243ee123a27f6efca31d9f055"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004686; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fez46yyrvh6f0bbehn8h419h&amp\;persistence=1&amp\;checksum=069f46345ac935567ad562a3d64a332066064c97f8feae803d555f9cc820c561"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004687; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fezncfbjbj86yneatjn0qvt4&amp\;persistence=1&amp\;checksum=8142350e161acc6cb246be1d05d596973a1d3ac50af1f3594ee9ea462c87a4ef"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004688; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01ff06m6n2q43m6zcaqrh8xpm2&amp\;persistence=1&amp\;checksum=26e140f8abae23dd0c8dd547390a4deb9fc54b1acf3539d8aa44fb19e04902ef"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004689; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01ff0qxy635yfpkrdaxav47j5k&amp\;persistence=1&amp\;checksum=cb2e0f7328d6ffea0e15a24046095a0bb98d27d4488e822bea4b181763f2eb0b"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004690; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/thickbox/connexion/connexion/app/cdn/?fmfcgzgljlrvjdlwthjpssjfsnvbwgbbfmfcgzgljltdnhmxflbfwpzhjxchnhhqfmfcgzgkzqqhdhckrlvrtkvlbxfdwlclfmfcgzgkzqqhdhckrlvrtkvlbxfdwlclfmfcgzgkzqqhdhckrlvrtkvlbxfdwlcl"; http_uri; nocase; content:"golfloslagos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004691; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/url?q=http%3a%2f%2fbit.do%2ffr6ci&sa=d&sntz=1&usg=afqjcne7joz-iz-adrzkrxcihj8t9fs9qw"; http_uri; nocase; content:"google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004692; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/url?q=http%3a%2f%2fbit.do%2ffsgjq&amp\;sa=d&amp\;sntz=1&amp\;usg=afqjcngvqc30z-4hiaizv03gpwblwu3vnw"; http_uri; nocase; content:"google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004693; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/url?q=http://srv-auth.web.app/upd/index.html%23%5b%5b-email-%5d%5d&amp\;source=gmail&amp\;ust=1607952068298000&amp\;usg=afqjcnet34jepejaewvja8unv7ycds1vjg"; http_uri; nocase; content:"google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004694; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/url?q=https://393512dfd8544c98be9a40f2f67df8bd.svc.dynamics.com/t/r/a7uua5shyiplufx4zj7f6u2clgtguiagoxngfoio4am?clientid%3d70000%23%5bemail%5d%2b00-70000&amp\;source=gmail&amp\;ust=1636719774661000&amp\;usg=aovvaw2fsk8htfwhsfqapvbu674n"; http_uri; nocase; content:"google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004695; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/url?q=https://passionfruit4576261.brizy.site/&amp\;source=gmail&amp\;ust=1608664764243000&amp\;usg=afqjcnghljnr1tyn8j4c1ijid09ra9ehdq"; http_uri; nocase; content:"google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004696; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/url?q=https://us4-usndr.com/ru/mail_link_tracker?hash%3d6k5ar5ciusdx1q1tdgm8atcrexmonyy3xdfiogu7zr6gb6gtthpqk7fm8tz4gzkjftg9oouu31eqdro67dtgwnn5x1p3ziiieq8rykja%26url%3dahr0chm6ly90lm1ll2fhegnvbw11bml0eq~~%26uid%3dndmwndy3nw~~%26ucs%3dd93ed45d47070739243d9b678dd03e93&amp\;source=gmail&amp\;ust=1607288611770000&amp\;usg=afqjcngo5kdwx08p-bg6mzdtluzdjhtzxw"; http_uri; nocase; content:"google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004697; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fp?u=https://tinyurl.com/32xz989f&grqid=zbk35vud&s=1&hl=id-id"; http_uri; nocase; content:"googleweblight.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004698; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/i?u=a894ec7f.46t33454t4.pages.dev?user=masoli@legalshieldassociate.com"; http_uri; nocase; content:"googleweblight.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004699; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/i?u=b4e921f0.sso-mailsrvr-4344e5teed.pages.dev?user=abuse@gmail.com"; http_uri; nocase; content:"googleweblight.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004700; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/tspencer_gormanusa_com/_layouts/15/wopiframe.aspx?guestaccesstoken=wgfwcmmssvdsofa7ljviwaj85tleclug2xbvoqwlmp0%3d&amp\;docid=1_12424441d8c29412bb868684e5cb74e47&amp\;wdformid=%7b992e319a%2dbe72%2d460b%2db6b4%2d2d3fcf789fc5%7d&amp\;action=formsubmit"; http_uri; nocase; content:"gormanusa-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004701; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/out/408?jobid=29207&u=princed.de?id=8400239909"; http_uri; nocase; content:"gradcracker.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004702; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/12/hafslund.html"; http_uri; nocase; content:"hafslundno.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004703; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1kzic"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004704; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/4ds15"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004705; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/6qnhc"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004706; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dghpp"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004707; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/f1itl"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004708; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fmjiu"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004709; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/g9yl5"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004710; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/i51rh"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004711; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmiyt"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004712; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/m8ikv"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004713; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/o0ugq"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004714; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ta0lq"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004715; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ue2ho"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004716; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/urq2m"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004717; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/vfywl"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004718; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/w27iz"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004719; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/xegru"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004720; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/zlbow"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004721; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/12/window.html"; http_uri; nocase; content:"hangovertest1.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004722; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yuhgbfvdfvbtytrvdfbgt.html"; http_uri; nocase; content:"heaterintwintersz.ams3.digitaloceanspaces.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004723; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mz4yho"; http_uri; nocase; content:"hm.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200004724; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/zeland.html"; http_uri; nocase; content:"homeentertainmentexpo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004725; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/themes/engines/ira.xml"; http_uri; nocase; content:"house18.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200004726; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/''''''''''''''''''''''''''''''''/"; http_uri; nocase; content:"hpnepgnmwrgdrrsdshzrvyirlx-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004727; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?https://trimurl.co/0wsx7z"; http_uri; nocase; content:"href.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200004728; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?https://www.rkat2.2r-p.xyz/"; http_uri; nocase; content:"href.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200004729; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?https://ykm.de/f4b990c239777330"; http_uri; nocase; content:"href.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200004730; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"//ykm.de/f4b990c239777330"; http_uri; nocase; content:"href.li?https:"; content:"Host"; http_header; classtype:attempted-recon; sid:200004731; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/hgav30ruohf"; http_uri; nocase; content:"ht.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004732; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/shoh30rwmdj?10/13/2021"; http_uri; nocase; content:"ht.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004733; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ebuse/servic"; http_uri; nocase; content:"i-m.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200004734; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/webaccountupdate/stockholmsuniversitet/"; http_uri; nocase; content:"i-m.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200004735; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mdkea5ckpozm/click-here-to-start"; http_uri; nocase; content:"ifyufyujk.quip.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004736; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/pginet_groupe-igs_fr/_layouts/15/wopiframe.aspx?guestaccesstoken=o1ljzjnq70g8yg6w%2fce3ec9zu3%2bg6ck6ibkmhwt3wl0%3d&amp\;docid=1_1c2a91e87cc7a4ffb85611d8ebf31f653&amp\;wdformid=%7bcdf56303%2d9250%2d4cf1%2d8370%2db3f9a84cd714%7d&amp\;action=formsubmit"; http_uri; nocase; content:"igsasso-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004737; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/4t6u/bt"; http_uri; nocase; content:"im-creator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004738; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/kennymoore12/btinternet"; http_uri; nocase; content:"im-creator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004739; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/kfouo/btcommmms"; http_uri; nocase; content:"im-creator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004740; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/msw0rd/att_word"; http_uri; nocase; content:"im-creator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004741; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/viewer/vbid-fa0f29d5-fpsjmms8"; http_uri; nocase; content:"im-creator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004742; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/survey/27415/source=39-4621"; http_uri; nocase; content:"imagematch300.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004743; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/viewer/vbid-fa0f29d5-fpsjmms8"; http_uri; nocase; content:"imcreator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004744; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/appmanager/renouvellement-automatique-obligatoire/ovh/managerweb-ovhdepartmenttechniqueovh/web.index.html5400configuration_hosting_database/web-ovh/vh/?user-agent=mozilla/5.0+(windows+nt+10.0\;+win64\;+x64)+applewebkit/537.36+(khtml,+like+gecko)+chrome/86.0.4240.75+safari/537.36"; http_uri; nocase; content:"improvproject.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004745; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/emailupdatee/owaweb"; http_uri; nocase; content:"imxprs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004746; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/outlookwebaccessupgrade/outlookwebaccessupgrade"; http_uri; nocase; content:"imxprs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004747; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/webmaiil/accounttportal"; http_uri; nocase; content:"imxprs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004748; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/maint/?hash=a2fyaw5hywxtzwlkyxjpymvpcm9aag90bwfpbc5jb20="; http_uri; nocase; content:"insurance2019.moneynet.com.tw"; content:"Host"; http_header; classtype:attempted-recon; sid:200004749; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/areawebmps"; http_uri; nocase; content:"is.gd"; content:"Host"; http_header; classtype:attempted-recon; sid:200004750; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/clnhxv"; http_uri; nocase; content:"is.gd"; content:"Host"; http_header; classtype:attempted-recon; sid:200004751; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/t1xeia"; http_uri; nocase; content:"is.gd"; content:"Host"; http_header; classtype:attempted-recon; sid:200004752; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/34vpnqn?muriitya"; http_uri; nocase; content:"j.mp"; content:"Host"; http_header; classtype:attempted-recon; sid:200004753; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3arx6oo"; http_uri; nocase; content:"j.mp"; content:"Host"; http_header; classtype:attempted-recon; sid:200004754; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3gydg8x?/supporrecovery"; http_uri; nocase; content:"j.mp"; content:"Host"; http_header; classtype:attempted-recon; sid:200004755; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3i22f5g?jnlope"; http_uri; nocase; content:"j.mp"; content:"Host"; http_header; classtype:attempted-recon; sid:200004756; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3kkkf0n"; http_uri; nocase; content:"j.mp"; content:"Host"; http_header; classtype:attempted-recon; sid:200004757; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/swww04/?key=azhoi,email={email}"; http_uri; nocase; content:"jobtima.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004758; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/65g2g"; http_uri; nocase; content:"jtbtigers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004759; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/jdonahue_k12_com/_layouts/15/wopiframe.aspx?guestaccesstoken=jxndynkzmynao0nofzmhz4t%2fk%2br%2fg7qir2agrjo42ha%3d&docid=1_12252b23331654ef4bf8ef978a8eb83ee&wdformid=%7b2711d93c%2d7591%2d4baa%2db377%2dcf40ba8c7343%7d&action=formsubmit"; http_uri; nocase; content:"k12inc-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004760; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/c07czi"; http_uri; nocase; content:"kutt.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200004761; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l3leph"; http_uri; nocase; content:"kutt.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200004762; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://claimthirdpaymnet.page.link/mvfa?trackingid=4rcleqvo&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004763; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://claimthirdpaymnet.page.link/mvfa?trackingid=xx6dnmzz&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004764; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://is.gd/f0iqhg?trackingid=kzg8g3od&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004765; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://is.gd/vohpj6?trackingid=rt6fxwgl&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004766; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://parg.co/bewg?trackingid=egqfrhlp&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004767; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://submit.irs.completeyourdata.info/?claim"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004768; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=cvhzehjl&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004769; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=nwb0pxlg&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004770; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=wqdypvka&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004771; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/match_login/match.com/match/login1876.html"; http_uri; nocase; content:"lifeiswhatyoumakeofit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004772; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fqg9x"; http_uri; nocase; content:"lihi1.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200004773; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uh2xv"; http_uri; nocase; content:"lihi1.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200004774; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/slink?code=ek5cbk8g"; http_uri; nocase; content:"linkedin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004775; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/url?a=https://u25098085.ct.sendgrid.net/ls/click?upn=4o0yybebwwobmwye6nfxf74k9v8ctniui1j2zge2nz95e9lyg4bkzyeqhmb7dtwcz7ioun-2bn1j8mpzi-2fpiiskt0bhpz08nwukegu0uqqki2h1s5yghctgcifqu-2bw1xclixrd_0qvnbxqwscekttpgl5skkts6yu-2batmdqkyh3bke4v1frfd55qka72zddyevzyat2nxv1k3yz6k8mwivrnsgvysy0wagfn8g5lfrsekexaptnpwfu0cediip-2bx7vwnyo9s20tqt2-2bj-2bvkbnfrh9uuad9j9stqo-2bcbol-2fjxsacxht5mztqgwx1c5d6x4fkpu32hmnetd1eimxhhfmzkxiukogw4aalovfcjsym0u8gjpy-3d&amp\;c=e,1,2vluk9dfc0eb8l7-rios2j4nvvlmg8fu0rs0_haoaqpf_7ary6vt_oiimum26g-03mgzmsvdmzlfwohfhlogn3z77jluyi415qw9iw3dptggs_9sfqsq4a,,&amp\;typo=1"; http_uri; nocase; content:"linkprotect.cudasvc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004776; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2oj172"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200004777; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/5254ov"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200004778; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/9o5vz8"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200004779; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/attservice365"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200004780; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bt.home"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200004781; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/btinternet"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200004782; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/w1vl9o"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200004783; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/attmailserver"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004784; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/attonlineservice"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004785; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/attverificationpro"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004786; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/btinternettt"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004787; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/d.emery1"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004788; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dannygeez"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004789; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/feetesuqshailhkaia"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004790; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftggtgrtt"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004791; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/keedkudi"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004792; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mobicomgb"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004793; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nbvkl"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004794; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/plkjh"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004795; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pubgxmetrodus"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004796; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/savermail.yahoo"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004797; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/service.orange"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004798; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/teccalicious"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004799; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yah00nccx"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004800; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/czarina-cabalza_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=bcxwl3a7ttskgw2polh3cucg2dfe77pbj2gkmixkizs%3d&docid=1_1b87bddf46e1144efadb39c587acdadae&wdformid=%7b5b4e96cf%2d1bcd%2d468f%2da845%2d09b4d8027bc2%7d&action=formsubmit"; http_uri; nocase; content:"livenmitac-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004801; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/czarina-cabalza_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=bcxwl3a7ttskgw2polh3cucg2dfe77pbj2gkmixkizs=&amp\;docid=1_1b87bddf46e1144efadb39c587acdadae&amp\;wdformid={5b4e96cf-1bcd-468f-a845-09b4d8027bc2}&amp\;action=formsubmit"; http_uri; nocase; content:"livenmitac-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004802; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/czarina-cabalza_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=fnyckzjagh3z%2bl1cadcdqxot6rfyhmeonulx7ksc7pq%3d&docid=1_15129478f60da40db8395b5675832ef56&wdformid=%7b000c8ab1%2dcbc8%2d44e3%2dac19%2d0015f01b771e%7d&action=formsubmit"; http_uri; nocase; content:"livenmitac-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004803; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/hannah-daly_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=ia5uzzon3iviku4f3pxemyhhabfwkpdjirpftfear%2fk%3d&docid=1_169208e425ed84fea9fd294a6886d67e9&wdformid=%7b06255f86%2d4bf9%2d4ee8%2dbd7e%2dfef81913a79b%7d&action=formsubmit"; http_uri; nocase; content:"livenmitac-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004804; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/hannah-daly_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=ia5uzzon3iviku4f3pxemyhhabfwkpdjirpftfear/k=&amp\;docid=1_169208e425ed84fea9fd294a6886d67e9&amp\;wdformid={06255f86-4bf9-4ee8-bd7e-fef81913a79b}&amp\;action=formsubmit"; http_uri; nocase; content:"livenmitac-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004805; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/d8ruzprc"; http_uri; nocase; content:"lnkd.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200004806; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/di6hueus"; http_uri; nocase; content:"lnkd.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200004807; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dn4fff29"; http_uri; nocase; content:"lnkd.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200004808; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/edxjbzfy"; http_uri; nocase; content:"lnkd.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200004809; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/emruebe2"; http_uri; nocase; content:"lnkd.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200004810; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/eqjcnf2u"; http_uri; nocase; content:"lnkd.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200004811; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/gib6fpsz"; http_uri; nocase; content:"lnkd.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200004812; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/home/?6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d"; http_uri; nocase; content:"login.xfinity.meculinkvolt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004813; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/02/blog-post.html"; http_uri; nocase; content:"magyarpoosta.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004814; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/forms/form1.html"; http_uri; nocase; content:"mail.hfcfit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004815; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/179.32.144.1585349/sucursalpersonas.transaccionesbancolombia.com/mua"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004816; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/179.32.144.1585349/sucursalpersonas.transaccionesbancolombia.com/mua/"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004817; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/181.143.31.2028037/sucursalpersonas.transaccionesbancolombia.com/mua"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004818; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/181.143.31.2028037/sucursalpersonas.transaccionesbancolombia.com/mua/"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004819; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/186.154.25.1064023/sucursalpersonas.transaccionesbancolombia.com/mua"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004820; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/186.154.25.1064023/sucursalpersonas.transaccionesbancolombia.com/mua/"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004821; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/190.27.90.2077221/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004822; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/190.61.55.2105806/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004823; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/191.110.122.835718/sucursalpersonas.transaccionesbancolombia.com/mua"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004824; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/191.110.122.835718/sucursalpersonas.transaccionesbancolombia.com/mua/"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004825; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/191.95.152.1287758/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004826; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/201.233.42.1501206/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004827; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1gne6"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004828; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/6w9qj"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004829; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/77srn"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004830; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/g50gq"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004831; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/hfldu"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004832; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ibyyn"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004833; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ij3t9"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004834; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jlrbo"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004835; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/qpwha"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004836; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/reu8w"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004837; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/sb6ww"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004838; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/linkredirect?authuser=0&amp\;dest=https%3a%2f%2flinktr.ee%2fpaypai.serviceid?idtrack=kzsykctt"; http_uri; nocase; content:"meet.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004839; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/cp/0ccc3066dc2bcd17/c?mi_u=87923176&mi_origin=&url=http://email.stickercanada.com/t?entity_type=2&entity_id=32534&email_pref_id=34785928&sent_id=1600423397&service_id=22668&redirect_url=https:/relievehotmailonly.cloudns.cl/imagineme/ionos.php"; http_uri; nocase; content:"mi.jetblue.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004840; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2020/11/fiyatlar.html"; http_uri; nocase; content:"milanno342.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004841; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dvtygtgvrv.html?ggcdraewqaszxfdxcgchjbjnhbgvfcdrxtcyvbuninhbygtfcrx"; http_uri; nocase; content:"monstercarp.rn86.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200004842; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/form/60deff002ca34f5aa4985ab3"; http_uri; nocase; content:"my.forms.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200004843; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/form/6112452ca3f6e60d511bad0d"; http_uri; nocase; content:"my.forms.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200004844; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/leboncoin-service/confirmationpaiement-1"; http_uri; nocase; content:"my.forms.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200004845; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/_layouts/15/wopiframe.aspx?guestaccesstoken=xvdowzk%2bkm4wndrziofnpfcj8fb8rkrsqt%2bkybvollg%3d&docid=1_16fb1a2a3e2f9468aa7cebc35874c9da0&wdformid=%7b95111770-0103-492b-8c70-e9625f96b49a%7d&action=formsubmit&cid=4d02a372-8b83-4120-84b5-1d9a2a3492dd"; http_uri; nocase; content:"myparc.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004846; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/ginger_gingerfountain_com/_layouts/15/wopiframe.aspx?guestaccesstoken=gpys8ex7ys1urrzbfeasvlexkodtrovmmcpn%2brsnebs%3d&amp\;docid=1_1882b07b5eb5643d2bdaa63426324ef0e&amp\;wdformid=%7b9bd54af1%2dee16%2d4e07%2d8d62%2d6e9b76e47512%7d&amp\;action=formsubmit&amp\;cid=9adf3e74-8cc1-4e36-b545-c9165fcafde7"; http_uri; nocase; content:"netorg6600800-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004847; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/leon_leongavartin_com/_layouts/15/wopiframe.aspx?guestaccesstoken=rpanwaz3gooz0d20j9wu7zzskog8p5egpbt4oc5j5bq%3d&docid=1_137b486a2059c4fc7b670d2ddb8f27254&wdformid=%7b07fe213f%2d4079%2d45b9%2db73f%2dfa9809248dd7%7d&action=formsubmit"; http_uri; nocase; content:"netorgft2223515-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004848; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bancos/interbank"; http_uri; nocase; content:"nexoinmobiliario.pe"; content:"Host"; http_header; classtype:attempted-recon; sid:200004849; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/examination/admitpanel/filemanager/5365678587"; http_uri; nocase; content:"nihmt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004850; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/02/blog-post.html"; http_uri; nocase; content:"norwayposten.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004851; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/n/axjt4zimmriy/b/cherishppps-20210930-1214/o/spaceblack.html"; http_uri; nocase; content:"objectstorage.us-phoenix-1.oraclecloud.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004852; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"oiazeiuiazolme.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004853; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/forms/view/zalxyved/a9adea36-d163-4d46-a3de-0e990d86e78e"; http_uri; nocase; content:"online.visual-paradigm.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004854; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ions/index.php?email=redacted@abuse.ionos.com"; http_uri; nocase; content:"onlinecasinospark.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004855; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ondedrive/onedrive/rolex/index.php"; http_uri; nocase; content:"oraclemart.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004856; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''"; http_uri; nocase; content:"oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004857; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/walletconnect/"; http_uri; nocase; content:"pancakeswapsupport.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004858; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"paozeia.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004859; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/02/blog-post.html"; http_uri; nocase; content:"paypal-inc-userupdatenuber7925570844.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004860; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-mails/"; http_uri; nocase; content:"pilgrimapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004861; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/pasi_puumalainen_plytec_fi/_layouts/15/wopiframe.aspx?sourcedoc={8f0414f2-e7a8-46f4-a2bb-d38353ed20d6}&amp\;action=default&amp\;originalpath=ahr0chm6ly9wbhl0zwnmas1tes5zagfyzxbvaw50lmnvbs86bzovzy9wzxjzb25hbc9wyxnpx3b1dw1hbgfpbmvux3bsexrly19mas9fdklvqkktbzvfukdvcnzuzzfqdelowui1vgg5bxf2ltjlvl9mohvka09sb2pnp3j0aw1lpxvysjgtvnb2mtbn"; http_uri; nocase; content:"plytecfi-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004862; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/att/citi"; http_uri; nocase; content:"pplastmart.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004863; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fia8mx"; http_uri; nocase; content:"ppt.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200004864; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fva4wx"; http_uri; nocase; content:"ppt.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200004865; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fvakzx"; http_uri; nocase; content:"ppt.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200004866; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fvllvx"; http_uri; nocase; content:"ppt.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200004867; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/survey/t/?title=bt-broadband-and-private-policy-support_20"; http_uri; nocase; content:"proprofs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004868; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/emailfwd/show.php?usernum=350311855&amp\;formid=3879"; http_uri; nocase; content:"pub5.bravenet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004869; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pfbgzhkd"; http_uri; nocase; content:"pxlme.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200004870; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/vn79myoi"; http_uri; nocase; content:"pxlme.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200004871; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d%2f&action=formsubmit"; http_uri; nocase; content:"qualitasc-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004872; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d%3e%2f&action=formsubmit"; http_uri; nocase; content:"qualitasc-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004873; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d&action=formsubmit"; http_uri; nocase; content:"qualitasc-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004874; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jeh2aebbsh97"; http_uri; nocase; content:"quip.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004875; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/qv7malu8n7cz/you-have-some-messages-pending"; http_uri; nocase; content:"quip.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004876; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/77ll23ween.html"; http_uri; nocase; content:"r3g34.fra1.digitaloceanspaces.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004877; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2020?m=1"; http_uri; nocase; content:"rabofree.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004878; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"reamaam.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004879; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/j7107dr"; http_uri; nocase; content:"rebrand.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004880; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/z83ig2n?rb.routing.mode=proxy&amp\;rb.routing.signature=123%20836"; http_uri; nocase; content:"rebrand.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004881; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"redatofadesafe.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004882; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?key=bbb516d91daee20498798694a42dd559&u=https://lrs.financial/eesuri6?l5oyrhkwq"; http_uri; nocase; content:"redirect.viglink.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004883; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"reikreitel.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004884; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v01iebe3vicvgirviexv4sbdve1r03f.html"; http_uri; nocase; content:"release-held-messageshee.fra1.digitaloceanspaces.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004885; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/renew-global-entry"; http_uri; nocase; content:"renew.trusted-travelers-online.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004886; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/xeknoz?confirmation"; http_uri; nocase; content:"reurl.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200004887; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/xgmxr1"; http_uri; nocase; content:"reurl.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200004888; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2d0jazx1eky5/click-here-to-verify-your-email"; http_uri; nocase; content:"rezunz.quip.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004889; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/02/blog-post.html"; http_uri; nocase; content:"riderctposten.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004890; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/''''''''''''''''''''''''''''''''"; http_uri; nocase; content:"roygijvhluozwnflsypmewrstt-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004891; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ruralaccoun/alibaba.com/portal.php?email=june3354@naver.com"; http_uri; nocase; content:"ruralaccounting.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200004892; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/-rb9g"; http_uri; nocase; content:"s.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200004893; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/crsqh"; http_uri; nocase; content:"s.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200004894; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ytk-r"; http_uri; nocase; content:"s.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200004895; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bvqs45qsd4azdqzz/a.html"; http_uri; nocase; content:"s3-us-west-2.amazonaws.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004896; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/progressivebank-uat/index.html"; http_uri; nocase; content:"s3.amazonaws.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004897; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/realtrue.html"; http_uri; nocase; content:"s973454980238668645789827366497203975890547864598033674329.fra1.digitaloceanspaces.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004898; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/carli_lamell.html"; http_uri; nocase; content:"sanclemente.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004899; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/la-banque-postale.html"; http_uri; nocase; content:"sandert12.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004900; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbot"; http_uri; nocase; content:"sateegourmet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004901; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"sefonta.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004902; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/postenno_9.html"; http_uri; nocase; content:"seonewsservic.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004903; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/6gwvve65243s9/eer442.html"; http_uri; nocase; content:"sgp1.digitaloceanspaces.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004904; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1fni_ent2sao6wqv0vzdn7g8nl9d"; http_uri; nocase; content:"share.hsforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004905; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/basic.php?k=d63621ef3dc01735479befc13f97ec7fdb68991d"; http_uri; nocase; content:"shared-document.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004906; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nqgu1"; http_uri; nocase; content:"shorturl.at"; content:"Host"; http_header; classtype:attempted-recon; sid:200004907; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/jh_silitrade_com/_layouts/15/wopiframe.aspx?guestaccesstoken=8vzaur%2f5gb%2fwmmsfdszlpfueeb0ml%2fzkiljmp9hfa0o%3d&amp\;docid=1_14a3d3f238b844155b59bb08023697365&amp\;wdformid=%7b3395edb6%2d941b%2d49a6%2dbd04%2dc039ca27bb2b%7d&amp\;action=formsubmit"; http_uri; nocase; content:"silitrade-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004908; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/3cd35d"; http_uri; nocase; content:"simp.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004909; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/h45c89"; http_uri; nocase; content:"simp.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004910; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/publish/xhrdvc"; http_uri; nocase; content:"simp.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004911; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/a/sy4norton.com/setup/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004912; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/newservices.website/orange-mobiles/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004913; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/e9d24c72/23524457"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004914; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/habbotuttogratis"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004915; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/habbotuttogratis/assignments"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004916; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/libretyreserve"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004917; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/libretyreserve/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004918; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/protectedinmprovmnt44/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004919; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/safetycheck427064200647221/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004920; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/verifycheckpointpaqes/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004921; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/08ie-securepage-facebook"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004922; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/0iey-securepage-facebook"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004923; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/2-orangebank-salva/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004924; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/3-orangebank-vetch/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004925; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/4-orangebank-toto/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004926; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/65h7t65ygtdw5f4/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004927; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/aattt/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004928; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/abuse-privacy/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004929; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/access-office-docxpdf-call-net/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004930; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/airplanecost/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004931; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/alert-app-pages/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004932; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/app-mobile-uuid/recovery"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004933; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/appsconfirms"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004934; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/asdfghjklhgfdsdfgh/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004935; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/att-managements/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004936; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/attemail56/home?authuser=3"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004937; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/attfeatures/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004938; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/attyahooohroffice231/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004939; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/audio-call-net/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004940; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/audio-mp-vm/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004941; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/authentification-orangebank-eu/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004942; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/awspage"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004943; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/banquepostalebanqueetassurance/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004944; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bdbhdhbdhbd/home?authuser=2"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004945; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/benachrichtigung-sparkasse/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004946; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-cloud-voice-review-voice/bt-voice-cloud"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004947; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-clould-preview000112/voice010101010bt-cloud?authuser=8"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004948; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-interne/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004949; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-mail-690/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004950; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-pdf-receipt-payment/www-bt-pdf?authuser=8"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004951; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-voice1010010/bt-voicemesaage10120201002?authuser=8"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004952; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-web-com32/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004953; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btbtbtbtbtbtcomm/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004954; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btbusinessx/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004955; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btcloudpaymentinvoice202000/httpsbtcloudvm-voice-new?authuser=1"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004956; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btcoms/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004957; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btconnectbusiness/btconnect"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004958; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btconnectmailserver/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004959; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btconnectted/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004960; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btconnnect/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004961; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btinternetco/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004962; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btmv-voice-notice011/btvoicemessage?authuser=8"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004963; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btnvm-urgentnotice/btvmnew-note?authuser=1"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004964; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btsbusinessbill/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004965; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btserver22/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004966; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bttbusinesssss/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004967; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btvoivemessage/bt-home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004968; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/capitaloneloginus/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004969; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/chabillacoat/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004970; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/clickheretoverifyyouracount/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004971; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/clickpagenewlogin2021"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004972; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/coinsbuysellswapcryptocurrency/?fbclid=iwar2isl9xfxxgcxtftml2hmcl_dglhshlkfkpdotycyqu-qjqqfdqm9whtfm"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004973; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/comfimobiekdofl/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004974; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/community-pages-app/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004975; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/confirmation-orangabank/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004976; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/connectolo/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004977; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/continue6363gd/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004978; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ctz03"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004979; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/currentlyserver/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004980; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dfffrreeer/home?authuser=3"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004981; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dffvderr/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004982; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dfghjhckuyf/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004983; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dfghjhl/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004984; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dkdfkazii-ofoqisjaz1wk/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004985; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dkekkeole/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004986; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dumes/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004987; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dvrbtrethy5642qwrfvd/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004988; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/espace-orange-vocal/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004989; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/espace-vocalorange-ref0325/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004990; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/espacemessagerieorangesms/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004991; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/etyajdnxnskoeprlwyaxbdhfkrituy/btconnect"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004992; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ewyy65/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004993; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ewyy65/home?authuser=3"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004994; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/feelblessed/bt-business"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004995; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/fhgfbythfrsv/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004996; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/fhgfjhfj/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004997; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/form-recovery/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004998; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/form-recovery/details"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004999; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/gdhbfcxzx"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005000; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/hbxchx"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005001; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/hccwc/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005002; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/home-bt-updates/bt-com"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005003; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/home-pages-recovery/details"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005004; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/htvvss/home?authuser=3"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005005; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/identificaton-10777502102022/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005006; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ii-securepage-facebook"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005007; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/invoice-payment-pdf/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005008; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/invoicehomepdf/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005009; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/invoicescan365pdf/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005010; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/jcnvvn/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005011; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/jmjmnhvdc/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005012; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/labred-authentification-source/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005013; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/leafadd/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005014; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/log-inpagenew"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005015; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/mcwdbvefjberjrwgnwriviwr/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005016; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/messor/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005017; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/mobile-apps-pages/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005018; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/mobile-redirect-system"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005019; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/mv-voicepage/home?authuser=8"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005020; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/mycoinwallet/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005021; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/necrologieinfosfroravocal/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005022; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/newbtmissedcall/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005023; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/newuploadpage"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005024; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/newvoicemail/home?authuser=1"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005025; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/nextprojectpage"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005026; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/nextprojectpage2022"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005027; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/noticeplaypagenew2021"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005028; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/noticepublicpagenew2021"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005029; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/notifcationnoticesystempage"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005030; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/nouveau-sms-message-vocal/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005031; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ob-seccurite/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005032; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ob-securite/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005033; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ob-securites/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005034; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ob-service/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005035; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/offiice-voice-com/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005036; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/onlinefifthercheckaccout/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005037; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orange-b-securite/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005038; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orange-forfaits-et-mobiles"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005039; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeb-190/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005040; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeb171/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005041; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeb221/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005042; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeba/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005043; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeban/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005044; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangebank-r/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005045; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangebank-sc/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005046; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangebank-secure-secure/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005047; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangebanksecurite/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005048; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangebannk/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005049; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeibank/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005050; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeinfosvocalnews/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005051; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangemyconnect/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005052; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/oranggebank/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005053; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangiebank/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005054; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/pagenewlogin2022"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005055; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/pages-identificaton-1000050210/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005056; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/pass-press/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005057; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/paypal-customer-services/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005058; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/paypal-loginn/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005059; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/pfherjwlsnmcyelwudy/home?authuser=3"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005060; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/pleasecheckpoint2021"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005061; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/postacerticodplusaccaccueil/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005062; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/protonmailservice/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005063; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/quickteamservice/yahoo-com"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005064; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/reactivationhelp2021/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005065; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/redirect-acctpages-uuid/details"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005066; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/redirectme-to/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005067; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/retttt/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005068; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/reviewappspagerviicee/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005069; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/reviewappspagerviiceee"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005070; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/rg9eur94uwe9d/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005071; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/richcoff/bt-business"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005072; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/rimekahsdjg/summary_page"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005073; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/salimkaso/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005074; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/sbcglobalm/home?authuser=1"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005075; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securbtcomms/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005076; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/secure-bt-homevoice01010120/home?authuser=8"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005077; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/secure-ob-/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005078; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/secure-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005079; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securebtcomms/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005080; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securebtcommss/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005081; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securebusinessbtsecurbt/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005082; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securiplus0101/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005083; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securite-ob-service/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005084; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securite-obank/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005085; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securitee-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005086; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securites-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005087; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securmybusinessbtsecurbt/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005088; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securree/home?authuser=1"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005089; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securritee-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005090; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/serv-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005091; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/serv-obank/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005092; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/serveur-communication-box/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005093; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/service-orangebank-fr/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005094; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/service-orangebank-securi/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005095; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/service-securite-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005096; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/servicenewlogin"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005097; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/shgeudh/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005098; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ski03/strona-g%c5%82%c3%b3wna"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005099; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/soeyankandi5/bt-business"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005100; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/szdgsdhgd"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005101; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/thenewstartpage2021"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005102; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/update-allreadypage"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005103; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/updatesecure"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005104; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/updatingnewpage"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005105; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/upgrade-bt/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005106; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/utututttu/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005107; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/v-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005108; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/venmo-loginusa/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005109; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/vfbjf/btconnect"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005110; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/view-your-billonline/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005111; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/viewyourbilll/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005112; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/viewyournewbill/bt-business-btconnect"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005113; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/vjsdhdfidjasi/btconnect"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005114; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/webespaceclient-ref8/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005115; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/webmailcooom/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005116; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/xcccjcdhasks/btconnect"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005117; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/xmicrosoftoficew/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005118; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/xsvgcxsgvdhg/home?authuser=4"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005119; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/xvhfefef/bt-business"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005120; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/yah000/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005121; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/yahooend/yahoo"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005122; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/yahoomailingdesk/yahoo-com"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005123; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/yahooscott/yahoo"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005124; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/yourbillnotification/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005125; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/yt89ougjio/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005126; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ztt5zazu/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005127; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/admin/webmail.cpanel.net/user/cp.user.sign_in/auth/cpanel_mailbox/index.htm"; http_uri; nocase; content:"skart.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200005128; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"solatresont.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005129; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"soufatanse.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005130; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"soufsont.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005131; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/stt-c625a3f2c2"; http_uri; nocase; content:"sprw.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200005132; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:b:/g/personal/mandyb_steiner_co_za/exxq1passetnrojoe83fzboboxufoggwb7uvmyfqbionla?e=4:su8jhq&amp\;at=9"; http_uri; nocase; content:"steinercoza-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005133; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentyfifteen/css/read/chinavali/index.php?email=jsmith@imaphost.com"; http_uri; nocase; content:"stolizaparketa.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200005134; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1lordman1man3/oscman2.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005135; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/acc03lzzl4m3izm03iauserpowa.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005136; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/algebraic-pact-316913.appspot.com/index.html#jbell@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005137; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/anaagc040gdyacgd0dyuser.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005138; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ciat3tdtttd53c3e5userp.appspot.com/index.html#jr@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005139; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ciat3tdtttd53c3e5userp.appspot.com/index.html#paul@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005140; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/clientid4dunptjlryzrift3nrlomi160gqntzgznajujcnbszq8w/index.htm"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005141; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dhngw6p6rwrwnuv6vnuse.appspot.com/index.html#brianvillacarlos@legalshieldcorp.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005142; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/g58t3e588ddgmdeddauth.appspot.com/index.html#jim-shelvy@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005143; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/gu1r0utjruhjkukrxhauser.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005144; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/indettn/pdflmanco.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005145; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/indettn/zdewaman.html#example@example.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005146; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/kkkqkl633qn6kq3lqssiiddnenen.appspot.com/index.html#jbell@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005147; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/kkkqkl633qn6kq3lqssiiddnenen.appspot.com/index.html#t.voit@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005148; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/logon_id63757945b-32c6-49b0-83e6-1d93765276e7/"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005149; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/logon_id63757945b-32c6-49b0-83e6-1d93765276e7/index.html#martin.manasek@ruk.cuni.cz"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005150; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/maintainancecomponeta.appspot.com/index.html#a@b.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005151; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/maintainancecomponeta.appspot.com/kayindex.html#eimaste@stinpriza.org"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005152; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/maintainancecomponeta.appspot.com/myowngeneral.html#eimaste@stinpriza.org"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005153; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/maintainancecomponeta.appspot.com/newmineindex.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005154; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/owuddqd9dqqdddq9qd0caerq.appspot.com/index.html#stevewilliamson@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005155; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/projerroro0h5j5ro0jrrj.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005156; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/q90qqqar22r229r292euser.appspot.com/index.html"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005157; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/q90qqqar22r229r292euser.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005158; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/rrdar99rt9qraraq99euser.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005159; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s0pts0apttxpp00atarrauth.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005160; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/staging.maintainancecomponeta.appspot.com/fcocnew.html"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005161; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/staging.maintainancecomponeta.appspot.com/nvhdjgtpl8txagtoccpyscuekxctc7j3kpg5bbugwqv0kemeas313lqehufuifcl6el9vtvomhrfbjbpxbg6qrnsg5sz3dyaiqor%2c%2520ffx6khej2lavfftroaizcq99hjdn3f4hs6gdeg2qodfyhobl8zonx6lez2dafyafc6spylufytfvuzn1jsioh4u6xpsbsqxqgh.html#icann@tecnocratica.net"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005162; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/staging.maintainancecomponeta.appspot.com/sydlasgendomain.html#winnie@soupro.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005163; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/user517497679326978.appspot.com/index.html"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005164; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uth0uax3t3uh30ttna0nnuser.appspot.com/index.html#jbell@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005165; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yyw77ywnn68weyew6euserq.appspot.com/index.html#rosalefua@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005166; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/03a6c481bbd83f8/df225c198d58561#un/68425_md/2/16247/3955/23/19171"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005167; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1827435283/1827435283.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005168; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/abjsfatitvyrobprkawlycsckcwrvnntndjwbgoqjiswdbkhhlyxnbv/cli123.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005169; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/abuabomvnediarrfgxamrtqcoehnpskugrmafutqnhugsbzossviqfv/cli123.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005170; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/acwuwxxomzzlrrfuyssheahvokqfunqvlbjnjrbyfsmbbmdppwimvbd/cli123.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005171; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bbss-urltest-public/docomo_20210726_01.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005172; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bbss-urltest-public/docomo_20210910_01.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005173; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bbss-urltest-public/docomo_20210910_02.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005174; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xdaysonde1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005175; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xdragon1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005176; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xgmx1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005177; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xiphoneswiss1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005178; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xketode1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005179; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xlena1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005180; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xps5de1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005181; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xspar1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005182; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/buckettt01/redirect%20newslettersreply.shop.html#rd/u8888idsyy65301cvmt1247244psw23077wujo1715"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005183; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/document-check/sign.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005184; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/inboxino/brand.html#cl/13669_md/1/788/1401/22/1025434"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005185; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/inboxino/brand.html#cl/13695_md/1/788/1401/109/376564"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005186; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/inboxino/brand.html#un/13664_md/1/455/1401/112/814109"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005187; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/inboxino/brand.html#un/13695_md/1/788/1401/25/339407"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005188; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/sstoragert/linkqs.html#cl/19939_md/1/4441/3808/112/984664"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005189; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/sstoragert/linkqs.html#un/19995_md/1/4542/3682/112/984664"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005190; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ylffhg/redireck.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005191; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/authentifier-transcash.html"; http_uri; nocase; content:"suivi-coupon-recharge.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005192; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/usroutput/themeset1_2021-12-21-23-15-13/"; http_uri; nocase; content:"sunnylandingpages.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005193; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/adrian_ramos_superpark_com_hk/_layouts/15/wopiframe.aspx?guestaccesstoken=vofjngnui%2fslbameorlq62qlg8mcdnpo1dizu6i%2bc1m%3d&amp\;docid=1_124bbb2f682ca4c7daba6cec6ee34dfb9&amp\;wdformid=%7ba85c8abe%2d68be%2d43dd%2d91f3%2db397386186be%7d&amp\;action=formsubmit"; http_uri; nocase; content:"superpark-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005194; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/form/608bca7586919c70a2066ef7"; http_uri; nocase; content:"surveyheart.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005195; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/2vze"; http_uri; nocase; content:"surveylegend.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005196; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/pranjali_chandurkar_nmims_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=668cyp4s%2fwcmx8rj223bvjfwdvtryffzfpyarbrueha%3d&amp\;docid=1_1916b69db182644fead12e874cad930c4&amp\;wdformid=%7bcd4093b9%2ddfae%2d49f1%2dadde%2df32fbe93b271%7d&amp\;action=formsubmit"; http_uri; nocase; content:"svkmmumbai-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005197; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/index.html"; http_uri; nocase; content:"swisscoat.com.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200005198; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/about-us/netflix/9001ca429212011f4a4fda6c778cc318/account"; http_uri; nocase; content:"synapse-project.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005199; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/about-us/netflix/9001ca429212011f4a4fda6c778cc318/account/"; http_uri; nocase; content:"synapse-project.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005200; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/public/dapp"; http_uri; nocase; content:"synmultiwallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005201; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/6b3rxfp90m"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005202; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/8mptsau4zq?amp=1"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005203; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/9ooxxstzmb?amp=1?trackingid=ftiikjly&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005204; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/9ooxxstzmb?trackingid=lxr1lc3e&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005205; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ef7oipwfto"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005206; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fy2lasfqae?trackingid=agbl0dxn&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005207; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fy2lasfqae?trackingid=dhrt9pxv&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005208; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fy2lasfqae?trackingid=mhrdlxok&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005209; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fy2lasfqae?trackingid=s5kqcb1o&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005210; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ge6k1ctsmd?trackingid=3pc2vgmn&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005211; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ge6k1ctsmd?trackingid=n13hzxpy&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005212; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ge6k1ctsmd?trackingid=ocfgjhka&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005213; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ge6k1ctsmd?trackingid=ohj6ctus&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005214; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/lkcd0mnequ"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005215; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/timonfvymu?trackingid=67yzc2bv&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005216; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/timonfvymu?trackingid=cybyidfp&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005217; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/zrd6j5rq4u?amp=1"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005218; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/zwuq6zjpdj"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005219; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/helton.law/outlook.office.com/"; http_uri; nocase; content:"tasteentertainment.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005220; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/system32/procesosdeseguridadhb/170.51.165.16679791/agregar/telefono/contacto/logonoperacionservlet.html"; http_uri; nocase; content:"tecsuport.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200005221; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/03/blog-post_48.html"; http_uri; nocase; content:"telenorkandklimsupoort.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005222; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/form.htm"; http_uri; nocase; content:"thedigirocket.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005223; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2021/11/1/1and1/index.php"; http_uri; nocase; content:"thelibrarysamui.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005224; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-track/parceverification9887id=291250485"; http_uri; nocase; content:"themcsoft.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005225; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ing587388"; http_uri; nocase; content:"tiny.one"; content:"Host"; http_header; classtype:attempted-recon; sid:200005226; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ing67454"; http_uri; nocase; content:"tiny.one"; content:"Host"; http_header; classtype:attempted-recon; sid:200005227; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/reuswnzc"; http_uri; nocase; content:"tiny.one"; content:"Host"; http_header; classtype:attempted-recon; sid:200005228; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/48rzxpne"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005229; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/4wcw6fcu"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005230; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/btinternet56"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005231; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/evyu688y"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005232; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nycgovtgrant"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005233; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uha4nvtf"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005234; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/y8mcrhhp"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005235; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yxb48kqj"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005236; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yxry9vf5"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005237; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yyvm8qr5"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005238; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/truist.com/"; http_uri; nocase; content:"topearnersafrica.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005239; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/h/v6/link-track/1.0/1612678003989072-e5f6d8cc-499b-ea4f-85f1-8b23ad935661/1612677988/2f5895837f8d3f0a667c6b92ad41f652/8af273ac431e289838c8bf7c490185f3/3fe2530ffaa60580b73b9eec6af02f4d?redirect_uri=http://amazon.com"; http_uri; nocase; content:"tr.cloudmagic.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005240; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/h/v6/link-track/1.0/1614590779401122-8e06125c-4b23-d643-3068-601cab9bec04/1614590763/2f5895837f8d3f0a667c6b92ad41f652/31367888a66bf6f98973a200c83075bb/3fe2530ffaa60580b73b9eec6af02f4d?redirect_uri=http://amazon.com"; http_uri; nocase; content:"tr.cloudmagic.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005241; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/?bn=35405429\;cpdir=https://tmmny.csb.app/.wewrewew.ahr0chm6ly9pbnzlc3rpbmdpbmdvzc5vcmcvqvbjmjq3.yw1izxiuzml0dg9uqhnwyxjrlmnvlm56"; http_uri; nocase; content:"track.adform.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200005242; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=1"; http_uri; nocase; content:"transcash-fr-v.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005243; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/webapp/tribratanews/public/js/hughesnet.com/index.php"; http_uri; nocase; content:"tribratanewsbondowoso.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005244; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/lsjpgw?verification-online-service"; http_uri; nocase; content:"u.to"; content:"Host"; http_header; classtype:attempted-recon; sid:200005245; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/unrpgg"; http_uri; nocase; content:"u.to"; content:"Host"; http_header; classtype:attempted-recon; sid:200005246; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wsddga"; http_uri; nocase; content:"u.to"; content:"Host"; http_header; classtype:attempted-recon; sid:200005247; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pbi_pbi1151/login/remote/071108407/6"; http_uri; nocase; content:"ucbonline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005248; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=e%2f5p4lmr7oxtbuuzst9ihpacebtz%2bhbogl5i950bhau%3d&docid=1_151b39d9e7dd54cfba500875349d3beb6&wdformid=%7bda6fcad9%2d9684%2d43af%2db959%2de2fa774eaba6%7d&action=formsubmit"; http_uri; nocase; content:"umconnectumt-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005249; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=h2b5qkvlooc%2bfvhpo6qkbxdfdzwzpa7doqhaikfrj08%3d&docid=1_1cab74931edec4bf39e6f4768e7830a02&wdformid=%7b6a702647%2db560%2d40c5%2d8890%2d109ec5ad9bc5%7d&action=formsubmit"; http_uri; nocase; content:"umconnectumt-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005250; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=inau9tsjk5bvaoypx%2fgfkvgo0iz4rq47kvts4tkb8yq%3d&docid=1_19c7a48ea3a0448c78765a480857920f0&wdformid=%7bd8f70a7d%2d4204%2d4a87%2da88e%2dbad6b0e4129e%7d&action=formsubmit"; http_uri; nocase; content:"umconnectumt-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005251; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=inau9tsjk5bvaoypx/gfkvgo0iz4rq47kvts4tkb8yq=&amp\;docid=1_19c7a48ea3a0448c78765a480857920f0&amp\;wdformid={d8f70a7d-4204-4a87-a88e-bad6b0e4129e}&amp\;action=formsubmit"; http_uri; nocase; content:"umconnectumt-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005252; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=uh9hjveaooebgqolme%2f5qft71pw2stg2ojiiqxebzce%3d&docid=1_11e28ca5d86c6416f926736ea3e8ad885&wdformid=%7b70256f91%2df178%2d4e5f%2d847a%2df748294a79c9%7d&action=formsubmit"; http_uri; nocase; content:"umconnectumt-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005253; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wine"; http_uri; nocase; content:"umeacademy.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005254; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wptracking/tracking2/tracking/tracking.php"; http_uri; nocase; content:"uniga.ac.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200005255; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/0lxgmv"; http_uri; nocase; content:"url.gratis"; content:"Host"; http_header; classtype:attempted-recon; sid:200005256; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/kcornwall/email-verification/notice/account_login/login.html#accounting@utu.fi"; http_uri; nocase; content:"users.tpg.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200005257; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1pxak"; http_uri; nocase; content:"v.ht"; content:"Host"; http_header; classtype:attempted-recon; sid:200005258; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yogs"; http_uri; nocase; content:"v.ht"; content:"Host"; http_header; classtype:attempted-recon; sid:200005259; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/rd/c56498tvifh29711728hupj8172asy17489blob7311"; http_uri; nocase; content:"vaiddzed.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200005260; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/drupal-7.56/scripts/bp"; http_uri; nocase; content:"velvet.by"; content:"Host"; http_header; classtype:attempted-recon; sid:200005261; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/drupal-7.56/scripts/bp/"; http_uri; nocase; content:"velvet.by"; content:"Host"; http_header; classtype:attempted-recon; sid:200005262; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"veredesafs.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005263; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"vetrfedsonte.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005264; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/03/blog-post.html"; http_uri; nocase; content:"viamobte.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005265; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/61e168ca67f4550de805d006/interactive-content-secured-document"; http_uri; nocase; content:"view.genial.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200005266; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/61e168ca67f4550de805d006/interactive-content-untitled-genially"; http_uri; nocase; content:"view.genial.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200005267; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"vivaterouna.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005268; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?cc_key=&amp\;post=%7brandom_number_5%7d_1&amp\;to=http://18.118.206.123/index.php?key=%7brandom_letternumberuplow_5%7d,email=%7bemail%7d"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005269; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=1qg10"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005270; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=3efeh"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005271; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=cylqz"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005272; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=dmyfj"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005273; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=dvexh"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005274; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=fhqja"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005275; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=g9dzz"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005276; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=qq74g"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005277; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=v0de0,email=kflove23@icloud.com&post=11981_1&cc_key"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005278; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=zzbtj"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005279; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=ccugr"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005280; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=mb1wu"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005281; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=meixj"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005282; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=toboe"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005283; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=tyzud"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005284; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=u7tfm,email=resurgita@icloud.com&post=35252_1&cc_key"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005285; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=v5t6m,email=robertgoby@icloud.com&post=24927_1&cc_key"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005286; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=vgy1e"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005287; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=znbui"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005288; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2fhumanity06.com%2fwp-content%2fthemes%2fapi.html"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005289; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2frois-zkxzx.run.goorm.io/safe-browser/"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005290; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2fwww.allovisite.com%2fwp-content%2fplugins%2fapi.html"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005291; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2fwww.allovisite.com%2fwp-content%2fplugins%2fapi.html&post=693378694_2&cc_key"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005292; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https%3a%2f%2fmsq-health.com%2fimages%2fonehealth%2fsound%2faudio&post=696668869_2&cc_key=/odmibxru/tsiqjhleqcj"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005293; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https%3a%2f%2fsapphireinternationalschool.com%2falbum%2fimages%2fsound%2faudio&post=690576696_17&cc_key=/lhgesiqipz/ksbqekez2fa"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005294; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://api.safebrowser-antidrop.com/ai.html?key=ppsyk"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005295; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://arroketainsificansion.com/r/cairdiembos"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005296; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://drmustafaalagamy.com/css/rajahutandil2"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005297; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://laprospergroup.com/wp-admin/assets/?key=8oyrd,email={email}"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005298; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://rendelparis.com/wp-admin/assets?key=isvbt,email={email}"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005299; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://sahara-distribution.com/wp-admin/dir"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005300; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://www.marmum.ae/css/?key=ibxa"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005301; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://www.marmum.ae/css/?key=ksor"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005302; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://www.marmum.ae/css/?key=lzqm"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005303; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://www.marmum.ae/css/?key=yihv"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005304; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://www.newlifenursery.com/assets/rdt.html?key=lwhi1"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005305; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/8jdu/sb6/index.php?_"; http_uri; nocase; content:"wallieget.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005306; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/8jdu/sb6/index.php?_&amp\;_"; http_uri; nocase; content:"wallieget.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005307; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/8jdu/sb6/index.php?_&amp\;_&amp\;_"; http_uri; nocase; content:"wallieget.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005308; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/o2/a/f5s4y/0"; http_uri; nocase; content:"warriorplus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005309; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/upgrade/"; http_uri; nocase; content:"webmail.serviceunit.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200005310; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/sketch/js/sf_trash/c45b222914e3c78d"; http_uri; nocase; content:"webuyworkshopequipment.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005311; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/sketch/js/sf_trash/c45b222914e3c78d/"; http_uri; nocase; content:"webuyworkshopequipment.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005312; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/secure/wells"; http_uri; nocase; content:"whitmansasphalt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005313; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/secure/wells/"; http_uri; nocase; content:"whitmansasphalt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005314; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@bt_home"; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005315; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@bt_internet"; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005316; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@bt_service_alert."; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005317; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@bt_teem"; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005318; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@bt_update"; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005319; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@bt_upgrade"; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005320; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@btinternet"; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005321; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/pklewis_k12_wv_us/_layouts/15/wopiframe.aspx?guestaccesstoken=tqintdtuii%2bam%2fbqmtnjkenggs2dptoi8hs2jqftjkq%3d&docid=1_1446052cffa4c4871bd24bb98fe86ed6d&wdformid=%7bdf30d25d%2d0b59%2d47e5%2d956e%2dc601397ea4d7%7d&action=formsubmit&cid=57cdb8ab-426b-4eff-a51f-903ee3684f96"; http_uri; nocase; content:"wvk12-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005322; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/pklewis_k12_wv_us/_layouts/15/wopiframe.aspx?guestaccesstoken=tqintdtuii%2bam%2fbqmtnjkenggs2dptoi8hs2jqftjkq%3d&docid=1_1446052cffa4c4871bd24bb98fe86ed6d&wdformid=%7bdf30d25d%2d0b59%2d47e5%2d956e%2dc601397ea4d7%7d&action=formsubmit&cid=57cdb8ab-426b-4eff-a51f-903ee3684f96"; http_uri; nocase; content:"wvk12-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005323; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/oih3b8"; http_uri; nocase; content:"xip.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200005324; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fire/dhl/load.php?0=aw5mb0btzxrhbg9naxmuy29t&amp\;guce_referrer=ahr0chm6ly9sb2dpbi55ywhvby5jb20v&amp\;guce_referrer_sig=aqaaaba99nmgr9inqoyu5mi3asjqfyjcpatd_a8modgjxpnxynmo8n5zxdi8ezv7gfypzosc_rpmz0hyfdck0olmxnmb6tpfznd5enc"; http_uri; nocase; content:"znbint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005325; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/kms8u47zlxwk"; http_uri; nocase; content:"zpr.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200005326; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxvzwlcdizyq"; http_uri; nocase; content:"zpr.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200005327; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nckeqquhrpuf"; http_uri; nocase; content:"zpr.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200005328; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa186.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000917; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa187.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000918; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa188.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000919; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa189.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000920; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa19.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000921; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa191.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000922; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa193.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000923; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa194.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000924; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa195.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000925; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa198.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000926; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa20.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000927; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa201.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000928; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa202.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000929; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa204.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000930; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa205.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000931; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa206.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000932; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa208.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000933; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa209.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000934; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa21.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000935; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa211.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000936; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa212.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000937; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa213.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000938; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa214.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000939; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa215.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000940; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa216.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000941; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa217.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000942; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa218.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000943; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa219.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000944; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa220.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000945; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa221.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000946; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa222.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000947; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa223.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000948; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa225.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000949; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa226.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000950; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa227.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000951; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa228.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000952; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa229.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000953; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa230.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000954; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa231.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000955; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa232.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000956; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa233.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000957; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa234.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000958; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa235.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000959; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa237.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000960; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa239.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000961; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa240.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000962; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa241.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000963; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa242.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000964; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa244.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000965; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa245.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000966; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa246.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000967; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa247.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000968; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa248.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000969; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa249.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000970; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa25.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000971; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa251.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000972; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa252.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000973; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa253.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000974; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa256.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000975; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa257.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000976; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa258.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000977; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa260.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000978; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa263.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000979; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa264.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000980; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa265.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000981; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa266.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000982; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa267.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000983; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa269.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000984; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa270.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000985; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa273.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000986; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa274.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000987; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa276.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000988; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa278.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000989; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa279.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000990; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa280.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000991; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa281.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000992; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa282.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000993; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa283.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000994; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa284.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000995; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa285.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000996; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa287.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000997; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa29.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000998; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa290.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200000999; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa292.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001000; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa293.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001001; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa294.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001002; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa295.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001003; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa296.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001004; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa297.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001005; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa299.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001006; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa300.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001007; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa301.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001008; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa302.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001009; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa303.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001010; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa304.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001011; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa305.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001012; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa307.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001013; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa308.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001014; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa310.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001015; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa311.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001016; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa312.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001017; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa313.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001018; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa315.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001019; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa318.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001020; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa319.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001021; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa32.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001022; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa320.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001023; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa321.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001024; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa322.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001025; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa323.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001026; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa325.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001027; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa326.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001028; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa327.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001029; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa328.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001030; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa329.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001031; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa330.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001032; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa331.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001033; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa332.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001034; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa333.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001035; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa334.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001036; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa335.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001037; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa336.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001038; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa337.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001039; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa338.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001040; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa339.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001041; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa340.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001042; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa341.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001043; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa342.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001044; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa343.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001045; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa344.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001046; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa346.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001047; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa347.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001048; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa348.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001049; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa350.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001050; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa351.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001051; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa352.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001052; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa353.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001053; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa354.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001054; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa355.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001055; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa356.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001056; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa357.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001057; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa358.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001058; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa359.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001059; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa36.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001060; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa360.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001061; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa361.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001062; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa363.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001063; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa364.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001064; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa365.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001065; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa367.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001066; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa368.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001067; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa369.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001068; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa37.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001069; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa370.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001070; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa371.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001071; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa372.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001072; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa374.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001073; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa375.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001074; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa376.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001075; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa377.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001076; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa378.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001077; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa379.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001078; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa38.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001079; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa380.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001080; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa381.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001081; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa382.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001082; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa383.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001083; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa384.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001084; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa385.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001085; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa386.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001086; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa387.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001087; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa390.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001088; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa392.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001089; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa393.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001090; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa394.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001091; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa395.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001092; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa396.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001093; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa397.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001094; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa398.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001095; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa40.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001096; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa400.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001097; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa401.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001098; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa403.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001099; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa405.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001100; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa407.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001101; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa408.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001102; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa409.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001103; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa41.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001104; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa410.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001105; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa411.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001106; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa412.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001107; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa413.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001108; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa414.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001109; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa415.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001110; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa417.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001111; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa418.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001112; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa419.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001113; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa42.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001114; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa420.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001115; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa421.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001116; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa422.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001117; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa423.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001118; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa424.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001119; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa425.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001120; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa426.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001121; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa427.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001122; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa429.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001123; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa43.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001124; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa430.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001125; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa431.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001126; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa433.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001127; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa434.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001128; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa435.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001129; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa436.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001130; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa437.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001131; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa438.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001132; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa439.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001133; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa44.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001134; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa440.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001135; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa442.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001136; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa443.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001137; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa444.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001138; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa445.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001139; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa446.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001140; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa447.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001141; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa449.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001142; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa450.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001143; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa451.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001144; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa452.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001145; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa453.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001146; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa455.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001147; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa456.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001148; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa459.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001149; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa46.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001150; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa460.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001151; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa462.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001152; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa463.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001153; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa464.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001154; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa465.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001155; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa466.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001156; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa469.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001157; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa47.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001158; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa470.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001159; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa471.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001160; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa472.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001161; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa473.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001162; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa474.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001163; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa475.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001164; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa476.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001165; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa477.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001166; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa479.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001167; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa480.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001168; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa481.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001169; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa483.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001170; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa484.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001171; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa485.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001172; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa486.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001173; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa487.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001174; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa49.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001175; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa490.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001176; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa491.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001177; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa492.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001178; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa493.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001179; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa494.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001180; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa495.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001181; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa496.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001182; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa497.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001183; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa498.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001184; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa50.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001185; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa500.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001186; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa502.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001187; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa506.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001188; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa507.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001189; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa508.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001190; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa509.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001191; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa51.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001192; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa511.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001193; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa514.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001194; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa515.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001195; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa516.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001196; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa517.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001197; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa518.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001198; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa519.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001199; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa52.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001200; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa520.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001201; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa522.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001202; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa523.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001203; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa525.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001204; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa526.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001205; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa527.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001206; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa528.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001207; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa529.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001208; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa53.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001209; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa530.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001210; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa531.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001211; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa532.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001212; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa533.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001213; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa536.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001214; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa537.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001215; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa538.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001216; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa539.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001217; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa54.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001218; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa541.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001219; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa542.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001220; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa543.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001221; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa545.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001222; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa546.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001223; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa547.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001224; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa549.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001225; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa550.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001226; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa551.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001227; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa553.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001228; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa555.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001229; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa556.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001230; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa557.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001231; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa558.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001232; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa559.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001233; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa56.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001234; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa560.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001235; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa561.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001236; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa562.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001237; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa564.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001238; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa566.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001239; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa567.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001240; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa568.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001241; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa569.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001242; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa57.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001243; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa570.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001244; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa571.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001245; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa572.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001246; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa574.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001247; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa575.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001248; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa576.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001249; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa577.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001250; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa578.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001251; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa579.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001252; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa581.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001253; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa582.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001254; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa583.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001255; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa586.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001256; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa587.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001257; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa588.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001258; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa589.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001259; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa59.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001260; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa592.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001261; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa593.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001262; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa597.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001263; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa598.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001264; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa60.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001265; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa600.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001266; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa601.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001267; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa602.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001268; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa603.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001269; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa604.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001270; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa605.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001271; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa607.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001272; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa608.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001273; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa609.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001274; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa610.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001275; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa612.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001276; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa613.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001277; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa614.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001278; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa618.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001279; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa619.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001280; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa62.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001281; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa620.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001282; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa621.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001283; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa623.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001284; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa624.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001285; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa625.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001286; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa626.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001287; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa627.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001288; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa628.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001289; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa629.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001290; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa63.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001291; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa630.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001292; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa631.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001293; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa632.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001294; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa633.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001295; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa634.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001296; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa635.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001297; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa636.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001298; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa637.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001299; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa638.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001300; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa639.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001301; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa64.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001302; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa640.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001303; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa642.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001304; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa643.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001305; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa644.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001306; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa645.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001307; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa646.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001308; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa647.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001309; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa648.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001310; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa649.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001311; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa65.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001312; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa650.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001313; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa651.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001314; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa652.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001315; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa653.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001316; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa654.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001317; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa655.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001318; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa660.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001319; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa661.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001320; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa662.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001321; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa663.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001322; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa664.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001323; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa665.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001324; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa666.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001325; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa667.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001326; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa668.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001327; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa669.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001328; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa671.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001329; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa672.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001330; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa673.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001331; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa675.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001332; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa677.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001333; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa678.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001334; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa679.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001335; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa68.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001336; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa680.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001337; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa681.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001338; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa682.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001339; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa684.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001340; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa685.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001341; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa689.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001342; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa69.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001343; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa690.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001344; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa691.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001345; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa692.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001346; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa693.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001347; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa694.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001348; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa696.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001349; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa697.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001350; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa698.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001351; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa699.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001352; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa70.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001353; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa700.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001354; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa701.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001355; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa702.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001356; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa703.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001357; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa704.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001358; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa706.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001359; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa708.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001360; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa709.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001361; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa71.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001362; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa711.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001363; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa713.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001364; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa714.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001365; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa715.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001366; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa716.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001367; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa717.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001368; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa718.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001369; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa719.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001370; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa72.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001371; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa721.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001372; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa722.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001373; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa724.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001374; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa725.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001375; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa726.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001376; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa727.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001377; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa729.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001378; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa730.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001379; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa731.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001380; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa732.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001381; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa733.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001382; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa734.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001383; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa735.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001384; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa736.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001385; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa737.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001386; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa738.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001387; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa739.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001388; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa74.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001389; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa740.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001390; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa742.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001391; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa743.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001392; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa744.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001393; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa746.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001394; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa749.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001395; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa75.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001396; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa750.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001397; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa752.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001398; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa753.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001399; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa754.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001400; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa755.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001401; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa757.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001402; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa758.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001403; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa759.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001404; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa761.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001405; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa762.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001406; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa764.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001407; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa765.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001408; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa766.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001409; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa767.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001410; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa768.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001411; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa769.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001412; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa77.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001413; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa770.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001414; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa771.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001415; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa772.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001416; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa773.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001417; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa774.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001418; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa775.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001419; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa776.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001420; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa777.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001421; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa778.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001422; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa779.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001423; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa78.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001424; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa780.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001425; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa782.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001426; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa783.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001427; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa784.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001428; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa785.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001429; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa786.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001430; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa788.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001431; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa789.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001432; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa79.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001433; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa790.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001434; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa793.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001435; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa794.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001436; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa796.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001437; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa797.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001438; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa798.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001439; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa799.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001440; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa80.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001441; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa800.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001442; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa801.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001443; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa802.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001444; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa804.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001445; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa806.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001446; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa807.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001447; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa808.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001448; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa809.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001449; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa81.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001450; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa810.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001451; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa813.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001452; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa814.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001453; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa815.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001454; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa816.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001455; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa817.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001456; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa818.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001457; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa819.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001458; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa82.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001459; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa820.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001460; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa821.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001461; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa822.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001462; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa823.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001463; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa824.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001464; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa826.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001465; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa827.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001466; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa828.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001467; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa829.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001468; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa83.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001469; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa830.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001470; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa831.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001471; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa832.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001472; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa833.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001473; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa834.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001474; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa835.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001475; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa837.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001476; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa839.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001477; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa84.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001478; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa840.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001479; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa841.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001480; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa842.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001481; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa843.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001482; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa844.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001483; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa846.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001484; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa85.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001485; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa851.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001486; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa852.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001487; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa853.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001488; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa855.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001489; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa856.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001490; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa857.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001491; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa858.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001492; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa86.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001493; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa860.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001494; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa861.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001495; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa862.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001496; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa863.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001497; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa864.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001498; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa866.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001499; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa867.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001500; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa868.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001501; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa869.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001502; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa87.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001503; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa870.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001504; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa871.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001505; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa872.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001506; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa873.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001507; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa874.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001508; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa877.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001509; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa878.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001510; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa879.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001511; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa88.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001512; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa880.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001513; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa881.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001514; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa882.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001515; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa884.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001516; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa886.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001517; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa888.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001518; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa889.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001519; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa89.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001520; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa890.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001521; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa891.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001522; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa892.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001523; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa894.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001524; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa895.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001525; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa896.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001526; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa897.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001527; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa898.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001528; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa899.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001529; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa90.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001530; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa900.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001531; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa901.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001532; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa902.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001533; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa903.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001534; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa904.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001535; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa906.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001536; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa907.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001537; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa908.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001538; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa909.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001539; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa91.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001540; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa910.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001541; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa912.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001542; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa913.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001543; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa917.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001544; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa918.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001545; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa92.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001546; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa920.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001547; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa921.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001548; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa922.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001549; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa923.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001550; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa924.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001551; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa926.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001552; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa927.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001553; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa929.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001554; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa930.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001555; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa932.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001556; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa935.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001557; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa937.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001558; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa938.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001559; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa940.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001560; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa941.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001561; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa942.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001562; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa943.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001563; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa944.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001564; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa945.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001565; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa946.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001566; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa947.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001567; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa949.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001568; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa95.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001569; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa950.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001570; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa952.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001571; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa953.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001572; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa954.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001573; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa955.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001574; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa958.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001575; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa959.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001576; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa96.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001577; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa961.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001578; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa962.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001579; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa963.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001580; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa964.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001581; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa966.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001582; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa967.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001583; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa97.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001584; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa970.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001585; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa973.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001586; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa974.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001587; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa975.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001588; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa976.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001589; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa977.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001590; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa979.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001591; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa98.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001592; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa980.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001593; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa982.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001594; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa984.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001595; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa985.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001596; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa986.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001597; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa987.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001598; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa988.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001599; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa989.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001600; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa99.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001601; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa990.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001602; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa991.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001603; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa993.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001604; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa995.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001605; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa996.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001606; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"domainserverlawa999.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001607; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"donaidrsilcio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001608; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"doooog.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001609; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dopeydog.co.nz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001610; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dorouscom.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001611; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"douuodwoman.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001612; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dowaba-s2dhl.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001613; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"doz.tode.cz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001614; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dpasdasfasfasfas.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001615; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dpd-pl.566868.space"; content:"Host"; http_header; classtype:attempted-recon; sid:200001616; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dpd-redelivery-uk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001617; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dpmasdaskj.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001618; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dr-joannepeeler.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001619; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dr3aq.byethost32.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001620; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dreamhacker.pro"; content:"Host"; http_header; classtype:attempted-recon; sid:200001621; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dreamotion-jp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001622; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"drivingschoolglasgow.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001623; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"drmarciovaleriano.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200001624; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dsgcbeonline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001625; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dskedirekt.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001626; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dsp2codemdp.t.justns.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001627; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dtpprtmwbtudyquwgytcqcthzc-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001628; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dtrpsystasfasgas.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001629; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dukhovnist.in.ua"; content:"Host"; http_header; classtype:attempted-recon; sid:200001630; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"durecorpperu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001631; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dwrat.andalous.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001632; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dwvwq.cwfc.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001633; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dydex.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001634; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dyn.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200001635; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"dynastyclinic.ae"; content:"Host"; http_header; classtype:attempted-recon; sid:200001636; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"e-cassare.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001637; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"e4ff557e.sso-secure-mail04wtwdw4.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001638; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"e4ra.byethost8.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001639; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"e63q45f9h5fr.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001640; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eagleeyeapparel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001641; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"earth01.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200001642; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"easywalletfix.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001643; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"easywalletsfix.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001644; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eba0200d0c.nxcli.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001645; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ebay-de.ad49103.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001646; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ebay.com.dashboard-seller.center"; content:"Host"; http_header; classtype:attempted-recon; sid:200001647; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eberhardtedwige.wixsite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001648; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ebuddynews.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001649; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ec.snadc-oecddo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001650; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ecogreenjanitorial.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001651; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ecomcrew.staging.wpengine.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001652; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ecosteelsolution.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200001653; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"edje.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001654; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"edukickmexico.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001655; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ee-sms.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001656; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ee.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001657; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"efarms.com.ng"; content:"Host"; http_header; classtype:attempted-recon; sid:200001658; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eharmonyservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001659; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ekabel.hu"; content:"Host"; http_header; classtype:attempted-recon; sid:200001660; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ekbofexjlnsdsfaqxbcfpnfift-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001661; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ekobebe.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001662; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"electrocoolhvacr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001663; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"electronicanehuen.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001664; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"elektroonline.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001665; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ellatinodigital.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001666; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"elomo.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200001667; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eluniversallatinworld.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001668; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"email302.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001669; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"emailsettings.webflow.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001670; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"emailwebaccess.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001671; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"embarquefloripa.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200001672; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"emlink.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001673; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"emojis.bons.bar"; content:"Host"; http_header; classtype:attempted-recon; sid:200001674; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"emojis.dels.bar"; content:"Host"; http_header; classtype:attempted-recon; sid:200001675; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"emsi-lobo.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001676; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"en-template-solicito-16414253314897.onepage.website"; content:"Host"; http_header; classtype:attempted-recon; sid:200001677; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"enbolivia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001678; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"encryptdrive.booogle.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001679; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"engcamp.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001680; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"enoman.fqzsdgtg.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001681; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"erinaflorist.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001682; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ershamshad.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001683; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"escortinraipur.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001684; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eseax.ws"; content:"Host"; http_header; classtype:attempted-recon; sid:200001685; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"esfdesentakip.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001686; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eshetkari.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001687; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"esi-texas.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001688; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"esinnovativeinteriors.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001689; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"establecimientoscolonia-uy.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001690; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"estorneaqui.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001691; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc-co-jp.f2ss.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200001692; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc-co-jp.f3ss.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200001693; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc-meisfrq.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001694; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc-uhfjk.monster"; content:"Host"; http_header; classtype:attempted-recon; sid:200001695; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc.jp.anzhanfrp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001696; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc.kcjis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001697; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc.oxqk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001698; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"etc.synwy.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001699; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eth-coinwallet.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001700; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eth.coinscout.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200001701; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ethnictrendz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001702; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ets.jwr.pa-fakfak.go.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200001703; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eucriomeumundo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001704; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eugnerally-wixsite-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001705; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eusa-lombo.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001706; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"evashoes.com.ua"; content:"Host"; http_header; classtype:attempted-recon; sid:200001707; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"even-besar-banget.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001708; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"even-ff-gratisterbaru2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001709; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"event-ff-bundle-baru.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001710; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"event-freefire728.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001711; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"event-freeskkinmlbb.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001712; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"event-garenafreefire263.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001713; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eventclaimsff0.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001714; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"eventspinfreefire2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001715; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"everestmotors.com.np"; content:"Host"; http_header; classtype:attempted-recon; sid:200001716; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"evo-revolutioncups.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001717; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"evolbithman.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001718; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"excel-cloud-document-2021.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200001719; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"excelhana.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001720; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exchange-pancakeswaps.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001721; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exchangedictionary.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001722; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exodlus.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001723; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exodus-2022.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001724; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exodus.com-wallet-signin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001725; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exodus.com-web-wallet-online.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001726; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exodus.com.tccaponline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001727; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exoduspool.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001728; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exondus-lokin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001729; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"exploretrace.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001730; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"expocid.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200001731; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"extracash-interlbankonline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001732; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"extracloud.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200001733; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ezblox.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200001734; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ezssausage.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001735; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"f2f.co.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200001736; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"f6fr7.codesandbox.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001737; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"f9w1lned0ruqblxi6jahwotak.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001738; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"faccebook.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001739; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook--videos----app----today.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001740; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook-0.se.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200001741; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook-accts.pages-recovery.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001742; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook-login.tbit.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001743; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook.com-4tfgonrlym.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200001744; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook.com-j706zmy49r.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200001745; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook.com-qze9zt75vm.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200001746; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook.com-r51znzih8i.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200001747; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook.com-zxsrf038k.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200001748; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook.eventspinff.wtf"; content:"Host"; http_header; classtype:attempted-recon; sid:200001749; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook.kingstopup.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001750; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook.whcserverbox.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001751; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebook8facebook.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001752; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebookk.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001753; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebookphisher.herokuapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001754; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"facebooks.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001755; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"faic.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001756; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"faizankhan0408.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001757; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"falling-scene-3ac3.updatelogaccountprogramedrfwerwrdhskk.workers.dev#winnie@soupro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001758; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fancy-rain-22bf.vakagew948.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001759; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fantech.co.il"; content:"Host"; http_header; classtype:attempted-recon; sid:200001760; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fanxtv.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200001761; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fassilneit.ultimatefreehost.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001762; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fassilnet.ultimatefreehost.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001763; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fassilnet5.ultimatefreehost.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001764; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fax.gruppobiesse.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200001765; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fb-case-id-28031803-fcdc-48af.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001766; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fb-pages.proteksion-help.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001767; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fb.10004682.review"; content:"Host"; http_header; classtype:attempted-recon; sid:200001768; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fb.expressturkeyi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001769; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fb7927.bget.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001770; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fdasd.2e4jept.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001771; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fdhgf.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001772; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"federalaccesscredit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001773; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fedner.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001774; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fer-brooks.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001775; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"feriadempleos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001776; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ferienhof-gempel.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200001777; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ff-anivesary225.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001778; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ff-member-ganena.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001779; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ff-membership-garena.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001780; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ff-membershipz-garena.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200001781; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ff.members.garera.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001782; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ffim-event-2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001783; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fghjr74rhudfguhtfguji.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001784; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fi.uy"; content:"Host"; http_header; classtype:attempted-recon; sid:200001785; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fiber10.iaasdns.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001786; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fidelitybank-mn.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001787; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fighting40s.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001788; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fikir.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200001789; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fileundelete.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001790; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"filtrosmil.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200001791; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"finalfantasyguide.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001792; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"finiiishingedgex.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200001793; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fir-9s-0s.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001794; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"firstsourcesbus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001795; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fixi.rest"; content:"Host"; http_header; classtype:attempted-recon; sid:200001796; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fixingtodaymailuserupdates.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001797; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fixwalletissues.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001798; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"flcancer39-px.rtrk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001799; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"flowerfactoryonline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001800; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fluksrv.mycpanel.rs"; content:"Host"; http_header; classtype:attempted-recon; sid:200001801; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fmwebapp.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001802; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"foliar.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001803; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"foma-ura-lote.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001804; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"foor1.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001805; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"for-pakage-delevry.tragaroleary.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001806; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"foresta-mod.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001807; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"forhimself9999.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200001808; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"formbuddy.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001809; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"forms.formium.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001810; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"formtools.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001811; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"forum-dofus.com.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200001812; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fpalpha.myportfolio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001813; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fpmaam.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001814; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fr-europe564598-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001815; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"frankfurtertsparkasse.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001816; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"free-covid-19-stimulus-bonus.nethouse.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001817; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"free-firecoderedem.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001818; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"free-mail4.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001819; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"freefire.pontorecargajogo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001820; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"freefiredot-comerhadiah.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001821; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"freefireevent-codashop2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001822; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"freeitemff-allreward.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001823; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"freeliker.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001824; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"freereward-ff.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001825; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"frefire-membership-garena.sukienfreefire2021.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001826; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"freg-nine.pt"; content:"Host"; http_header; classtype:attempted-recon; sid:200001827; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"friendsofnechockey.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001828; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fromtheofficial.pricesrakutenlogin.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001829; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-ca.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001830; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-exchangex.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001831; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-me.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001832; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-register-pro.world"; content:"Host"; http_header; classtype:attempted-recon; sid:200001833; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-register.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001834; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-register.website"; content:"Host"; http_header; classtype:attempted-recon; sid:200001835; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx-signup.click"; content:"Host"; http_header; classtype:attempted-recon; sid:200001836; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx.com.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001837; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftx.cool"; content:"Host"; http_header; classtype:attempted-recon; sid:200001838; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ftxbonus.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200001839; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"funiswap.exchange"; content:"Host"; http_header; classtype:attempted-recon; sid:200001840; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"furgonetka-1.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001841; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fusionrestobar.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001842; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"futurebits.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001843; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fwztmgr.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001844; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fxhalifax.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001845; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"fxxmpavktyihgyqitmuaimubui-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001846; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"g-mtcc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001847; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"g.greatsubstance.com.my"; content:"Host"; http_header; classtype:attempted-recon; sid:200001848; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ga.teesmith.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200001849; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gabrielamims.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001850; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gagaclinic.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001851; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gakrvwufrvhxjaabezdbltlhff-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001852; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gallciaonllne.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001853; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"garena-xacminhtaikhoan.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001854; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gasunige.mfs.gg"; content:"Host"; http_header; classtype:attempted-recon; sid:200001855; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gbunggrup-pmrsatu13.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001856; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gedfdfsd.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200001857; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"geg.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200001858; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"generali-italia-ag.hrweb.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200001859; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"genie-alba.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001860; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"getapps.vip"; content:"Host"; http_header; classtype:attempted-recon; sid:200001861; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"getimpacteipay.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001862; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"getitapprovedacceptourterms2021.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001863; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"getlikesfree.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001864; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gfxx.creatorlink.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001865; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ghorana.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001866; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gif-discorde.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001867; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"giris-papara.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001868; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"girleatsworld.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001869; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001870; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"glogo.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001871; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"glsword.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001872; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gmailposteingangi.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200001873; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gmgroupllc.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200001874; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gmxmailme.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001875; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"go.simplify.co.nz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001876; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"go24link.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001877; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"goldenlasgidi10.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001878; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"golkondaresorts.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001879; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"goo-gl.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001880; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"good12345.tripod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001881; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gorol-cost.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001882; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gorol-investor.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001883; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gosafes.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001884; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gosteveshawtraining.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001885; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gov.pl-covid.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001886; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gramarcales.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200001887; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"greekinfra.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001888; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"greenclasses.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001889; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grosshandel-mevida.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200001890; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"group-wa-1.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001891; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"groworldinternational.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001892; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grp02.member.mycld-rakuten.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200001893; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grubnatajadeh12.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001894; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grubterbarukk037.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001895; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grubviralterbaru65c.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001896; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gruo-wa-okep-dewasa-2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001897; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grup-bokep-terbaru555.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001898; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grup-whatsapp121.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001899; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grup-whatsappbokep1.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001900; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grup-whatsappbokep2.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001901; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grup2022ssx.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001902; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grupofsp.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200001903; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gruposanpio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001904; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grupwhatsaap-viral-2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001905; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"grupwhatsappnobar-2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001906; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gscommunityspirit.greenschool.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001907; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gstsolutions.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200001908; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gtw420.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001909; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gunatanahku.perkimtan.sumbarprov.go.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200001910; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gurukanth.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001911; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"gwenet.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001912; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"habbocreditosparati.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001913; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"haftteam.ir"; content:"Host"; http_header; classtype:attempted-recon; sid:200001914; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hahdaeupdate.es.tl"; content:"Host"; http_header; classtype:attempted-recon; sid:200001915; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"halaisabudhabi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001916; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"halifax-securelink.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001917; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"halisdurum.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001918; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"haliuk-secure-device.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001919; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"handakai.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001920; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hangovertest1.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001921; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hans-ledlite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001922; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"happycabbagechicago.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200001923; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"haroldhazard1-wixsite-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001924; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hasseanhannitybeenwaterboarded.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001925; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"haunlimited.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200001926; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hcnprdvz.azureedge.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001927; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hdmediahub.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200001928; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"heinthu1.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001929; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hellenic-postbank.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001930; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"help-account-bxsfe.ondigitalocean.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001931; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"help-identity-recoveri-support-center.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200001932; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"help-notice-center-identity-6532.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200001933; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"help.insecur.saftyalert.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001934; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"help.validation-page.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001935; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"helpingcentere.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001936; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"henan.vxim58i.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001937; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hermes.parcel-tracker.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001938; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hetershaven.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001939; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"heuristic-gagarin.45-88-108-231.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200001940; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hgda.db0u4hs.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001941; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hgdaa.lfoxcct.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001942; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hghgda.erjl0hx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001943; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hhdd.mzhemfi.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001944; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hi.switchy.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001945; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hidzzs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001946; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly01721.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001947; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly06356.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001948; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly31916.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001949; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly32053.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001950; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly38926.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001951; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly39091.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001952; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly61215.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001953; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hifly71191.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200001954; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"himalayansherpa.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200001955; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"himbauane.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001956; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hitman71hd-wixsite-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001957; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hockian.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001958; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"holobeam.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001959; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"home.ei1ns.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200001960; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"home.myfairpoint.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001961; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"homepichilinea2.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001962; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"homesinlogin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001963; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hostnix.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200001964; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hostpoint.ch.17a902ef.tcorner.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200001965; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hotbrooks.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001966; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hotel-pontos.gr"; content:"Host"; http_header; classtype:attempted-recon; sid:200001967; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hoteltigerplus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001968; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hounbvc-c7661.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200001969; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"houseofscotland.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200001970; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hpnepgnmwrgdrrsdshzrvyirlx-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001971; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hpplotters.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001972; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hs-giveaways.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200001973; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ht-cargo.com.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200001974; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"htlgroup.com.my"; content:"Host"; http_header; classtype:attempted-recon; sid:200001975; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"httpcom-0d4tol437.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200001976; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"httpeugnerally-wixsite-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001977; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"https-scert-con04.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001978; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"https-scert-srv02.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001979; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"https-scert-srv06.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001980; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"https-scert-srv08.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200001981; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"httpsfaceb00k.com-r51znzih8l.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200001982; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"httpsfacebo0k.com-r51znzlh8i.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200001983; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"httpsfacebook.com-r51znzih8i.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200001984; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"httpsfacebook.com-r51znzlh8i.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200001985; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"httpsmarketplace.facebook.com-wd5sulr0f5.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200001986; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hubcare.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001987; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hulu-com-activate.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001988; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hulu-hulu-com-activate.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001989; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hulu.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200001990; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"humc.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200001991; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hutoknepper.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200001992; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"huxleyfran.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001993; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"huynguyen2k.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200001994; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"hypegames.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200001995; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"i-ask332.dga.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200001996; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"i.violationspage.validationspege.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200001997; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ialvkqkadlmcdltczoqpwoociz-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200001998; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ibpm.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200001999; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"icloud-map-live.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002000; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"icy.martulangbelulalng.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002001; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"idappswallets.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002002; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"identifiez-vous-avec-votre-compte.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002003; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"identifiez-vous598.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002004; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"identify.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002005; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"idhuman-verification.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002006; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"idnpokerweb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002007; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ieqdlhv.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002008; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iframejld.avent-media.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002009; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ighk.umjlrs7uci2751.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002010; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iipvit.by"; content:"Host"; http_header; classtype:attempted-recon; sid:200002011; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijcda.bukkats.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002012; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijhca.0gb0h7z.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002013; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijjd.h8nmtcc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002014; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijmna.p2y00vd.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002015; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijmnc.x7o1tut.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002016; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijnssa.w005zmk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002017; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ijsa.x3585z7.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002018; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikcda.a2g5xvs.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002019; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikcsa.ajiqvjf.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002020; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikdff.jmo904i.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002021; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikja.lbanwqp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002022; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikjcd.p1z98hl.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002023; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikjd.uk0xnp8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002024; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikjgd.rg6bzk7.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002025; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikmcd.u4jdbxm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002026; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ikmxaa.qcqxlrq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002027; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ilooksrare.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002028; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iloveyourglasses.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002029; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ilpconnect.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002030; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"image-pict-ig.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002031; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"imersao.impulseingles.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002032; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"imf0rm4t10nc3nt3r-1d3nt1tys.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002033; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"imobiliaria-cardinali-com-br.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002034; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"impostazionebper.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002035; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"in.deraya.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002036; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"indo-viral2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002037; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"info.lionnets.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002038; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"infohypesquad.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002039; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"infopichinchaweb.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002040; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"information.safeamazoncardweb.cyou"; content:"Host"; http_header; classtype:attempted-recon; sid:200002041; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"informations.recovery.confiryourpage.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002042; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"infos00001.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002043; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"infosecplace.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002044; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"infosprologinmatrisemomols.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002045; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ing.ingdirect-app.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002046; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ingaveiculos.creatorlink.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002047; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ingresadatosbono210.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002048; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"inicia-bancalnterbank.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002049; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"inna.cedymll.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002050; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"innca.ol90k56.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002051; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"innovasjon.as"; content:"Host"; http_header; classtype:attempted-recon; sid:200002052; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"inps-ep.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002053; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"instahelppbaddge.ml"; content:"Host"; http_header; classtype:attempted-recon; sid:200002054; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"intellidata-analytica.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002055; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"interbankempresas.pe-il.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002056; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"interbankhomeweb.fullcircleteam.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002057; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"intern.unibas-com.ch"; content:"Host"; http_header; classtype:attempted-recon; sid:200002058; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"international-formulier.91-218-65-223.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002059; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"internetbanking-caixa-gov.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002060; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"internetbankinghelp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002061; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"internetservicetech.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002062; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"intesalife.ie"; content:"Host"; http_header; classtype:attempted-recon; sid:200002063; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"intexargentina.com.ar"; content:"Host"; http_header; classtype:attempted-recon; sid:200002064; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"inthewildproductions.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002065; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"intoli.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002066; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"intrafloraplants.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002067; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"intranet.sztpe.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002068; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"investpl.work"; content:"Host"; http_header; classtype:attempted-recon; sid:200002069; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iplogger.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002070; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iqwea.soxr0u1.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002071; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ironmantech.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200002072; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"irs-gov-supportcenters.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002073; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"irs.gov-coronavirus-pandemic-tax-refund-submission.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002074; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ise.com.ar"; content:"Host"; http_header; classtype:attempted-recon; sid:200002075; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"isfirsatibul.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002076; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ismamorlin.my-place.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200002077; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"isntagranmeta.pagedemo.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002078; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"istudyalumni.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002079; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"it-europe564598-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002080; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"it.melnikhotels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002081; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"itcentralsupport.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002082; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"its.tikkycloud.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002083; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"itsmdshahin.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002084; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iuhkj.r4f4vmtlso.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002085; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iuhs.tyopfhn.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002086; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iujdas.yfwxlc9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002087; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"iuyydd.ebeg6uk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002088; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"j9w77d0.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002089; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jacco.co.jp-service-tranid-0001-00001m.jtlctj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002090; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jacco.co.jp-service-tranid-0001-00001m.jxbehx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002091; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jacco.co.jp-service-tranid-0001-00001m.qyb59bk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002092; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jacco.co.jp-service-tranid-0001-00001m.v8vxqi.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002093; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jacco.co.jp-service-tranid-0001-00001m.v9iasv.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002094; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jacco.co.jp-service-tranid-0001-00001m.vjsj3y.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002095; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jacobliston.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002096; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jadaart.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002097; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jagex-rewards.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002098; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jam-023d.gitlab.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002099; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"james8.aidaform.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002100; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"javarockingland.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002101; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jax.bz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002102; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jbwbzta.alfens8.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200002103; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jeanbaileyrobor.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002104; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jendelajogja.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002105; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jerinja.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002106; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jetser-electrical-supply.business.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002107; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jett.gator.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002108; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jflkp.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002109; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jfovukvysqnglcjghfxncklqih-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002110; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jhda.wfdyk9p.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002111; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jhdd.fjcslad.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002112; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jhff.93oe0u9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002113; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jhnd.0drhnjk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002114; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jiwanramchemical.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002115; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jjhcd.27ke98i.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002116; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jk99j.sbs"; content:"Host"; http_header; classtype:attempted-recon; sid:200002117; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jlogine.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002118; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jmcna.jiwayjc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002119; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jmfykd.cyou"; content:"Host"; http_header; classtype:attempted-recon; sid:200002120; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jncba.diiqsmm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002121; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jnlope.tangguakrapekpuik.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200002122; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jnnc.grnxkoj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002123; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"job-type.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002124; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jobs.job.com.bd"; content:"Host"; http_header; classtype:attempted-recon; sid:200002125; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joecamera.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002126; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"john-ashley.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200002127; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"join-group-1.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002128; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"join-gruo-waku282.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002129; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joinedprice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002130; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joingrupku183.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002131; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joingrupp-bkep156.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002132; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joingrupterbaru-0.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002133; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joinlinkviral729.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002134; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joinssgropshot18.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002135; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joinssgropssney6.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002136; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jow-japan.or.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200002137; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"joyeriajireh.com.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200002138; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jp-auid.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002139; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jp.mercari.omany.buzz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002140; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jptechdocsign.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002141; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jrhayley.plus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002142; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"juandfar.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002143; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jurisgeneral.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002144; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jurlebedev.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002145; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"juscook.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002146; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"justgot.gonevis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002147; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"justsayingbro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002148; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jvk.zultifarza.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002149; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jyeue43rm95p.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002150; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"jz2bab.webwave.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002151; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"k3ja6d.webwave.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002152; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kaamwalibais.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002153; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kachinas.be"; content:"Host"; http_header; classtype:attempted-recon; sid:200002154; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kamdhenurealities.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002155; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kargonova.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002156; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kartaltepespor.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002157; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kasba.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002158; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"katanaroninchains.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002159; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kbstitchdesigns.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002160; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kcas.ygvlrlo.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002161; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kdhdf34j6dfh.dealerwebsite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002162; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kdlscaffolding.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002163; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kecc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002164; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kecmanijada.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002165; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kedai-gamers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002166; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"keep-passw0rd-supp0rt20211129-0106.supp0rtaaqkadq2zgnizte3ltbly2etnge5yi05ntm3lty2yjcwyzywzdjhmwa.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002167; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"keepactive-8k98-l9k8-98j8-98j78u-d3d3-fr3d34d-2.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002168; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"keepboxactive-msoe3e3-osd2rrf432-d342f4-3f34e32edetferef.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002169; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kenanhusovic.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002170; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kevinsmovingservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002171; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kex81.sbs"; content:"Host"; http_header; classtype:attempted-recon; sid:200002172; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"key-drcp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002173; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kghm-invest.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002174; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ki89.pckmlc0cus5667.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002175; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kienthucykhoa.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002176; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kimaki.001www.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002177; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kingfaisalprize.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002178; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kingmhd95p.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002179; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kissapps.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002180; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kit.mishkanhakavana.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002181; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kjhdda.tetfeec.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002182; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"klaim-item-mlbb-terbaru8.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002183; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kleinsigns.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002184; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"klockorochsmycken.se"; content:"Host"; http_header; classtype:attempted-recon; sid:200002185; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"knocktheskool.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002186; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"koerich-c-empresarial.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002187; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"koji.to"; content:"Host"; http_header; classtype:attempted-recon; sid:200002188; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kone-ali123-mon-site-web-cheetah-5.cheetah.builderall.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002189; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"konfirmasi-identitas-2022.webnode.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002190; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"konnect2kamadhenu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002191; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"koteng.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002192; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kr-bithumb.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002193; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"krupije.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002194; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"krx887.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002195; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ksschool.org.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002196; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kuchkuchnights.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002197; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"kurortnoye.com.ua"; content:"Host"; http_header; classtype:attempted-recon; sid:200002198; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ky79.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002199; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"l-abe.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002200; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"l-q.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002201; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lambdaweb.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002202; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"laposada.roncesvalles.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200002203; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"laposte-france.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002204; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lapotosinaexpress.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002205; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"larindbr.creatorlink.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002206; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"larvalab.to"; content:"Host"; http_header; classtype:attempted-recon; sid:200002207; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lasyaja.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002208; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"latelevitation.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002209; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"latest-recharge-reorder.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002210; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"latestnews.pricesrakutenlogin.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002211; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"latinotravel.cz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002212; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lazada889.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002213; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lbce.lecservilbc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002214; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ldsplanettt.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002215; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"le-diablotin-rouen.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002216; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"leadershipmail.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002217; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"learningimpactmodel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002218; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"leboncoiinlbc.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002219; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"leboncoin.delivery01588.icu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002220; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lefaf77683.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002221; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lemeiesta.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002222; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lenagruessdich.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002223; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"leroycu.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200002224; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"letoptuswebmail-9b69f0.ingress-comporellon.easywp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002225; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lettertracing4kids.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002226; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lexnotes.com.ng"; content:"Host"; http_header; classtype:attempted-recon; sid:200002227; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lg-onecom-io.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002228; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"liberasrl.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200002229; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lihi3.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200002230; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"linkgrupkakak-disini.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002231; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"liongear.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002232; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lirc.cep.edu.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002233; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"little-frost-1a15.chrisc11004842.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002234; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"little-rain-39c4.newdhlacceslogins.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002235; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"little-wood-23ca.abssupdatedlogin.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002236; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"litty.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200002237; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"liusanchuan.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002238; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"live-site.hopto.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002239; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"live.rawfednews.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002240; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"livechat-ronin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002241; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"livecryptolab.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002242; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"livelifelimitless.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200002243; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ljkds.hvkmjdq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002244; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lkjds.nlmwjta.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002245; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydbank-accountbreach.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002246; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydbank-secure-customers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002247; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydbank-support-team.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002248; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydbanking-securelogin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002249; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydsbank.deregister-payee-secure-auth.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002250; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydsbank.secure-online-deregister.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002251; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloydsbank.secure-personal-device-login.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002252; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lloyduk-newdevice-registered-online.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002253; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"llsckhuhskcamuqwbonsrhwpvk-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002254; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lmbanang.pgryuangbtusngka.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200002255; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lnkd.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002256; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lnterbancape-lbk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002257; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lnterbank.pe.starneonsignsug.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002258; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"local-postoffice-deliver.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002259; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"localwithg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002260; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lockpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002261; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"loengregkuetngferu.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200002262; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lofon-add.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002263; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"loftywallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002264; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"logfuliz.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002265; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login-a5x1ir9bkd0dfo9nrbe2akijf3ux35u2gard0djpitipusxxc8.website.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002266; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login-facebook18.webnode.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002267; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login-live.com-s02.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002268; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login-np6hh1hdf6csg7hcskopd44b7e7z4clqa8lput68g5abukevka.website.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002269; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login-postfinance.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002270; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login-singaporee.apply-now-online-digital.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002271; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login.dbs.webdbslistinonline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002272; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"login.privategold.uytrtyuhij987.gowithapex.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002273; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"logindhlaccess.dhlupdatelogin.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002274; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"loginnewatt.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002275; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"logverify-df12e-verify-1230-eu.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002276; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"loinesports.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002277; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lomadesarrollos.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200002278; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lombard11.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002279; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lot-lp-x.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002280; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"love.gos-box.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002281; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lp.vp4.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002282; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lrs.financial"; content:"Host"; http_header; classtype:attempted-recon; sid:200002283; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lrs.foundation"; content:"Host"; http_header; classtype:attempted-recon; sid:200002284; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lrs.fund"; content:"Host"; http_header; classtype:attempted-recon; sid:200002285; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ltdv1signinui.website.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002286; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lucid-lichterman.45-81-232-17.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002287; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"luciolee17.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002288; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lucky-glitter-f89f.jimmysitt.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002289; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lucy-walker.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002290; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lukysepinfreefire2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002291; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lunugrcpujwcfnajuctkojawrh-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002292; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"lydab.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002293; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.help.insecurpage.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002294; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.maseocoad.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002295; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.mauofcg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002296; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.protc.safty-pege.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002297; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.recovery.safetyacount.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002298; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.recovery.saftypageupdate.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002299; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m.salsomascard.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002300; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"m42club.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002301; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"machineryzoneservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002302; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"macjakarta.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002303; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"macst.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200002304; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"madens.com.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200002305; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"madrhinoconsulting.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002306; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maestro.my.prod.dfg152.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002307; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"magyar-posta.ddns.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002308; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"magyar-posta.sytes.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002309; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mahikapur.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002310; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mahud.globizsapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002311; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail-account-verify-f4723.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002312; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail-gmxaktualisierung.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002313; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail-ovhcloud.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002314; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail-ssocloud-srvr67yhguh.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002315; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.atlanticeconcrete.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002316; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.enrollmoreclientsbootcamp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002317; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.ims-fe.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002318; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.kenanhusovic.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002319; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.kuttabalfatih.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002320; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.santepluspharma.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002321; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.sweetshopspecialtycoffee.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200002322; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.updateinfo-billingo2.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002323; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.wellsfargous.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002324; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.wheel1factory.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002325; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mail.zenstream.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002326; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck1.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002327; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck10.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002328; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck11.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002329; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck12.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002330; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck13.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002331; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck14.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002332; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck15.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002333; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck16.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002334; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck17.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002335; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck18.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002336; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck19.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002337; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck2.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002338; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck20.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002339; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck4.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002340; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck5.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002341; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck6.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002342; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck7.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002343; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck8.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002344; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maildomaiincheck9.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002345; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailgmxaktualiisieren.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002346; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailplusrolerequestedprivatemailupdates.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002347; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailserver7656566.blob.core.windows.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002348; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee10.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002349; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee11.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002350; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee12.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002351; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee14.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002352; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee16.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002353; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee17.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002354; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee19.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002355; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee20.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002356; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee21.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002357; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee22.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002358; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee24.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002359; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee26.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002360; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee27.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002361; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee28.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002362; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee29.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002363; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee34.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002364; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee35.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002365; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee40.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002366; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee6.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002367; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee7.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002368; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mailupdattee8.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002369; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mainbugerrorfixing.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002370; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mainmobilerectify.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200002371; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mainsbscrestore.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002372; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maintoken.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002373; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"makcts-go.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002374; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"make-anon-keep-past.rvsla.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002375; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mala-riba.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002376; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"malaprontaargentina.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002377; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"malehaenterprises.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002378; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"malukutenggarakab.go.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002379; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mamasitasont.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002380; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mandirilivinlinksystem.brizy.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002381; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mandirilivinlinksystem3.brizy.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002382; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"manualsync.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002383; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maotun.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002384; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mapsa.com.pe"; content:"Host"; http_header; classtype:attempted-recon; sid:200002385; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marifilmines.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200002386; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marinthe.poingaitongamlm.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200002387; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace-axieinfinity.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002388; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace-axlelnfiniity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002389; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-1b6x8r3ep.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002390; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-29ta3qbv.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002391; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-hzup1bae.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002392; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-izkbuxmx.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002393; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-kq1oh2ae.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002394; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-milt5ssm.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002395; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-qze9zt75vm.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002396; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-sauuvazpjo.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002397; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-tyeuieb7.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002398; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-wd5sulr0f5.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002399; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplace.facebook.com-z1au8cxghl.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002400; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketplaceaxieinfiniity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002401; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"masdas0932.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002402; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"masum.lawyer"; content:"Host"; http_header; classtype:attempted-recon; sid:200002403; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"match.lookatmynewphotos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002404; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"matchoklahoma.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002405; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"matelamsiska.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002406; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"matiruys.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002407; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maxclinic.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002408; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"maxis-winner-2020.webs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002409; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mayormoveis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002410; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mboutique.cfd"; content:"Host"; http_header; classtype:attempted-recon; sid:200002411; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mccarthyelectrical.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002412; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mcconcep.cluster005.ovh.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002413; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mchganistore.solofolio.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002414; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mdex.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200002415; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mdurucan.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002416; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"medelinahealth.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002417; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"medeniyetakademisi.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002418; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediasystembusiness.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002419; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mednungtanpoudan-acvwe3.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200002420; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"medo.world"; content:"Host"; http_header; classtype:attempted-recon; sid:200002421; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"medtamr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002422; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"meeting-23900123090123.bitbucket.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002423; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"memestock.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002424; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mercani.pomyt.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002425; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mercariz.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002426; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"meremanovegabana.website2.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002427; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mbudeu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002428; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mednljn.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002429; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mgeukpx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002430; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mglsffs.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002431; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mglxyul.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002432; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mhgqdtv.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002433; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mjrsrfo.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002434; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mktbbr.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002435; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mkxbqnu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002436; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mlyffa.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002437; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mmsfzys.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002438; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mnfjwy.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002439; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mnheijt.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002440; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.msnygk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002441; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mtlrnzu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002442; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mukkwvc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002443; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mericarir.mxsoecl.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002444; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"meriocori-logining.2y3uio.pyqbas.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002445; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mestertignseekjet4.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002446; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mestertignseekjet5.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002447; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mestertignseekjet6.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002448; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mestredaobra.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002449; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"meta-support-centers.ml"; content:"Host"; http_header; classtype:attempted-recon; sid:200002450; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metalurgicagiom.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002451; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamasc.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200002452; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask-connect.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002453; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask-connect.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002454; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask-extension.com.hsurge.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002455; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask-wallets-protection.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002456; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask-wallets.yahoosites.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002457; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.cam"; content:"Host"; http_header; classtype:attempted-recon; sid:200002458; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.io-php.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002459; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.kiwi"; content:"Host"; http_header; classtype:attempted-recon; sid:200002460; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.loan"; content:"Host"; http_header; classtype:attempted-recon; sid:200002461; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.protocol-process.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002462; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.security-information.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200002463; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.social"; content:"Host"; http_header; classtype:attempted-recon; sid:200002464; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamask.wallets-reauth.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002465; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamaskdownloadandroid.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002466; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamaskextension.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002467; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metamassklogins-us.tumblr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002468; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"metaversepadapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002469; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"meusabor.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002470; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mfacebook.blogspot.com.cy"; content:"Host"; http_header; classtype:attempted-recon; sid:200002471; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mfacebook.blogspot.lt"; content:"Host"; http_header; classtype:attempted-recon; sid:200002472; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mfacebook.blogspot.rs"; content:"Host"; http_header; classtype:attempted-recon; sid:200002473; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mgpskartarpur.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002474; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mgrandroyale.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002475; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mibancocrece.com.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002476; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"micacd.elshov.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002477; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"michiyado.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002478; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"microcav.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002479; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"microsoftonline.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002480; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"microsoftwebserver.mfs.gg"; content:"Host"; http_header; classtype:attempted-recon; sid:200002481; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"micuenta01.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002482; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"midasbuy1st.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002483; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"midsposc2.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002484; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mijnics-actualisatie.185-236-231-64.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002485; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mikayelxhovakimyan.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002486; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"milanobet301.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002487; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"militarybikers.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002488; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mingming20160152.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002489; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"miozpro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002490; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"miracdoviz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002491; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"miss-paym02.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002492; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"missionshashank.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002493; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjayme9jdg9izxixmjeydgg.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002494; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjayme9jdg9izxiymjnyza.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002495; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1heta1dgg.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002496; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1hetezmtj0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002497; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1hetgym3jk.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002498; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1hetizmtl0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002499; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1hetqymhro.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002500; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1hetu3dgg.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002501; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu1hetuymhro.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002502; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu5vdmvtymvymji5dgg.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002503; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymu5vdmvtymvymtexdgg.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002504; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymuf1z3vzdde4mtf0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002505; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymufwcmlsmde5dgg.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002506; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymup1bhk0mtf0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002507; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymup1bhk1mtr0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002508; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymup1bhkzmtn0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002509; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymup1bmu0mtf0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002510; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymup1bmuymzfzda.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002511; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymuphbnvhcnkxmzv0aa.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002512; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymurly2vtymvymjiyn3ro.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002513; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mjaymvnlchrlbwjlcjizmxn0.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002514; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mk2.ge"; content:"Host"; http_header; classtype:attempted-recon; sid:200002515; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mkjiool.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002516; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mnbxa.73kfer9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002517; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mnbxcas.zm7wwar.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002518; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mncxx.qbeepor.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002519; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mnnbx.r1rpj09.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002520; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mnncxa.fwffsyt.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002521; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiile.systemredirect-pages.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200002522; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobile-orange-forever.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002523; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobile-portail.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200002524; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobile.hedgesportst.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002525; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"moccasinyellowbetatest.josekkk.repl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002526; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"modest-hertz.45-81-232-15.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002527; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"moiksys.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002528; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mon-token.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002529; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mon.espace.lcl.fr.certosini.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002530; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monbudri.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002531; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mondrive.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002532; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monedri.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002533; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monirshouvo.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002534; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monomobileservice.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002535; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monprofilclient.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002536; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monstercarp.rn86.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002537; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"montenegrolandscape.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002538; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"montrealidiomas.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002539; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"monyeward.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002540; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"morcario.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002541; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"morfybox.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002542; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"movil.particulares-secure.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002543; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mqzlsim.mindlogicinfotech.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002544; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mrpitchman.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002545; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"msc-doelsach.at"; content:"Host"; http_header; classtype:attempted-recon; sid:200002546; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mscc1s.ultimatefreehost.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002547; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"msnserviceverifivation.wordpress.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002548; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"msofficemessagescenter-1.mfs.gg"; content:"Host"; http_header; classtype:attempted-recon; sid:200002549; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mtngifts2021.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002550; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mtron.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002551; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mtsn1kotabekasi.sch.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002552; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"muddy-credit-ea7b.0fflce-mlcr0sfot-online-supposrts3jp-tokcloud.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002553; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mudraloans.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002554; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mufg.jp.yjfszs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002555; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"muriiityua.krywanbobaanja.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200002556; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mxrr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002557; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my-bithumb.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002558; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my-gmail.ir"; content:"Host"; http_header; classtype:attempted-recon; sid:200002559; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my-site219.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002560; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my.jcpwb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002561; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my.nhs-get-pass.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002562; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my.paydi.login-index-home.x4typfc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002563; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"my02billing-login.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002564; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mybeii.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200002565; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mycoerver.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200002566; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mygoogleaccount.stantrade.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002567; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"myjcb.cyyptoi.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002568; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"myjcb.thxpj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002569; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mymbg-aa2e2.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002570; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mymeta-securearea.plesk07.zap-webspace.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002571; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mymweb-owner.at.ua"; content:"Host"; http_header; classtype:attempted-recon; sid:200002572; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mypo-delivery.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002573; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mypsm.psm.edu.mm"; content:"Host"; http_header; classtype:attempted-recon; sid:200002574; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"myshedbuilder.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002575; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mytheamsauthecent.wapgem.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002576; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"myupdates-mynetflix.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002577; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mywalletsvalidation.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002578; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"mzqualitycleaning.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002579; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"n-naoko-0319.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002580; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"n.salsomascard.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200002581; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"n26.sa-france.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002582; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"n7orton.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002583; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nab-access-breach.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002584; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nab-alert.mobi"; content:"Host"; http_header; classtype:attempted-recon; sid:200002585; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nab-www.303.si"; content:"Host"; http_header; classtype:attempted-recon; sid:200002586; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"naderkhani.ir"; content:"Host"; http_header; classtype:attempted-recon; sid:200002587; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"najboljeuslugezavas.betterservicesforyou.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002588; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nalandaias.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002589; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nanjing.itud167.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002590; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"napgamelienquan.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002591; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"naranja-users.auth0.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002592; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"native-possession-josh-asks.trycloudflare.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002593; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nattionaliy.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002594; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"natu-mx.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002595; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"naturalrocksand.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002596; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"natwest.nwolb-login-auth.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002597; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"natwest.secure-auth-personal-device.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002598; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"natwest.secured-online-verify.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002599; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"natwest.secured-personal-verify.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002600; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nayablabs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002601; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nayameehomes.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002602; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbcc.0bit08a.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002603; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbcd.xiu58rl.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002604; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbcvs.gd65y69.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002605; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbcxa.lctlfdq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002606; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbcxas.551awvr.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002607; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbhjxa.hblhi96.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002608; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbnonres.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002609; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbxaa.b1b6nac.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002610; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbxas.uabzfbm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002611; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbxasd.rm625b.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002612; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbxha.74zdws.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002613; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nbxza.giodzij.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002614; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ncgroup.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200002615; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"necessitymag.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002616; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nedbankqa.flowblocks.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002617; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nedriw.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002618; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"negociebra.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002619; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"neptuneinnovations.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002620; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"netciti.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002621; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"netflix-techarmy.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002622; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"netflixus-uwm-916726-sbi-917827.kamaliakhaddar.pk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002623; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"networksol-f35e7.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002624; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"neversencommun.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002625; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"newlifenursery.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002626; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"newrydramafestival.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002627; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"newsletter.pagueonlinebra.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200002628; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"newsodisha.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002629; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nextgensoftbd.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002630; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nftsmainnet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002631; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhattinsteel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002632; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhbcd.40ggify.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002633; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhbcd.xitgfmh.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002634; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhbcda.g4g5mgc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002635; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhbd.yl7g7qz.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002636; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhbdd.ncoavvx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002637; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhfactor.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002638; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhgcs.ugvvluf.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002639; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhhvd.zb06w77.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002640; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhri.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002641; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nhs.my-vaccine-status.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002642; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"niagarapower.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002643; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nic-home.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002644; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nizotchauffage.bilty.be"; content:"Host"; http_header; classtype:attempted-recon; sid:200002645; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nodesconnection.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002646; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"northlane.esy.es"; content:"Host"; http_header; classtype:attempted-recon; sid:200002647; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"notife.help.institutepages.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002648; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"notification-fb.secure-pages.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002649; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"notificationmember.mystrikingly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002650; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nour-ala-nour.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002651; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"novolimitenu.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002652; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nserviceserviceat.mystrikingly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002653; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nslg8.codesandbox.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002654; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nt.embluemail.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002655; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nueva-acropolis.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200002656; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nutroquin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002657; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nw-securedfailure.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002658; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ny989.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002659; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"nyhet.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200002660; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"o.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002661; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"o2-failure-billing-update.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002662; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"o2-updatebillingvia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002663; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"o2billingauth-update.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002664; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"o2phone-billingupdate.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002665; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oanmce.hjwxkugs.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002666; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ocareportesweb.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002667; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ocaxvefific.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002668; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oceantires.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002669; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ocioturismogalicia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002670; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oco.or.tz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002671; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oddplug.cfd"; content:"Host"; http_header; classtype:attempted-recon; sid:200002672; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"odiasamaj.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002673; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"offic365.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200002674; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"offic4046217.sitebuilder.name.tools"; content:"Host"; http_header; classtype:attempted-recon; sid:200002675; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"officeee.bubbleapps.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002676; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"officialevent.way.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200002677; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"officialliker.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002678; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ogrodywlochy.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200002679; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oiasasca.asiocsacszc.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002680; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oiasd.herorny.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002681; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oicm.oobqrxh.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002682; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oidda.5s2iamp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002683; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oijcd.qvjcddv.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002684; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oikca.smwceku.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002685; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oikcas.6b914ty.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002686; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oikcd.uf27ce8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002687; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oikcxa.zvvx01z.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002688; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oivac.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002689; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okcs.qj8yua.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002690; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okds.bbtlcve.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002691; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okep-viral-terbaru-terhist-2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002692; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okmca.8xcrn6w.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002693; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okmca.bxkfham.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002694; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okmca.uwudagu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002695; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okmxa.lfgpror.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002696; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"okpwtu.webwave.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002697; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ol-run1.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200002698; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"olidooo.waca.tw"; content:"Host"; http_header; classtype:attempted-recon; sid:200002699; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"olk.us7apye.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002700; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"olmnxa.wc2ikux.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002701; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"omesqiwines.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200002702; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oncopharma-ae.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002703; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onecreator.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002704; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onedrive.zhaoge.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002705; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onee-a0488.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002706; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oneisallandone.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002707; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oneone-19cd8.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002708; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oneone-a38ef.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002709; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"online-sistem.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002710; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlineasesor01.hostfree.pw"; content:"Host"; http_header; classtype:attempted-recon; sid:200002711; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlinebanking.unrecognised-new-payee.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002712; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlineffn2.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002713; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlineislemlersayfasivkfgirisicom.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002714; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlinsfuco.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002715; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlysportplus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002716; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ooxvocalor.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002717; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"opansea.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200002718; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"open24.ie-tsb.email"; content:"Host"; http_header; classtype:attempted-recon; sid:200002719; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"operationroofingllc3.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002720; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"opticabattilana.com.ar"; content:"Host"; http_header; classtype:attempted-recon; sid:200002721; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ora-n.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002722; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orabu.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200002723; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orange-dcr.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002724; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orange-security.cloud.coreoz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002725; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orange.iobeya.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002726; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orange.sphinxonline.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002727; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orange2k22.wixsite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002728; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orangeb191.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002729; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orangess.contactin.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200002730; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"org-nr.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002731; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"orlen.digital"; content:"Host"; http_header; classtype:attempted-recon; sid:200002732; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ormantencs112.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002733; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"osis.world"; content:"Host"; http_header; classtype:attempted-recon; sid:200002734; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"otomoto-h229.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002735; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"otomoto3452.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002736; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"otwmaxx.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002737; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oudczfbniitcqdsrmaapdztwqo-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002738; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ourgarden.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200002739; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"outlook1541489.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002740; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"outlookcom119.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002741; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ouverturecompte.lbp-eer.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002742; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002743; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"p1c.servleboncoinser.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002744; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"package2021.blogspot.ba"; content:"Host"; http_header; classtype:attempted-recon; sid:200002745; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"package2021.blogspot.bg"; content:"Host"; http_header; classtype:attempted-recon; sid:200002746; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"package2021.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002747; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"page-restrict-case22456548.help"; content:"Host"; http_header; classtype:attempted-recon; sid:200002748; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages-1008009999700022199021.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002749; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages-alert-facebook.ezyro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002750; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages-community-standart-2022.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200002751; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages-marvelous-project.webflow.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002752; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages-support-office-2021.gq"; content:"Host"; http_header; classtype:attempted-recon; sid:200002753; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages-support-office-2021.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002754; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pages.secure-accts.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002755; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pagesdetectscopyrightpostingactivitiesreported.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002756; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pagos.sinpemovil.cr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002757; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paidpapers.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002758; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paleyeer.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002759; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"palmm.ps"; content:"Host"; http_header; classtype:attempted-recon; sid:200002760; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancaakesvap.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002761; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancake-sawp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002762; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancake7wop.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002763; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakesawpes.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002764; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakesfinances.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002765; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakesvvap-finance.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002766; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswap.finance.tradechange.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002767; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswap.men"; content:"Host"; http_header; classtype:attempted-recon; sid:200002768; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswap.multi-wallet.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002769; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswap.salsasourcing.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002770; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswapes.company"; content:"Host"; http_header; classtype:attempted-recon; sid:200002771; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswapexcgn.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002772; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswapexch.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002773; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswapexchage.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002774; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswapexchg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002775; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancakeswappshop.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002776; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancaku-swap.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002777; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pancalteswap.finance"; content:"Host"; http_header; classtype:attempted-recon; sid:200002778; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"panccakesswap.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002779; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"panckaceswap.finance"; content:"Host"; http_header; classtype:attempted-recon; sid:200002780; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaskin.ru.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002781; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"panelweb-4cae2.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002782; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pankaceeswap.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002783; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pankaceswapes.finance"; content:"Host"; http_header; classtype:attempted-recon; sid:200002784; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pankakeswap.ledgity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002785; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pannelpub-benin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002786; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pantazisezopiiuurmail1.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002787; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"parcel-support018.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002788; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pardot.assemblecommunities.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002789; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pasarbta.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002790; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"passionfruit4576261.brizy.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002791; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pateltutorials.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002792; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"path.faithbible.institute"; content:"Host"; http_header; classtype:attempted-recon; sid:200002793; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pathospitals.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002794; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"patient-cell-40f5.updatedlogmylogin.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002795; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"patwise.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002796; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paws.org.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200002797; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paxfulacct.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002798; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paxfulmenu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002799; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pay-sera.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002800; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pay16-olx.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200002801; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paymentnotificationnow.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002802; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paypal-online-2deposits-paymentaccept.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002803; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paypal-opladen.be"; content:"Host"; http_header; classtype:attempted-recon; sid:200002804; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"paypalforex.co.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200002805; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pbemail.youxiangdashui.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002806; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pdf-cloud-document.weeblysite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002807; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pdf-sharefile-doc.weeblysite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002808; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pdflogincnvwo.app.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200002809; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pdfsecured.mystrikingly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002810; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"peaceful-black.193-70-50-31.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002811; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pedih.001www.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002812; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pembatalanakundinonaktifkan.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002813; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pencakecwap.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002814; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pensive-payne-505e1a.netlify.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002815; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"perfectliker.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002816; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"peringatanakunfb2k214.webnode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002817; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"phantom-walletweb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002818; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"phantomaa.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002819; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"phishingloginmicrosoftonlinecom.zerotrustcorp.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002820; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"phlexx.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002821; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"phreshphoto.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002822; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichincha-datos1.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002823; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichincha-datos2.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002824; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichincha-datos3.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002825; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichincha-datos5.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002826; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichinchabank.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002827; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichinchacomfi.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002828; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichinchaecori.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002829; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichinchauser.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002830; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pichinchverify.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002831; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"picnic.industries"; content:"Host"; http_header; classtype:attempted-recon; sid:200002832; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pics.lookatmynewphotos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002833; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"piermontbridge.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002834; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"piffvancouver.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002835; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pikaresailing.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002836; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pikay13.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002837; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pilmezorda.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002838; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pinchinchaverify.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002839; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pirana.co.rs"; content:"Host"; http_header; classtype:attempted-recon; sid:200002840; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pkobp.pl.justns.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002841; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pl-wiadomosciswiatowe.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200002842; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pla1060604.nichost.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002843; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"plan-o2-monthlypayments.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002844; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"planetaamor.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002845; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"plasticaindia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002846; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"platinumserviceac.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002847; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"playgirlgold.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002848; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ploferta.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002849; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"plugmailextraexpiredoldpolicynotificationscenter.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002850; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"po-service-page.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002851; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"poc-rewards-program-c2dfc.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002852; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"podpiska-darom.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002853; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pokajca.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002854; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pokcda.lnizi9c.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002855; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"poklsa.slodddz.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002856; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polcas.et0bgyf.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002857; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polcd.op59bk5.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002858; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polcda.qcgjwj7.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002859; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"poldf.gejzesp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002860; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polds.gmj6f2.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002861; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"poliambulatorioadriatico.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200002862; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"poligrafiapias.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002863; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polkadot-france.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002864; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polkastarter.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002865; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polsd.pa0cpof.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002866; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polska-informacyjna.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200002867; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polxa.uh8dg67.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002868; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polygon-pro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002869; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polygon-secure.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002870; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"polygon-technologyes.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002871; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pomnxaa.181gh1c.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002872; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"post-ch-de.34224.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002873; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"post-ch-de.65241.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002874; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"post-ch.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200002875; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"post-track.ch"; content:"Host"; http_header; classtype:attempted-recon; sid:200002876; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"posta-romana.cameleon-digital.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200002877; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"postaledsp2.conexion.fr.savealifemw.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002878; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"postalfees-uk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002879; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"postalukservice.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002880; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"postch9192.cargo.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200002881; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"postechsuivre.ileanamlaw.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002882; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"postnl.post-tracking-delivery.etelinfra.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002883; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"poww.6hkjmb.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002884; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ppnnttcc.ppcnthsc.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002885; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"precisionimpex.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002886; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"preg.dspearhead.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002887; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"preg.marketingvici.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002888; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"prepaid-leboncoin.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200002889; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"preppingconfidence.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002890; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"prernaindustries.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002891; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"priceless-goldstine.35-185-184-61.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002892; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"priceless-mccarthy-8674db.netlify.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002893; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"primarypagesmetasecure.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200002894; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"primeassi5.sslblindado.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002895; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"primecentral.jihanjiaopo6.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200002896; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"primecentral.jixinggaozhao2.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200002897; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"primecentral.qiourn.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200002898; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"primeone.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200002899; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"printtoner.com.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200002900; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"prism.net.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200002901; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"privacy-update-page-prtections-association-recovry-secu.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002902; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"privacy-update-secu-recovry-page-protection-4565544.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002903; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"privacy-update-secu-recovry-page-protection-comunity-45.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002904; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"priyankasandokar1606.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002905; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pro.icloudremovaltool.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002906; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pro.systemine.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002907; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"procservautomatizacion.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002908; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.anon-rest-keep-reset.sales18130.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002909; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.anon-step-keep-object.sales18130.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002910; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.calm-limit-671e.ralph2481.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002911; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.dry-snow-ddc20ffice.deuceice2.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002912; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.keep-paper-account.sales18130.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002913; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.lively-salad-1c42.updatelogaccountprogramedrfwerwrdhsmc.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002914; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.passtruth-truth-5df4.pass-morn-reset-todaybringsjoy.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002915; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.steep-poetry-1ba3.updatelogaccountprogramedrfwerwrdhscsw.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002916; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.try-murpheos-keep.sales18130.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002917; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"production.twilight-darkness-9e4b.updatelogaccountprogramedrfwerwrdhscsw.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002918; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"project1-df3e9.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002919; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"projectlovewell.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002920; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"promashoppe.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002921; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"promehedinti.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200002922; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"promerica-sv.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002923; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"promericalinea01.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002924; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"promo.mycorporate-rewards.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002925; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"prosmate.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002926; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"prosxsiuser.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002927; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"prosys.poweredbygravit-e.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002928; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"protect-4d56vca.surge.sh"; content:"Host"; http_header; classtype:attempted-recon; sid:200002929; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"provodi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002930; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"proximus-account.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002931; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ptxx.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200002932; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pubgmobilevn.mobi"; content:"Host"; http_header; classtype:attempted-recon; sid:200002933; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"publish-p43452-e180057.adobeaemcloud.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002934; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"puffing.com.pk"; content:"Host"; http_header; classtype:attempted-recon; sid:200002935; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pulihkan-accountt20001.webnode.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002936; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"puroxymembrane.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002937; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pvr0k.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002938; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"pydttuxozmzjmjqxayxfxhycfr-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002939; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qbocd.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002940; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qevwisdfztymporlndsckabdil-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002941; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qf3nt.codesandbox.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002942; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qfw.tosex35238.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002943; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qhj39hfxqftr.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002944; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qhmqhgnfqbcoxkwamsioilhdmv-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002945; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qsh74pekkv5e8.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002946; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qssa.x5yrlr.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002947; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"quinaroja.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002948; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"quirky-jones.172-245-159-112.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200002949; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"quotex-qx.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002950; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qwas.nfi71vw.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002951; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qwea.wvhee0w.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002952; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qweas.hi5g95r.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002953; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qweas.p6rhddj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002954; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"qweas.zwfaclq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002955; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"r3c31v30n3-1d3nt1ty.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002956; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rabellartz.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200002957; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rabofree.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002958; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rabofree.blogspot.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200002959; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rackenfordlabs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002960; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"racuten.nuef.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002961; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"radhikamd.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002962; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rafbbmx.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200002963; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rafbbmx.ml"; content:"Host"; http_header; classtype:attempted-recon; sid:200002964; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"raipurrussianescorts.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002965; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakoten-card.buogfbizkugf.gq"; content:"Host"; http_header; classtype:attempted-recon; sid:200002966; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakoten-card.bycsaxwdqunhh.gq"; content:"Host"; http_header; classtype:attempted-recon; sid:200002967; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakoten-card.motpefhnpvyz.gq"; content:"Host"; http_header; classtype:attempted-recon; sid:200002968; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakoten.potex.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002969; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"raktuen.laobanlocker.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002970; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakuitan-card.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200002971; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakuten.awjoadc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200002972; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakuten.card.nuosreaoms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002973; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rakuten.co.jp.rakutenajp.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002974; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ramgarhiamatrimonial.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200002975; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rareelements.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002976; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ratewatch.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002977; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"raycargo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002978; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"raydiom.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200002979; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rbcmontgomery.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002980; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rd8um.app.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200002981; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rdirtfuo6t.vov.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200002982; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"re-direct-me.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002983; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"re-redirection-acc-id923872635122.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002984; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"real-anon-keep-passing-word.rvsla.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002985; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"realestate-page-10843446024.expresspestcontrol.co.nz"; content:"Host"; http_header; classtype:attempted-recon; sid:200002986; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"realindiatravel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002987; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"recibeya.tufacilmoneyonline.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200002988; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reconfirmpost287846656.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200002989; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"recover-pages-media-problems-secur-782.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002990; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"recover-pages-secur-media-problems-397.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200002991; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"recovery-chain.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002992; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"recovery-fb.secure-acct.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002993; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"red-limit-db0e.chseonlinelogins.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200002994; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"redbysfrgroupebox.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200002995; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"redeem-microsoft-code.sitey.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200002996; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rediractionid547012016089540218057.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002997; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"redpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200002998; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reg-3da7f.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200002999; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reg.chaindaohang.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003000; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"regisdrive.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003001; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"register-my-device.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003002; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"registerdrive.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003003; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reglic.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003004; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"regularsweeps.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003005; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reignbike.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003006; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reikisadhna.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003007; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rekoution.bcszxcd.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200003008; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"relevant.systems"; content:"Host"; http_header; classtype:attempted-recon; sid:200003009; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"remittance369297292749.goshly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003010; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"renovkonstruksi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003011; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"repl-mess.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003012; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"restore.exodusapp.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003013; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"restorewallet-activation.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003014; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"retiro-extracash.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003015; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"retiro.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003016; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"retraiteenaction.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200003017; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"retrospectiveplanningenforcementwestsussex.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003018; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"retrouve-particulier-mailaccord.globaltvnepal.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003019; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rev.sfr.net.gghost.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003020; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"review-mynew-device.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003021; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reviewbook.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003022; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"revistametro.com.ar"; content:"Host"; http_header; classtype:attempted-recon; sid:200003023; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"reximane.cf"; content:"Host"; http_header; classtype:attempted-recon; sid:200003024; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"riptide-operation.ru.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003025; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"riveroflife.org.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003026; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rizarichempire.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003027; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rizkyinterior.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003028; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rkanet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003029; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rkt-co.f1ss.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003030; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rlink.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003031; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rmsfcc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003032; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rnercarl-security.co.ip.rnamso.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200003033; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rnercarl.co.jp.merinosimo.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200003034; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roadgo.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003035; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"robloxrun.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003036; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roccobonheur1-my-cheetah-website-copy.cheetah.builderall.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003037; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roisnoob.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003038; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rokulinktechnology.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003039; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rolinadd.surveysparrow.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003040; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rondalowa.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003041; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rondelbarrilito.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003042; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ronin-help.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003043; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roninwallet-connect.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003044; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roninwallet.cm"; content:"Host"; http_header; classtype:attempted-recon; sid:200003045; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rotimi.pandaform.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003046; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roundcube-2c46f.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003047; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roundcube-production-cf.tx1.mailhostbox.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003048; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"routeksa.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003049; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"royalwindsorpub.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003050; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"roygijvhluozwnflsypmewrstt-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003051; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rplg.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003052; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rrakutenn.co.jp.azii.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003053; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rrakutenn.co.jp.nanofresh.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003054; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rsujkblokqlyqfonpzgztejdji-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003055; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"runescape-info.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003056; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"runescapebonds.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003057; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"runescapeevents.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003058; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ruth.martulangbelulalng.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003059; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"rymproducciones.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003060; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"s-sarfati.co.il"; content:"Host"; http_header; classtype:attempted-recon; sid:200003061; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"s.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003062; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"s5vzr.app.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200003063; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"s787v.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003064; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sa.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003065; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sadervoyages.intnet.mu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003066; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"safty.summarycheck.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003067; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"saintbarkleyshoes.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003068; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"saitadobrasil.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200003069; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"saldospc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003070; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"saliksnas.lojaintegrada.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200003071; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"salmanfarsi01.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003072; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"saludypension.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003073; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"samarahonda.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003074; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"samihalyaman.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003075; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"samvoktor.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003076; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sanasunty.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003077; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sandeeppk03.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003078; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sandhu.codebucketitsolutions.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003079; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sanjilkumar.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003080; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sankyo-rz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003081; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sanru.cd"; content:"Host"; http_header; classtype:attempted-recon; sid:200003082; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"santander.secured-auth-login.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003083; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"santepluspharma.eclatmediasolution.website"; content:"Host"; http_header; classtype:attempted-recon; sid:200003084; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"santoshdangi.com.np"; content:"Host"; http_header; classtype:attempted-recon; sid:200003085; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"saritapariyar.com.np"; content:"Host"; http_header; classtype:attempted-recon; sid:200003086; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"satay-secur.reconfimations.pagedisabled.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003087; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"satemi.com.ve"; content:"Host"; http_header; classtype:attempted-recon; sid:200003088; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"satonteams.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003089; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"savingsfordentalcare.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003090; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sbi.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200003091; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sbs-siebanlagen.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003092; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sc.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003093; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sc.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003094; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sca.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003095; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sdgvsdvsdvs.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003096; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"se.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003097; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sebat-dhl.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003098; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sebene27.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003099; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secur-standard-media-recover-pages-problems-159.web.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003100; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-boncoincontrol.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003101; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-halifax-device.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003102; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-mynew-devices.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003103; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-runescape.xgm.rnp.mybluehost.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200003104; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure-zirox.s3.ap-southeast-2.amazonaws.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003105; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.legalmetric.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003106; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.oldschool.com-cl.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003107; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.oldschool.com-cu.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003108; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.oldschool.com-oz.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003109; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.oldschool.com-rsu.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003110; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-ak.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003111; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-as.cz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003112; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-az.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003113; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-ca.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003114; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-cl.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003115; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-co.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003116; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-cu.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003117; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-cv.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003118; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-or.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003119; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-oz.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003120; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-rse.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003121; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-rsu.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003122; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure.runescape.com-vs.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003123; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure300.inmotionhosting.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003124; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure303.inmotionhosting.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003125; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secure55.webhostinghub.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003126; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"secureaccount.ntflxauth.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003127; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"securegateway-ovhcloud.csl-sl.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003128; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"securelloyd-help-app.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003129; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"securewalletprotocol.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200003130; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"security-page-community-standards.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003131; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"seguridad-oca.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003132; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"seleccionperfil.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003133; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"selector26.gg"; content:"Host"; http_header; classtype:attempted-recon; sid:200003134; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"selector28.gg"; content:"Host"; http_header; classtype:attempted-recon; sid:200003135; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sem.my-drs.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003136; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sen-manole.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003137; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sendo-meso.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003138; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sendung.eyecatch.ch"; content:"Host"; http_header; classtype:attempted-recon; sid:200003139; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sergebubnin.space"; content:"Host"; http_header; classtype:attempted-recon; sid:200003140; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sertyxese.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003141; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"server-networksolutions.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003142; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"server221.security.coinbase.com.gdone.co.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200003143; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck103.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003144; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck104.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003145; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck105.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003146; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck107.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003147; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck108.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003148; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck111.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003149; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck112.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003150; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck117.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003151; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck118.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003152; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck121.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003153; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck122.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003154; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck123.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003155; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck126.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003156; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck127.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003157; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck129.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003158; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck13.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003159; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck130.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003160; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck134.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003161; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck135.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003162; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck137.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003163; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck138.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003164; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck139.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003165; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck14.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003166; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck140.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003167; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck142.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003168; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck143.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003169; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck145.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003170; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck149.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003171; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck155.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003172; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck207.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003173; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck21.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003174; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck23.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003175; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck334.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003176; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck36.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003177; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck410.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003178; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck429.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003179; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck442.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003180; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck443.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003181; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck46.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003182; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck54.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003183; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck60.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003184; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck70.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003185; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck736.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003186; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck74.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003187; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck75.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003188; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck77.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003189; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck8.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003190; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck87.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003191; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servervalidationcheck995.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003192; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"service-lkdn2020.gacconstrutora.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200003193; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"serviceinfo-securehost.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003194; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servicepage.service-page.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003195; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servicepichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003196; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"services.runescape.com-as.cz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003197; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"services.runescape.com-rse.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003198; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"services.runescape.com-rsu.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003199; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servicesbancaire.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003200; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"serviciosbndigitales.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003201; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servics.validationsecuradm.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003202; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"servinform.quadientcloud.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003203; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"setupmynorton.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003204; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"seul.unilurio.ac.mz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003205; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sevoudryserviciobomail.dudaone.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003206; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sfc.com.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003207; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sfex12sec.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003208; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sfirstrepublic.coms.cso.gov.tt"; content:"Host"; http_header; classtype:attempted-recon; sid:200003209; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sfr.provad.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003210; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sfrpanel.lws.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003211; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sgtbalde991-dot-still-dynamics-321006.ue.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003212; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shafischools.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003213; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shamajastore.co.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200003214; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shanky0.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003215; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shanza.epos.com.pk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003216; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"share-eu1.hsforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003217; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"share.chamaileon.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003218; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shared-file.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003219; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sharedfax815201376.wordpress.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003220; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sharedtris.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003221; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sharelink.sn.am"; content:"Host"; http_header; classtype:attempted-recon; sid:200003222; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shayvardphoto.ir"; content:"Host"; http_header; classtype:attempted-recon; sid:200003223; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shinex.lk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003224; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shippment2.temp.swtest.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003225; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shirhokos-mhalskbsiaoutfew43535.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003226; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shirtshanger.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003227; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shiye666.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003228; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shop.cmfurnituremall.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003229; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shop.ewerest-stroi.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003230; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopeecoins.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003231; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"shrutidhall.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003232; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sidneyfcuorg.freshy.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003233; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sign-trk.empressmd.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003234; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"signin-gcq7uwojrw58brcckylebjuy39nk2ivt65ol39k6ut6ura94zk.website.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003235; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"signin-payeer.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003236; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"silpovsatb-ua.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200003237; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"silverberrygroup.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003238; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"simonecamposshop.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200003239; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"simpkk.karanganyarkab.go.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003240; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sindarspen.org.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200003241; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"siporados15585.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003242; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sirak.se"; content:"Host"; http_header; classtype:attempted-recon; sid:200003243; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site-4403463-3995-6112.mystrikingly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003244; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9423623.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003245; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9423773.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003246; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9434107.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003247; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9548676.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003248; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9551459.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003249; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9552191.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003250; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"site9606042.92.webydo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003251; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sitebrasil.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003252; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sitebuilder152832.dynadot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003253; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sitebuilder152935.dynadot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003254; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sitemodify.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003255; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"situs-facebook-resmi21.webnode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003256; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"situs-layanan-pemulihan4.webnode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003257; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"situs-pemulihan-resmi0.webnode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003258; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"six-group.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003259; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sk128.sbs"; content:"Host"; http_header; classtype:attempted-recon; sid:200003260; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sklepkody.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003261; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skradvanidance.business.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003262; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skybttv.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003263; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skygobank.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003264; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skylerclarkmusic.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003265; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skymavis-accountupdate.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003266; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"skymavisupport.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003267; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"slavamel.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003268; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sleepmaskz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003269; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"slickparties.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003270; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"slmkufeckf.jon-jensen.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003271; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"slowlinebag.jp"; content:"Host"; http_header; classtype:attempted-recon; sid:200003272; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sm.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003273; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sm777.csb.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003274; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smartfixconnect.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200003275; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smbc-accout.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003276; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smbc-veaiana.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003277; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smbcbc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003278; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smbccjp.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200003279; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smbcr.mrtka.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200003280; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smbcwodeqingguoshoujicojp.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200003281; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smeo.org.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200003282; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smgolamalif.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003283; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smkkesehatanjember.sch.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003284; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smmsvocal.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003285; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smpn2jeruklegi.sch.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003286; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sms-check.sc-q.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200003287; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sms-infos.d2tt.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003288; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sms-shorter.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003289; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smsbc-info5.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003290; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smsenligne.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003291; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smsorangephonemail.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003292; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smsorangesmsmessage.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003293; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smss-mms.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003294; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smsverificationmms.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003295; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smvbc-info.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003296; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"smwam.coms.cso.gov.tt"; content:"Host"; http_header; classtype:attempted-recon; sid:200003297; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"so.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003298; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soaringskiesrentals.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003299; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soci-molen.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003300; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"socialpinch.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003301; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sofe-firma.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003302; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soft-cell-8148.updateloginprogram.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003303; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soft-grass-1edd.acc-update.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003304; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sognointerno.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003305; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"solicitarfirmaelectronica-sv.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003306; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"solyanayakomnata.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003307; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sopac.org.py"; content:"Host"; http_header; classtype:attempted-recon; sid:200003308; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"souaxwaoh.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003309; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soude-masi.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003310; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soufsont.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003311; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soulocaredirect.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003312; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"soumya252000.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003313; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"souravtech.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003314; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"southamerica-east1-hardy-magpie-334101.cloudfunctions.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003315; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"southamerica-east1-manifest-design-330523.cloudfunctions.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003316; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"southamerica-east1-my-project-90086352.cloudfunctions.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003317; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"southamerica-east1-noted-minutia-330211.cloudfunctions.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003318; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sp477389.sitebeat.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003319; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sp701876.sitebeat.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003320; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spacemanagerent.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003321; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spark.shaheenwrites.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003322; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sparkasse-vereinsbanken.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003323; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sparkasse.de.internet-filiale.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003324; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sparxinteriors.co.zw"; content:"Host"; http_header; classtype:attempted-recon; sid:200003325; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"specialnotice.pricesamazonlogincard.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200003326; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spectrumstorageaccess.yahoosites.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003327; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spentamultimedia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003328; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spidertvapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003329; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spirit.gtwozone.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003330; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spk-entsperren.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003331; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spk-jahreswechsel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003332; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spk-secure-de.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003333; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spkfod.coms.cso.gov.tt"; content:"Host"; http_header; classtype:attempted-recon; sid:200003334; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sport.protected-secur.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003335; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sportshoes.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200003336; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sportybetpremium.wapka.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003337; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spring-pond-62c4.autocreative.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003338; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"spring-pond-62c4.autocreative.workers.dev#eimaste@stinpriza.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003339; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"squeeze-airwcmalznoun.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003340; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"squeeze-amieazoeon.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003341; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sr.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003342; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"srisritextiles.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003343; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"srvr-cloudmail-srvr5s5wd3.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003344; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ssdaz.sqqaepr.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003345; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sse.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003346; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ssia.org.sg"; content:"Host"; http_header; classtype:attempted-recon; sid:200003347; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ssl.dsl.isl.mll.aqmst6.stockestan.ir"; content:"Host"; http_header; classtype:attempted-recon; sid:200003348; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sso-garena.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003349; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sswebmail-4w5twsr.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003350; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"staffportal.uoz.edu.krd"; content:"Host"; http_header; classtype:attempted-recon; sid:200003351; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stage.vannaryfowler.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003352; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"staging.eliteautomotive.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200003353; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"standardcapbnk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003354; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"standardupdatesupportandhelpcenter2021.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200003355; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"starforsure.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003356; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"starliker.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003357; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"starsoftheindustry.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003358; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"starttsboxfile.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003359; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"static-ak-fbcdn.atspace.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003360; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"static-dev.o2alerts.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003361; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"static-promote.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003362; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"status-dev.o2alerts.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003363; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stclarechurch.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003364; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"steamcommunites.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003365; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"steamcommunitj.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003366; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"steamcommunityk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003367; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"steampoweredtrade.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003368; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"steampoweredtrades.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003369; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stevemadden-sverige.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003370; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stevemaddenbutik.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003371; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stevemaddenserbia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003372; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stevemaddenshoe.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003373; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"steven-coldwellbth9965.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003374; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stevencrews.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003375; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stgrp.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003376; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"still-star-c948.updatelogaccountprogramedrfwerwrdhsjy.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003377; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stimulus-claim.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003378; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stjohnmarol.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003379; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stjudes.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003380; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stolizaparketa.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003381; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stollgroup.coms.cso.gov.tt"; content:"Host"; http_header; classtype:attempted-recon; sid:200003382; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stomkinscommercial.com.aus.cso.gov.tt"; content:"Host"; http_header; classtype:attempted-recon; sid:200003383; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"storage.yandexcloud.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003384; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"storenike365.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200003385; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"studio-lol.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003386; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stylifehomedecors.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003387; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"stz-fmba.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003388; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"submit8099.page.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200003389; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"successgroup.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003390; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sucses-gov.nomtiluy.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200003391; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sucuvirtcolba.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003392; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"suelunn.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003393; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"suiviticket.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003394; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sukien-pubgmoblevng.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200003395; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sultan-raza.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003396; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sumpandtankcleaners.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003397; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sunbeltmembers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003398; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sunge-ode.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003399; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sunshineteam.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003400; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"super-dawn-3035.ddahluwalia.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003401; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"supermilhas.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003402; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"supotsstunes.servehttp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003403; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"suppliers.bitshepherd.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003404; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"support-auwebaccessjpnaikpanggung.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003405; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"support-axiewallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003406; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"support-dapps.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200003407; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"support-process-manager.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003408; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"support-verify-mydevices.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003409; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"support.atimazo.shop"; content:"Host"; http_header; classtype:attempted-recon; sid:200003410; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"supportpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003411; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"survey18-aws.surveycenter.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003412; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"survey18-aws.toluna.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003413; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"surveys.adytude.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003414; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"suspicious-williamson.193-70-50-31.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200003415; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"suumc-one.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003416; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sv.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003417; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"svelte-kdy6dk.stackblitz.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003418; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"swanholm.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003419; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"swannatural.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003420; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"swap.elena.finance"; content:"Host"; http_header; classtype:attempted-recon; sid:200003421; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"swappauto.staging.lcsolutions.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200003422; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"swedbank-apsauga.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200003423; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"swisscom.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003424; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sxb1plvwcpnl489779.prod.sxb1.secureserver.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003425; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"synaxisreadymix.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003426; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncdappconnect.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003427; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncmultidapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003428; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"syr.us"; content:"Host"; http_header; classtype:attempted-recon; sid:200003429; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"sysm5rn.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003430; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"system-fassil-net-2-3242353453453--12344443.repl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003431; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"t0nline0de0login-001-site1.itempurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003432; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"taher-mohamed-ahmed-saad.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003433; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"take-free-2022.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003434; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"taoistw345ie.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003435; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tarik-fitness.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003436; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"taxcare.page.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200003437; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"taxopus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003438; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tb915hdh89.mfs.gg"; content:"Host"; http_header; classtype:attempted-recon; sid:200003439; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tby.eb-sites.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003440; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tcaconnect.ac-page.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003441; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"teamgameswild.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003442; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"teamgoogle125590.psee.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200003443; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"teamomni4life.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003444; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tebapit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003445; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tecmachine.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200003446; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tecnominproductos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003447; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"teekitstorage.blob.core.windows.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003448; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tejalashikaindiagrocery.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003449; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"telecredutobcp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003450; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"telegramsecurityhelp.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003451; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tellmeliu.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003452; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"templat65sldh.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003453; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"temporary-url.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003454; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"terpelsicumple.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003455; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tesladrive-event.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003456; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"test.bayoucitybadges.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003457; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"test.bitflye87.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003458; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"test.dxbproductions.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003459; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"test.myshopclub.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003460; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"test.webclient4.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003461; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"testing-domain.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003462; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"texasfreedomrun.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003463; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tgpafasfsakkk.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003464; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"theaceofspaeder.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003465; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"theaudazity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003466; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"theavon.co.zw"; content:"Host"; http_header; classtype:attempted-recon; sid:200003467; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thebeachleague.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003468; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thechillipicklecanteen.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003469; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thedecorindia.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003470; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thedom.kg"; content:"Host"; http_header; classtype:attempted-recon; sid:200003471; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"theironinnparlour.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003472; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"theneontree.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003473; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thepointcj.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200003474; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thespiritualtransformation.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003475; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thetimecenter.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003476; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"thomasdentalcentre.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003477; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"three-retail-live.devicetradein.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003478; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tianyuiyu.uihaish.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003479; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tieganford.ca"; content:"Host"; http_header; classtype:attempted-recon; sid:200003480; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tighi.creatorlink.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003481; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tight-samiuboc.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003482; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tikitaps.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003483; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tipografieonline.ro"; content:"Host"; http_header; classtype:attempted-recon; sid:200003484; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tirozhjewelry.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003485; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"titelinedrillingintl.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003486; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tktrailerparts.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003487; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tlatx.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003488; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tlcbcp.com-segurospe.buzz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003489; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"to-ken.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003490; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"toanhoc247.edu.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003491; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"toddler-town.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003492; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tongdaiviettelbienhoa.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003493; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tooljerejin.airsite.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003494; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"top10cheapairlinesreview.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003495; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"top10songsnews.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003496; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"topearnersafrica.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003497; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"topskills.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003498; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"torccolborrachas.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003499; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"torrinwine.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003500; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"touchidea.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200003501; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tovowhuqeojweawmubmaqmqlv.hofferflow.icu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003502; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tpayleboncoin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003503; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"traders-joesxyz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003504; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tradeswarehouse.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003505; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"trams.mot.go.th"; content:"Host"; http_header; classtype:attempted-recon; sid:200003506; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"transfertconfirmer-payalfrance.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003507; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"triangarena-membership.ga"; content:"Host"; http_header; classtype:attempted-recon; sid:200003508; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tribratanewsbondowoso.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003509; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tribunbalikpapan.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003510; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"truegrip.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003511; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"trustinpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003512; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"trustpress.gr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003513; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"trustypichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003514; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ts3cacd.rzjxbv.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003515; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"turntekcnc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003516; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tx.vc"; content:"Host"; http_header; classtype:attempted-recon; sid:200003517; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"txwnmdsbqghviqxpglgzjrgbzv-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003518; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"typedream.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003519; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"typesmartlyocr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003520; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"tyrecentre.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003521; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"u08qv44zu5h.typeform.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003522; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"u1565723.plsk.regruhosting.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003523; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"u18741649.ct.sendgrid.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003524; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"u827857uw6.ha004.t.justns.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003525; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uabaiieo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003526; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ualsemantic.dualsemantics.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003527; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ug7jv.sbs"; content:"Host"; http_header; classtype:attempted-recon; sid:200003528; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uglcsonfonia.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003529; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhasd.au6bu8m.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003530; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhdss.xkrx0o.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003531; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhfddsa.t0xpo42.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003532; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhhd.rox847t.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003533; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhhff.cnza7b8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003534; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhna.5m4zhvd.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003535; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhnas.ib8b40d.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003536; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhnca.yrk1du9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003537; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhncd.n26k1al.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003538; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhncda.xmilwwp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003539; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhndd.9943s82.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003540; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhns.mxyzy7i.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003541; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhnsa.sdmpo0s.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003542; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhnxa.d23xsru.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003543; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhnxa.q83itv9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003544; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uhnxas.rvw56l.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003545; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujcd.um2nlru.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003546; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujdaa.fn3m4en.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003547; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujds.5e8tn13.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003548; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhca.oioqmsh.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003549; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhca.xsevdat.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003550; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhcd.8burgvo.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003551; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhd.21k0qik.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003552; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhd.c0c4m46.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003553; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhd.j419kr0.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003554; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhd.kdsiuuc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003555; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhd.zkshmxt.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003556; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhdca.mdwclcb.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003557; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhdd.cotf8p5.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003558; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhf.m45h2q0.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003559; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhff.nkxefqp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003560; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujhs.o2klowf.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003561; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujnca.wxuqxb7.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003562; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujnca.zgbo0g.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003563; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujncd.kzi68ra.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003564; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujncd.lw2djbm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003565; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ujnxas.vj135ih.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003566; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ukcare.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003567; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"umbrellaclubla.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003568; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unam.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003569; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unbxa.byjmcpy.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003570; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"undefinedtrack.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003571; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unga.c76sioq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003572; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniassessoria.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200003573; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unicreditaustria.ucs.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200003574; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unifacema.edu.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200003575; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unifacvest.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003576; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unifiedsmartsync.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200003577; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unionheightsresidental.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003578; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unisons.store"; content:"Host"; http_header; classtype:attempted-recon; sid:200003579; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unisonsouthayr.org.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003580; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.ch"; content:"Host"; http_header; classtype:attempted-recon; sid:200003581; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.financial"; content:"Host"; http_header; classtype:attempted-recon; sid:200003582; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.openwallet.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003583; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003584; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.seal.finance"; content:"Host"; http_header; classtype:attempted-recon; sid:200003585; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.token.im"; content:"Host"; http_header; classtype:attempted-recon; sid:200003586; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswap.trading"; content:"Host"; http_header; classtype:attempted-recon; sid:200003587; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswapfinancing.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200003588; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniswaps.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003589; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unitedalliance-online.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003590; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unitus.mk.ua"; content:"Host"; http_header; classtype:attempted-recon; sid:200003591; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"universidadsanjuan.ac"; content:"Host"; http_header; classtype:attempted-recon; sid:200003592; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unnca.bbh672u.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003593; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unnxa.pqpchqo.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003594; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unpocodearte.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003595; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unregpayee-lb.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003596; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"unsub.listhandlr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003597; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"updateinfo-billingo2.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003598; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"updatemy.software"; content:"Host"; http_header; classtype:attempted-recon; sid:200003599; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"updateseason.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003600; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"updatestory2022.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003601; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"updatevoda-billing.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003602; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"upgrade-25gb-email.thecornerstudio.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200003603; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"upgradedserver.online"; content:"Host"; http_header; classtype:attempted-recon; sid:200003604; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uploadpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003605; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uploads.codesandbox.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003606; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uppledpichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003607; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"urbenorte.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003608; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"urgent-halifaxlogin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003609; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"userboitevocalweb.flazio.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003610; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"userinformationstoreupdatesmail.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003611; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"usfn.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003612; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uspsexpressdeliveryline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003613; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uswowgame.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003614; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uueer.7jgy5xe.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003615; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uuid-validation.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003616; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uukx0h0.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003617; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uyhnxx.urpzkva.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003618; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uyqw.dykowec.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003619; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"uz154.sbs"; content:"Host"; http_header; classtype:attempted-recon; sid:200003620; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"v.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003621; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"v3r1f1c4t10ns-1d3nt1tys.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003622; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"v3r1f1c4t10ns-c3nt3rp4g3.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003623; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vaccine-status-info.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003624; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vakif.albay-arnold.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003625; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"valax-wallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003626; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"valenciaoptometry.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003627; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"valenteplay.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200003628; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"validacionpichincha.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003629; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"validate-chain.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003630; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"validate-solana.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003631; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"validator-fzkiy.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003632; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vallion.motiffliterature.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200003633; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vcz.gmoqkzu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003634; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"velvish.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003635; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ventas.lnterbarnk.pe.jifad.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003636; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"veri-pichincha.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003637; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verification-trustwallet.4bl-eg.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003638; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verification.fb-page.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003639; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verificationmessage.blob.core.windows.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003640; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verifications-zones.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003641; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verififacebookid.wixsite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003642; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verifiikasi-accounts.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003643; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verifikasi-akun-anda0011.weeblysite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003644; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verifikasi-akun-facebook0022.weeblysite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003645; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verifikasi-identitas47.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003646; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verifocaoffa.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003647; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"verifymywallets.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003648; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vgiuhkjnm.b9u6vh5l7g1797.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003649; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"victorarath99.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003650; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"videobigo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003651; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vietlime.vn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003652; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vietschi.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003653; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"viettel-com-dot-c2c01-531c7.uc.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003654; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vigilant-murdock.45-81-232-15.plesk.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200003655; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"viguohilkasdsd.izwe6g6lyc.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003656; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vilaanimalviana.pt"; content:"Host"; http_header; classtype:attempted-recon; sid:200003657; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vinbpcfatfnkjftetwwkucfqsi-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003658; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vinivet.mk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003659; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vipfbtools.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003660; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"viral-groub.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003661; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"virginia-spi.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003662; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"virtual1dattss.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003663; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vis-stort.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003664; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vishaljangale01.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003665; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"visione.co.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003666; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"visionproperty.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003667; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vk-money.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003668; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vk-posters.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003669; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vk-vhods.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003670; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vkjbm.4nt4nb464e6113.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003671; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vodaupdatepayment.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003672; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"volvocarskc.us1.list-manage.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003673; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vps56290.servconfig.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003674; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vqed.5xcv81zrx0530.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003675; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vqwd.soboja1994.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003676; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vr-banking-app.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003677; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vr-neu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003678; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vr-system89394.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003679; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vr-system98622.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003680; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vtekllc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003681; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vtxmail2018.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003682; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vugik.mecil33784.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003683; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vv.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003684; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vvjde0h0ttttf9hay.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003685; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vvpaes-me-index.egvtpp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003686; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vws.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003687; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vxcas.a35570.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003688; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"vxdse.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003689; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"w2.deraya.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003690; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"w5aproject.s3.us-east.cloud-object-storage.appdomain.cloud"; content:"Host"; http_header; classtype:attempted-recon; sid:200003691; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wahed-koudsi2001.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003692; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walkers-dot-composite-store-326315.uk.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003693; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallcertifyonmesh.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003694; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walldesign.com.tr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003695; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallet-connect012.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003696; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallet-reconnection.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003697; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallet-verified.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003698; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallet.silesiacoin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003699; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallet22.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003700; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletconnect-tool.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003701; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletconnect-tools.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003702; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletconnectonline.pages.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003703; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletconnectors.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003704; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walleterrorsupport.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003705; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletokenvalidation.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003706; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletsconect.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200003707; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletsconnex.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003708; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletsliveconnects.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003709; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletsreauth.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003710; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletsynclive.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003711; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletvalidation.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200003712; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"walletvalidators.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003713; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallletsconnectts.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003714; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallsynchvalidatevd.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003715; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wana78420.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003716; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wap.bitffybtcer.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200003717; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wap.bitffybtcer.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003718; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wap.bitflyer.plus"; content:"Host"; http_header; classtype:attempted-recon; sid:200003719; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wap.bitflyer.venus.kim"; content:"Host"; http_header; classtype:attempted-recon; sid:200003720; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wap.btcffybtcer.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003721; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"warbonus.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003722; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"warningshadows.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003723; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"warsa.bandungkab.go.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200003724; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wasites.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003725; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"waterproofingengineer.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003726; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"we-exodus-wallet.yahoosites.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003727; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-armas.royale-freefire1garena-bonus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003728; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-b4119.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003729; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-e1f6d.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003730; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-exoduss.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003731; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-f6612.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003732; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-ml01.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003733; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-my-app.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003734; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-online-cancel.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003735; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-verifi01.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003736; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-verifi02.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003737; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-verifi03.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003738; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-verifi04.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003739; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-verifi05.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003740; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-verifi06.webcindario.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003741; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web.bredbanque.trans.sylog.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200003742; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"web.royale-freefire1garena-bonus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003743; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webbbb.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003744; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webbl.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003745; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webdappsconnection.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003746; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webdatamltrainingdiag842.blob.core.windows.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003747; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webdesecure.clickfunnels.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003748; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webhost-verify.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003749; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webip.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003750; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmail-2aaa0.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003751; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmail-optusnet-com-au-sign1.weebly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003752; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmail-sso8uyg.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003753; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmail.gourmer.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003754; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmail.login.access.docs67.live"; content:"Host"; http_header; classtype:attempted-recon; sid:200003755; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmailadmin0.myfreesites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003756; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webmailstoragesrvr4567-supportdev.codeanyapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003757; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webpres.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003758; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webregular.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003759; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webservice-verify.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003760; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"websitefun.club"; content:"Host"; http_header; classtype:attempted-recon; sid:200003761; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webstories.eu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003762; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"webvalidity.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003763; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"well-42d74.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003764; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"weryfikacja-facebookowa-28.herokuapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003765; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"weteachbh.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003766; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"whare.100webspace.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003767; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"whatsapp-grub99zyc.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003768; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wheelsofmercy.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003769; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"whitelist-network.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003770; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"widadkamillah.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003771; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wiki.oceanreeflifegame.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003772; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"windstream-net.firebaseapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003773; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"winville.biz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003774; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wireconfirmation68c10a25442a3e13.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003775; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wires-business-starter.webflow.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003776; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wirtschaft.baesweiler.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003777; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wizmi.service-now.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003778; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wkazisan.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003779; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"womancreatorofman.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003780; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"woofle.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200003781; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"workforcerelief.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003782; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"workprotocoles-com.webs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003783; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wp-login.azurewebsites.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003784; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wpsoar.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003785; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wqass-index.chobqu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003786; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wqass-index.dccigq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003787; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wqass-index.gbswz.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003788; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wqass-index.pygbw.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003789; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wrww-roblox.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003790; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wsertyzx.gq"; content:"Host"; http_header; classtype:attempted-recon; sid:200003791; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wteeoq.pfinanceiro.com.de"; content:"Host"; http_header; classtype:attempted-recon; sid:200003792; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ww.lnterbank.pe.personas.aaseguros.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200003793; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ww.lnterbank.pe.personas.onlinesocket.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200003794; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ww.lnterbank.pe.personas.t-class.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003795; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ww16.inpost-pl-3dsecure.clear-id.xyz"; content:"Host"; http_header; classtype:attempted-recon; sid:200003796; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wwedealershipon.000webhostapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003797; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-cursosdigitalesmx-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003798; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-degelyehuda-org-il.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003799; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-europe564598-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003800; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-europessign-com.filesusr.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003801; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-key-com.test.edgekey.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003802; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-mufg-jp.handicraft.ltd"; content:"Host"; http_header; classtype:attempted-recon; sid:200003803; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www-mufg-jp.kaiqi.ink"; content:"Host"; http_header; classtype:attempted-recon; sid:200003804; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www.facebook.com-sauuvazpjo.isiolo.go.ke"; content:"Host"; http_header; classtype:attempted-recon; sid:200003805; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www2.rakutan.co.jploginffd9dfg7.carwork.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003806; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www2.rakutan.co.jploginffd9dfg7h.iotbaas.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003807; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www2.rakuten-card.co.jp.wzsrc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003808; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www2.rakutenn.co.jp.nanopark.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003809; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www2.rakutenn.co.jp.zgyo.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003810; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www3.lejournaldugrandparis.fr"; content:"Host"; http_header; classtype:attempted-recon; sid:200003811; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"www3.plenainclusion.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003812; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"wxsohu.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003813; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"x.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003814; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"x.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003815; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcas.xoh29oz.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003816; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcasd.7vo6bt.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003817; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcasd.b204uje.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003818; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcasd.tcbjnhq.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003819; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcasd.yikn2gd.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003820; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcryptocars.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003821; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xcvdsd.page.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200003822; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xhgs.epgegxj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003823; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xiajs.0dow0l.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003824; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xid-human-validation.run-us-west2.goorm.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003825; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj333.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003826; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj33s.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003827; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj33w.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003828; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj3pr.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003829; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj45g.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003830; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj45o.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003831; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xj4og.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003832; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xjm7s.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003833; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xjmr7.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003834; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xjpyyds.pem4yp3.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003835; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xkljfg.ml"; content:"Host"; http_header; classtype:attempted-recon; sid:200003836; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xn--gmal-sya.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003837; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xn--ltappen-80a.se"; content:"Host"; http_header; classtype:attempted-recon; sid:200003838; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xn--metamsk-lwa.link"; content:"Host"; http_header; classtype:attempted-recon; sid:200003839; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xn--rpondeur-sfr2-bhb.yolasite.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003840; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xpubgfrozen.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003841; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xqr3i.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003842; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xqr3n.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003843; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xqr3u.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003844; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xrx6r.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003845; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xrxh1.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003846; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xrxh2.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003847; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xrxhl.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003848; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xsbrookshhjx.top"; content:"Host"; http_header; classtype:attempted-recon; sid:200003849; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xspin.cawnibos.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003850; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xtio.ch"; content:"Host"; http_header; classtype:attempted-recon; sid:200003851; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xtw42.mjt.lu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003852; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xvideokoreanwifesister18.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003853; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xx.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003854; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xxaas.tp00jv9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003855; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xxasd.sf29hrg.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003856; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xxx-com-dot-c2c01-531c7.uc.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003857; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"xzasd.uz64g3.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003858; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@asdxa.p2x11pi.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003859; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@bghgcd.psuxscm.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003860; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@bhgxa.eo76sni.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003861; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@cdas.nxzigco.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003862; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@cxasd.easghbl.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003863; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@hghgda.erjl0hx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003864; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@inna.cedymll.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003865; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@jhdd.fjcslad.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003866; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@kjhdda.tetfeec.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003867; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@lkjds.nlmwjta.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003868; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@nhbcda.g4g5mgc.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003869; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@poklsa.slodddz.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003870; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@qweas.p6rhddj.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003871; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@ssdaz.sqqaepr.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003872; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@uhncda.xmilwwp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003873; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@uhnxa.q83itv9.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003874; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@ujdaa.fn3m4en.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003875; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@ujds.5e8tn13.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003876; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@ujhdca.mdwclcb.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003877; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@uyhnxx.urpzkva.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003878; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@zxas.2nd0g8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003879; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahoo%2eco%2ejp@zxass.jbkyj0o.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003880; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yahuomall.square.site"; content:"Host"; http_header; classtype:attempted-recon; sid:200003881; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yairix.github.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003882; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yalena.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200003883; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yandex-viral.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003884; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yaqoobi.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003885; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yayanti.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003886; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ybdaa.oqsgm9r.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003887; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ybggd.fjgjoux.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003888; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yellow-surf-7b04.voiceovermade-today.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003889; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yerelyonetim.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003890; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ygbda.ffeufka.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003891; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhbca.pfs8ylv.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003892; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhbndd.ryyswjn.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003893; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhcd.gabprnx.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003894; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhddf.vtf23ic.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003895; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhdff.iw6fwu.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003896; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhnbd.5u3z9i2.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003897; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yhncd.3ycuxr1.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003898; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yiaswqjdtcyeqpvyqthijepeai-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003899; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ykyevmqxaktnfgrtuufymkhnce-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003900; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yma1ll0g0n.odoo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003901; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ynbgdc.woprkzp.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003902; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ynbxa.pvgulkz.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003903; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yndda.m117s1s.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003904; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yo7ka-anna.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003905; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yogeshwarwiremesh.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003906; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"youknowar.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003907; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"young-snow-7447.tcheviron5269.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200003908; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"youreasygoing2022.co.vu"; content:"Host"; http_header; classtype:attempted-recon; sid:200003909; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yqlpeitost.duckdns.org"; content:"Host"; http_header; classtype:attempted-recon; sid:200003910; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"ytdjhstej.tk"; content:"Host"; http_header; classtype:attempted-recon; sid:200003911; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yuhjjkss.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003912; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"yumpai.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003913; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"z.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003914; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"z.scicemecod.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003915; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"z0massegurabclp1.shreeramwoodindustries.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003916; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"z2qje.codesandbox.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003917; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"z3voicrxxvs.typeform.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003918; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zacharytlasko.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003919; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zackselectronics.co.zw"; content:"Host"; http_header; classtype:attempted-recon; sid:200003920; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zaktualizacja-platnosci.netfxtv.co.pl"; content:"Host"; http_header; classtype:attempted-recon; sid:200003921; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zasd.yhxmd30.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003922; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zb2-home.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003923; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zen-minsky-ef5931.netlify.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003924; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zenvinyl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003925; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zepe.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003926; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zeroquiz.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003927; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zgyyds.mm5p1ch.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003928; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zgyyds.nebl4zw.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003929; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zhrmghgyyds.h0tlexl.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003930; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zjzj6688.yihang.ren"; content:"Host"; http_header; classtype:attempted-recon; sid:200003931; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zmpcoaca.cyou"; content:"Host"; http_header; classtype:attempted-recon; sid:200003932; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zmpcoacu.cyou"; content:"Host"; http_header; classtype:attempted-recon; sid:200003933; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zmpcoado.cyou"; content:"Host"; http_header; classtype:attempted-recon; sid:200003934; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zoho-online.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003935; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zoho-validationserv.web.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200003936; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zonmca.hxljatvw.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003937; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zshrvvo.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003938; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxas.2nd0g8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003939; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxas.hs0rgq8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003940; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxass.jbkyj0o.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003941; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxcas.ywqfz8.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003942; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxcaspx.aghwlup.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003943; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxcnash.seufhsk.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003944; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxcod.01l241.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003945; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxcuashs.e0n0gh5.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003946; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zxnahs.3cze6ri.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200003947; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"zz.macecri.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003948; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/comcast/xfinity.php?d1193169ba22c33594765d16035661b1=&amp\;email=a@a.c&amp\;.rand=login.xfinity.com.aspx"; http_uri; nocase; content:"0333fa5.netsolhost.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003949; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ameli-assurance/remboursement/login/"; http_uri; nocase; content:"045a3c0.wcomhost.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003950; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ameli-assurance/remboursement/login/iframe-page2.html"; http_uri; nocase; content:"045a3c0.wcomhost.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003951; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ameli-assurance/remboursement/login"; http_uri; nocase; content:"048d7b4.wcomhost.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003952; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ameli-assurance/remboursement/login/"; http_uri; nocase; content:"048d7b4.wcomhost.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003953; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/escaixa/es/espace/home/"; http_uri; nocase; content:"0572f4b.wcomhost.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003954; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ads/c/"; http_uri; nocase; content:"108ideashop.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003955; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bbva/592cf4/425bdbd3-91cf-4e9f-9498-7a06b3ad75ec/?test=1"; http_uri; nocase; content:"28ecne20f9u.securetnet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003956; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/3rdst/8-login-form/"; http_uri; nocase; content:"3rdstreetmarket.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003957; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/openpc/directlogin.do"; http_uri; nocase; content:"a-q-f.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003958; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dhhh?trackingid=gnevs68e&signature=newsletter"; http_uri; nocase; content:"abre.ai"; content:"Host"; http_header; classtype:attempted-recon; sid:200003959; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dmjg"; http_uri; nocase; content:"abre.ai"; content:"Host"; http_header; classtype:attempted-recon; sid:200003960; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?passive=1209600&continue=https://sites.google.com/view/viewbill-bt-1/bt&followup=https://sites.google.com/view/viewbill-bt-1/bt"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003961; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/1lordman1man3/oscman2.html&followup=https://storage.cloud.google.com/1lordman1man3/oscman2.html"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003962; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/appspotv450i7r8h9vf9y6yt8uiuft58f7uf5yye36u0jtyf78uuyfyy/index.html&followup=https://storage.cloud.google.com/appspotv450i7r8h9vf9y6yt8uiuft58f7uf5yye36u0jtyf78uuyfyy/index.html"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003963; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/employt44to49cclrlolcrl94lnlxo.appspot.com/index.html&followup=https://storage.cloud.google.com/employt44to49cclrlolcrl94lnlxo.appspot.com/index.html"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003964; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/maintainancecomponeta.appspot.com/mineindex.html&followup=https://storage.cloud.google.com/maintainancecomponeta.appspot.com/mineindex.html"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003965; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/officpcpspbcncuser.appspot.com/index.htm&followup=https://storage.cloud.google.com/officpcpspbcncuser.appspot.com/index.htm"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003966; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/poopnoomprops-oo987700ok/newrbindex.html&followup=https://storage.cloud.google.com/poopnoomprops-oo987700ok/newrbindex.html"; http_uri; nocase; content:"accounts.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003967; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?page_id=758"; http_uri; nocase; content:"activartransferenciainternacional.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003968; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/en/bellcocreditunion/"; http_uri; nocase; content:"admin.fifoundry.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200003969; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2005/03/colourful-life-of-aij.html"; http_uri; nocase; content:"aijcs.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003970; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ion"; http_uri; nocase; content:"alconexport.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003971; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ion/"; http_uri; nocase; content:"alconexport.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003972; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/venus_gardose_talke_com/_layouts/15/wopiframe.aspx?guestaccesstoken=8extkunxrkqozifs2sycqmk4ox0ntao7cizsavm5mjc=&amp\;docid=1_14abcf62971634e6b8387df30ef7d978b&amp\;wdformid={83a6cfc0-5689-4aa4-ab13-96952b8999ba}&amp\;action=formsubmit"; http_uri; nocase; content:"alfredtalkelogisticservices-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003973; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/wp-content/themes/10/"; http_uri; nocase; content:"alinachopra.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003974; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/our/ourtime/ourtime.html"; http_uri; nocase; content:"ambrosecourt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003975; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/faxwxagm72247832mhwuk7224783272247832/index.html?961961d961"; http_uri; nocase; content:"ams3.digitaloceanspaces.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003976; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/njk/25_40_24_5e_40_26_40_26_28_29_23_23_5e_23_24_26_5e_25_26_40_5e_28_23_26.html"; http_uri; nocase; content:"ams3.digitaloceanspaces.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003977; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jps/webmail_reset.htm"; http_uri; nocase; content:"anekaslot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003978; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/"; http_uri; nocase; content:"api-freewallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003979; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/oexchange/0.8/wrap/opengraph?url=ahr0chm6ly93zxetnmrlodiud2vilmfwcc8znzg1mje5lze1lziwmjfjdw5plmn6nto1nibbttu6ntygqu13zwjtyxn0zxi5lze1lziwmjeznzg1mjfjdw5plmn6nto1nibbttu6ntygqu13zwjtyxn0zxiznzg1mje5lze1lziwmjfjdw5plmn6nto1nibbttu6ntygqu0znzg1mjf3zwjtyxn0zxi5lze1lziwmjfjdw5plmn6nto1nibbttm3oduymtu6ntygqu13zwjtyxn0zxiznzg1mjejd2vibwfzdgvyqgn1bmkuy3o="; http_uri; nocase; content:"api.addthis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003980; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/b9fu9axf9rcv7bhjp80fpcm8zna5wcwi"; http_uri; nocase; content:"app.box.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003981; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/x6agocx9zvj049azirk4aw3xrqdedqhl"; http_uri; nocase; content:"app.box.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003982; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/ymr0ltw3hmn8icxebz16gjhcyhqa49w4"; http_uri; nocase; content:"app.box.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003983; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/public/form/mnzdivok"; http_uri; nocase; content:"app.pipefy.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003984; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/public/form/xlfe4rw2"; http_uri; nocase; content:"app.pipefy.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003985; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/cmxgsj"; http_uri; nocase; content:"app.simplenote.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003986; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/publish/xhrdvc"; http_uri; nocase; content:"app.simplenote.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003987; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/6dfhh1yrol"; http_uri; nocase; content:"appurl.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003988; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/lsmho6dyl-"; http_uri; nocase; content:"appurl.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003989; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wywajnlbtl"; http_uri; nocase; content:"appurl.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200003990; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/at&t/"; http_uri; nocase; content:"att-yahoo.meculinkvolt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003991; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"azeioaz.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003992; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/index.html"; http_uri; nocase; content:"baovesusonglcxt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003993; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/listeners/ae/n-nv6588123/ae/ae/verify/sms.php"; http_uri; nocase; content:"bardaiconnect.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003994; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"baritasonte.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003995; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/_layouts/15/wopiframe.aspx?guestaccesstoken=d96ydzq8vuilprdurtucov60qbtyz20222a95vav4da%3d&docid=1_1f81a6ca97d114a5f8e9829362518b16d&wdformid=%7b11b3b6fc%2d6e67%2d434d%2da029%2d3afe98d81a11%7d&action=formsubmit"; http_uri; nocase; content:"bdsfa.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003996; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/_layouts/15/wopiframe.aspx?guestaccesstoken=d96ydzq8vuilprdurtucov60qbtyz20222a95vav4da%3d&docid=1_1f81a6ca97d114a5f8e9829362518b16d&wdformid=%7b11b3b6fc%2d6e67%2d434d%2da029%2d3afe98d81a11%7d&action=formsubmit&cid=57d50783-8fd3-4515-8ab3-24c639533fdf"; http_uri; nocase; content:"bdsfa.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003997; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mp/china/index.php?login=sindy.zhu@swift.com"; http_uri; nocase; content:"bendmytrend.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200003998; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fr3kf"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200003999; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/frxsz"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200004000; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fs7cb"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200004001; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fs8cx"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200004002; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fsf6l"; http_uri; nocase; content:"bit.do"; content:"Host"; http_header; classtype:attempted-recon; sid:200004003; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3ijwsm2"; http_uri; nocase; content:"bit.ly."; content:"Host"; http_header; classtype:attempted-recon; sid:200004004; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2iz03nf"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004005; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2kduy2u"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004006; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2nog4ow?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004007; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2nwrbgj"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004008; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2oq6dhz"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004009; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2p28z0h"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004010; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2q7fcpg"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004011; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2uwvcnh"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004012; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2vuwbzk"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004013; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2wqlrea"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004014; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2zaee65"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004015; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2zejaht"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004016; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2zomh31?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004017; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/30ceyfq"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004018; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/30dwddq"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004019; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/30vy89r"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004020; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/319qtui"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004021; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/31cwtqd?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004022; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/31d3mp6?facebook_service"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004023; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/31xebzq"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004024; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/32xotak?l=www.bancoripley.cl"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004025; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/33ipjf7"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004026; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/33pcwtj"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004027; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/34mhgdg"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004028; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/37r8zo3"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004029; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/38xmo4d"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004030; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/392hszz"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004031; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3aetm80"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004032; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3afo6kx"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004033; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3an4lcn"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004034; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3aqvwmn"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004035; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3bdkpfx?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004036; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3bmjhx1?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004037; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3bq4stv?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004038; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3bsgkin"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004039; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3bvwofv?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004040; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3c7nozm"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004041; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3ca8owp?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004042; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3cahvv5help-center-notice-comunity"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004043; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3clopj4"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004044; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3cpqerq"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004045; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3cvl6ir"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004046; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3czqfzo?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004047; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3d7ezub?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004048; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3dj0r1p"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004049; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3dky0ds?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004050; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3e3wjwp"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004051; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3eeiwqv"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004052; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3ego3xw?redirect=system"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004053; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3eoqvcn"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004054; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3eptccr"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004055; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3exbeuu?i=www.bancoripley.cl"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004056; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3fb9f8f"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004057; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3fd8key"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004058; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3fk3blu"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004059; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3fmvby5?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004060; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3fyg9rf"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004061; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3guiinq?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004062; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3gxztog"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004063; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3gyfnlm?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004064; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3hvucnu"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004065; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3hwhrlr"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004066; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3i8tjul"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004067; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jow35g?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004068; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jqfusj?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004069; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jqmbfu"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004070; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jsnadf?i=www.bancoripley.cl"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004071; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jvodhm?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004072; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jxszq1?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004073; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3k2aaqc?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004074; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3kdifqr"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004075; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3kueruz"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004076; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3kxfgbu"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004077; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3l4jpqg?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004078; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3ldovbh"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004079; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3lgmoqh"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004080; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3mgij5v"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004081; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3mkihc9"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004082; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3mrtcap"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004083; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3mryk6q"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004084; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3mvat1h?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004085; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3mwnmia?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004086; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3nddkta"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004087; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3nkpgzq"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004088; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3nvr2mn"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004089; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3phrfct"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004090; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3pqid6z?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004091; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3qc8jtv"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004092; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3qplrme"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004093; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3r49apq?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004094; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3r8xxmg?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004095; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3rd3dgx"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004096; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3reovvv"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004097; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3rkzqb5"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004098; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3rucafb?confirmations"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004099; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3s7gmhf"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004100; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3sdxkuf"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004101; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3tkk6kn"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004102; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3tks2um"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004103; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3tzc89x"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004104; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3vtbyq5"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004105; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3vyh0x9"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004106; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3w8ru6g?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004107; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3wb6m3i"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004108; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3xhfy9m?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004109; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3xkuef1?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004110; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3xrdvez?facebook_update"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004111; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3yatzv9?confirmation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004112; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3zbrsmk?|=www.bancoripley.cl"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004113; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3zv9bif"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004114; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bancamps-web"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004115; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/click-confirm"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004116; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/coinspot-claim-bonus"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004117; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/community-details"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004118; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/confirm-click"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004119; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/edoardopolaccoufficiale"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004120; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/i-13orange"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004121; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/i-14orange"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004122; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/id-lockpages"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004123; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/id-locksystem"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004124; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/info-details-notification"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004125; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ip13-orange"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004126; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ip14-orange"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004127; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/lrs-gov1"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004128; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/main-pages"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004129; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mr-pin"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004130; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/orange-id13"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004131; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/orange-id2"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004132; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/orange-id3"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004133; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/orange-id4"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004134; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page-infromation"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004135; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pandemicreliefpackage"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004136; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/policy-pages"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004137; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/portale-mps-attivazione"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004138; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/recoveryform"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004139; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/verifikasipemblokiran_id"; http_uri; nocase; content:"bit.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004140; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/#/"; http_uri; nocase; content:"bitflyertt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004141; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2p3bbbs"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004142; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3aolo2y"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004143; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3bqoevf"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004144; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3g1epw3"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004145; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3jrtmmu"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004146; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3koilft"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004147; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3xmjxs4"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004148; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/taxirsxcy"; http_uri; nocase; content:"bitly.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004149; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nlwp"; http_uri; nocase; content:"bitly.ws"; content:"Host"; http_header; classtype:attempted-recon; sid:200004150; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/en/wallets/"; http_uri; nocase; content:"bitwayconnect.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004151; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/accounts_blackbearcc_co_uk/_layouts/15/onedrive.aspx?id=%2fpersonal%2faccounts%5fblackbearcc%5fco%5fuk%2fdocuments%2fngb%20urgente%20substanti%c3%able%20update%20%5f%20voorstel%2epdf&amp\;parent=%2fpersonal%2faccounts%5fblackbearcc%5fco%5fuk%2fdocuments&amp\;originalpath=ahr0chm6ly9ibgfja2jlyxjjy2nvdwstbxkuc2hhcmvwb2ludc5jb20vomi6l2cvcgvyc29uywwvywnjb3vudhnfymxhy2tizwfyy2nfy29fdwsvrve5as01b19mukjbcutzeunhv3eznw9ccfbtmze3b2fsrnrgnhpzuenbvlfiqt9ydgltzt1tqjzyquroodjvzw"; http_uri; nocase; content:"blackbearcccouk-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004152; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/sella/info.html"; http_uri; nocase; content:"bluehorse.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200004153; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/012dsd_fiestamart_com/_layouts/15/wopiframe.aspx?guestaccesstoken=t3v5ldmmhrtlw5cyiohlp9z4yo7ufnrop9j1plyfdkm%3d&docid=1_1d89d259f7e704301aca26ac4dbabaa8d&wdformid=%7bfeb771e5%2d93ee%2d4015%2d8e87%2dd1c30d0f406a%7d&action=formsubmit&cid=f609fe16-56c4-4e2b-a964-75e250d31c99"; http_uri; nocase; content:"bodegalatinacorp-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004154; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nlozan9lgoapq"; http_uri; nocase; content:"bom.to"; content:"Host"; http_header; classtype:attempted-recon; sid:200004155; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?aplicar"; http_uri; nocase; content:"bonomequedoencasa.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004156; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s9x"; http_uri; nocase; content:"bpl.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004157; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2r9pyocy"; http_uri; nocase; content:"bre.is"; content:"Host"; http_header; classtype:attempted-recon; sid:200004158; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/7fde14dcc130f933dfa5c0283d776eb9/?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004159; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/c0e9ccedb57ca77a45d83f9bde98224b/?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004160; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/c0e9ccedb57ca77a45d83f9bde98224b?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004161; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/c4957ef2c1f1801d0506e35cc3b5a6a8/?user=3d{{email}}&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004162; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/c4957ef2c1f1801d0506e35cc3b5a6a8?user=3d{{email}}&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004163; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/d190a3ceefc52c12869c2bee7b9ed710/?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004164; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/d190a3ceefc52c12869c2bee7b9ed710?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004165; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/content/fcc3a33269bb5f281754c49ab86c3d4e/?user=3d{{email}}&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; http_uri; nocase; content:"capstroyinvest.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004166; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/files/1/0533/5367/6992/t/3/assets/home.html"; http_uri; nocase; content:"cdn.shopify.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004167; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/index.php?option=com_content&view=article&id=67"; http_uri; nocase; content:"centromedicoviladomat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004168; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/02/blog-post_12.html"; http_uri; nocase; content:"chronopostvalidation.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004169; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/proxy/rdh-rjsrv9zzrx57iscgov74o1gka4qjdfj01qr7v8-pkjgyvn50tivt7pzqgm5kuqdmonqle3f8eq_t8f4xl6jdozabmf2lxy-888ai8hdji633rg"; http_uri; nocase; content:"ci3.googleusercontent.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004170; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/proxy/djc3ckf7jcnj8l0duyaqyjwffeskzbccy9spjiauj_jwrplgw0ahyaf1xozvm6n_fjn8q1-2vkhqqujjr1en3qej703lyxxujt6tto-ttwsl6hgsggp3ehcc"; http_uri; nocase; content:"ci4.googleusercontent.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004171; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/proxy/zjba9cvtmkfnoveyofx6gqong0kqi3s69d9o2y32fmu_gankb59tj-rb79bolx0bwbsemnonfhh2esy9olfdp-20gybztkzstfhfheqrrjuefxwiwkqws29wxm6tdobikwz-qkzfphpaldfr"; http_uri; nocase; content:"ci4.googleusercontent.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004172; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/eric_cimsltd_com/_layouts/15/wopiframe.aspx?guestaccesstoken=wnhqsp58ikn1qzzozpe2oiw%2fmizdr53wegdbyscml7y%3d&amp\;docid=1_1207bcf2f71094b5cb97dcb5bea3e1a3a&amp\;wdformid=%7bd98de46a%2d2777%2d417f%2dbbcf%2d5f08c8244727%7d&amp\;action=formsubmit"; http_uri; nocase; content:"cimslp-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004173; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yc8bd&post=665308711_37&cc_key"; http_uri; nocase; content:"clck.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200004174; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yzuft&post=665308711_32&cc_key"; http_uri; nocase; content:"clck.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200004175; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/icp/relay.php?r=57372110&amp\;msgid=807563&amp\;act=af7a&amp\;c=1365247&amp\;destination=https://www.linkedin.com/&amp\;cf=17638&amp\;v=6023ca6bc5e4f8b8568ed04ff6a646a7d7757336e750d772ecc1cb2b3b6063b4"; http_uri; nocase; content:"click.icptrack.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004176; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?qs=6541641088c869552ced792d84ee93eabf075e23cd5eba83a7d07a40ad9cf2ce36c931984719b9df7de658999defbc87f999ec46970a0280"; http_uri; nocase; content:"click.message.fruit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004177; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/#moreinfo@widomaker.com"; http_uri; nocase; content:"cloud-dot-chaser-331005.uk.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004178; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/paste/c4tl1sfout2tbkhn5810/raw"; http_uri; nocase; content:"codepasta.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200004179; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/#investor-relations@cyient.com"; http_uri; nocase; content:"cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev"; content:"Host"; http_header; classtype:attempted-recon; sid:200004180; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?!=%25_col_email%20address_%25"; http_uri; nocase; content:"community-die.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004181; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:b:/g/personal/infonoreply_communitychurch_tv/eburrky2tklimiiiqf0ia5kbbhkaxaypf06-08wf9wjebq?e=w5jmrb"; http_uri; nocase; content:"communitychurch-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004182; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/discounts_services/writing/loginform2d0e.php"; http_uri; nocase; content:"confabint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004183; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/it/userbcc/indexx.html"; http_uri; nocase; content:"consultorioveterinario7colinas.pt"; content:"Host"; http_header; classtype:attempted-recon; sid:200004184; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/crop/cm"; http_uri; nocase; content:"createchsoft.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004185; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004186; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?.rand=13inboxlight.aspx?n=1774256418"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004187; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?.rand=13inboxlight.aspx?n=1774256418&amp\;email=jackdavis@eureliosollutions.com&amp\;fid=1&amp\;fid=4&amp\;rand=13inboxlightaspxn.1774256418"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004188; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004189; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004190; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;amp"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004191; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;amp\;ampopensource:observable-35835700-0d08-4c25-a188-b8312ba00a941067515"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004192; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;ampopensource:observable-35835700-0d08-4c25-a188-b8312ba00a941067515"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004193; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;fid.4.1252899642&amp\;fid=1&amp\;fav.1&amp\;rand.13inboxlight.aspxn.1774256418&amp\;fid.1252899642&amp\;fid.1&amp\;fav.1&amp\;email=&amp\;.rand=13inboxlight.aspx?n=1774256418&amp\;fid=4"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004194; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;fid.4.1252899642&amp\;fid=4&amp\;fav.1&amp\;rand.13inboxlight.aspxn.1774256418&amp\;fid.1252899642&amp\;fid.1&amp\;email=jsmith@imaphost.com&amp\;.rand=13inboxlight.aspx?n=1774256418"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004195; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13inboxlight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=jackdavis@eureliosollutions.com&.rand=13inboxlight.aspx?n=1774256418&fid=4"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004196; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/acct?email=jackdavis@eureliosollutions.com"; http_uri; nocase; content:"creativecombat.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004197; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/images/verify/update/y.html"; http_uri; nocase; content:"creativeingredient.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004198; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2011/02/habbo-crediti-gratis-sicuro-100.html"; http_uri; nocase; content:"creditiperhabbogratissicuro100.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004199; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"cusstomerservicee.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004200; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/91eb6b959cd1249d6877/"; http_uri; nocase; content:"custream.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004201; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2isbc3k"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004202; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3yqokjg"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004203; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3yy01ci"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004204; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/4ypfq09"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004205; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/5yhe1qn"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004206; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/7yqfwsn"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004207; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/aynunsk"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004208; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ayw5mev"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004209; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bundu4e?id/help/pages?ref=cr"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004210; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/byqp8mx"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004211; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/claiminc"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004212; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ctmlfil"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004213; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/cyni5cc"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004214; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/cyqucr4"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004215; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dkvkq49/"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004216; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/gyqdc7m"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004217; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ingdirect-es"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004218; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/irsgov"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004219; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/iyn1owx"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004220; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/kiiataa"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004221; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mynrk6q"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004222; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ny0rjd4"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004223; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nynglzu"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004224; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nyxbpmv"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004225; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/oyqykkh"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004226; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ptl7kd8"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004227; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/py2rr2z"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004228; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pyqptqe"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004229; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pywuwcj"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004230; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/qyc4svc"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004231; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/qymd2vc"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004232; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/rykpt4j"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004233; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ryzqc5o"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004234; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/tyq6jn2"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004235; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uybigpf"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004236; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uydktcc"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004237; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uyqji5z"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004238; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uyx0po9"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004239; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wyc154r"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004240; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/xynjuem"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004241; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ytv0uzv"; http_uri; nocase; content:"cutt.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004242; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/oglp"; http_uri; nocase; content:"cy.tc"; content:"Host"; http_header; classtype:attempted-recon; sid:200004243; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/#?act=cl&pid=34515_md&uid=1&vid=25&ofid=1615&lid=126&cid=17171"; http_uri; nocase; content:"d854c624d7.gesundheitundschonheit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004244; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/online/showdocument?documentid=1fce937a-ba39-4053-a83a-f07711ad8efd&invitationid=82f3e840-cd11-4da4-8579-304bd7e930b0"; http_uri; nocase; content:"digisigner.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004245; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vszcwxk6nifthkg32wjxfjgq9yc-jjujkbsumqeeau8uw7xkcutyp0tbgux2mvwu8iqfrxxlunajob8/pub"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004246; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vt_xl-m0ff8yqqhzhgseahgwejo0znh9re6w0qvgbe0qfe084hrebjjg673htphdnvbcdnq6agehncq/pub?mobilelogin"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004247; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vth3iya0ov7p49rk9ejozgqnueuk8fna2mky389hertlwx4mnoyhl1mlhnwbz8sxnsqtk8i5uysmq68/pub?embedded=true"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004248; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vts9czxqycsgi-quifs7m1mqjzmlcjlccnhw3dsahdss5ymnpy6y0vsgwvf3piu6js22ydjyew1oyo_/pub?embedded=true"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004249; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/12467akksjbdxtns1aefg-fo9hlxamtxynf5brvbz5tc/viewform?edit_requested=true"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004250; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/1fpyjsolbptidxpf23lqom1jghfw7qrvbbbfxxi82pzg/viewform?edit_requested=true"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004251; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsc-xysogohjsbzmcnoded8ooar2gz1c5zxobgk8envh3jbpow/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004252; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsc0yyqlieizg0nzouznvhsjfags1h9qi5hpdw3qlgbivm501q/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004253; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsc4bagzjzmstbnjhy7zpy5zsx-xrn7reoouolv54luk5tihha/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004254; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsc8uc5aztlek3s6dqtk1etorhez5m2yvubyw5qmfkpisrelcq/viewform?usp=pp_url"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004255; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsc_enqwhhv1jnvzy55mb4ghvjd4wcz9plnolh2eoitk7qgbra/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004256; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsc_f0pxmnwzrtbck6u06fdzocmhgzvjzlc8cu7c9b456fhccq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004257; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscaoiohhbm7suyz9ol9o9ueunbxn6donxrfjge2cevdw_8jmw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004258; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscc30j0zmjvz0ct-wi59yhnz9gimpj3snofe5vkbovmeykomg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004259; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscc98m5fw4ifog0zeiuquxitizmisrgsdvyxvtxsppunpkwzq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004260; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscclmqirehqtkm3vl4u9gm2zv6xfvrddbrgke9fmsfujqbboq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004261; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscd8t8sjgxqrsa6dq5kjpmrpsxkvi4bl38sfdu7wa3sl32elg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004262; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscda1to5ru4sjeeujg3ki2bimklprvsec6u43kpvhbfyhrldw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004263; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscda1to5ru4sjeeujg3ki2bimklprvsec6u43kpvhbfyhrldw/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004264; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscdct8mue2qq3syjr4tnntol30jfdk8vwpco6yjh7dxnq5nyg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004265; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscdct8mue2qq3syjr4tnntol30jfdk8vwpco6yjh7dxnq5nyg/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004266; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscdkcb2saiqfhtrh2inewegl56-jrv0e_ncfubvdmdprxpzfq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004267; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscdkcb2saiqfhtrh2inewegl56-jrv0e_ncfubvdmdprxpzfq/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004268; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsceoxsfawdsbd2r-jk2sppywnv1bchzjjcw2xkcj7oqkwqriw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004269; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscf9u8nrld-zvu6clr4jcwnw0buqrykdldtzoullbxy8kc1ta/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004270; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscfh2njwrve6_rkxxy1yz83keoeekd4maqcnd-ivq7rkg0uca/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004271; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscfmdl3il-2rcplfeq-12jtre1mwsgbnmh2nhoj9xoflmplew/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004272; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscirilop6_iti0zvvrlsbk8zfaeo-f10otlhj9k5liyervk4g/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004273; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscjtat4fmstlxz3hbfkg4qyi-epfdmun7_avcqwvgscoydytw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004274; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscjvnhykksssaw-kycyrl6ywg_r3fdjuyqhk2mrmxcpgwfxoa/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004275; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscmzyecgbuuccfs_5e5axn9hpruzskqmvseedm0xz1qrqb5vg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004276; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscn6xxq_xvtivggy_4rkibou1i27e0kpiimikafpaavki1vsq/viewform?usp=send_form&usp=embed_facebook"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004277; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscphvypdecdasu-iqnvt4bvkiu5g1fioskjyfi9gk2z69cemq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004278; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscqbbsvkpxnasqgeazpzwxp1ln7qzdurt-nqn4azqa7q14euw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004279; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscrgopduxv2yg9memppi-dzfii70kq8hr8pi5zn9o_5amr3xa/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004280; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscrmsgjymaojts0bfneswvnfekiw6zya5rzyqoa1ydp5wkcrw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004281; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscuttypbph1iazuis8aa6xvrlmagwglmdcrrg8g2oymskvbva/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004282; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscuzwqncl3qs7cwfb7jlimpdueycxy0mv6zknp0uubdbkcu3w/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004283; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscvp9muuu33wgba4h5kugaleeh0onrqzug-b6n5aj5werrmaw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004284; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscvqmhqgwbubzxdynzgvlbmmziyagdiadz2eyhc-s-ro8ndfq/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004285; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscxgbsqs0_gphf4vziykyu_g5rgytw2s9fir3lyfar7kaixew/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004286; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscxgbsqs0_gphf4vziykyu_g5rgytw2s9fir3lyfar7kaixew/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004287; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlscz4uf8dtvwhgxggkzsbbhjcgu9npgc6agxpy5o2fwpo6tv5q/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004288; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsczp3nbsyvoj5-wf-7k4xshjczyxvdc-lc679urtbl_k-9x8q/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004289; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd1x00gqusaavdvp5ualsrctsjb80y9oy7yln6wwani40srpw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004290; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd1x00gqusaavdvp5ualsrctsjb80y9oy7yln6wwani40srpw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004291; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd3x6brnru3toiionptordwmc4zorxcky1ebpmeg6bb4jfuca/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004292; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd7jgegqudsjg7blscqgfvdftyvlno6xreg6wjuxl0hnfbwtw/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;gxids=7628"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004293; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd8_xzmknrntxwpeg8bvmvbbzmjsfgejo-vngsmyjx1dnidsg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004294; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd8vkw5fxeroe_pxa7n5cdfpukhahbg_7k7sg0iuosh_xsyoa/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004295; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd9poeb_wmgffgg8taw4z_np0kdbo32gr35k1zxizj7lcdela/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004296; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsd_c4wpt0zzouwt5lr9p5kn5cylz3ananv1hlix6u_h36w1rg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004297; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsda4flfi-1_gvwqnbb1dcxz_mb5omo9t2oc-vslzfgh6avrag/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004298; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdbgprbyowwcugqslasnoo-sbqcrgi6ppycsytvsw2_dwfeug/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004299; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdce9c1bqexlzlu9rojtuwtaatyeeshywbkmuiobrw_a-_mga/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004300; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdce9c1bqexlzlu9rojtuwtaatyeeshywbkmuiobrw_a-_mga/viewform?usp=pp_url"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004301; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdcznggxnwia2ct8kmxid1tdqhgerhnmixukxuj7nmq1lqsma/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004302; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdfarxg-0eurkyimsg-ukgl4mbtgvwfhe1wzbdxmb7oaosnyg/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004303; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdfyxb1kjjvkaiwbbpbgr0dfaq1xx2ehhzbxnt3adndssy1yw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004304; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdfyxb1kjjvkaiwbbpbgr0dfaq1xx2ehhzbxnt3adndssy1yw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004305; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdgxybkn7btnmkuuyyoe0rlbw8kmdgbwejv6l52fjbm9vledg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004306; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdinjm_qvdbv3roybqi073rm1pujmrrs7lid7c3qk-4xwweew/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004307; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdlwgxgjcqz_53lnvyfaiibnkptndldhs4vd0c__6lufv81zq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004308; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdmsww4edj2yofwdenmvl3uvyibigishgajtsfa7chvcan0wg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004309; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdmsww4edj2yofwdenmvl3uvyibigishgajtsfa7chvcan0wg/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004310; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdnngh7an2vfxw1k7cotxcb24wwne2qcm3j5deelwsn676z2q/viewform?usp=pp_url"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004311; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdpetadtoy4qkid3frxtq_jkthudhyvm17bkmb8iqonismzvw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004312; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdvo-nueiprck-o5gw7-bnmsz9jvwlyspeqfhfr2g2osbsrba/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004313; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdvwkczn_rxvn1522z1mcojbs40ymrctyizpyuv72_0wbypgq/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004314; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdwbz5hapgqojwjyndeeyjxamg0wnaj3kolh3fb6xf4c-fxjw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004315; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdwbz5hapgqojwjyndeeyjxamg0wnaj3kolh3fb6xf4c-fxjw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004316; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdxm-rwnv41p3wdcbtetukrctoakvuoe1h_uy8jgnxy7kldza/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004317; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdy1071rbhheyidjzo6fw5busqot5eunllw_thawo6udamfaq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004318; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdybqflfptobqslhflytic3g936bnojaljztk6ct1d5mjvnnw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004319; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdyygc4-s_a1dcdvcf9z9n1yhvz2dnehdr2aij-bcetxe2csg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004320; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsdzrubbm3nrqdzjs6q7phutjgmn-dm8zquphjg9ge31q7bdhg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004321; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlse3-zgmg83lctfks0egmambwonybkscrvxix--n1azwngkphg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004322; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlse5htthgifmniezokiypnjjhanvkvlehsrk9esgcpoauqutiw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004323; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlse8ds15kxxdcrhfspcfrbvy6sbdhp0e4540zzmhhvzouewvka/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004324; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlse_mo9pzgdahzdgz0wctr7lm0cqm_zwos8ljc4cqgtvnqfmfq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004325; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseaoj1gseoc72inocx9jofb1nqgqm81_firdsookdvnd4fz3q/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004326; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsebpakzyvtprhygwe23jlsdieyoca0jtiyy-f68nqwofparww/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004327; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsebyedalhc7exqq5fljf8x1akbwz0h8l8ojbx5nx3go7bh3sa/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004328; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsebyedalhc7exqq5fljf8x1akbwz0h8l8ojbx5nx3go7bh3sa/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004329; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseck8-g3um70ihw-ajfait5whcec3qdowobizswz8_-et_jkq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004330; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsed7ckwpjf0hndj7zb3qtjmirtkv6pwcrmhplptuczapfmdew/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004331; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseerl98zqhhsjdo_vwhfzft3njmrw-es6isa689uqc2opalkg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004332; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsefdjhvlb8j4f16k5uewfckrm6sxun7mb8kmt6hnsw4twzb1a/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004333; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsefv5nkokmsxbkw84jsid2gwxxq8hhcvvajj-hjwl43irewza/viewform?vc=0&amp\;c=0&amp\;w=1"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004334; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseggxi9u9oxdijtvvfpdkom7-bau-dstzgnovfyndrhxtk_ew/viewform?fbzx=450838898210045776"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004335; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseht4cdltkad8967jjarcb5nafonbaw3dtpynth9mdk94hf-q/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004336; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseirld9oyigwxmec2bc-ax4yd-m-rhezlne00aminsjf0uteq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004337; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseja63wnjv6158neslzqwlnlui4yluhb0nlou-vx0ehpwkexg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004338; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsejavlqdkikylynqlg6p7kyfu4qnlyy31opnfttucuhgmek4a/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004339; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsekx9ewwwdcej4qewpnqgzq3bzhqogrop2ui9vxaeswphzyvq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004340; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsemwyrvcln1ql8uxd0dsiswveuehikz5hwalfeni7jjfaefmg/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004341; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseoz9zpmm0c0fjksklv-p1hsrwsuybmj6bvbd_fkewzzcv_ea/viewform?usp=pp_url"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004342; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsepe4jevfm3mjc-vndxuq_9wjpc7afrjadkxvp8czawh27cqg/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004343; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseq5h3-5stw3bwnpoi6g-gfwcgej7q82incdm01dd1lf182iq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004344; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseqdx2wgybdxlhascsuopq1xqsmwrxjf4erl_cpmvtt96dq_g/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004345; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlser-b6q--nvif2fj7nbn88dh8lj-s2yfbgjyuygwsacbhm6lw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004346; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsesuqyiwovf64ujl8ewzqpw-vq7_ljhh96vouros2rqn1vunw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004347; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseszgantjzuxgteg0dsiizzmadcwjbjqcsri5nidod2rd2_lg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004348; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlset42bzecl3yrdnnffv6f7kecxpd1sy4rbh3h3govwg1k1z1w/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004349; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlseumxp-wga1x873upqxmi_hx8nbbllh12zzmxia1xuqp2mgbq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004350; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsevpkt1byhl-oqjptw8wbecnm7-iqnax-mz8zd-mxp0fol3jg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004351; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsewr7-ksdpydhc1tv8tkcxrlad8zrf3q_uqt-rj9a_fmmzxya/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004352; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsewr7-ksdpydhc1tv8tkcxrlad8zrf3q_uqt-rj9a_fmmzxya/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004353; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsewymtg0_yxlw9-prz205ldklpt1q0_aklvlput4ndg_coetq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004354; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsf-exsf9vm0rleksdp46wa2dfca3dhphayf4tl4rktjvmgguw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004355; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsf32hx6ujsi_gqji38udpamxxxnhyrx8qhmqcqnteinj_0cmg/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004356; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsf43dgkrjoe0kbhyqzxvaswkmbstzlu6x-40xi-sxxgfevhww/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004357; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsf9wlt_kxvre3b2hhpi0hcx4zia83c9bbkabo4w15nfekvwuw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004358; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfacaqo8c7hsu7mr6zkbsfulv8m710ke2qna_7tyusomgmtjw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004359; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfacaqo8c7hsu7mr6zkbsfulv8m710ke2qna_7tyusomgmtjw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004360; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfanborkr2ivrhpsjdnvnb-jktwkjbuub3wnsxb-md7haddsq/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004361; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfbu-bfa-om2nk21gbc1gbbeoy4veybh7qcrj8jw7nwthmh_w/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004362; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfeoy_w3jwkkz8psgsw4nrja9tmg2lx0x0nvtmv38k0hjzzmq/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004363; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfgrkvxsp4vv3h2jpge8n2rwi_acvt3o91y4av8-nbjpc0xxw/viewform?c=0&amp\;w=1"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004364; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfhzli805cycnlai887dfo6ra8bwbwjbc8uehmv5amiaqdbyq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004365; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfjpx-sxpejnp_q2fmfu0jy8oqoesrx9wbrqplcychw9luupa/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004366; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfjsgjhbjke-mlmni8cfg1tacz-hdpvmy5j2br9upjr1f7nda/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004367; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfjsgjhbjke-mlmni8cfg1tacz-hdpvmy5j2br9upjr1f7nda/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004368; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfk9fn6xlhju27dzlzxp6nzvjlaqbtzb3uf20uakw6ddguvnw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004369; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfk9fn6xlhju27dzlzxp6nzvjlaqbtzb3uf20uakw6ddguvnw/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004370; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfk9hpkld9-qwaxs8b0cpslaw2-oomu6bcwpxkmp-fo8kr3ew/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004371; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfksirdejkit-tdeiwrnkf00ygsqdsqth0hmwydiqdik10tna/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004372; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfnjyzbmw-pd1byw4b4opoksx2cealounsnhg5fjc3fk1qocq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004373; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfnlsbejsiacubkj2geltmn7slefoweeczuagp3jfmfkijg4a/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004374; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsforgq2zksc0soenei1m7xcow9surjrynoh6ppsku6_kxvdpw/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004375; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfp1eukgsktriyraz2csynqwfwtv6ehlnbszu69dbxz9lirtq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004376; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfp1eukgsktriyraz2csynqwfwtv6ehlnbszu69dbxz9lirtq/viewform?usp=send_form"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004377; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfpvmlfha5uwdz_4bnvq19l2mctpltose6aszym6w9ls0hxza/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004378; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfqpqpbuxrrc0ubvtbrr86nxa4pt68zft0bm_2ufdvt1tzvuw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004379; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfrzt6zpkhgtvzqutkypqtjffxaucn3evqpf6ytbqug3t41yw/viewform?usp=pp_urlorganization"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004380; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfsia_g4fb5yg_cu8fjuxcndbgqz1setzfedm0cw0eaonb57g/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004381; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsftriyys-rvphnbmh6v6lyimxjy3rpog8xvtb3v1agqhawiva/viewform?usp=sf_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004382; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfuzr1yx2exrzt3ysxszgcawjpp45t9gz3nqtkvhfqslxw_ig/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004383; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfvgwgijgampx2qfseard_pb2bcyonllojnjhrv9qxb8vpeva/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004384; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfvgwgijgampx2qfseard_pb2bcyonllojnjhrv9qxb8vpeva/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004385; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfvhavjlgw4__-x0qdg5tbot5uo9vkn4csn8mx3lpvkdah8ag/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004386; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfwbcfrxuktidm2ctjalngebxbx4k_dijxbekg2y-naausaqw/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004387; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfwdsuczwrih_wnciwh_qjpg1v5p-qk8zyjjoccpbhmyeygrq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004388; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfygwrauuzg0kcnd6w_s42qneyhqpha0zs1rift0akntmlugq/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004389; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/d/e/1faipqlsfzhyjvw1nn6bvqhbwmd3rcrm6gukuzir5u9tmsszmcrr8nyw/viewform"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004390; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/presentation/d/e/2pacx-1vrp2k-b45tcwcadgwzkulyaqrs1f9vfjs3y19o6fs_7p34ymzwuascr7lkuijhc83-o6fmsbbvehcf2/pub?start=false&amp\;loop=false&amp\;delayms=3000&amp\;slide=id.p"; http_uri; nocase; content:"docs.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004391; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/19zpw90jgon3j5merxi1pauvkjdmx8nfq/edit"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004392; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1bcdyitw2vo5jp6yrbdmiy8cfrkcf4tby/view?usp=drive_web"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004393; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1c5o9_y8_octsepwyojfarn1k-kj4d9fe"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004394; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1cppgzjnodnftsks_w82um_b_ctgzn-ah/edit"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004395; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1fdgs5g6fqqkudcl2meym63ua3yu0o-tb/view?usp=drive_web"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004396; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1fsvmjkcq7ennrsfdufkcxshfhnda_fui/view"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004397; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1ginbnlpvt7kpfnog9a68fqmn7k3aivui"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004398; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1hdvx7j89h5l7yz39idgzhqji93jnkl_c/view"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004399; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1jixb69t_nw9tmkhvfrejkfzof3d-ijet/view"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004400; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1jvfh6wq9ea9kxr1shhwbh3pecflqzppc/edit"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004401; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1mg5asnyoeet7qsg2n0d_2paxc3j7wx3k/edit"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004402; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1qf58h-1lunq1pubplwdhwd3uooj_vjxa/view"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004403; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1robiosanbh8doqa7yuiewn3akz4094ho/edit"; http_uri; nocase; content:"drive.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004404; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/alldomain/domain/dmain/index.php?i=i&amp\;0=abuse@optusnet.com.au"; http_uri; nocase; content:"ecomcrew.staging.wpengine.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004405; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/angela_ure_ecusltd_co_uk/_layouts/15/wopiframe.aspx?guestaccesstoken=umwosbguhwaqic3hhtqfly7zjwf8oggrcn6d%2bggohoc%3d&docid=1_1956f6e254d71417a89981b2a1c8d0a99&wdformid=%7be61ca4f5-c461-425a-a52e-4598e7b699e5%7d&action=formsubmit&cid=4ab9a2a7-7cf4-43ae-8149-ffead8d66e7b"; http_uri; nocase; content:"ecusltd-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004406; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/marco_eeverywhere_com/_layouts/15/onedrive.aspx?id=/personal/marco_eeverywhere_com/documents/documents&amp\;originalpath=ahr0chm6ly9lzxzlcnl3agvyzs1tes5zagfyzxbvaw50lmnvbs86zjovcc9tyxjjby9fcwhvbeq1x3hltknorzbdmdvvmgjvvujoy1z3b25futjvejhtlwxqrg9svwvrp3j0aw1lpvduaunytfu4mlvn"; http_uri; nocase; content:"eeverywhere-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004407; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m&#61\;0"; http_uri; nocase; content:"eleoelswka.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004408; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=t6t%2fhn1dkbyhlyx%2beimbazufa43rrgz6%2faaaewnocdi%3d&docid=1_18168db23429e45f29fdf2e7be120efc4&wdformid=%7bb9970f62%2d44c3%2d4d09%2d9929%2d6e1eb652da57%7d&action=formsubmit"; http_uri; nocase; content:"ersfilter-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004409; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=6ywmlbqi9%20sjfgzhadhvte2gyowjf83iqbjrjehik4s=&amp\;docid=1_135f7008dfbfa44e6b09dab0eb165b997&amp\;wdformid={e037f2d9-5daa-4916-ba03-eb11d0aa6dea}&amp\;action=formsubmit"; http_uri; nocase; content:"ersfilter-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004410; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=6ywmlbqi9%2bsjfgzhadhvte2gyowjf83iqbjrjehik4s%3d&docid=1_135f7008dfbfa44e6b09dab0eb165b997&wdformid=%7be037f2d9%2d5daa%2d4916%2dba03%2deb11d0aa6dea%7d&action=formsubmit"; http_uri; nocase; content:"ersfilter-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004411; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/a/takesurvey?tt=/p9xlsw/pwa97qdwq8ubbg%3d%3d"; http_uri; nocase; content:"eu.questionpro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004412; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/t/ab3uufjzb3vk20"; http_uri; nocase; content:"eu.questionpro.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004413; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?fbclid=iwar3cu_8pblosqw-rwa7evcrs5jpl6zvzkou0qrf7vl9oqge4h2ctmcxrdyk"; http_uri; nocase; content:"eurobankovnikredit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004414; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/shard/s339/client/snv?noteguid=f48e12fd-48da-e57f-8e76-cdf6e4054e1d&amp\;notekey=02a9fa6bd051dc6b4581ee3b617b3f88&amp\;sn=https://www.evernote.com/shard/s339/sh/f48e12fd-48da-e57f-8e76-cdf6e4054e1d/02a9fa6bd051dc6b4581ee3b617b3f88&amp\;title=optus%20webmail"; http_uri; nocase; content:"evernote.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004415; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/shard/s446/client/snv?noteguid=4dc119ab-57d6-b8e0-4fcb-c11c0a637b94&notekey=9ddb3753cb700b0c86a78176be71f4f5&sn=https%3a%2f%2fwww.evernote.com%2fshard%2fs446%2fsh%2f4dc119ab-57d6-b8e0-4fcb-c11c0a637b94%2f9ddb3753cb700b0c86a78176be71f4f5&title=you%2bhave%2breceived%2ban%2binvoice."; http_uri; nocase; content:"evernote.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004416; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/shard/s446/sh/4dc119ab-57d6-b8e0-4fcb-c11c0a637b94/9ddb3753cb700b0c86a78176be71f4f5"; http_uri; nocase; content:"evernote.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004417; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/jameswaterston_everythingmobilelimited_onmicrosoft_com/_layouts/15/onedrive.aspx"; http_uri; nocase; content:"everythingmobilelimited-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004418; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/tim_hansen_excelelectrical_com/_layouts/15/onedrive.aspx?id=/personal/tim_hansen_excelelectrical_com/documents/open%20to%20view%20shared%20document%20in%20hitech%20sharepoint&amp\;originalpath=ahr0chm6ly9legnlbgvszwn0cmljywwwlw15lnnoyxjlcg9pbnquy29tlzpmoi9nl3blcnnvbmfsl3rpbv9oyw5zzw5fzxhjzwxlbgvjdhjpy2fsx2nvbs9fa2zoazdydndfaettvl9pwulkctdzmejlveeyr3awzwjnsdfkrgdjrfdfttznp3j0aw1lpunrvevzrwxcmlvn"; http_uri; nocase; content:"excelelectrical0-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004419; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/r?us_privacy=&amp\;a=p-w_ayumw3pzr2w&amp\;labels=_qc.clk,_click.adserver.rtb,_click.rand.60541&amp\;rtbip=192.184.70.137&amp\;rtbdata2=eaaaiencvf9odwdnzxrzx1e0mjfftwfuywdlzf9tzxj2awnlimofncj-jtiws_b-ohnodhrwczovl3d3dy5syxcuy29twihbt0llsefpmvdcvwi0vmdxvi1julfbztjdullinvfzuuitwjdutjfpdu3bfukaayfd3aqeoaebqahv4fyeugeawahq-aniadv5u4til9obfllxavhtz0fpaghnqs1sufktuvntqkhlaarzydroawsyaviznracclocbmc4ronaagliagdqas7hhvv4n_fmqqhgagdoagd4agckaxywlnb1yi0xmjyxotkyndq0odazodc1mamaqamasgmejmh7angd_dgd4gmpcc13x0fzdu13m1baujj36gmfcngfefryawu5mjeymfgdaiaeayoedxf1yw50y2fzdc1xyzhybajvuw&amp\;redirecturl3=https://www.cbtnuggets.com/?utm_source=quantcast&amp\;utm_medium=prospecting&amp\;utm_campaign=general_us&amp\;utm_term=testimonial&amp\;qc_campaign=cbt_nuggets_q421_managed_service&amp\;qc_adid=2078771"; http_uri; nocase; content:"exch.quantserve.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004420; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/remote/mandate/4jya9anuerrpmikrph7-j5pl9nyz_uw1bc7q1vvmmhw"; http_uri; nocase; content:"exchange4free.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004421; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/rrefeeieoj.html?erectrcsq@*cthiytvcdx$zsxycuikjmkjivee$terdtygjyvtrre"; http_uri; nocase; content:"explorebathurst.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200004422; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/gvrmpushnotification/nbproject/private/fbapps/melis/"; http_uri; nocase; content:"fbapps.milestoneinternet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004423; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/customercare/_layouts/15/wopiframe.aspx?guestaccesstoken=ce%2fd5uzxeu8hlntd6e5v18nttv4whxgmlwyudt4igom%3d&docid=1_1eb5df03726a240859b223a44b8b16724&wdformid=%7bb8008e00-21bc-4a4a-91dc-1e1b63610c96%7d&action=formsubmit&cid=c766f7bd-9562-4c9e-a9b0-75cf38b33e48"; http_uri; nocase; content:"fclighting.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004424; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/investorway"; http_uri; nocase; content:"feeds.feedburner.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004425; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"//?m=0"; http_uri; nocase; content:"ferferfccezs.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004426; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"ferferfrefe.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004427; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jelxwqrcrvhj&amp\;ijosing&amp\;kontakt@wmb-walther.de.html"; http_uri; nocase; content:"fifit.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200004428; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/f/75h75hd7v"; http_uri; nocase; content:"files.fm"; content:"Host"; http_header; classtype:attempted-recon; sid:200004429; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/biyugbhiuhgy7o900-h9oh98h9-987.appspot.com/o/vnmbvuyt8-8y98yh0%3d890y8iuh9yyh%2f5rtyfghtfyu67-9876trfc%3d9ygv.htm?alt=media&amp\;token=dce6f041-19ff-4e8a-8012-1cfdac4cf369#bv@pplsi.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004430; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/dr-clin-c4f68.appspot.com/o/drweb.html?alt=media&amp\;token=09293ba9-0738-41ea-9cf3-67cb43af2b88&amp\;x=famacas-cfa0appspotappspotmacas-macas-vfwefsaxsppspotcfa0ps&amp\;prox=p2000isolation@aaa.kr"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004431; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/dr-clin-c4f68.appspot.com/o/drweb.html?alt=media&amp\;token=09293ba9-0738-41ea-9cf3-67cb43af2b88&amp\;x=famacas-cfa0appspotappspotmacas-macas-vfwefsaxsppspotcfa0ps&amp\;prox=yourname@yourcompany.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004432; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/goo2-ac630.appspot.com/o/goo%20(2).html?alt=media&amp\;token=2d1281a2-3364-420f-a3b5-c693b7bda1f2#a@b.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004433; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/macryti-109.appspot.com/o/kp-oe0%2fbtt-hash.html?alt=media&amp\;token=02abe8bd-5141-4b5a-a7d4-08120e5f43dd#choiteng@motenghaiplc.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004434; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/ntachi-e1dbe.appspot.com/o/hgigieiciejceinhviejrie95489349%20(19).html?alt=media&amp\;token=5901e369-e71e-416b-9688-b21c62e31587#m.couvee@colasit.nl"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004435; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/odrv-3c4a4.appspot.com/o/index1.html?alt=media&amp\;token=11958c2a-34a6-4ed1-a1b5-081ec066cb95&amp\;data=zxzhbi5ncmvzagftqg1py2hlbglulmnvbq=="; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004436; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/outlook-4c0f2.appspot.com/o/books%2fwebmail.htm?alt=media&amp\;token=216401d2-aba7-42f4-8fd5-9b672cade830#abuse@optusnet.com.au"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004437; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/outlook-4c0f2.appspot.com/o/books%2fwebmail.htm?alt=media&amp\;token=216401d2-aba7-42f4-8fd5-9b672cade830#tiekimas@tidlo.lt"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004438; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rei-rezuio-rexire-565.appspot.com/o/%40%40%40indexv-vb-vau-ry-8%252fbv-yu-er-8f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%20-%20copy.html?alt=media&amp\;token=da92acdd-870d-4049-b9ac-f0d373777f06#info@legalshield.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004439; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rei-rezuio-rexire-565.appspot.com/o/%40%40%40indexv-vb-vau-ry-8%252fbv-yu-er-8f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%20-%20copy.html?alt=media&amp\;token=da92acdd-870d-4049-b9ac-f0d373777f06#support@legalshieldcorp.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004440; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/rned-a824v.appspot.com/o/gen%252findex2oli.html?alt=media&amp\;token=828c2259-c86f-442e-91a0-8d43a1fe7d8b#abuse@optusnet.com.au"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004441; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/tei-neriou-reuix-678.appspot.com/o/%40%40%40indexv-vb-veu-ry-8%25433%2569.html?alt=media&amp\;token=6b0a9c43-8711-491b-9f40-50ad280ffb32#ggradnigo@prepaidlegal.com"; http_uri; nocase; content:"firebasestorage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004442; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mc.html"; http_uri; nocase; content:"flavena.co.rs"; content:"Host"; http_header; classtype:attempted-recon; sid:200004443; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/btinternetwebmail"; http_uri; nocase; content:"flow.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200004444; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bttelecoommunication"; http_uri; nocase; content:"flow.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200004445; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/hdhdhdeue"; http_uri; nocase; content:"flow.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200004446; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/hjbsvjhfb"; http_uri; nocase; content:"flow.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200004447; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jhgcfghj"; http_uri; nocase; content:"flow.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200004448; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mnkpo"; http_uri; nocase; content:"flow.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200004449; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nicszdbaiodi"; http_uri; nocase; content:"flow.page"; content:"Host"; http_header; classtype:attempted-recon; sid:200004450; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/vf7vfv9ky?fc=0"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004451; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/btinternetwebmail"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004452; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/btisojtuf"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004453; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/bttelecommunicaation"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004454; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/bttelecoommunication"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004455; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/hjbsvjhfb"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004456; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/jhgcfghj"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004457; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/page/mnkpo"; http_uri; nocase; content:"flowcode.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004458; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1mqqu8exzgpptqpl8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004459; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3cyoxmwxqkbfpt2v5"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004460; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/8epxhwdapiab7mfw7"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004461; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/9bwawhpz5vi7ilpe6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004462; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/akohiguxjs9wlpu28?sllqm"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004463; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/b7lqaal42juffiw1a"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004464; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bfz2l7i3wvrp5heb9"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004465; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dncj4btc56n1n71n8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004466; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/edtu6r7rqxqyegcf6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004467; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/egj66jkgwkcd3aat8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004468; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/eozlrnnf7jh84xdp8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004469; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fzlons3fgnjdqdd19?omgbfzrazhlppbtx"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004470; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/goerpntl5tfeumdz6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004471; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/gr4b9sxradtcj7or7"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004472; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/guptjarp2xatzbvo8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004473; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/iai7pzm4pxyb145i9"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004474; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jnkkauxwwbfhtuqz9?hkgotygikyoujp"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004475; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jzxtb9auexgjcewfa"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004476; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/kehch96avaku7oey7?akowgmooutpwa"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004477; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nvljeb1quzaovd8u5"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004478; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/puadbxscibgw5ma79?xfccuwmmhgwrwztd"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004479; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/qhwastfqxg1yehi77"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004480; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/qzopkn9aj2gzaw2g6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004481; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ruaxzqjjzghi8rar9"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004482; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/rwpcmhm8vtfa7f4m8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004483; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/sj21ehdebhkcpvfv6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004484; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/smufgmyhduckbq6ka?fjxhgyroek"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004485; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uqzzznxv4cfhu3yr9"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004486; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v5xtnywt5s6zvpp27"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004487; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v7k2chwbcca59vz27"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004488; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/w6uh9p66tdq6l1m66"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004489; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/x3aasffazsrl8pcr9"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004490; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/x8hybjggubfftabw8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004491; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/xxccjhuzjtg4pr3y8"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004492; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/xxjqmu6luzkpnalg6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004493; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yfxkceytox2zuyvb6"; http_uri; nocase; content:"forms.gle"; content:"Host"; http_header; classtype:attempted-recon; sid:200004494; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pages/responsepage.aspx?id=60hhzfbtoe-qdzpnyrluyo-ivxb0mexgqufvg5tcyifunzg5uknzne1irjzvt1y3slewrepwnflmvs4u"; http_uri; nocase; content:"forms.office.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004495; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pages/responsepage.aspx?id=dqsikwdsw0yxejajblztrqaaaaaaaaaaaao__tdasqlurfrqmjzxneyxn0g3vexutfvzq0mztu9fms4u"; http_uri; nocase; content:"forms.office.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004496; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pages/responsepage.aspx?id=dqsikwdsw0yxejajblztrqaaaaaaaaaaaao__thg5xvuodnbwtvytzhwwdnctknvovo4tldctexmvi4u"; http_uri; nocase; content:"forms.office.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004497; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pages/responsepage.aspx?id=jrbxvx3x9keewcq72hm6fnkqekonandcsjd9av060h5urepumvvgmks2te41rfewmlletulvufnuqy4u"; http_uri; nocase; content:"forms.office.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004498; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/gmaingt/server.html"; http_uri; nocase; content:"fra1.digitaloceanspaces.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004499; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m&#61\;0"; http_uri; nocase; content:"frdezeredaresafin.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004500; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"fredsamasont.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004501; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fewn4zq5fegh6bf3qpasy44v&amp\;persistence=1&amp\;checksum=3d7975c121a1d514f1b3a9facb177a78f25e1326da6497ae9cf35e33ba436119"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004502; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fewn4zx501vbg1xj6vr2hk10&amp\;persistence=1&amp\;checksum=fc555be29c86e6e13177069b7632770b2cb9f30b36d229624f37be1cb2475704"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004503; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fexfpq10qje7acrftnz6v4zb&amp\;persistence=1&amp\;checksum=5916a09fb5c03e4187a58ae7221dbc20e8568b5840df4b6f3eb57227975bd2ce"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004504; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fey1pewqgha9bqebgbvwe95n&amp\;persistence=1&amp\;checksum=3fefba73b68799e5152bf7031ce8a7b1a300456243ee123a27f6efca31d9f055"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004505; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fez46yyrvh6f0bbehn8h419h&amp\;persistence=1&amp\;checksum=069f46345ac935567ad562a3d64a332066064c97f8feae803d555f9cc820c561"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004506; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fezncfbjbj86yneatjn0qvt4&amp\;persistence=1&amp\;checksum=8142350e161acc6cb246be1d05d596973a1d3ac50af1f3594ee9ea462c87a4ef"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004507; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01ff06m6n2q43m6zcaqrh8xpm2&amp\;persistence=1&amp\;checksum=26e140f8abae23dd0c8dd547390a4deb9fc54b1acf3539d8aa44fb19e04902ef"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004508; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01ff0qxy635yfpkrdaxav47j5k&amp\;persistence=1&amp\;checksum=cb2e0f7328d6ffea0e15a24046095a0bb98d27d4488e822bea4b181763f2eb0b"; http_uri; nocase; content:"go.skimresources.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004509; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/url?q=http%3a%2f%2fbit.do%2ffr6ci&sa=d&sntz=1&usg=afqjcne7joz-iz-adrzkrxcihj8t9fs9qw"; http_uri; nocase; content:"google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004510; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/url?q=http%3a%2f%2fbit.do%2ffsgjq&amp\;sa=d&amp\;sntz=1&amp\;usg=afqjcngvqc30z-4hiaizv03gpwblwu3vnw"; http_uri; nocase; content:"google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004511; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/url?q=http://srv-auth.web.app/upd/index.html%23%5b%5b-email-%5d%5d&amp\;source=gmail&amp\;ust=1607952068298000&amp\;usg=afqjcnet34jepejaewvja8unv7ycds1vjg"; http_uri; nocase; content:"google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004512; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/url?q=https://393512dfd8544c98be9a40f2f67df8bd.svc.dynamics.com/t/r/a7uua5shyiplufx4zj7f6u2clgtguiagoxngfoio4am?clientid%3d70000%23%5bemail%5d%2b00-70000&amp\;source=gmail&amp\;ust=1636719774661000&amp\;usg=aovvaw2fsk8htfwhsfqapvbu674n"; http_uri; nocase; content:"google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004513; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/url?q=https://passionfruit4576261.brizy.site/&amp\;source=gmail&amp\;ust=1608664764243000&amp\;usg=afqjcnghljnr1tyn8j4c1ijid09ra9ehdq"; http_uri; nocase; content:"google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004514; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/url?q=https://us4-usndr.com/ru/mail_link_tracker?hash%3d6k5ar5ciusdx1q1tdgm8atcrexmonyy3xdfiogu7zr6gb6gtthpqk7fm8tz4gzkjftg9oouu31eqdro67dtgwnn5x1p3ziiieq8rykja%26url%3dahr0chm6ly90lm1ll2fhegnvbw11bml0eq~~%26uid%3dndmwndy3nw~~%26ucs%3dd93ed45d47070739243d9b678dd03e93&amp\;source=gmail&amp\;ust=1607288611770000&amp\;usg=afqjcngo5kdwx08p-bg6mzdtluzdjhtzxw"; http_uri; nocase; content:"google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004515; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fp?u=https://tinyurl.com/32xz989f&grqid=zbk35vud&s=1&hl=id-id"; http_uri; nocase; content:"googleweblight.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004516; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/i?u=a894ec7f.46t33454t4.pages.dev?user=masoli@legalshieldassociate.com"; http_uri; nocase; content:"googleweblight.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004517; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/i?u=b4e921f0.sso-mailsrvr-4344e5teed.pages.dev?user=abuse@gmail.com"; http_uri; nocase; content:"googleweblight.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004518; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/tspencer_gormanusa_com/_layouts/15/wopiframe.aspx?guestaccesstoken=wgfwcmmssvdsofa7ljviwaj85tleclug2xbvoqwlmp0%3d&amp\;docid=1_12424441d8c29412bb868684e5cb74e47&amp\;wdformid=%7b992e319a%2dbe72%2d460b%2db6b4%2d2d3fcf789fc5%7d&amp\;action=formsubmit"; http_uri; nocase; content:"gormanusa-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004519; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/out/408?jobid=29207&u=princed.de?id=8400239909"; http_uri; nocase; content:"gradcracker.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004520; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/12/hafslund.html"; http_uri; nocase; content:"hafslundno.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004521; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1kzic"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004522; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/4ds15"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004523; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/6qnhc"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004524; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dghpp"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004525; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/f1itl"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004526; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fmjiu"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004527; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/g9yl5"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004528; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/i51rh"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004529; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmiyt"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004530; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/m8ikv"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004531; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/o0ugq"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004532; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ta0lq"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004533; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ue2ho"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004534; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/urq2m"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004535; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/vfywl"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004536; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/w27iz"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004537; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/xegru"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004538; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/zlbow"; http_uri; nocase; content:"han.gl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004539; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/12/window.html"; http_uri; nocase; content:"hangovertest1.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004540; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yuhgbfvdfvbtytrvdfbgt.html"; http_uri; nocase; content:"heaterintwintersz.ams3.digitaloceanspaces.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004541; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mz4yho"; http_uri; nocase; content:"hm.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200004542; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/zeland.html"; http_uri; nocase; content:"homeentertainmentexpo.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004543; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/themes/engines/ira.xml"; http_uri; nocase; content:"house18.info"; content:"Host"; http_header; classtype:attempted-recon; sid:200004544; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?https://trimurl.co/0wsx7z"; http_uri; nocase; content:"href.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200004545; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?https://www.rkat2.2r-p.xyz/"; http_uri; nocase; content:"href.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200004546; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?https://ykm.de/f4b990c239777330"; http_uri; nocase; content:"href.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200004547; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"//ykm.de/f4b990c239777330"; http_uri; nocase; content:"href.li?https:"; content:"Host"; http_header; classtype:attempted-recon; sid:200004548; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/hgav30ruohf"; http_uri; nocase; content:"ht.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004549; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/shoh30rwmdj?10/13/2021"; http_uri; nocase; content:"ht.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004550; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ebuse/servic"; http_uri; nocase; content:"i-m.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200004551; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/webaccountupdate/stockholmsuniversitet/"; http_uri; nocase; content:"i-m.mx"; content:"Host"; http_header; classtype:attempted-recon; sid:200004552; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mdkea5ckpozm/click-here-to-start"; http_uri; nocase; content:"ifyufyujk.quip.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004553; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/pginet_groupe-igs_fr/_layouts/15/wopiframe.aspx?guestaccesstoken=o1ljzjnq70g8yg6w%2fce3ec9zu3%2bg6ck6ibkmhwt3wl0%3d&amp\;docid=1_1c2a91e87cc7a4ffb85611d8ebf31f653&amp\;wdformid=%7bcdf56303%2d9250%2d4cf1%2d8370%2db3f9a84cd714%7d&amp\;action=formsubmit"; http_uri; nocase; content:"igsasso-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004554; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/4t6u/bt"; http_uri; nocase; content:"im-creator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004555; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/kennymoore12/btinternet"; http_uri; nocase; content:"im-creator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004556; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/kfouo/btcommmms"; http_uri; nocase; content:"im-creator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004557; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/msw0rd/att_word"; http_uri; nocase; content:"im-creator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004558; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/viewer/vbid-fa0f29d5-fpsjmms8"; http_uri; nocase; content:"im-creator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004559; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/survey/27415/source=39-4621"; http_uri; nocase; content:"imagematch300.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004560; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/viewer/vbid-fa0f29d5-fpsjmms8"; http_uri; nocase; content:"imcreator.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004561; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/appmanager/renouvellement-automatique-obligatoire/ovh/managerweb-ovhdepartmenttechniqueovh/web.index.html5400configuration_hosting_database/web-ovh/vh/?user-agent=mozilla/5.0+(windows+nt+10.0\;+win64\;+x64)+applewebkit/537.36+(khtml,+like+gecko)+chrome/86.0.4240.75+safari/537.36"; http_uri; nocase; content:"improvproject.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004562; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/emailupdatee/owaweb"; http_uri; nocase; content:"imxprs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004563; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/outlookwebaccessupgrade/outlookwebaccessupgrade"; http_uri; nocase; content:"imxprs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004564; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/free/webmaiil/accounttportal"; http_uri; nocase; content:"imxprs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004565; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/maint/?hash=a2fyaw5hywxtzwlkyxjpymvpcm9aag90bwfpbc5jb20="; http_uri; nocase; content:"insurance2019.moneynet.com.tw"; content:"Host"; http_header; classtype:attempted-recon; sid:200004566; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/areawebmps"; http_uri; nocase; content:"is.gd"; content:"Host"; http_header; classtype:attempted-recon; sid:200004567; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/clnhxv"; http_uri; nocase; content:"is.gd"; content:"Host"; http_header; classtype:attempted-recon; sid:200004568; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/f0iqhg?trackingid=lxyqpvnl&signature=newsletter"; http_uri; nocase; content:"is.gd"; content:"Host"; http_header; classtype:attempted-recon; sid:200004569; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/t1xeia"; http_uri; nocase; content:"is.gd"; content:"Host"; http_header; classtype:attempted-recon; sid:200004570; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3arx6oo"; http_uri; nocase; content:"j.mp"; content:"Host"; http_header; classtype:attempted-recon; sid:200004571; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3gydg8x?/supporrecovery"; http_uri; nocase; content:"j.mp"; content:"Host"; http_header; classtype:attempted-recon; sid:200004572; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3i22f5g?jnlope"; http_uri; nocase; content:"j.mp"; content:"Host"; http_header; classtype:attempted-recon; sid:200004573; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/3kkkf0n"; http_uri; nocase; content:"j.mp"; content:"Host"; http_header; classtype:attempted-recon; sid:200004574; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/65g2g"; http_uri; nocase; content:"jtbtigers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004575; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/jdonahue_k12_com/_layouts/15/wopiframe.aspx?guestaccesstoken=jxndynkzmynao0nofzmhz4t%2fk%2br%2fg7qir2agrjo42ha%3d&docid=1_12252b23331654ef4bf8ef978a8eb83ee&wdformid=%7b2711d93c%2d7591%2d4baa%2db377%2dcf40ba8c7343%7d&action=formsubmit"; http_uri; nocase; content:"k12inc-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004576; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/c07czi"; http_uri; nocase; content:"kutt.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200004577; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l3leph"; http_uri; nocase; content:"kutt.it"; content:"Host"; http_header; classtype:attempted-recon; sid:200004578; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://claimthirdpaymnet.page.link/mvfa?trackingid=4rcleqvo&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004579; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://claimthirdpaymnet.page.link/mvfa?trackingid=xx6dnmzz&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004580; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://is.gd/f0iqhg?trackingid=kzg8g3od&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004581; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://is.gd/vohpj6?trackingid=rt6fxwgl&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004582; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://parg.co/bewg?trackingid=egqfrhlp&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004583; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://submit.irs.completeyourdata.info/?claim"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004584; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=cvhzehjl&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004585; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=nwb0pxlg&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004586; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=wqdypvka&signature=newsletter"; http_uri; nocase; content:"l.wl.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004587; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/match_login/match.com/match/login1876.html"; http_uri; nocase; content:"lifeiswhatyoumakeofit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004588; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fqg9x"; http_uri; nocase; content:"lihi1.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200004589; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uh2xv"; http_uri; nocase; content:"lihi1.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200004590; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/slink?code=ek5cbk8g"; http_uri; nocase; content:"linkedin.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004591; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/url?a=https://u25098085.ct.sendgrid.net/ls/click?upn=4o0yybebwwobmwye6nfxf74k9v8ctniui1j2zge2nz95e9lyg4bkzyeqhmb7dtwcz7ioun-2bn1j8mpzi-2fpiiskt0bhpz08nwukegu0uqqki2h1s5yghctgcifqu-2bw1xclixrd_0qvnbxqwscekttpgl5skkts6yu-2batmdqkyh3bke4v1frfd55qka72zddyevzyat2nxv1k3yz6k8mwivrnsgvysy0wagfn8g5lfrsekexaptnpwfu0cediip-2bx7vwnyo9s20tqt2-2bj-2bvkbnfrh9uuad9j9stqo-2bcbol-2fjxsacxht5mztqgwx1c5d6x4fkpu32hmnetd1eimxhhfmzkxiukogw4aalovfcjsym0u8gjpy-3d&amp\;c=e,1,2vluk9dfc0eb8l7-rios2j4nvvlmg8fu0rs0_haoaqpf_7ary6vt_oiimum26g-03mgzmsvdmzlfwohfhlogn3z77jluyi415qw9iw3dptggs_9sfqsq4a,,&amp\;typo=1"; http_uri; nocase; content:"linkprotect.cudasvc.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004592; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2oj172"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200004593; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/5254ov"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200004594; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/9o5vz8"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200004595; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/attservice365"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200004596; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bt.home"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200004597; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/btinternet"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200004598; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/w1vl9o"; http_uri; nocase; content:"linkr.bio"; content:"Host"; http_header; classtype:attempted-recon; sid:200004599; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/attmailserver"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004600; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/attonlineservice"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004601; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/attverificationpro"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004602; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/btelop"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004603; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/btinternettt"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004604; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/d.emery1"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004605; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dannygeez"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004606; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/feetesuqshailhkaia"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004607; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftggtgrtt"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004608; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/keedkudi"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004609; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mobicomgb"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004610; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nbvkl"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004611; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/plkjh"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004612; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pubgxmetrodus"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004613; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/savermail.yahoo"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004614; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/service.orange"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004615; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/teccalicious"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004616; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yah00nccx"; http_uri; nocase; content:"linktr.ee"; content:"Host"; http_header; classtype:attempted-recon; sid:200004617; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/czarina-cabalza_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=bcxwl3a7ttskgw2polh3cucg2dfe77pbj2gkmixkizs%3d&docid=1_1b87bddf46e1144efadb39c587acdadae&wdformid=%7b5b4e96cf%2d1bcd%2d468f%2da845%2d09b4d8027bc2%7d&action=formsubmit"; http_uri; nocase; content:"livenmitac-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004618; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/czarina-cabalza_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=bcxwl3a7ttskgw2polh3cucg2dfe77pbj2gkmixkizs=&amp\;docid=1_1b87bddf46e1144efadb39c587acdadae&amp\;wdformid={5b4e96cf-1bcd-468f-a845-09b4d8027bc2}&amp\;action=formsubmit"; http_uri; nocase; content:"livenmitac-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004619; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/czarina-cabalza_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=fnyckzjagh3z%2bl1cadcdqxot6rfyhmeonulx7ksc7pq%3d&docid=1_15129478f60da40db8395b5675832ef56&wdformid=%7b000c8ab1%2dcbc8%2d44e3%2dac19%2d0015f01b771e%7d&action=formsubmit"; http_uri; nocase; content:"livenmitac-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004620; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/hannah-daly_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=ia5uzzon3iviku4f3pxemyhhabfwkpdjirpftfear%2fk%3d&docid=1_169208e425ed84fea9fd294a6886d67e9&wdformid=%7b06255f86%2d4bf9%2d4ee8%2dbd7e%2dfef81913a79b%7d&action=formsubmit"; http_uri; nocase; content:"livenmitac-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004621; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/hannah-daly_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=ia5uzzon3iviku4f3pxemyhhabfwkpdjirpftfear/k=&amp\;docid=1_169208e425ed84fea9fd294a6886d67e9&amp\;wdformid={06255f86-4bf9-4ee8-bd7e-fef81913a79b}&amp\;action=formsubmit"; http_uri; nocase; content:"livenmitac-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004622; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/d8ruzprc"; http_uri; nocase; content:"lnkd.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200004623; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/di6hueus"; http_uri; nocase; content:"lnkd.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200004624; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dn4fff29"; http_uri; nocase; content:"lnkd.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200004625; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/edxjbzfy"; http_uri; nocase; content:"lnkd.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200004626; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/emruebe2"; http_uri; nocase; content:"lnkd.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200004627; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/eqjcnf2u"; http_uri; nocase; content:"lnkd.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200004628; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/gib6fpsz"; http_uri; nocase; content:"lnkd.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200004629; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/home/?6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d"; http_uri; nocase; content:"login.xfinity.meculinkvolt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004630; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/02/blog-post.html"; http_uri; nocase; content:"magyarpoosta.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004631; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/forms/form1.html"; http_uri; nocase; content:"mail.hfcfit.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004632; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/179.32.144.1585349/sucursalpersonas.transaccionesbancolombia.com/mua"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004633; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/179.32.144.1585349/sucursalpersonas.transaccionesbancolombia.com/mua/"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004634; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/181.143.31.2028037/sucursalpersonas.transaccionesbancolombia.com/mua"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004635; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/181.143.31.2028037/sucursalpersonas.transaccionesbancolombia.com/mua/"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004636; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/186.154.25.1064023/sucursalpersonas.transaccionesbancolombia.com/mua"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004637; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/186.154.25.1064023/sucursalpersonas.transaccionesbancolombia.com/mua/"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004638; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/190.27.90.2077221/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004639; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/190.61.55.2105806/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004640; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/191.110.122.835718/sucursalpersonas.transaccionesbancolombia.com/mua"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004641; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/191.110.122.835718/sucursalpersonas.transaccionesbancolombia.com/mua/"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004642; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/191.95.152.1287758/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004643; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mua/201.233.42.1501206/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; http_uri; nocase; content:"mail.trendset.com.ar.ci3.toservers.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004644; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"mamasitasont.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004645; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1gne6"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004646; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/6w9qj"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004647; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/77srn"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004648; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/g50gq"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004649; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/hfldu"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004650; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ibyyn"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004651; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ij3t9"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004652; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jlrbo"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004653; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/qpwha"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004654; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/reu8w"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004655; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/sb6ww"; http_uri; nocase; content:"me2.kr"; content:"Host"; http_header; classtype:attempted-recon; sid:200004656; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/linkredirect?authuser=0&amp\;dest=https%3a%2f%2flinktr.ee%2fpaypai.serviceid?idtrack=kzsykctt"; http_uri; nocase; content:"meet.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004657; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/cp/0ccc3066dc2bcd17/c?mi_u=87923176&mi_origin=&url=http://email.stickercanada.com/t?entity_type=2&entity_id=32534&email_pref_id=34785928&sent_id=1600423397&service_id=22668&redirect_url=https:/relievehotmailonly.cloudns.cl/imagineme/ionos.php"; http_uri; nocase; content:"mi.jetblue.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004658; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2020/11/fiyatlar.html"; http_uri; nocase; content:"milanno342.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004659; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dvtygtgvrv.html?ggcdraewqaszxfdxcgchjbjnhbgvfcdrxtcyvbuninhbygtfcrx"; http_uri; nocase; content:"monstercarp.rn86.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200004660; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/form/60deff002ca34f5aa4985ab3"; http_uri; nocase; content:"my.forms.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200004661; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/form/6112452ca3f6e60d511bad0d"; http_uri; nocase; content:"my.forms.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200004662; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/leboncoin-service/confirmationpaiement-1"; http_uri; nocase; content:"my.forms.app"; content:"Host"; http_header; classtype:attempted-recon; sid:200004663; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/views/abn/identification.php"; http_uri; nocase; content:"mybrenger-transport.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004664; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/_layouts/15/wopiframe.aspx?guestaccesstoken=xvdowzk%2bkm4wndrziofnpfcj8fb8rkrsqt%2bkybvollg%3d&docid=1_16fb1a2a3e2f9468aa7cebc35874c9da0&wdformid=%7b95111770-0103-492b-8c70-e9625f96b49a%7d&action=formsubmit&cid=4d02a372-8b83-4120-84b5-1d9a2a3492dd"; http_uri; nocase; content:"myparc.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004665; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/ginger_gingerfountain_com/_layouts/15/wopiframe.aspx?guestaccesstoken=gpys8ex7ys1urrzbfeasvlexkodtrovmmcpn%2brsnebs%3d&amp\;docid=1_1882b07b5eb5643d2bdaa63426324ef0e&amp\;wdformid=%7b9bd54af1%2dee16%2d4e07%2d8d62%2d6e9b76e47512%7d&amp\;action=formsubmit&amp\;cid=9adf3e74-8cc1-4e36-b545-c9165fcafde7"; http_uri; nocase; content:"netorg6600800-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004666; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/leon_leongavartin_com/_layouts/15/wopiframe.aspx?guestaccesstoken=rpanwaz3gooz0d20j9wu7zzskog8p5egpbt4oc5j5bq%3d&docid=1_137b486a2059c4fc7b670d2ddb8f27254&wdformid=%7b07fe213f%2d4079%2d45b9%2db73f%2dfa9809248dd7%7d&action=formsubmit"; http_uri; nocase; content:"netorgft2223515-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004667; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bancos/interbank"; http_uri; nocase; content:"nexoinmobiliario.pe"; content:"Host"; http_header; classtype:attempted-recon; sid:200004668; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/examination/admitpanel/filemanager/5365678587"; http_uri; nocase; content:"nihmt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004669; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/02/blog-post.html"; http_uri; nocase; content:"norwayposten.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004670; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/n/axjt4zimmriy/b/cherishppps-20210930-1214/o/spaceblack.html"; http_uri; nocase; content:"objectstorage.us-phoenix-1.oraclecloud.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004671; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"oiazeiuiazolme.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004672; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/forms/view/zalxyved/a9adea36-d163-4d46-a3de-0e990d86e78e"; http_uri; nocase; content:"online.visual-paradigm.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004673; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ions/index.php?email=redacted@abuse.ionos.com"; http_uri; nocase; content:"onlinecasinospark.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004674; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''"; http_uri; nocase; content:"oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004675; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/walletconnect/"; http_uri; nocase; content:"pancakeswapsupport.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200004676; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"paozeia.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004677; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/02/blog-post.html"; http_uri; nocase; content:"paypal-inc-userupdatenuber7925570844.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004678; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-mails/"; http_uri; nocase; content:"pilgrimapp.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004679; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/pasi_puumalainen_plytec_fi/_layouts/15/wopiframe.aspx?sourcedoc={8f0414f2-e7a8-46f4-a2bb-d38353ed20d6}&amp\;action=default&amp\;originalpath=ahr0chm6ly9wbhl0zwnmas1tes5zagfyzxbvaw50lmnvbs86bzovzy9wzxjzb25hbc9wyxnpx3b1dw1hbgfpbmvux3bsexrly19mas9fdklvqkktbzvfukdvcnzuzzfqdelowui1vgg5bxf2ltjlvl9mohvka09sb2pnp3j0aw1lpxvysjgtvnb2mtbn"; http_uri; nocase; content:"plytecfi-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004680; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/att/citi"; http_uri; nocase; content:"pplastmart.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004681; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fia8mx"; http_uri; nocase; content:"ppt.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200004682; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fva4wx"; http_uri; nocase; content:"ppt.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200004683; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fvakzx"; http_uri; nocase; content:"ppt.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200004684; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fvllvx"; http_uri; nocase; content:"ppt.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200004685; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/survey/t/?title=bt-broadband-and-private-policy-support_20"; http_uri; nocase; content:"proprofs.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004686; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/emailfwd/show.php?usernum=350311855&amp\;formid=3879"; http_uri; nocase; content:"pub5.bravenet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004687; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pfbgzhkd"; http_uri; nocase; content:"pxlme.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200004688; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/vn79myoi"; http_uri; nocase; content:"pxlme.me"; content:"Host"; http_header; classtype:attempted-recon; sid:200004689; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d%2f&action=formsubmit"; http_uri; nocase; content:"qualitasc-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004690; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d%3e%2f&action=formsubmit"; http_uri; nocase; content:"qualitasc-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004691; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d&action=formsubmit"; http_uri; nocase; content:"qualitasc-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004692; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/jeh2aebbsh97"; http_uri; nocase; content:"quip.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004693; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/qv7malu8n7cz/you-have-some-messages-pending"; http_uri; nocase; content:"quip.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004694; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/77ll23ween.html"; http_uri; nocase; content:"r3g34.fra1.digitaloceanspaces.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004695; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2020?m=1"; http_uri; nocase; content:"rabofree.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004696; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/u1496343659/3363308/"; http_uri; nocase; content:"readymag.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004697; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/u3169021124/3364004/"; http_uri; nocase; content:"readymag.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004698; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/u3908669287/3364075/"; http_uri; nocase; content:"readymag.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004699; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"reamaam.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004700; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/j7107dr"; http_uri; nocase; content:"rebrand.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004701; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/z83ig2n?rb.routing.mode=proxy&amp\;rb.routing.signature=123%20836"; http_uri; nocase; content:"rebrand.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004702; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"redatofadesafe.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004703; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?key=bbb516d91daee20498798694a42dd559&u=https://lrs.financial/eesuri6?l5oyrhkwq"; http_uri; nocase; content:"redirect.viglink.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004704; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"reikreitel.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004705; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/v01iebe3vicvgirviexv4sbdve1r03f.html"; http_uri; nocase; content:"release-held-messageshee.fra1.digitaloceanspaces.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004706; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/renew-global-entry"; http_uri; nocase; content:"renew.trusted-travelers-online.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004707; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/xeknoz?confirmation"; http_uri; nocase; content:"reurl.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200004708; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/xgmxr1"; http_uri; nocase; content:"reurl.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200004709; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2d0jazx1eky5/click-here-to-verify-your-email"; http_uri; nocase; content:"rezunz.quip.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004710; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/02/blog-post.html"; http_uri; nocase; content:"riderctposten.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004711; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ruralaccoun/alibaba.com/portal.php?email=june3354@naver.com"; http_uri; nocase; content:"ruralaccounting.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200004712; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/-rb9g"; http_uri; nocase; content:"s.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200004713; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/actueel1"; http_uri; nocase; content:"s.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200004714; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/actueel2"; http_uri; nocase; content:"s.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200004715; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/crsqh"; http_uri; nocase; content:"s.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200004716; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ytk-r"; http_uri; nocase; content:"s.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200004717; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/progressivebank-uat/index.html"; http_uri; nocase; content:"s3.amazonaws.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004718; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/carli_lamell.html"; http_uri; nocase; content:"sanclemente.cl"; content:"Host"; http_header; classtype:attempted-recon; sid:200004719; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/la-banque-postale.html"; http_uri; nocase; content:"sandert12.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004720; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbot"; http_uri; nocase; content:"sateegourmet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004721; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"sefonta.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004722; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/postenno_9.html"; http_uri; nocase; content:"seonewsservic.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004723; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/6gwvve65243s9/eer442.html"; http_uri; nocase; content:"sgp1.digitaloceanspaces.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004724; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1fni_ent2sao6wqv0vzdn7g8nl9d"; http_uri; nocase; content:"share.hsforms.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004725; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/basic.php?k=d63621ef3dc01735479befc13f97ec7fdb68991d"; http_uri; nocase; content:"shared-document.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004726; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nqgu1"; http_uri; nocase; content:"shorturl.at"; content:"Host"; http_header; classtype:attempted-recon; sid:200004727; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/jh_silitrade_com/_layouts/15/wopiframe.aspx?guestaccesstoken=8vzaur%2f5gb%2fwmmsfdszlpfueeb0ml%2fzkiljmp9hfa0o%3d&amp\;docid=1_14a3d3f238b844155b59bb08023697365&amp\;wdformid=%7b3395edb6%2d941b%2d49a6%2dbd04%2dc039ca27bb2b%7d&amp\;action=formsubmit"; http_uri; nocase; content:"silitrade-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004728; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/3cd35d"; http_uri; nocase; content:"simp.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004729; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/h45c89"; http_uri; nocase; content:"simp.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004730; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/publish/xhrdvc"; http_uri; nocase; content:"simp.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004731; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/a/sy4norton.com/setup/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004732; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/newservices.website/orange-mobiles/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004733; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/e9d24c72/23524457"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004734; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/habbotuttogratis"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004735; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/habbotuttogratis/assignments"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004736; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/libretyreserve"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004737; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/libretyreserve/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004738; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/protectedinmprovmnt44/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004739; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/safetycheck427064200647221/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004740; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/verifycheckpointpaqes/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004741; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/08ie-securepage-facebook"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004742; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/0iey-securepage-facebook"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004743; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/2-orangebank-salva/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004744; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/3-orangebank-vetch/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004745; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/4-orangebank-toto/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004746; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/65h7t65ygtdw5f4/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004747; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/aattt/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004748; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/abuse-privacy/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004749; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/access-office-docxpdf-call-net/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004750; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/airplanecost/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004751; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/alert-app-pages/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004752; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/app-mobile-uuid/recovery"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004753; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/appsconfirms"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004754; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/asdfghjklhgfdsdfgh/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004755; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/att-managements/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004756; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/attemail56/home?authuser=3"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004757; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/attfeatures/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004758; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/attyahooohroffice231/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004759; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/audio-call-net/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004760; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/audio-mp-vm/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004761; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/authentification-orangebank-eu/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004762; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/awspage"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004763; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/banquepostalebanqueetassurance/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004764; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bdbhdhbdhbd/home?authuser=2"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004765; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/benachrichtigung-sparkasse/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004766; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-cloud-voice-review-voice/bt-voice-cloud"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004767; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-clould-preview000112/voice010101010bt-cloud?authuser=8"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004768; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-interne/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004769; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-mail-690/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004770; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-pdf-receipt-payment/www-bt-pdf?authuser=8"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004771; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-voice1010010/bt-voicemesaage10120201002?authuser=8"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004772; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bt-web-com32/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004773; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btbtbtbtbtbtcomm/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004774; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btbusinessx/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004775; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btcloudpaymentinvoice202000/httpsbtcloudvm-voice-new?authuser=1"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004776; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btcoms/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004777; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btconnectbusiness/btconnect"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004778; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btconnectmailserver/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004779; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btconnectted/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004780; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btconnnect/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004781; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btinternetco/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004782; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btmv-voice-notice011/btvoicemessage?authuser=8"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004783; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btnvm-urgentnotice/btvmnew-note?authuser=1"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004784; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btsbusinessbill/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004785; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btserver22/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004786; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/bttbusinesssss/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004787; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/btvoivemessage/bt-home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004788; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/capitaloneloginus/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004789; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/chabillacoat/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004790; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/clickheretoverifyyouracount/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004791; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/clickpagenewlogin2021"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004792; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/coinsbuysellswapcryptocurrency/?fbclid=iwar2isl9xfxxgcxtftml2hmcl_dglhshlkfkpdotycyqu-qjqqfdqm9whtfm"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004793; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/comfimobiekdofl/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004794; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/community-pages-app/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004795; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/confirmation-orangabank/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004796; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/connectolo/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004797; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/continue6363gd/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004798; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ctz03"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004799; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/currentlyserver/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004800; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dfffrreeer/home?authuser=3"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004801; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dffvderr/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004802; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dfghjhckuyf/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004803; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dfghjhl/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004804; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dkdfkazii-ofoqisjaz1wk/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004805; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dkekkeole/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004806; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dumes/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004807; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/dvrbtrethy5642qwrfvd/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004808; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/espace-orange-vocal/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004809; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/espace-vocalorange-ref0325/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004810; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/espacemessagerieorangesms/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004811; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/etyajdnxnskoeprlwyaxbdhfkrituy/btconnect"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004812; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ewyy65/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004813; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ewyy65/home?authuser=3"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004814; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/feelblessed/bt-business"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004815; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/fhgfbythfrsv/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004816; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/fhgfjhfj/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004817; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/form-recovery/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004818; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/form-recovery/details"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004819; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/gdhbfcxzx"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004820; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/hbxchx"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004821; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/hccwc/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004822; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/home-bt-updates/bt-com"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004823; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/home-pages-recovery/details"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004824; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/htvvss/home?authuser=3"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004825; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/identificaton-10777502102022/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004826; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ii-securepage-facebook"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004827; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/invoice-payment-pdf/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004828; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/invoicehomepdf/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004829; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/invoicescan365pdf/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004830; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/jcnvvn/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004831; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/jmjmnhvdc/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004832; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/labred-authentification-source/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004833; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/leafadd/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004834; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/log-inpagenew"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004835; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/mcwdbvefjberjrwgnwriviwr/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004836; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/messor/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004837; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/mobile-apps-pages/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004838; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/mobile-redirect-system"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004839; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/mv-voicepage/home?authuser=8"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004840; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/mycoinwallet/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004841; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/necrologieinfosfroravocal/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004842; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/newbtmissedcall/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004843; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/newuploadpage"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004844; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/newvoicemail/home?authuser=1"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004845; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/nextprojectpage"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004846; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/nextprojectpage2022"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004847; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/noticeplaypagenew2021"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004848; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/noticepublicpagenew2021"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004849; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/notifcationnoticesystempage"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004850; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/nouveau-sms-message-vocal/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004851; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ob-seccurite/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004852; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ob-securite/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004853; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ob-securites/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004854; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ob-service/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004855; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/offiice-voice-com/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004856; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/onlinefifthercheckaccout/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004857; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orange-b-securite/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004858; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orange-forfaits-et-mobiles"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004859; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeb-190/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004860; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeb171/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004861; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeb221/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004862; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeba/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004863; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeban/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004864; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangebank-r/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004865; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangebank-sc/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004866; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangebank-secure-secure/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004867; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangebanksecurite/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004868; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangebannk/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004869; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeibank/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004870; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangeinfosvocalnews/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004871; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangemyconnect/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004872; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/oranggebank/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004873; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/orangiebank/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004874; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/pagenewlogin2022"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004875; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/pages-identificaton-1000050210/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004876; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/pass-press/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004877; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/paypal-customer-services/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004878; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/paypal-loginn/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004879; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/pfherjwlsnmcyelwudy/home?authuser=3"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004880; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/pleasecheckpoint2021"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004881; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/postacerticodplusaccaccueil/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004882; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/protonmailservice/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004883; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/quickteamservice/yahoo-com"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004884; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/reactivationhelp2021/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004885; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/redirect-acctpages-uuid/details"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004886; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/redirectme-to/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004887; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/retttt/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004888; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/reviewappspagerviicee/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004889; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/reviewappspagerviiceee"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004890; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/rg9eur94uwe9d/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004891; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/richcoff/bt-business"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004892; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/rimekahsdjg/summary_page"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004893; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/salimkaso/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004894; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/sbcglobalm/home?authuser=1"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004895; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securbtcomms/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004896; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/secure-bt-homevoice01010120/home?authuser=8"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004897; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/secure-ob-/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004898; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/secure-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004899; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securebtcomms/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004900; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securebtcommss/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004901; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securebusinessbtsecurbt/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004902; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securiplus0101/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004903; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securite-ob-service/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004904; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securite-obank/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004905; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securitee-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004906; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securites-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004907; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securmybusinessbtsecurbt/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004908; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securree/home?authuser=1"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004909; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/securritee-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004910; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/serv-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004911; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/serv-obank/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004912; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/serveur-communication-box/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004913; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/service-orangebank-fr/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004914; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/service-orangebank-securi/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004915; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/service-securite-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004916; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/servicenewlogin"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004917; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/shgeudh/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004918; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ski03/strona-g%c5%82%c3%b3wna"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004919; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/soeyankandi5/bt-business"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004920; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/szdgsdhgd"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004921; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/thenewstartpage2021"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004922; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/update-allreadypage"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004923; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/updatesecure"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004924; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/updatingnewpage"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004925; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/upgrade-bt/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004926; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/utututttu/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004927; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/v-ob/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004928; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/venmo-loginusa/"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004929; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/vfbjf/btconnect"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004930; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/view-your-billonline/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004931; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/viewyourbilll/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004932; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/viewyournewbill/bt-business-btconnect"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004933; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/vjsdhdfidjasi/btconnect"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004934; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/webespaceclient-ref8/accueil"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004935; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/webmailcooom/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004936; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/xcccjcdhasks/btconnect"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004937; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/xmicrosoftoficew/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004938; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/xsvgcxsgvdhg/home?authuser=4"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004939; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/xvhfefef/bt-business"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004940; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/yah000/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004941; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/yahooend/yahoo"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004942; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/yahoomailingdesk/yahoo-com"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004943; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/yahooscott/yahoo"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004944; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/yourbillnotification/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004945; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/yt89ougjio/bt"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004946; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/ztt5zazu/home"; http_uri; nocase; content:"sites.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004947; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/admin/webmail.cpanel.net/user/cp.user.sign_in/auth/cpanel_mailbox/index.htm"; http_uri; nocase; content:"skart.co.in"; content:"Host"; http_header; classtype:attempted-recon; sid:200004948; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/qevjwc"; http_uri; nocase; content:"snip.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200004949; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"solatresont.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004950; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"soufatanse.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004951; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"soufsont.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004952; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/stt-c625a3f2c2"; http_uri; nocase; content:"sprw.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200004953; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:b:/g/personal/mandyb_steiner_co_za/exxq1passetnrojoe83fzboboxufoggwb7uvmyfqbionla?e=4:su8jhq&amp\;at=9"; http_uri; nocase; content:"steinercoza-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004954; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentyfifteen/css/read/chinavali/index.php?email=jsmith@imaphost.com"; http_uri; nocase; content:"stolizaparketa.ru"; content:"Host"; http_header; classtype:attempted-recon; sid:200004955; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1lordman1man3/oscman2.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004956; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/acc03lzzl4m3izm03iauserpowa.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004957; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/algebraic-pact-316913.appspot.com/index.html#jbell@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004958; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/anaagc040gdyacgd0dyuser.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004959; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ciat3tdtttd53c3e5userp.appspot.com/index.html#jr@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004960; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ciat3tdtttd53c3e5userp.appspot.com/index.html#paul@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004961; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/clientid4dunptjlryzrift3nrlomi160gqntzgznajujcnbszq8w/index.htm"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004962; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/dhngw6p6rwrwnuv6vnuse.appspot.com/index.html#brianvillacarlos@legalshieldcorp.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004963; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/g58t3e588ddgmdeddauth.appspot.com/index.html#jim-shelvy@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004964; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/gu1r0utjruhjkukrxhauser.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004965; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/indettn/pdflmanco.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004966; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/indettn/zdewaman.html#example@example.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004967; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/kkkqkl633qn6kq3lqssiiddnenen.appspot.com/index.html#jbell@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004968; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/kkkqkl633qn6kq3lqssiiddnenen.appspot.com/index.html#t.voit@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004969; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/logon_id63757945b-32c6-49b0-83e6-1d93765276e7/"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004970; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/logon_id63757945b-32c6-49b0-83e6-1d93765276e7/index.html#martin.manasek@ruk.cuni.cz"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004971; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/maintainancecomponeta.appspot.com/index.html#a@b.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004972; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/maintainancecomponeta.appspot.com/kayindex.html#eimaste@stinpriza.org"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004973; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/maintainancecomponeta.appspot.com/myowngeneral.html#eimaste@stinpriza.org"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004974; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/maintainancecomponeta.appspot.com/newmineindex.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004975; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/owuddqd9dqqdddq9qd0caerq.appspot.com/index.html#stevewilliamson@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004976; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/projerroro0h5j5ro0jrrj.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004977; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/q90qqqar22r229r292euser.appspot.com/index.html"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004978; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/q90qqqar22r229r292euser.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004979; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/rrdar99rt9qraraq99euser.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004980; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/s0pts0apttxpp00atarrauth.appspot.com/index.html#user@calstatela.edu"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004981; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/staging.maintainancecomponeta.appspot.com/fcocnew.html"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004982; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/staging.maintainancecomponeta.appspot.com/nvhdjgtpl8txagtoccpyscuekxctc7j3kpg5bbugwqv0kemeas313lqehufuifcl6el9vtvomhrfbjbpxbg6qrnsg5sz3dyaiqor%2c%2520ffx6khej2lavfftroaizcq99hjdn3f4hs6gdeg2qodfyhobl8zonx6lez2dafyafc6spylufytfvuzn1jsioh4u6xpsbsqxqgh.html#icann@tecnocratica.net"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004983; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/staging.maintainancecomponeta.appspot.com/sydlasgendomain.html#winnie@soupro.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004984; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/user517497679326978.appspot.com/index.html"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004985; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uth0uax3t3uh30ttna0nnuser.appspot.com/index.html#jbell@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004986; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yyw77ywnn68weyew6euserq.appspot.com/index.html#rosalefua@legalshield.com"; http_uri; nocase; content:"storage.cloud.google.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004987; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/03a6c481bbd83f8/df225c198d58561#un/68425_md/2/16247/3955/23/19171"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004988; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1827435283/1827435283.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004989; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/abjsfatitvyrobprkawlycsckcwrvnntndjwbgoqjiswdbkhhlyxnbv/cli123.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004990; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/abuabomvnediarrfgxamrtqcoehnpskugrmafutqnhugsbzossviqfv/cli123.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004991; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/acwuwxxomzzlrrfuyssheahvokqfunqvlbjnjrbyfsmbbmdppwimvbd/cli123.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004992; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bbss-urltest-public/docomo_20210726_01.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004993; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bbss-urltest-public/docomo_20210910_01.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004994; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bbss-urltest-public/docomo_20210910_02.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004995; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xdaysonde1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004996; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xdragon1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004997; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xgmx1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004998; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xiphoneswiss1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200004999; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xketode1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005000; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xlena1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005001; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xps5de1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005002; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/bionat/xspar1.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005003; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/buckettt01/redirect%20newslettersreply.shop.html#rd/u8888idsyy65301cvmt1247244psw23077wujo1715"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005004; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/document-check/sign.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005005; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/inboxino/brand.html#cl/13669_md/1/788/1401/22/1025434"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005006; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/inboxino/brand.html#cl/13695_md/1/788/1401/109/376564"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005007; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/inboxino/brand.html#un/13664_md/1/455/1401/112/814109"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005008; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/inboxino/brand.html#un/13695_md/1/788/1401/25/339407"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005009; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/sstoragert/linkqs.html#cl/19939_md/1/4441/3808/112/984664"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005010; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/sstoragert/linkqs.html#un/19995_md/1/4542/3682/112/984664"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005011; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ylffhg/redireck.html"; http_uri; nocase; content:"storage.googleapis.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005012; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/p/authentifier-transcash.html"; http_uri; nocase; content:"suivi-coupon-recharge.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005013; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/usroutput/themeset1_2021-12-21-23-15-13/"; http_uri; nocase; content:"sunnylandingpages.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005014; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/adrian_ramos_superpark_com_hk/_layouts/15/wopiframe.aspx?guestaccesstoken=vofjngnui%2fslbameorlq62qlg8mcdnpo1dizu6i%2bc1m%3d&amp\;docid=1_124bbb2f682ca4c7daba6cec6ee34dfb9&amp\;wdformid=%7ba85c8abe%2d68be%2d43dd%2d91f3%2db397386186be%7d&amp\;action=formsubmit"; http_uri; nocase; content:"superpark-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005015; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/form/608bca7586919c70a2066ef7"; http_uri; nocase; content:"surveyheart.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005016; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/pranjali_chandurkar_nmims_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=668cyp4s%2fwcmx8rj223bvjfwdvtryffzfpyarbrueha%3d&amp\;docid=1_1916b69db182644fead12e874cad930c4&amp\;wdformid=%7bcd4093b9%2ddfae%2d49f1%2dadde%2df32fbe93b271%7d&amp\;action=formsubmit"; http_uri; nocase; content:"svkmmumbai-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005017; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/index.html"; http_uri; nocase; content:"swisscoat.com.cn"; content:"Host"; http_header; classtype:attempted-recon; sid:200005018; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/about-us/netflix/9001ca429212011f4a4fda6c778cc318/account"; http_uri; nocase; content:"synapse-project.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005019; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/about-us/netflix/9001ca429212011f4a4fda6c778cc318/account/"; http_uri; nocase; content:"synapse-project.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005020; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/public/dapp"; http_uri; nocase; content:"synmultiwallet.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005021; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/6b3rxfp90m"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005022; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/8mptsau4zq?amp=1"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005023; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/9ooxxstzmb?amp=1?trackingid=ftiikjly&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005024; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/9ooxxstzmb?trackingid=lxr1lc3e&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005025; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ef7oipwfto"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005026; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fy2lasfqae?trackingid=agbl0dxn&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005027; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fy2lasfqae?trackingid=dhrt9pxv&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005028; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fy2lasfqae?trackingid=mhrdlxok&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005029; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fy2lasfqae?trackingid=s5kqcb1o&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005030; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ge6k1ctsmd?trackingid=3pc2vgmn&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005031; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ge6k1ctsmd?trackingid=n13hzxpy&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005032; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ge6k1ctsmd?trackingid=ocfgjhka&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005033; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ge6k1ctsmd?trackingid=ohj6ctus&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005034; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/lkcd0mnequ"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005035; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/timonfvymu?trackingid=67yzc2bv&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005036; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/timonfvymu?trackingid=cybyidfp&signature=newsletter"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005037; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/zrd6j5rq4u?amp=1"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005038; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/zwuq6zjpdj"; http_uri; nocase; content:"t.co"; content:"Host"; http_header; classtype:attempted-recon; sid:200005039; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/helton.law/outlook.office.com/"; http_uri; nocase; content:"tasteentertainment.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005040; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/system32/procesosdeseguridadhb/170.51.165.16679791/agregar/telefono/contacto/logonoperacionservlet.html"; http_uri; nocase; content:"tecsuport.com.br"; content:"Host"; http_header; classtype:attempted-recon; sid:200005041; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/03/blog-post_48.html"; http_uri; nocase; content:"telenorkandklimsupoort.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005042; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/form.htm"; http_uri; nocase; content:"thedigirocket.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005043; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2021/11/1/1and1/index.php"; http_uri; nocase; content:"thelibrarysamui.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005044; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ing587388"; http_uri; nocase; content:"tiny.one"; content:"Host"; http_header; classtype:attempted-recon; sid:200005045; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/ing67454"; http_uri; nocase; content:"tiny.one"; content:"Host"; http_header; classtype:attempted-recon; sid:200005046; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/reuswnzc"; http_uri; nocase; content:"tiny.one"; content:"Host"; http_header; classtype:attempted-recon; sid:200005047; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/48rzxpne"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005048; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/4wcw6fcu"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005049; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/btinternet56"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005050; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/evyu688y"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005051; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nycgovtgrant"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005052; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/uha4nvtf"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005053; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/y8mcrhhp"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005054; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yxb48kqj"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005055; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yxry9vf5"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005056; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yyvm8qr5"; http_uri; nocase; content:"tinyurl.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005057; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/truist.com/"; http_uri; nocase; content:"topearnersafrica.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005058; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/h/v6/link-track/1.0/1612678003989072-e5f6d8cc-499b-ea4f-85f1-8b23ad935661/1612677988/2f5895837f8d3f0a667c6b92ad41f652/8af273ac431e289838c8bf7c490185f3/3fe2530ffaa60580b73b9eec6af02f4d?redirect_uri=http://amazon.com"; http_uri; nocase; content:"tr.cloudmagic.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005059; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/h/v6/link-track/1.0/1614590779401122-8e06125c-4b23-d643-3068-601cab9bec04/1614590763/2f5895837f8d3f0a667c6b92ad41f652/31367888a66bf6f98973a200c83075bb/3fe2530ffaa60580b73b9eec6af02f4d?redirect_uri=http://amazon.com"; http_uri; nocase; content:"tr.cloudmagic.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005060; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/?bn=35405429\;cpdir=https://tmmny.csb.app/.wewrewew.ahr0chm6ly9pbnzlc3rpbmdpbmdvzc5vcmcvqvbjmjq3.yw1izxiuzml0dg9uqhnwyxjrlmnvlm56"; http_uri; nocase; content:"track.adform.net"; content:"Host"; http_header; classtype:attempted-recon; sid:200005061; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=1"; http_uri; nocase; content:"transcash-fr-v.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005062; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/webapp/tribratanews/public/js/hughesnet.com/index.php"; http_uri; nocase; content:"tribratanewsbondowoso.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005063; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/lsjpgw?verification-online-service"; http_uri; nocase; content:"u.to"; content:"Host"; http_header; classtype:attempted-recon; sid:200005064; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/unrpgg"; http_uri; nocase; content:"u.to"; content:"Host"; http_header; classtype:attempted-recon; sid:200005065; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wsddga"; http_uri; nocase; content:"u.to"; content:"Host"; http_header; classtype:attempted-recon; sid:200005066; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/pbi_pbi1151/login/remote/071108407/6"; http_uri; nocase; content:"ucbonline.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005067; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=e%2f5p4lmr7oxtbuuzst9ihpacebtz%2bhbogl5i950bhau%3d&docid=1_151b39d9e7dd54cfba500875349d3beb6&wdformid=%7bda6fcad9%2d9684%2d43af%2db959%2de2fa774eaba6%7d&action=formsubmit"; http_uri; nocase; content:"umconnectumt-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005068; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=h2b5qkvlooc%2bfvhpo6qkbxdfdzwzpa7doqhaikfrj08%3d&docid=1_1cab74931edec4bf39e6f4768e7830a02&wdformid=%7b6a702647%2db560%2d40c5%2d8890%2d109ec5ad9bc5%7d&action=formsubmit"; http_uri; nocase; content:"umconnectumt-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005069; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=inau9tsjk5bvaoypx%2fgfkvgo0iz4rq47kvts4tkb8yq%3d&docid=1_19c7a48ea3a0448c78765a480857920f0&wdformid=%7bd8f70a7d%2d4204%2d4a87%2da88e%2dbad6b0e4129e%7d&action=formsubmit"; http_uri; nocase; content:"umconnectumt-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005070; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=inau9tsjk5bvaoypx/gfkvgo0iz4rq47kvts4tkb8yq=&amp\;docid=1_19c7a48ea3a0448c78765a480857920f0&amp\;wdformid={d8f70a7d-4204-4a87-a88e-bad6b0e4129e}&amp\;action=formsubmit"; http_uri; nocase; content:"umconnectumt-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005071; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=uh9hjveaooebgqolme%2f5qft71pw2stg2ojiiqxebzce%3d&docid=1_11e28ca5d86c6416f926736ea3e8ad885&wdformid=%7b70256f91%2df178%2d4e5f%2d847a%2df748294a79c9%7d&action=formsubmit"; http_uri; nocase; content:"umconnectumt-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005072; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wine"; http_uri; nocase; content:"umeacademy.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005073; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wptracking/tracking2/tracking/tracking.php"; http_uri; nocase; content:"uniga.ac.id"; content:"Host"; http_header; classtype:attempted-recon; sid:200005074; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/0lxgmv"; http_uri; nocase; content:"url.gratis"; content:"Host"; http_header; classtype:attempted-recon; sid:200005075; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/kcornwall/email-verification/notice/account_login/login.html#accounting@utu.fi"; http_uri; nocase; content:"users.tpg.com.au"; content:"Host"; http_header; classtype:attempted-recon; sid:200005076; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/1pxak"; http_uri; nocase; content:"v.ht"; content:"Host"; http_header; classtype:attempted-recon; sid:200005077; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/yogs"; http_uri; nocase; content:"v.ht"; content:"Host"; http_header; classtype:attempted-recon; sid:200005078; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/rd/c56498tvifh29711728hupj8172asy17489blob7311"; http_uri; nocase; content:"vaiddzed.cc"; content:"Host"; http_header; classtype:attempted-recon; sid:200005079; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/drupal-7.56/scripts/bp"; http_uri; nocase; content:"velvet.by"; content:"Host"; http_header; classtype:attempted-recon; sid:200005080; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/drupal-7.56/scripts/bp/"; http_uri; nocase; content:"velvet.by"; content:"Host"; http_header; classtype:attempted-recon; sid:200005081; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"veredesafs.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005082; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"vetrfedsonte.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005083; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/2021/03/blog-post.html"; http_uri; nocase; content:"viamobte.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005084; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/61e168ca67f4550de805d006/interactive-content-secured-document"; http_uri; nocase; content:"view.genial.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200005085; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/61e168ca67f4550de805d006/interactive-content-untitled-genially"; http_uri; nocase; content:"view.genial.ly"; content:"Host"; http_header; classtype:attempted-recon; sid:200005086; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/?m=0"; http_uri; nocase; content:"vivaterouna.blogspot.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005087; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?cc_key=&amp\;post=%7brandom_number_5%7d_1&amp\;to=http://18.118.206.123/index.php?key=%7brandom_letternumberuplow_5%7d,email=%7bemail%7d"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005088; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=1qg10"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005089; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=3efeh"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005090; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=cylqz"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005091; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=dmyfj"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005092; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=dvexh"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005093; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=fhqja"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005094; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=g9dzz"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005095; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=qq74g"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005096; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=v0de0,email=kflove23@icloud.com&post=11981_1&cc_key"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005097; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=zzbtj"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005098; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=ccugr"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005099; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=mb1wu"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005100; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=meixj"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005101; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=toboe"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005102; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=tyzud"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005103; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=u7tfm,email=resurgita@icloud.com&post=35252_1&cc_key"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005104; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=v5t6m,email=robertgoby@icloud.com&post=24927_1&cc_key"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005105; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=vgy1e"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005106; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=znbui"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005107; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2fhumanity06.com%2fwp-content%2fthemes%2fapi.html"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005108; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2frois-zkxzx.run.goorm.io/safe-browser/"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005109; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2fwww.allovisite.com%2fwp-content%2fplugins%2fapi.html"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005110; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=http%3a%2f%2fwww.allovisite.com%2fwp-content%2fplugins%2fapi.html&post=693378694_2&cc_key"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005111; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https%3a%2f%2fmsq-health.com%2fimages%2fonehealth%2fsound%2faudio&post=696668869_2&cc_key=/odmibxru/tsiqjhleqcj"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005112; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https%3a%2f%2fsapphireinternationalschool.com%2falbum%2fimages%2fsound%2faudio&post=690576696_17&cc_key=/lhgesiqipz/ksbqekez2fa"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005113; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://api.safebrowser-antidrop.com/ai.html?key=ppsyk"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005114; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://arroketainsificansion.com/r/cairdiembos"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005115; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://drmustafaalagamy.com/css/rajahutandil2"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005116; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://laprospergroup.com/wp-admin/assets/?key=8oyrd,email={email}"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005117; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://rendelparis.com/wp-admin/assets?key=isvbt,email={email}"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005118; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://sahara-distribution.com/wp-admin/dir"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005119; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://www.marmum.ae/css/?key=ibxa"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005120; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://www.marmum.ae/css/?key=ksor"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005121; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://www.marmum.ae/css/?key=lzqm"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005122; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://www.marmum.ae/css/?key=yihv"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005123; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/away.php?to=https://www.newlifenursery.com/assets/rdt.html?key=lwhi1"; http_uri; nocase; content:"vk.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005124; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/all.php"; http_uri; nocase; content:"vps3920.ultahost.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005125; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/8jdu/sb6/index.php?_"; http_uri; nocase; content:"wallieget.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005126; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/8jdu/sb6/index.php?_&amp\;_"; http_uri; nocase; content:"wallieget.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005127; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/8jdu/sb6/index.php?_&amp\;_&amp\;_"; http_uri; nocase; content:"wallieget.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005128; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/o2/a/f5s4y/0"; http_uri; nocase; content:"warriorplus.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005129; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/upgrade/"; http_uri; nocase; content:"webmail.serviceunit.co.uk"; content:"Host"; http_header; classtype:attempted-recon; sid:200005130; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/sketch/js/sf_trash/c45b222914e3c78d"; http_uri; nocase; content:"webuyworkshopequipment.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005131; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/sketch/js/sf_trash/c45b222914e3c78d/"; http_uri; nocase; content:"webuyworkshopequipment.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005132; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/secure/wells"; http_uri; nocase; content:"whitmansasphalt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005133; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/secure/wells/"; http_uri; nocase; content:"whitmansasphalt.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005134; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@bt_home"; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005135; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@bt_internet"; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005136; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@bt_service_alert."; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005137; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@bt_teem"; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005138; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@bt_update"; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005139; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@bt_upgrade"; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005140; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/@btinternet"; http_uri; nocase; content:"withkoji.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005141; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/:x:/r/personal/pklewis_k12_wv_us/_layouts/15/wopiframe.aspx?guestaccesstoken=tqintdtuii%2bam%2fbqmtnjkenggs2dptoi8hs2jqftjkq%3d&docid=1_1446052cffa4c4871bd24bb98fe86ed6d&wdformid=%7bdf30d25d%2d0b59%2d47e5%2d956e%2dc601397ea4d7%7d&action=formsubmit&cid=57cdb8ab-426b-4eff-a51f-903ee3684f96"; http_uri; nocase; content:"wvk12-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005142; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/personal/pklewis_k12_wv_us/_layouts/15/wopiframe.aspx?guestaccesstoken=tqintdtuii%2bam%2fbqmtnjkenggs2dptoi8hs2jqftjkq%3d&docid=1_1446052cffa4c4871bd24bb98fe86ed6d&wdformid=%7bdf30d25d%2d0b59%2d47e5%2d956e%2dc601397ea4d7%7d&action=formsubmit&cid=57cdb8ab-426b-4eff-a51f-903ee3684f96"; http_uri; nocase; content:"wvk12-my.sharepoint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005143; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/oih3b8"; http_uri; nocase; content:"xip.li"; content:"Host"; http_header; classtype:attempted-recon; sid:200005144; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/fire/dhl/load.php?0=aw5mb0btzxrhbg9naxmuy29t&amp\;guce_referrer=ahr0chm6ly9sb2dpbi55ywhvby5jb20v&amp\;guce_referrer_sig=aqaaaba99nmgr9inqoyu5mi3asjqfyjcpatd_a8modgjxpnxynmo8n5zxdi8ezv7gfypzosc_rpmz0hyfdck0olmxnmb6tpfznd5enc"; http_uri; nocase; content:"znbint.com"; content:"Host"; http_header; classtype:attempted-recon; sid:200005145; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/kms8u47zlxwk"; http_uri; nocase; content:"zpr.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200005146; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxvzwlcdizyq"; http_uri; nocase; content:"zpr.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200005147; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"phishing-filter phishing website detected"; flow:established,from_client; content:"GET"; http_method; content:"/nckeqquhrpuf"; http_uri; nocase; content:"zpr.io"; content:"Host"; http_header; classtype:attempted-recon; sid:200005148; rev:1;)
diff --git a/dist/phishing-filter-snort3.rules b/dist/phishing-filter-snort3.rules
index fe722ab0..288142b5 100644
--- a/dist/phishing-filter-snort3.rules
+++ b/dist/phishing-filter-snort3.rules
@@ -1,5 +1,5 @@
 # Title: Phishing URL Snort3 Ruleset
-# Updated: Sun, 16 Jan 2022 12:01:44 +0000
+# Updated: Mon, 17 Jan 2022 00:01:35 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/phishing-filter
 # License: https://gitlab.com/curben/phishing-filter#license
@@ -13,59 +13,59 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing web
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"02-billing-support.org",nocase; classtype:attempted-recon; sid:200000005; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"08863299.sso-secure-mail0454etr.pages.dev",nocase; classtype:attempted-recon; sid:200000006; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"0bs.de",nocase; classtype:attempted-recon; sid:200000007; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"0gjvj7a8eydbjz3au8anbg-on.drv.tw",nocase; classtype:attempted-recon; sid:200000008; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"1000000000347789523698541.tk",nocase; classtype:attempted-recon; sid:200000009; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"1000000000347789523698545.tk",nocase; classtype:attempted-recon; sid:200000010; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"1000000000347789523698546.tk",nocase; classtype:attempted-recon; sid:200000011; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"1000000000347789523698547.tk",nocase; classtype:attempted-recon; sid:200000012; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"103.114.16.4",nocase; classtype:attempted-recon; sid:200000013; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"104.168.173.244",nocase; classtype:attempted-recon; sid:200000014; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"104.168.173.248",nocase; classtype:attempted-recon; sid:200000015; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"107.172.198.119",nocase; classtype:attempted-recon; sid:200000016; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"109edc5b.ssdtfgyb09.pages.dev",nocase; classtype:attempted-recon; sid:200000017; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"112358400702021.biz.id",nocase; classtype:attempted-recon; sid:200000018; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"113.164.17.147",nocase; classtype:attempted-recon; sid:200000019; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"121techyard.com",nocase; classtype:attempted-recon; sid:200000020; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"130.211.30.154",nocase; classtype:attempted-recon; sid:200000021; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"138.68.69.90",nocase; classtype:attempted-recon; sid:200000022; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"14.98.234.77",nocase; classtype:attempted-recon; sid:200000023; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"149-210-143-165.colo.transip.net",nocase; classtype:attempted-recon; sid:200000024; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"149.210.143.165",nocase; classtype:attempted-recon; sid:200000025; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"15004083383734.data-store-company.com",nocase; classtype:attempted-recon; sid:200000026; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"154.30.211.130.bc.googleusercontent.com",nocase; classtype:attempted-recon; sid:200000027; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"161.35.142.2",nocase; classtype:attempted-recon; sid:200000028; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"165.227.122.125",nocase; classtype:attempted-recon; sid:200000029; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"16park.cn",nocase; classtype:attempted-recon; sid:200000030; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"173.82.154.253",nocase; classtype:attempted-recon; sid:200000031; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"178.128.108.233.dsl.dyn.forthnet.gr",nocase; classtype:attempted-recon; sid:200000032; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"179.43.140.208",nocase; classtype:attempted-recon; sid:200000033; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"179.48.65.130",nocase; classtype:attempted-recon; sid:200000034; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"18.217.56.169",nocase; classtype:attempted-recon; sid:200000035; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"1800poolservice.com",nocase; classtype:attempted-recon; sid:200000036; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"182.73.136.210",nocase; classtype:attempted-recon; sid:200000037; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"185-46-10-159.cloudvps.regruhosting.ru",nocase; classtype:attempted-recon; sid:200000038; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"18sitedev.com",nocase; classtype:attempted-recon; sid:200000039; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"190854.8b.io",nocase; classtype:attempted-recon; sid:200000040; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"1inch.party",nocase; classtype:attempted-recon; sid:200000041; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"1inhc.exchange",nocase; classtype:attempted-recon; sid:200000042; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"1inich.exchange",nocase; classtype:attempted-recon; sid:200000043; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"1ncih.exchange",nocase; classtype:attempted-recon; sid:200000044; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2.136.95.251",nocase; classtype:attempted-recon; sid:200000045; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"20140301.xyz",nocase; classtype:attempted-recon; sid:200000046; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2022-exodus.com",nocase; classtype:attempted-recon; sid:200000047; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2022-girobanken-sparkassen.xyz",nocase; classtype:attempted-recon; sid:200000048; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2022.intrebrkprsonas.xyz",nocase; classtype:attempted-recon; sid:200000049; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"1000000000347789523698546.tk",nocase; classtype:attempted-recon; sid:200000008; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"1000000000347789523698547.tk",nocase; classtype:attempted-recon; sid:200000009; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"103.114.16.4",nocase; classtype:attempted-recon; sid:200000010; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"104.168.173.244",nocase; classtype:attempted-recon; sid:200000011; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"104.168.173.248",nocase; classtype:attempted-recon; sid:200000012; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"107.172.198.119",nocase; classtype:attempted-recon; sid:200000013; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"109edc5b.ssdtfgyb09.pages.dev",nocase; classtype:attempted-recon; sid:200000014; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"112358400702021.biz.id",nocase; classtype:attempted-recon; sid:200000015; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"113.164.17.147",nocase; classtype:attempted-recon; sid:200000016; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"121techyard.com",nocase; classtype:attempted-recon; sid:200000017; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"130.211.30.154",nocase; classtype:attempted-recon; sid:200000018; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"138.68.69.90",nocase; classtype:attempted-recon; sid:200000019; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"14.98.234.77",nocase; classtype:attempted-recon; sid:200000020; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"149-210-143-165.colo.transip.net",nocase; classtype:attempted-recon; sid:200000021; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"149.210.143.165",nocase; classtype:attempted-recon; sid:200000022; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"15004083383734.data-store-company.com",nocase; classtype:attempted-recon; sid:200000023; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"154.222.224.81",nocase; classtype:attempted-recon; sid:200000024; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"154.30.211.130.bc.googleusercontent.com",nocase; classtype:attempted-recon; sid:200000025; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"161.35.142.2",nocase; classtype:attempted-recon; sid:200000026; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"165.227.122.125",nocase; classtype:attempted-recon; sid:200000027; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"16park.cn",nocase; classtype:attempted-recon; sid:200000028; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"1727365.com",nocase; classtype:attempted-recon; sid:200000029; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"173.82.154.253",nocase; classtype:attempted-recon; sid:200000030; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"178.128.108.233.dsl.dyn.forthnet.gr",nocase; classtype:attempted-recon; sid:200000031; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"179.43.140.208",nocase; classtype:attempted-recon; sid:200000032; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"179.48.65.130",nocase; classtype:attempted-recon; sid:200000033; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"18.217.56.169",nocase; classtype:attempted-recon; sid:200000034; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"1800poolservice.com",nocase; classtype:attempted-recon; sid:200000035; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"182.73.136.210",nocase; classtype:attempted-recon; sid:200000036; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"185-46-10-159.cloudvps.regruhosting.ru",nocase; classtype:attempted-recon; sid:200000037; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"18sitedev.com",nocase; classtype:attempted-recon; sid:200000038; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"190854.8b.io",nocase; classtype:attempted-recon; sid:200000039; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"1inch.party",nocase; classtype:attempted-recon; sid:200000040; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"1inhc.exchange",nocase; classtype:attempted-recon; sid:200000041; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"1inich.exchange",nocase; classtype:attempted-recon; sid:200000042; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"1ncih.exchange",nocase; classtype:attempted-recon; sid:200000043; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2.136.95.251",nocase; classtype:attempted-recon; sid:200000044; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"20140301.xyz",nocase; classtype:attempted-recon; sid:200000045; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2022-exodus.com",nocase; classtype:attempted-recon; sid:200000046; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2022-girobanken-sparkassen.xyz",nocase; classtype:attempted-recon; sid:200000047; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2022.intrebrkprsonas.xyz",nocase; classtype:attempted-recon; sid:200000048; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"205.185.113.221",nocase; classtype:attempted-recon; sid:200000049; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"208.82.115.230",nocase; classtype:attempted-recon; sid:200000050; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"217651.8b.io",nocase; classtype:attempted-recon; sid:200000051; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2247317.verifyinguser426128734570198363.com",nocase; classtype:attempted-recon; sid:200000052; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"228.94.92.rev.sfr.net.gghost.ru",nocase; classtype:attempted-recon; sid:200000053; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"24611250.sibforms.com",nocase; classtype:attempted-recon; sid:200000054; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2482689012.yolasite.com",nocase; classtype:attempted-recon; sid:200000055; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"299kensingtonroad.my.webex.com",nocase; classtype:attempted-recon; sid:200000056; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2ex2cfu.cn",nocase; classtype:attempted-recon; sid:200000057; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2fa.bthei.com",nocase; classtype:attempted-recon; sid:200000058; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2pil.ru",nocase; classtype:attempted-recon; sid:200000059; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2rakuten.co.jp.happyyear.cn",nocase; classtype:attempted-recon; sid:200000060; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"228.94.92.rev.sfr.net.gghost.ru",nocase; classtype:attempted-recon; sid:200000052; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"24611250.sibforms.com",nocase; classtype:attempted-recon; sid:200000053; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2482689012.yolasite.com",nocase; classtype:attempted-recon; sid:200000054; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"299kensingtonroad.my.webex.com",nocase; classtype:attempted-recon; sid:200000055; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2ex2cfu.cn",nocase; classtype:attempted-recon; sid:200000056; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2fa.bthei.com",nocase; classtype:attempted-recon; sid:200000057; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2pil.ru",nocase; classtype:attempted-recon; sid:200000058; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2rakuten.co.jp.happyyear.cn",nocase; classtype:attempted-recon; sid:200000059; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"2yfh.short.gy",nocase; classtype:attempted-recon; sid:200000060; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3-139-75-158.cprapid.com",nocase; classtype:attempted-recon; sid:200000061; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"343i.org",nocase; classtype:attempted-recon; sid:200000062; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"343t3dv9qdufp.clickfunnels.com",nocase; classtype:attempted-recon; sid:200000063; rev:1;)
@@ -73,847 +73,847 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing web
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"35.199.84.117",nocase; classtype:attempted-recon; sid:200000065; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"35.225.222.142",nocase; classtype:attempted-recon; sid:200000066; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3568365.com",nocase; classtype:attempted-recon; sid:200000067; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3a10a178.s6t6sj4s46tu4sys54y5.pages.dev",nocase; classtype:attempted-recon; sid:200000068; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3bvjh.sbs",nocase; classtype:attempted-recon; sid:200000069; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3ck.me",nocase; classtype:attempted-recon; sid:200000070; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3dprintersupplies.com.au",nocase; classtype:attempted-recon; sid:200000071; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3dsecure-update-service-info-live.duckdns.org",nocase; classtype:attempted-recon; sid:200000072; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3ff7c459-86b2-4f6d-b6b0-ba6402ef6cb0.htmlcomponentservice.com",nocase; classtype:attempted-recon; sid:200000073; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3j124.csb.app",nocase; classtype:attempted-recon; sid:200000074; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"42.193.110.254",nocase; classtype:attempted-recon; sid:200000075; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"45.186.132.130",nocase; classtype:attempted-recon; sid:200000076; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"45.9.20.146",nocase; classtype:attempted-recon; sid:200000077; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"48tlp.codesandbox.io",nocase; classtype:attempted-recon; sid:200000078; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"4a14def9.sibforms.com",nocase; classtype:attempted-recon; sid:200000079; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"4c0mr.93.8934.easyflv.com",nocase; classtype:attempted-recon; sid:200000080; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"4lxkd.r.ag.d.sendibm3.com",nocase; classtype:attempted-recon; sid:200000081; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"4r1un.app.link",nocase; classtype:attempted-recon; sid:200000082; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"4w8bmmjcw86e.clickfunnels.com",nocase; classtype:attempted-recon; sid:200000083; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"5.qarshishxtb.uz",nocase; classtype:attempted-recon; sid:200000084; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"51.fi",nocase; classtype:attempted-recon; sid:200000085; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"5181365.com",nocase; classtype:attempted-recon; sid:200000086; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"52.148.252.166",nocase; classtype:attempted-recon; sid:200000087; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"52292936869418365.web.id",nocase; classtype:attempted-recon; sid:200000088; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"53vzxcnk6rwp.clickfunnels.com",nocase; classtype:attempted-recon; sid:200000089; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"54-160-232-146.cprapid.com",nocase; classtype:attempted-recon; sid:200000090; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"5736365.com",nocase; classtype:attempted-recon; sid:200000091; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"5b0f6cb9-0485-4fc7-9775-eb74bb45bbf6.htmlcomponentservice.com",nocase; classtype:attempted-recon; sid:200000092; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"5e841ae2.srvr-cloudmail-srvr6765e7tg.pages.dev",nocase; classtype:attempted-recon; sid:200000093; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"613707.selcdn.ru",nocase; classtype:attempted-recon; sid:200000094; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"61da8ae6.6u6566hrrthsh45.pages.dev",nocase; classtype:attempted-recon; sid:200000095; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"638ca12d-ba2f-451c-8418-faf56b7de7ff.htmlcomponentservice.com",nocase; classtype:attempted-recon; sid:200000096; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"65451440241544.hyperphp.com",nocase; classtype:attempted-recon; sid:200000097; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"664876.verifyinguser426128734570198363.com",nocase; classtype:attempted-recon; sid:200000098; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"67lksxgjd.bttmassage-thai-tanger.com",nocase; classtype:attempted-recon; sid:200000099; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"6a7zu9he6mqh.clickfunnels.com",nocase; classtype:attempted-recon; sid:200000100; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"6c7f0acc.sibforms.com",nocase; classtype:attempted-recon; sid:200000101; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"78.108.89.240",nocase; classtype:attempted-recon; sid:200000102; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"7837365.com",nocase; classtype:attempted-recon; sid:200000103; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"7a4298b9.sso-mail-secure234ds23d23wd1.pages.dev",nocase; classtype:attempted-recon; sid:200000104; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"7wr4u.csb.app",nocase; classtype:attempted-recon; sid:200000105; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"7yu3v.csb.app",nocase; classtype:attempted-recon; sid:200000106; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"8.215.32.173",nocase; classtype:attempted-recon; sid:200000107; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"8010361370310234068010361370310234.blogspot.be",nocase; classtype:attempted-recon; sid:200000108; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"859411.icu",nocase; classtype:attempted-recon; sid:200000109; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"8760365.com",nocase; classtype:attempted-recon; sid:200000110; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"889381.icu",nocase; classtype:attempted-recon; sid:200000111; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"8899.jp",nocase; classtype:attempted-recon; sid:200000112; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"89ix7y0.cn",nocase; classtype:attempted-recon; sid:200000113; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"92.rev.sfr.net.gghost.ru",nocase; classtype:attempted-recon; sid:200000114; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"94183655229293686.web.id",nocase; classtype:attempted-recon; sid:200000115; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"98yiujh.9peop5jzad1945.workers.dev",nocase; classtype:attempted-recon; sid:200000116; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"9d62cfee-59b3-42a8-9542-4b3a32692792.htmlcomponentservice.com",nocase; classtype:attempted-recon; sid:200000117; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"9faf19faf1.virkrupaengg.com",nocase; classtype:attempted-recon; sid:200000118; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"9ftytucsh4ph.clickfunnels.com",nocase; classtype:attempted-recon; sid:200000119; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a.2827e82ca6640ef29594fb288383c901159970954a6ca74d562cd3aa.com",nocase; classtype:attempted-recon; sid:200000120; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a.insecurpage.recovery-safty.workers.dev",nocase; classtype:attempted-recon; sid:200000121; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a.mauofeg.com",nocase; classtype:attempted-recon; sid:200000122; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a.mauofog.com",nocase; classtype:attempted-recon; sid:200000123; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a.scicemecod.com",nocase; classtype:attempted-recon; sid:200000124; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a.snadc-oecddo.com",nocase; classtype:attempted-recon; sid:200000125; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a0570626.xsph.ru",nocase; classtype:attempted-recon; sid:200000126; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a4d3b42c.chgmar-d8y.pages.dev",nocase; classtype:attempted-recon; sid:200000127; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a71843c1.mailssocloud-srvr65e5rd.pages.dev",nocase; classtype:attempted-recon; sid:200000128; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a894ec7f.46t33454t4.pages.dev",nocase; classtype:attempted-recon; sid:200000129; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aa.snadc-oecddo.com",nocase; classtype:attempted-recon; sid:200000130; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aagamsteelcorporation.com",nocase; classtype:attempted-recon; sid:200000131; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aar.macecri.com",nocase; classtype:attempted-recon; sid:200000132; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"abeermultimediadesign.com",nocase; classtype:attempted-recon; sid:200000133; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"absaonline2021.website2.me",nocase; classtype:attempted-recon; sid:200000134; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"absolute-containers-sip.business.site",nocase; classtype:attempted-recon; sid:200000135; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"absolutepleasure.com.my",nocase; classtype:attempted-recon; sid:200000136; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"acacia.webdevonline.net",nocase; classtype:attempted-recon; sid:200000137; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"account.herephyshy.info",nocase; classtype:attempted-recon; sid:200000138; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"account.verifications.help-page.workers.dev",nocase; classtype:attempted-recon; sid:200000139; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"accounts-autoscout24.de",nocase; classtype:attempted-recon; sid:200000140; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"acessobradesco.digital",nocase; classtype:attempted-recon; sid:200000141; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ach111.xyz",nocase; classtype:attempted-recon; sid:200000142; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"activate-hulu-com-activate.sitey.me",nocase; classtype:attempted-recon; sid:200000143; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"adamfeber.com",nocase; classtype:attempted-recon; sid:200000144; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"adcloudserver.com",nocase; classtype:attempted-recon; sid:200000145; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"admin-formserviceupdates.weeblysite.com",nocase; classtype:attempted-recon; sid:200000146; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"administraciondefincaspereznovo.com",nocase; classtype:attempted-recon; sid:200000147; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"adorablepomskyhome.net",nocase; classtype:attempted-recon; sid:200000148; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"adpunemploymentclaims.sharefile.com",nocase; classtype:attempted-recon; sid:200000149; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"adsmarca.com",nocase; classtype:attempted-recon; sid:200000150; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ae.snadc-oecddo.com",nocase; classtype:attempted-recon; sid:200000151; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"affixsports.net",nocase; classtype:attempted-recon; sid:200000152; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"afreemart.xyz",nocase; classtype:attempted-recon; sid:200000153; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"africansecrets.ca",nocase; classtype:attempted-recon; sid:200000154; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"agora.imb.br",nocase; classtype:attempted-recon; sid:200000155; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"agricolefr-99f918.ingress-erytho.easywp.com",nocase; classtype:attempted-recon; sid:200000156; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"agrimetiersmartinique.fr",nocase; classtype:attempted-recon; sid:200000157; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"agurimu-nagoya.com",nocase; classtype:attempted-recon; sid:200000158; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ahhhh.pe.kr",nocase; classtype:attempted-recon; sid:200000159; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ai.macecri.com",nocase; classtype:attempted-recon; sid:200000160; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aib-unauthorized-access.com",nocase; classtype:attempted-recon; sid:200000161; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aid-validation-human.run-us-west2.goorm.io",nocase; classtype:attempted-recon; sid:200000162; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aimekidya-recpag.web.id",nocase; classtype:attempted-recon; sid:200000163; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"airportprescreening.com",nocase; classtype:attempted-recon; sid:200000164; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aitsidihamh.my-place.us",nocase; classtype:attempted-recon; sid:200000165; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"akanksha3012.github.io",nocase; classtype:attempted-recon; sid:200000166; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aks34.github.io",nocase; classtype:attempted-recon; sid:200000167; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aksehirelittotel.com",nocase; classtype:attempted-recon; sid:200000168; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aksjdkas.6icmtmbvlj5916.workers.dev",nocase; classtype:attempted-recon; sid:200000169; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aksjoeomraadet.no",nocase; classtype:attempted-recon; sid:200000170; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aktualizacja.jst.pl",nocase; classtype:attempted-recon; sid:200000171; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"akun-peringatan03.webnode.page",nocase; classtype:attempted-recon; sid:200000172; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alareentading-catalog.page.tl",nocase; classtype:attempted-recon; sid:200000173; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"albel.intnet.mu",nocase; classtype:attempted-recon; sid:200000174; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aldana.in",nocase; classtype:attempted-recon; sid:200000175; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alerts.department.improvement.workers.dev",nocase; classtype:attempted-recon; sid:200000176; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alexellis.gr",nocase; classtype:attempted-recon; sid:200000177; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alexxou.website2.me",nocase; classtype:attempted-recon; sid:200000178; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"algotextil.com.br",nocase; classtype:attempted-recon; sid:200000179; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aliciabot.azurewebsites.net",nocase; classtype:attempted-recon; sid:200000180; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alkhalilgraphics.com",nocase; classtype:attempted-recon; sid:200000181; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"allegrolokalnie-pl-3dsafe.id-43051.xyz",nocase; classtype:attempted-recon; sid:200000182; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"allegrolokalnie-pl-3dsafe.id-91501.xyz",nocase; classtype:attempted-recon; sid:200000183; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"allegrolokalnie-pl-safe.id-43051.xyz",nocase; classtype:attempted-recon; sid:200000184; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alliancesuper.com",nocase; classtype:attempted-recon; sid:200000185; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"almighty.edu.np",nocase; classtype:attempted-recon; sid:200000186; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alnajahh.com",nocase; classtype:attempted-recon; sid:200000187; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aloun.ps",nocase; classtype:attempted-recon; sid:200000188; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alphabnkgre.com",nocase; classtype:attempted-recon; sid:200000189; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alqadi.ps",nocase; classtype:attempted-recon; sid:200000190; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alquilervillora.net",nocase; classtype:attempted-recon; sid:200000191; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alsofft.com",nocase; classtype:attempted-recon; sid:200000192; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amacez.jyrtery4.top",nocase; classtype:attempted-recon; sid:200000193; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amacredit.amacardpkey.xyz",nocase; classtype:attempted-recon; sid:200000194; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amaenv.fgasdfw6.xyz",nocase; classtype:attempted-recon; sid:200000195; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amaozn.ywcimei.com",nocase; classtype:attempted-recon; sid:200000196; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amaznllo.co.jp.amauioda.net",nocase; classtype:attempted-recon; sid:200000197; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazom.supesn.xyz",nocase; classtype:attempted-recon; sid:200000198; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazom.supwwe.xyz",nocase; classtype:attempted-recon; sid:200000199; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazomsse.shop",nocase; classtype:attempted-recon; sid:200000200; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazon-gcatech.com",nocase; classtype:attempted-recon; sid:200000201; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazon-interruption.com",nocase; classtype:attempted-recon; sid:200000202; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazon.co.ip.jlig.cn",nocase; classtype:attempted-recon; sid:200000203; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazon.co.jp.abaiaccounting.cn",nocase; classtype:attempted-recon; sid:200000204; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazon.gousana.casa",nocase; classtype:attempted-recon; sid:200000205; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazon.jp-m.win",nocase; classtype:attempted-recon; sid:200000206; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazon.works.ga",nocase; classtype:attempted-recon; sid:200000207; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazonhome.sfrmobiles.com",nocase; classtype:attempted-recon; sid:200000208; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazonjapsne.cf",nocase; classtype:attempted-recon; sid:200000209; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazoon.co.op.o4j.top",nocase; classtype:attempted-recon; sid:200000210; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ambil-hadiah-gratis-resmi-dari-freefire.duckdns.org",nocase; classtype:attempted-recon; sid:200000211; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amc-training.com",nocase; classtype:attempted-recon; sid:200000212; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amcgardiennage.com",nocase; classtype:attempted-recon; sid:200000213; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ameozom.jp.onaworks.com",nocase; classtype:attempted-recon; sid:200000214; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"americanexpress-auth.azurewebsites.net",nocase; classtype:attempted-recon; sid:200000215; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"americanexpress.heiwakai.com",nocase; classtype:attempted-recon; sid:200000216; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amguevara.com",nocase; classtype:attempted-recon; sid:200000217; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amidabuli.com",nocase; classtype:attempted-recon; sid:200000218; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amlnov7.web.app",nocase; classtype:attempted-recon; sid:200000219; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amnzma-jp.top",nocase; classtype:attempted-recon; sid:200000220; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amnzms1-jp.top",nocase; classtype:attempted-recon; sid:200000221; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amnzms4-jp.shop",nocase; classtype:attempted-recon; sid:200000222; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amnzmsf-jp.shop",nocase; classtype:attempted-recon; sid:200000223; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amnzmsn3-jp.shop",nocase; classtype:attempted-recon; sid:200000224; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amoazom.rm82j6-t8.cn",nocase; classtype:attempted-recon; sid:200000225; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amonzau_co_take.ktbf.shop",nocase; classtype:attempted-recon; sid:200000226; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amosleh.com",nocase; classtype:attempted-recon; sid:200000227; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amozom.co.ip.taxhod.club",nocase; classtype:attempted-recon; sid:200000228; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amreeth.github.io",nocase; classtype:attempted-recon; sid:200000229; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amusebouche-bg.com",nocase; classtype:attempted-recon; sid:200000230; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amzcredit.dearva.xyz",nocase; classtype:attempted-recon; sid:200000231; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"an.macecri.com",nocase; classtype:attempted-recon; sid:200000232; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"anandsr-dev.github.io",nocase; classtype:attempted-recon; sid:200000233; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"anarchitecturestudio.com",nocase; classtype:attempted-recon; sid:200000234; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"anbn.ru",nocase; classtype:attempted-recon; sid:200000235; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"andersonstrategic.com.au",nocase; classtype:attempted-recon; sid:200000236; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"androapk.in",nocase; classtype:attempted-recon; sid:200000237; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"andromeda-manageer-association-27.web.id",nocase; classtype:attempted-recon; sid:200000238; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"angiofsi.page.link",nocase; classtype:attempted-recon; sid:200000239; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"angryezgames.com",nocase; classtype:attempted-recon; sid:200000240; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"anhduongjsc.com",nocase; classtype:attempted-recon; sid:200000241; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"anj-azakp.run.goorm.io",nocase; classtype:attempted-recon; sid:200000242; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"anjalijha167.github.io",nocase; classtype:attempted-recon; sid:200000243; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"anjayredit.duckdns.org",nocase; classtype:attempted-recon; sid:200000244; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"annacatania.com.mt",nocase; classtype:attempted-recon; sid:200000245; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"anon-keep-admin-keep.rvsla.workers.dev",nocase; classtype:attempted-recon; sid:200000246; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ansr.ro",nocase; classtype:attempted-recon; sid:200000247; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aolmailukhelplinecustomerservice.blogspot.com",nocase; classtype:attempted-recon; sid:200000248; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aolmailukhelplinecustomerservice.blogspot.com.au",nocase; classtype:attempted-recon; sid:200000249; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aolpoweredservice.duckdns.org",nocase; classtype:attempted-recon; sid:200000250; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aolverixon11dfd.weebly.com",nocase; classtype:attempted-recon; sid:200000251; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aolxperience.com",nocase; classtype:attempted-recon; sid:200000252; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"api-saisoncard-co-jp.o4ay8.net",nocase; classtype:attempted-recon; sid:200000253; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"api.florense.com.br",nocase; classtype:attempted-recon; sid:200000254; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"api.redirect-bentobot199.com",nocase; classtype:attempted-recon; sid:200000255; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"api.redirect-safebrowser-online.com",nocase; classtype:attempted-recon; sid:200000256; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"api.safe-directmail.com",nocase; classtype:attempted-recon; sid:200000257; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aplintec.com.mx",nocase; classtype:attempted-recon; sid:200000258; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app-928e4a31-5ecb-44ae-8c1e-5a710ac73f9f.cleverapps.io",nocase; classtype:attempted-recon; sid:200000259; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app-bombcrypto-io-login-ab.blogspot.com",nocase; classtype:attempted-recon; sid:200000260; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app-panckswp.xyz",nocase; classtype:attempted-recon; sid:200000261; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.bydn217.club",nocase; classtype:attempted-recon; sid:200000262; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.duel.network",nocase; classtype:attempted-recon; sid:200000263; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.fiiber.ca",nocase; classtype:attempted-recon; sid:200000264; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.moneylinecreditcorporation.com",nocase; classtype:attempted-recon; sid:200000265; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.skiff.org",nocase; classtype:attempted-recon; sid:200000266; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.sugarsync.com",nocase; classtype:attempted-recon; sid:200000267; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"appatualizecef.com",nocase; classtype:attempted-recon; sid:200000268; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"appibsolicitud.com",nocase; classtype:attempted-recon; sid:200000269; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"appleid-check.info",nocase; classtype:attempted-recon; sid:200000270; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"applepichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200000271; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"apply.aua.am",nocase; classtype:attempted-recon; sid:200000272; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"apps.mobile-form-verification40124572700208277579.xjzsg0tqkl-ewl6ngk8w352.p.runcloud.link",nocase; classtype:attempted-recon; sid:200000273; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"appttech.com",nocase; classtype:attempted-recon; sid:200000274; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aquaqualitas.com",nocase; classtype:attempted-recon; sid:200000275; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"arafathrumman.github.io",nocase; classtype:attempted-recon; sid:200000276; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"arcacg.com",nocase; classtype:attempted-recon; sid:200000277; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"archivio-supporto.sitoper.it",nocase; classtype:attempted-recon; sid:200000278; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"are.scicemecod.com",nocase; classtype:attempted-recon; sid:200000279; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"areueaom.gtpzcve.cn",nocase; classtype:attempted-recon; sid:200000280; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"areueaom.gtva.cn",nocase; classtype:attempted-recon; sid:200000281; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aromatic.webenliven.in",nocase; classtype:attempted-recon; sid:200000282; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"arthamahotels.com",nocase; classtype:attempted-recon; sid:200000283; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"artlux.com.pl",nocase; classtype:attempted-recon; sid:200000284; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"arub-service.org",nocase; classtype:attempted-recon; sid:200000285; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aruba.fatt.ids-sys.com",nocase; classtype:attempted-recon; sid:200000286; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"as.macecri.com",nocase; classtype:attempted-recon; sid:200000287; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"asaipestcontrol.com",nocase; classtype:attempted-recon; sid:200000288; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ascom.co.tz",nocase; classtype:attempted-recon; sid:200000289; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"asd.9sw53wk.cn",nocase; classtype:attempted-recon; sid:200000290; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"asgard-ampqy.run-us-west2.goorm.io",nocase; classtype:attempted-recon; sid:200000291; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"asimpwsh.com",nocase; classtype:attempted-recon; sid:200000292; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"asistentetramitadordigitalda.com",nocase; classtype:attempted-recon; sid:200000293; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"askarmotorluaraclar.com",nocase; classtype:attempted-recon; sid:200000294; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"asrefanavary.com",nocase; classtype:attempted-recon; sid:200000295; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"at-t-support-service1.sitey.me",nocase; classtype:attempted-recon; sid:200000296; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"at-t-yahoo.sitey.me",nocase; classtype:attempted-recon; sid:200000297; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"atento-fdi.plusoftomni.com.br",nocase; classtype:attempted-recon; sid:200000298; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ativacao-online73681.com",nocase; classtype:attempted-recon; sid:200000299; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"atnr76dxku336szy.clickfunnels.com",nocase; classtype:attempted-recon; sid:200000300; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"attcustomdesk.weebly.com",nocase; classtype:attempted-recon; sid:200000301; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"attinfoser.weebly.com",nocase; classtype:attempted-recon; sid:200000302; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"attonlinemanagementpage.weebly.com",nocase; classtype:attempted-recon; sid:200000303; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"attpage1121.weebly.com",nocase; classtype:attempted-recon; sid:200000304; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"atualizacao-online547864.com",nocase; classtype:attempted-recon; sid:200000305; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"atualizarmodolo.com",nocase; classtype:attempted-recon; sid:200000306; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"atulrathore-dev.github.io",nocase; classtype:attempted-recon; sid:200000307; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aurumship.com",nocase; classtype:attempted-recon; sid:200000308; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aushfew.tokyo",nocase; classtype:attempted-recon; sid:200000309; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aushotel.es",nocase; classtype:attempted-recon; sid:200000310; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"auth-task1-m.web.app",nocase; classtype:attempted-recon; sid:200000311; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"auth-webmailakeonetcom.yolasite.com",nocase; classtype:attempted-recon; sid:200000312; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"authorize-trustvallet-protocol.com",nocase; classtype:attempted-recon; sid:200000313; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"authorizewallet.app",nocase; classtype:attempted-recon; sid:200000314; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"authuxeehmutconjxmailssocl.web.app",nocase; classtype:attempted-recon; sid:200000315; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"authxntico.cc",nocase; classtype:attempted-recon; sid:200000316; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"autodiscover.ryder-dutton.co.uk",nocase; classtype:attempted-recon; sid:200000317; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"autoexprs.com",nocase; classtype:attempted-recon; sid:200000318; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"autoranplususeremailprocessingupdate.pages.dev",nocase; classtype:attempted-recon; sid:200000319; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"autoscurt24.de",nocase; classtype:attempted-recon; sid:200000320; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"autumn-sun-4a21.paqesads-scure.workers.dev",nocase; classtype:attempted-recon; sid:200000321; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"avrorganics.com",nocase; classtype:attempted-recon; sid:200000322; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"awesome-gates-8bdd6f.netlify.app",nocase; classtype:attempted-recon; sid:200000323; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ax.xiguw.workers.dev",nocase; classtype:attempted-recon; sid:200000324; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"axieinfinity-meta.com",nocase; classtype:attempted-recon; sid:200000325; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"axieinfinity-supportwallet.com",nocase; classtype:attempted-recon; sid:200000326; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"axlr.in",nocase; classtype:attempted-recon; sid:200000327; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ayguru.com",nocase; classtype:attempted-recon; sid:200000328; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"az.macecri.com",nocase; classtype:attempted-recon; sid:200000329; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"azb3s.cf",nocase; classtype:attempted-recon; sid:200000330; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"azmnsaz.000webhostapp.com",nocase; classtype:attempted-recon; sid:200000331; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"azmznonos_co_long.akys.shop",nocase; classtype:attempted-recon; sid:200000332; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"b.com.0cdb6084fc320a42a6418192753f5960.laremolonarestaurante.com",nocase; classtype:attempted-recon; sid:200000333; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"b059c86968a6427389952025bcee9886.svc.dynamics.com",nocase; classtype:attempted-recon; sid:200000334; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"b4e921f0.sso-mailsrvr-4344e5teed.pages.dev",nocase; classtype:attempted-recon; sid:200000335; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"b96f7f93.sibforms.com",nocase; classtype:attempted-recon; sid:200000336; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"b97bca39.srvr-cloudmail-srvr6754e5rte.pages.dev",nocase; classtype:attempted-recon; sid:200000337; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bacteralia.com",nocase; classtype:attempted-recon; sid:200000338; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"badnewswegewroighgserhhg.xyz",nocase; classtype:attempted-recon; sid:200000339; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bag-macben.eu",nocase; classtype:attempted-recon; sid:200000340; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bakhai.vn",nocase; classtype:attempted-recon; sid:200000341; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"balajihospital.net",nocase; classtype:attempted-recon; sid:200000342; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"balalabala090.diskstation.eu",nocase; classtype:attempted-recon; sid:200000343; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bamarfoundation.org",nocase; classtype:attempted-recon; sid:200000344; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"banca-electronica1.odoo.com",nocase; classtype:attempted-recon; sid:200000345; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaenlineal-interbark2.com",nocase; classtype:attempted-recon; sid:200000346; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporinternet-interbark.pcriot.com",nocase; classtype:attempted-recon; sid:200000347; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporinternet.interban.pe.magictourscancun.com",nocase; classtype:attempted-recon; sid:200000348; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporinternet.interbrnpe.com",nocase; classtype:attempted-recon; sid:200000349; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporinternet.lnterbank.pronductos.com",nocase; classtype:attempted-recon; sid:200000350; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporinternetinterbank.pe-promocion.app",nocase; classtype:attempted-recon; sid:200000351; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporintrnet.interbnkperu.es",nocase; classtype:attempted-recon; sid:200000352; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporlnternetlnterbarnk.dominandoagestao.com.br",nocase; classtype:attempted-recon; sid:200000353; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporlnternetlnterbarnk.infinitegoldjewelry.com",nocase; classtype:attempted-recon; sid:200000354; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporlnternetlnterbarnk.jifad.org",nocase; classtype:attempted-recon; sid:200000355; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporlnternetlnterbarnk.libertycanais.com.br",nocase; classtype:attempted-recon; sid:200000356; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancoiinng.site44.com",nocase; classtype:attempted-recon; sid:200000357; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancooccidentalb.com",nocase; classtype:attempted-recon; sid:200000358; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bank-id.pl",nocase; classtype:attempted-recon; sid:200000359; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bankapolska.com",nocase; classtype:attempted-recon; sid:200000360; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"banki0wa.us",nocase; classtype:attempted-recon; sid:200000361; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bankocaoffo.webcindario.com",nocase; classtype:attempted-recon; sid:200000362; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bankofamer86.ddns.net",nocase; classtype:attempted-recon; sid:200000363; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bannerbank.control-inc.com",nocase; classtype:attempted-recon; sid:200000364; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bannerchampnyc.com",nocase; classtype:attempted-recon; sid:200000365; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"banproseguridadasistenteenlineanic.webnode.es",nocase; classtype:attempted-recon; sid:200000366; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"banqsuepoy.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200000367; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"baradua.it",nocase; classtype:attempted-recon; sid:200000368; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"battlelastmont.cyou",nocase; classtype:attempted-recon; sid:200000369; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bc1.paiementervice.com",nocase; classtype:attempted-recon; sid:200000370; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bconclutmjy.ru",nocase; classtype:attempted-recon; sid:200000371; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bcp-marketing.com",nocase; classtype:attempted-recon; sid:200000372; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bcpzonaseguirabeta.com",nocase; classtype:attempted-recon; sid:200000373; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"be-home.web.do",nocase; classtype:attempted-recon; sid:200000374; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bearmybrand.com",nocase; classtype:attempted-recon; sid:200000375; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"beast-blog.com",nocase; classtype:attempted-recon; sid:200000376; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"beibys.com.br",nocase; classtype:attempted-recon; sid:200000377; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"beijing.vfzfy1v.cn",nocase; classtype:attempted-recon; sid:200000378; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"belovedaroma.com",nocase; classtype:attempted-recon; sid:200000379; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bendmytrend.com",nocase; classtype:attempted-recon; sid:200000380; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"berketurizm.com",nocase; classtype:attempted-recon; sid:200000381; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"beupdatedmust.pricesrakutenlogin.buzz",nocase; classtype:attempted-recon; sid:200000382; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bexwebmailupdate.web.app",nocase; classtype:attempted-recon; sid:200000383; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"beyondsmiles.co.in",nocase; classtype:attempted-recon; sid:200000384; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bghgcd.psuxscm.cn",nocase; classtype:attempted-recon; sid:200000385; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bharathi1809.github.io",nocase; classtype:attempted-recon; sid:200000386; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhavin0077.github.io",nocase; classtype:attempted-recon; sid:200000387; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhddf.uwe6ui0.cn",nocase; classtype:attempted-recon; sid:200000388; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhdf.bdc9985.cn",nocase; classtype:attempted-recon; sid:200000389; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhdf.ryhk63.cn",nocase; classtype:attempted-recon; sid:200000390; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhdf.t18v2kr.cn",nocase; classtype:attempted-recon; sid:200000391; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhdf.y0ai5w8.cn",nocase; classtype:attempted-recon; sid:200000392; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhgcd.8h391um.cn",nocase; classtype:attempted-recon; sid:200000393; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhgcxz.00e5gfu.cn",nocase; classtype:attempted-recon; sid:200000394; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhgd.48ud0ez.cn",nocase; classtype:attempted-recon; sid:200000395; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhgdd.qlljdgs.cn",nocase; classtype:attempted-recon; sid:200000396; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhgxa.eo76sni.cn",nocase; classtype:attempted-recon; sid:200000397; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhhcd.9bzuw49.cn",nocase; classtype:attempted-recon; sid:200000398; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhhxaa.123qi7b.cn",nocase; classtype:attempted-recon; sid:200000399; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhxas.rb0xts7.cn",nocase; classtype:attempted-recon; sid:200000400; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhxdd.2hllf8x.cn",nocase; classtype:attempted-recon; sid:200000401; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bicicentroslezama.com",nocase; classtype:attempted-recon; sid:200000402; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"biedronka-news.biz",nocase; classtype:attempted-recon; sid:200000403; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"biedronka-news.us",nocase; classtype:attempted-recon; sid:200000404; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"biedronkainvest.biz",nocase; classtype:attempted-recon; sid:200000405; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bienlinea.com",nocase; classtype:attempted-recon; sid:200000406; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bijoycity.com",nocase; classtype:attempted-recon; sid:200000407; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bilacintatakk.institute-pagess.workers.dev",nocase; classtype:attempted-recon; sid:200000408; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bilasajaterjadii.institute-pagess.workers.dev",nocase; classtype:attempted-recon; sid:200000409; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"billingfailure-o2.com",nocase; classtype:attempted-recon; sid:200000410; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bioenergyevitalite.com",nocase; classtype:attempted-recon; sid:200000411; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"birlacitywaterpark.com",nocase; classtype:attempted-recon; sid:200000412; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bisanew.20931.repl.co",nocase; classtype:attempted-recon; sid:200000413; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"biswap.fm",nocase; classtype:attempted-recon; sid:200000414; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"biswapdapp.org",nocase; classtype:attempted-recon; sid:200000415; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitbaink.web.app",nocase; classtype:attempted-recon; sid:200000416; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitflye87.com",nocase; classtype:attempted-recon; sid:200000417; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitflyerfr.cc",nocase; classtype:attempted-recon; sid:200000418; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bithunnb.web.app",nocase; classtype:attempted-recon; sid:200000419; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitmexinc.com",nocase; classtype:attempted-recon; sid:200000420; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitso.cm",nocase; classtype:attempted-recon; sid:200000421; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitsrflyer.com",nocase; classtype:attempted-recon; sid:200000422; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bizlinktek.com",nocase; classtype:attempted-recon; sid:200000423; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bizzcityinfo.com",nocase; classtype:attempted-recon; sid:200000424; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blanchevetements.com",nocase; classtype:attempted-recon; sid:200000425; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blllsoth.weebly.com",nocase; classtype:attempted-recon; sid:200000426; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blockchain-fix.org",nocase; classtype:attempted-recon; sid:200000427; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blockchainwallet-tool.com",nocase; classtype:attempted-recon; sid:200000428; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blocks.rn86.ru",nocase; classtype:attempted-recon; sid:200000429; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blog.booxium.com",nocase; classtype:attempted-recon; sid:200000430; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blog.drmostafafouadivf.com",nocase; classtype:attempted-recon; sid:200000431; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blog.storrea.com",nocase; classtype:attempted-recon; sid:200000432; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blog.visionconsulting.ro",nocase; classtype:attempted-recon; sid:200000433; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blog.weiwanjia.com",nocase; classtype:attempted-recon; sid:200000434; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blowfish-ltd.co.uk",nocase; classtype:attempted-recon; sid:200000435; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blslightinginc.com",nocase; classtype:attempted-recon; sid:200000436; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bmcporlnternet.lnterbamkpe.extracaslh.shop",nocase; classtype:attempted-recon; sid:200000437; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bn-seguridadperu.com",nocase; classtype:attempted-recon; sid:200000438; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bnconacional.odoo.com",nocase; classtype:attempted-recon; sid:200000439; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bncre.odoo.com",nocase; classtype:attempted-recon; sid:200000440; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bncxz.9wx9b27.cn",nocase; classtype:attempted-recon; sid:200000441; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bndigitalpersonas.com",nocase; classtype:attempted-recon; sid:200000442; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bnpparibas-pl.mob-app.xyz",nocase; classtype:attempted-recon; sid:200000443; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"boaupdate.bfaoscr.com",nocase; classtype:attempted-recon; sid:200000444; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bogdonovlerer.com",nocase; classtype:attempted-recon; sid:200000445; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bogged-finance.com",nocase; classtype:attempted-recon; sid:200000446; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bokgabanesolutions.co.za",nocase; classtype:attempted-recon; sid:200000447; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bookfbs.evangsamuelministries.com",nocase; classtype:attempted-recon; sid:200000448; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"boxes.com.py",nocase; classtype:attempted-recon; sid:200000449; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"br4.in",nocase; classtype:attempted-recon; sid:200000450; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"br622.teste.website",nocase; classtype:attempted-recon; sid:200000451; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brave-knuth-96d329.netlify.app",nocase; classtype:attempted-recon; sid:200000452; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"breople.com",nocase; classtype:attempted-recon; sid:200000453; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brigida_cossette.gitlab.io",nocase; classtype:attempted-recon; sid:200000454; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooks-forrunning.top",nocase; classtype:attempted-recon; sid:200000455; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooks-justforjogging.top",nocase; classtype:attempted-recon; sid:200000456; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooks-move.top",nocase; classtype:attempted-recon; sid:200000457; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooks-ooke.top",nocase; classtype:attempted-recon; sid:200000458; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooks-runfarther.top",nocase; classtype:attempted-recon; sid:200000459; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooks-xsdaodab.top",nocase; classtype:attempted-recon; sid:200000460; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooks-xsdauofc.top",nocase; classtype:attempted-recon; sid:200000461; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooks-xsgdfaja.top",nocase; classtype:attempted-recon; sid:200000462; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooks1984.shop",nocase; classtype:attempted-recon; sid:200000463; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksair.top",nocase; classtype:attempted-recon; sid:200000464; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksale.top",nocase; classtype:attempted-recon; sid:200000465; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksboom.top",nocase; classtype:attempted-recon; sid:200000466; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksdiscount.top",nocase; classtype:attempted-recon; sid:200000467; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksnewmethod.top",nocase; classtype:attempted-recon; sid:200000468; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksnewsports.top",nocase; classtype:attempted-recon; sid:200000469; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksprime.top",nocase; classtype:attempted-recon; sid:200000470; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksrevel.top",nocase; classtype:attempted-recon; sid:200000471; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksrunble.top",nocase; classtype:attempted-recon; sid:200000472; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksrunshoeshopping.top",nocase; classtype:attempted-recon; sid:200000473; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksshopsft.top",nocase; classtype:attempted-recon; sid:200000474; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brookssoft.top",nocase; classtype:attempted-recon; sid:200000475; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bruno-genthial.mykajabi.com",nocase; classtype:attempted-recon; sid:200000476; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bt-108665.square.site",nocase; classtype:attempted-recon; sid:200000477; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"btbusinessbilling.wordpress.com",nocase; classtype:attempted-recon; sid:200000478; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"btclickpreview365pdf.1msite.eu",nocase; classtype:attempted-recon; sid:200000479; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"btconnect-109798.square.site",nocase; classtype:attempted-recon; sid:200000480; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"btconnectfilesecurebthomelogindropboxinupdatetdropboxpdf-logss.yolasite.com",nocase; classtype:attempted-recon; sid:200000481; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"btconnectfilesecurebthomelogindropboxlinkupdatetdropboxpdf-logs.yolasite.com",nocase; classtype:attempted-recon; sid:200000482; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"btconnectfilesecurebthomeloginpdropboxupdatepdf-logsssss-websit.yolasite.com",nocase; classtype:attempted-recon; sid:200000483; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"btconnectfilesecurebthomesloginpdropboxupdatepdf-logsssss-websi.yolasite.com",nocase; classtype:attempted-recon; sid:200000484; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bthak.com",nocase; classtype:attempted-recon; sid:200000485; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"btinfoldddasasa.weebly.com",nocase; classtype:attempted-recon; sid:200000486; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bttelecommunicatiiion.weebly.com",nocase; classtype:attempted-recon; sid:200000487; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"budrimon.xyz",nocase; classtype:attempted-recon; sid:200000488; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"builmon.xyz",nocase; classtype:attempted-recon; sid:200000489; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bujikena.web.app",nocase; classtype:attempted-recon; sid:200000490; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bundel-cobragratis2022.duckdns.org",nocase; classtype:attempted-recon; sid:200000491; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"busanopen.org",nocase; classtype:attempted-recon; sid:200000492; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-action-copyright11022.web.app",nocase; classtype:attempted-recon; sid:200000493; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-action-page129591.web.app",nocase; classtype:attempted-recon; sid:200000494; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-appeal-copyright8211.web.app",nocase; classtype:attempted-recon; sid:200000495; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-appeal-form-18222.web.app",nocase; classtype:attempted-recon; sid:200000496; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-copyright-alert100821.web.app",nocase; classtype:attempted-recon; sid:200000497; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-copyright-alert198082.web.app",nocase; classtype:attempted-recon; sid:200000498; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-copyright-alert19882.web.app",nocase; classtype:attempted-recon; sid:200000499; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-copyright-detected920.web.app",nocase; classtype:attempted-recon; sid:200000500; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-page-content125882.web.app",nocase; classtype:attempted-recon; sid:200000501; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-required-helpcenter82.web.app",nocase; classtype:attempted-recon; sid:200000502; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-required-info188221.web.app",nocase; classtype:attempted-recon; sid:200000503; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"businessemailss.biz",nocase; classtype:attempted-recon; sid:200000504; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bussines.messages-redirect-to-page.e37uezyquk-rz83y0rwz4d7.p.runcloud.link",nocase; classtype:attempted-recon; sid:200000505; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"buyelectronicsnyc.com",nocase; classtype:attempted-recon; sid:200000506; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"c.curiousmorty.be",nocase; classtype:attempted-recon; sid:200000507; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"c.jardindemiedo.es",nocase; classtype:attempted-recon; sid:200000508; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"c.loveawaits.be",nocase; classtype:attempted-recon; sid:200000509; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"c.mail.com",nocase; classtype:attempted-recon; sid:200000510; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"c0m-r51znzlh8i.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000511; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"c10012022j.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200000512; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"c1christine.tjelmeland2e.cso.gov.tt",nocase; classtype:attempted-recon; sid:200000513; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"c2dc5b99.chgmar.pages.dev",nocase; classtype:attempted-recon; sid:200000514; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"c6ebv708.caspio.com",nocase; classtype:attempted-recon; sid:200000515; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cabsiler.com",nocase; classtype:attempted-recon; sid:200000516; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cache.nebula.phx3.secureserver.net",nocase; classtype:attempted-recon; sid:200000517; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cadeau-orange.fr",nocase; classtype:attempted-recon; sid:200000518; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"caixaseguradora.quadientcloud.com",nocase; classtype:attempted-recon; sid:200000519; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cakesbyannemotha.com",nocase; classtype:attempted-recon; sid:200000520; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cammymiller.com",nocase; classtype:attempted-recon; sid:200000521; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"canadapost.reschedule.online.portal.services.parcel01868972.mh-group.net",nocase; classtype:attempted-recon; sid:200000522; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cann-life.com",nocase; classtype:attempted-recon; sid:200000523; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cannellandcoflooring.co.uk",nocase; classtype:attempted-recon; sid:200000524; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"capservice.online",nocase; classtype:attempted-recon; sid:200000525; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"caracasmateriais.blogspot.com",nocase; classtype:attempted-recon; sid:200000526; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"carpediemxp.com",nocase; classtype:attempted-recon; sid:200000527; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"carry.reduxservices.com",nocase; classtype:attempted-recon; sid:200000528; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"carservicessaupdate.xyz",nocase; classtype:attempted-recon; sid:200000529; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cartamorin-geometres.fr",nocase; classtype:attempted-recon; sid:200000530; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"carwash.tv",nocase; classtype:attempted-recon; sid:200000531; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"casbygroup.com",nocase; classtype:attempted-recon; sid:200000532; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"caseforpage1003496539563.web.app",nocase; classtype:attempted-recon; sid:200000533; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"catalogue-orange.com",nocase; classtype:attempted-recon; sid:200000534; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cateringfoodanddrinksupplies777.business.site",nocase; classtype:attempted-recon; sid:200000535; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"catus.cat",nocase; classtype:attempted-recon; sid:200000536; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"caycos.beispielseite-wmka.de",nocase; classtype:attempted-recon; sid:200000537; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"caymanreno.com",nocase; classtype:attempted-recon; sid:200000538; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cbmonlinegroups.com",nocase; classtype:attempted-recon; sid:200000539; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cc.scicemecod.com",nocase; classtype:attempted-recon; sid:200000540; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ccjrlaw.com",nocase; classtype:attempted-recon; sid:200000541; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cdas.nxzigco.cn",nocase; classtype:attempted-recon; sid:200000542; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cdsoa.wuefyta.cn",nocase; classtype:attempted-recon; sid:200000543; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ce33312.tmweb.ru",nocase; classtype:attempted-recon; sid:200000544; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cekpointfacebook.wixsite.com",nocase; classtype:attempted-recon; sid:200000545; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"celikoglumakina.com",nocase; classtype:attempted-recon; sid:200000546; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cellfunworld.com",nocase; classtype:attempted-recon; sid:200000547; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cema-fossano.it",nocase; classtype:attempted-recon; sid:200000548; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"centralconsulta.link",nocase; classtype:attempted-recon; sid:200000549; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"centre1.bubbleapps.io",nocase; classtype:attempted-recon; sid:200000550; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ceresgulf.com",nocase; classtype:attempted-recon; sid:200000551; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"certifica-montepaschii.com",nocase; classtype:attempted-recon; sid:200000552; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chalokradocallkakuch.azurewebsites.net",nocase; classtype:attempted-recon; sid:200000553; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"changenotification.pricesamazonlogincard.monster",nocase; classtype:attempted-recon; sid:200000554; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"charperimagedesign.com",nocase; classtype:attempted-recon; sid:200000555; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chat-whatasapp.com",nocase; classtype:attempted-recon; sid:200000556; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chat-whatsaap99.duckdns.org",nocase; classtype:attempted-recon; sid:200000557; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chat-whatsapp-com-go8i7q-qregrabc-ibuxub.duckdns.org",nocase; classtype:attempted-recon; sid:200000558; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chat-whatsapp-group-2022.duckdns.org",nocase; classtype:attempted-recon; sid:200000559; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chat-whatsapp-grupo-invitacion.blogspot.com",nocase; classtype:attempted-recon; sid:200000560; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill1.web.app",nocase; classtype:attempted-recon; sid:200000561; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill10.web.app",nocase; classtype:attempted-recon; sid:200000562; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill11.web.app",nocase; classtype:attempted-recon; sid:200000563; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill12.web.app",nocase; classtype:attempted-recon; sid:200000564; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill13.web.app",nocase; classtype:attempted-recon; sid:200000565; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill14.web.app",nocase; classtype:attempted-recon; sid:200000566; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill15.web.app",nocase; classtype:attempted-recon; sid:200000567; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill17.web.app",nocase; classtype:attempted-recon; sid:200000568; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill18.web.app",nocase; classtype:attempted-recon; sid:200000569; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill19.web.app",nocase; classtype:attempted-recon; sid:200000570; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill2.web.app",nocase; classtype:attempted-recon; sid:200000571; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill20.web.app",nocase; classtype:attempted-recon; sid:200000572; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill21.web.app",nocase; classtype:attempted-recon; sid:200000573; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill22.web.app",nocase; classtype:attempted-recon; sid:200000574; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill23.web.app",nocase; classtype:attempted-recon; sid:200000575; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill24.web.app",nocase; classtype:attempted-recon; sid:200000576; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill25.web.app",nocase; classtype:attempted-recon; sid:200000577; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill3.web.app",nocase; classtype:attempted-recon; sid:200000578; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill4.web.app",nocase; classtype:attempted-recon; sid:200000579; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill5.web.app",nocase; classtype:attempted-recon; sid:200000580; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill6.web.app",nocase; classtype:attempted-recon; sid:200000581; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill7.web.app",nocase; classtype:attempted-recon; sid:200000582; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill8.web.app",nocase; classtype:attempted-recon; sid:200000583; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill9.web.app",nocase; classtype:attempted-recon; sid:200000584; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"checkkeyvip.000webhostapp.com",nocase; classtype:attempted-recon; sid:200000585; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"checkverifymyatt.weebly.com",nocase; classtype:attempted-recon; sid:200000586; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chefsenaccion.org",nocase; classtype:attempted-recon; sid:200000587; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chikkuthomas.github.io",nocase; classtype:attempted-recon; sid:200000588; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chinmayavidyalayarspuram.com",nocase; classtype:attempted-recon; sid:200000589; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chiragrajoria.github.io",nocase; classtype:attempted-recon; sid:200000590; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chois.jp",nocase; classtype:attempted-recon; sid:200000591; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"christienstudystl.wixsite.com",nocase; classtype:attempted-recon; sid:200000592; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"christmas-dhl-express-delvr.hopekosmos.com",nocase; classtype:attempted-recon; sid:200000593; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chtbnk.uk",nocase; classtype:attempted-recon; sid:200000594; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chutomen.com",nocase; classtype:attempted-recon; sid:200000595; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ciiusea.com",nocase; classtype:attempted-recon; sid:200000596; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cinemaleftech.com",nocase; classtype:attempted-recon; sid:200000597; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"citagestionenlineabn.com",nocase; classtype:attempted-recon; sid:200000598; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"city-of-jazz.de",nocase; classtype:attempted-recon; sid:200000599; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ckwgruppe.service-now.com",nocase; classtype:attempted-recon; sid:200000600; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"claiimdiamondgratis84.duckdns.org",nocase; classtype:attempted-recon; sid:200000601; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"claim-event-freefire-garena-oldfree-a4.duckdns.org",nocase; classtype:attempted-recon; sid:200000602; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"claim-skingratis-mobailegends161.duckdns.org",nocase; classtype:attempted-recon; sid:200000603; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"claimgratisff2022.duckdns.org",nocase; classtype:attempted-recon; sid:200000604; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"claims-funds-enczj.run-us-west2.goorm.io",nocase; classtype:attempted-recon; sid:200000605; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"claimseventmlbb.duckdns.org",nocase; classtype:attempted-recon; sid:200000606; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"claimshopee.yolasite.com",nocase; classtype:attempted-recon; sid:200000607; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"claro-link.brsafe.com.br",nocase; classtype:attempted-recon; sid:200000608; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"claus.bz",nocase; classtype:attempted-recon; sid:200000609; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"clefman.cl",nocase; classtype:attempted-recon; sid:200000610; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"click-here-help.in",nocase; classtype:attempted-recon; sid:200000611; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"client-support-page.com",nocase; classtype:attempted-recon; sid:200000612; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"clientid-h5p8n7f9e6fbmkhbr3i4gbnia7e9zpts4nbk3ebk0zj625t2ol.website.yandexcloud.net",nocase; classtype:attempted-recon; sid:200000613; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"clientid-ij66191jgbm96ujp40bz1gzmpc8iquhoff3ocmbrzs6g5i89t0.website.yandexcloud.net",nocase; classtype:attempted-recon; sid:200000614; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"clients.devtux.com",nocase; classtype:attempted-recon; sid:200000615; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"clone-7473c.web.app",nocase; classtype:attempted-recon; sid:200000616; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"closingdocs9480.myportfolio.com",nocase; classtype:attempted-recon; sid:200000617; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cloud-object-storage-o9-cos-static-web-hocsx2.pages.dev",nocase; classtype:attempted-recon; sid:200000618; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cloud.go4clients.com",nocase; classtype:attempted-recon; sid:200000619; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cloud102.hostgator.com",nocase; classtype:attempted-recon; sid:200000620; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"clouddoc-authorize.firebaseapp.com",nocase; classtype:attempted-recon; sid:200000621; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cloudflare-rbnuo.run.goorm.io",nocase; classtype:attempted-recon; sid:200000622; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cloudshare-account-auth.firebaseapp.com",nocase; classtype:attempted-recon; sid:200000623; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cloudtracker.com.br",nocase; classtype:attempted-recon; sid:200000624; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"club.quomodo.com",nocase; classtype:attempted-recon; sid:200000625; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"clubeamigosdopedrosegundo.com.br",nocase; classtype:attempted-recon; sid:200000626; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cms.time-investments.com",nocase; classtype:attempted-recon; sid:200000627; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cnbxa.1of2o6k.cn",nocase; classtype:attempted-recon; sid:200000628; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cner283829.odoo.com",nocase; classtype:attempted-recon; sid:200000629; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cninflables.com",nocase; classtype:attempted-recon; sid:200000630; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.azoynfq.cn",nocase; classtype:attempted-recon; sid:200000631; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.bh1fgg1.cn",nocase; classtype:attempted-recon; sid:200000632; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.bzkgfzj.cn",nocase; classtype:attempted-recon; sid:200000633; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.clblrvh.cn",nocase; classtype:attempted-recon; sid:200000634; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.csfknas.cn",nocase; classtype:attempted-recon; sid:200000635; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.daailrf.cn",nocase; classtype:attempted-recon; sid:200000636; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.eiatphe.cn",nocase; classtype:attempted-recon; sid:200000637; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.fjzzgxx.cn",nocase; classtype:attempted-recon; sid:200000638; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.fxdwtxc.cn",nocase; classtype:attempted-recon; sid:200000639; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.ghemivv.cn",nocase; classtype:attempted-recon; sid:200000640; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.hivbdco.cn",nocase; classtype:attempted-recon; sid:200000641; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.iiaqjrp.cn",nocase; classtype:attempted-recon; sid:200000642; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.rkrabsk.cn",nocase; classtype:attempted-recon; sid:200000643; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.rqqidd.cn",nocase; classtype:attempted-recon; sid:200000644; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.rukbcga.cn",nocase; classtype:attempted-recon; sid:200000645; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.sefdvsi.cn",nocase; classtype:attempted-recon; sid:200000646; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.tezkkbp.cn",nocase; classtype:attempted-recon; sid:200000647; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.ztxzzup.cn",nocase; classtype:attempted-recon; sid:200000648; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"codwarzonemobile.com",nocase; classtype:attempted-recon; sid:200000649; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev",nocase; classtype:attempted-recon; sid:200000650; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"collab-land.net",nocase; classtype:attempted-recon; sid:200000651; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"collabland.info",nocase; classtype:attempted-recon; sid:200000652; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"collablandfi.com",nocase; classtype:attempted-recon; sid:200000653; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"colorfastinv.com",nocase; classtype:attempted-recon; sid:200000654; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"com-3z9m3j9qhp.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000655; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"com-4tfgonrlym.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000656; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"com-dnq84vac.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000657; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"com-h3v9t9zycu.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000658; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"com-l5tpetwb.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000659; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"com-mm2ai86orr.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000660; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"com-r51znzlh8i.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000661; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"com-sauuvazpjo.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000662; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"com-ugsyk69nqb.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000663; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"comefuck.co",nocase; classtype:attempted-recon; sid:200000664; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"community.fb-pages-01138913366342885284.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link",nocase; classtype:attempted-recon; sid:200000665; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"community.fb-pages-28202553629866144006.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link",nocase; classtype:attempted-recon; sid:200000666; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"community.fb-pages-44883444930165123303.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link",nocase; classtype:attempted-recon; sid:200000667; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"completeegali.webcindario.com",nocase; classtype:attempted-recon; sid:200000668; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"comunicazione-europe.net",nocase; classtype:attempted-recon; sid:200000669; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"comunity-isue-ideent-andromeda-29.web.id",nocase; classtype:attempted-recon; sid:200000670; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"comunity-isue-ideent-andromeda-33.web.id",nocase; classtype:attempted-recon; sid:200000671; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"comunity-isue-ideent-andromeda-88.web.id",nocase; classtype:attempted-recon; sid:200000672; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"con-firma.firebaseapp.com",nocase; classtype:attempted-recon; sid:200000673; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"confirming-pages-idntitysupport.web.id",nocase; classtype:attempted-recon; sid:200000674; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"congresosba.com.ar",nocase; classtype:attempted-recon; sid:200000675; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"conhecaonlinedigital.com.br",nocase; classtype:attempted-recon; sid:200000676; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"connect.au-login.0662smt.com",nocase; classtype:attempted-recon; sid:200000677; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"connectwallet.me",nocase; classtype:attempted-recon; sid:200000678; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"conoscofaturahiiiper.com",nocase; classtype:attempted-recon; sid:200000679; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"consultavirtuai.bieah.com",nocase; classtype:attempted-recon; sid:200000680; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"contabilidaderabello.com.br",nocase; classtype:attempted-recon; sid:200000681; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"contact2acceptpoilcyverifingyouracceptancemailfullinbox.pages.dev",nocase; classtype:attempted-recon; sid:200000682; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"contapessoal.digital",nocase; classtype:attempted-recon; sid:200000683; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"content.av1.com.au",nocase; classtype:attempted-recon; sid:200000684; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"content.edgerockwealth.com",nocase; classtype:attempted-recon; sid:200000685; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"content.meetmagic.org",nocase; classtype:attempted-recon; sid:200000686; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"continentepecas.com",nocase; classtype:attempted-recon; sid:200000687; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"contratodeparceria.com.br",nocase; classtype:attempted-recon; sid:200000688; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"controlpichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200000689; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"copyright-center-live.ml",nocase; classtype:attempted-recon; sid:200000690; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"corl-inv.web.app",nocase; classtype:attempted-recon; sid:200000691; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"correosdemexico-web.com",nocase; classtype:attempted-recon; sid:200000692; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"corta.ai",nocase; classtype:attempted-recon; sid:200000693; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cosemu.com",nocase; classtype:attempted-recon; sid:200000694; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cottonwooddentalg.nimbusweb.me",nocase; classtype:attempted-recon; sid:200000695; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"courtcase.co.in",nocase; classtype:attempted-recon; sid:200000696; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"covid-foyyn.run-us-west2.goorm.io",nocase; classtype:attempted-recon; sid:200000697; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cox0.yolasite.com",nocase; classtype:attempted-recon; sid:200000698; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cp.digitalprocurements.co.uk",nocase; classtype:attempted-recon; sid:200000699; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cp45362.tmweb.ru",nocase; classtype:attempted-recon; sid:200000700; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cpanel10wh.bkk1.cloud.z.com",nocase; classtype:attempted-recon; sid:200000701; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cr24185.tmweb.ru",nocase; classtype:attempted-recon; sid:200000702; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"crackfreekey.com",nocase; classtype:attempted-recon; sid:200000703; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cranetech.com.br",nocase; classtype:attempted-recon; sid:200000704; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creatorsverificationandsafetybusiness.co.vu",nocase; classtype:attempted-recon; sid:200000705; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"credcloud-object-storage-o9-cos-static-web-hocsd3d.pages.dev",nocase; classtype:attempted-recon; sid:200000706; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"credicorp-capital.net",nocase; classtype:attempted-recon; sid:200000707; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"credicorpfiduciariasa.com",nocase; classtype:attempted-recon; sid:200000708; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"credifinanciera.didacsis.com",nocase; classtype:attempted-recon; sid:200000709; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"crediserfinanza.com",nocase; classtype:attempted-recon; sid:200000710; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"credita302.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200000711; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creditagricole-sudrhonealpes.blogspot.ba",nocase; classtype:attempted-recon; sid:200000712; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creditagricole-sudrhonealpes.blogspot.com",nocase; classtype:attempted-recon; sid:200000713; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creditagricole-sudrhonealpes.blogspot.ro",nocase; classtype:attempted-recon; sid:200000714; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creditinternationalbank.com",nocase; classtype:attempted-recon; sid:200000715; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creditiperhabbogratissicuro100.blogspot.it",nocase; classtype:attempted-recon; sid:200000716; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cresvin.com",nocase; classtype:attempted-recon; sid:200000717; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"criticalcarevizag.com",nocase; classtype:attempted-recon; sid:200000718; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cryptocars-plays.buzz",nocase; classtype:attempted-recon; sid:200000719; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cryptocarsme.com",nocase; classtype:attempted-recon; sid:200000720; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cryptscars-logs.com",nocase; classtype:attempted-recon; sid:200000721; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cryqtocars.me",nocase; classtype:attempted-recon; sid:200000722; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cuans.bkaamiv.cn",nocase; classtype:attempted-recon; sid:200000723; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"currentlyupgrade.mystrikingly.com",nocase; classtype:attempted-recon; sid:200000724; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cxasd.easghbl.cn",nocase; classtype:attempted-recon; sid:200000725; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cxnbas.nmkbmqk.cn",nocase; classtype:attempted-recon; sid:200000726; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cxuahs.1wc9bxm.cn",nocase; classtype:attempted-recon; sid:200000727; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cyna.rkpmage.cn",nocase; classtype:attempted-recon; sid:200000728; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cyqsnwx.cn",nocase; classtype:attempted-recon; sid:200000729; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"czechposta-cz.cz.swtest.ru",nocase; classtype:attempted-recon; sid:200000730; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"czvon.4fan.cz",nocase; classtype:attempted-recon; sid:200000731; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"czxasd.3ot975v.cn",nocase; classtype:attempted-recon; sid:200000732; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"d.app32150.xyz",nocase; classtype:attempted-recon; sid:200000733; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"d18gc1ytkdv37u.cloudfront.net",nocase; classtype:attempted-recon; sid:200000734; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"d2aae6a6.srvr-cloudmail-srvr675eu6r.pages.dev",nocase; classtype:attempted-recon; sid:200000735; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"d3ncuwwrr82.typeform.com",nocase; classtype:attempted-recon; sid:200000736; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"daatahomes.com",nocase; classtype:attempted-recon; sid:200000737; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"damp-f43e.recovery-page-secur.workers.dev",nocase; classtype:attempted-recon; sid:200000738; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"danitraseoexperts.com",nocase; classtype:attempted-recon; sid:200000739; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dapponlines.com",nocase; classtype:attempted-recon; sid:200000740; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dappscoins.com",nocase; classtype:attempted-recon; sid:200000741; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dappsiconnect.com",nocase; classtype:attempted-recon; sid:200000742; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dappsmainnetverify.com",nocase; classtype:attempted-recon; sid:200000743; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dappswalletapp.org",nocase; classtype:attempted-recon; sid:200000744; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dappswalletliveauthenticate.com",nocase; classtype:attempted-recon; sid:200000745; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dasd.atio2tq.cn",nocase; classtype:attempted-recon; sid:200000746; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"date-on-14-01.totaltrackingimproveupscanada.com",nocase; classtype:attempted-recon; sid:200000747; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"datos-pichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200000748; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"davidshopeaz.org",nocase; classtype:attempted-recon; sid:200000749; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"daycoval.contrato.srv.br",nocase; classtype:attempted-recon; sid:200000750; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"daycoval.facildepagar.com.br",nocase; classtype:attempted-recon; sid:200000751; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"db-web-client.com",nocase; classtype:attempted-recon; sid:200000752; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dbesmdcjzturhizszllesbthsn-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200000753; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dbkuzwes.online",nocase; classtype:attempted-recon; sid:200000754; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dbs-interrnet.online",nocase; classtype:attempted-recon; sid:200000755; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dbs.limited",nocase; classtype:attempted-recon; sid:200000756; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dbs.webdbslistinonline.com",nocase; classtype:attempted-recon; sid:200000757; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dbw.gr",nocase; classtype:attempted-recon; sid:200000758; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dcm1.ae.iwc.static.tungmung.co.id",nocase; classtype:attempted-recon; sid:200000759; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dd90001.github.io",nocase; classtype:attempted-recon; sid:200000760; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"de.eurohome.civ.pl",nocase; classtype:attempted-recon; sid:200000761; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"de22c9kukppr.clickfunnels.com",nocase; classtype:attempted-recon; sid:200000762; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"deactivemsnon-8k98-l9k8-98j8-98j78u.pages.dev",nocase; classtype:attempted-recon; sid:200000763; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"deborahholland.net",nocase; classtype:attempted-recon; sid:200000764; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"debuil.xyz",nocase; classtype:attempted-recon; sid:200000765; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"declicgestion.fr",nocase; classtype:attempted-recon; sid:200000766; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"decorcenter.com.pe",nocase; classtype:attempted-recon; sid:200000767; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dejpaad.com",nocase; classtype:attempted-recon; sid:200000768; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"delacproperties.com.mx",nocase; classtype:attempted-recon; sid:200000769; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"delezhen.mashalezhen.com",nocase; classtype:attempted-recon; sid:200000770; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"delhiescort69.com",nocase; classtype:attempted-recon; sid:200000771; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"deltaairlinecourier.com",nocase; classtype:attempted-recon; sid:200000772; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"demallplot-tra.web.app",nocase; classtype:attempted-recon; sid:200000773; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"demiregalos.com.ar",nocase; classtype:attempted-recon; sid:200000774; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"demo.bradescocontrol.vertitecnologia.com.br",nocase; classtype:attempted-recon; sid:200000775; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"demo2.cloudwp.dev",nocase; classtype:attempted-recon; sid:200000776; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"denuihuongson.com.vn",nocase; classtype:attempted-recon; sid:200000777; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"deportesartiza.com",nocase; classtype:attempted-recon; sid:200000778; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"deregister-lbpayee.com",nocase; classtype:attempted-recon; sid:200000779; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"desejoourocard.com.br",nocase; classtype:attempted-recon; sid:200000780; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"desidiatech.com",nocase; classtype:attempted-recon; sid:200000781; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"designerlakehouse.com",nocase; classtype:attempted-recon; sid:200000782; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"desksellcompany.com",nocase; classtype:attempted-recon; sid:200000783; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"destinationth.com",nocase; classtype:attempted-recon; sid:200000784; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"deutsche-post.apurvathespygenesh.com",nocase; classtype:attempted-recon; sid:200000785; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dev-nadaj.orlenpaczka.ce5.pl",nocase; classtype:attempted-recon; sid:200000786; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dev-secu-credit-union.pantheonsite.io",nocase; classtype:attempted-recon; sid:200000787; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dev-www.orlenpaczka.ce5.pl",nocase; classtype:attempted-recon; sid:200000788; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dev.shivaxi.com",nocase; classtype:attempted-recon; sid:200000789; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"devicepichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200000790; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"devops.help",nocase; classtype:attempted-recon; sid:200000791; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dfscord-app.club",nocase; classtype:attempted-recon; sid:200000792; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dgi.is",nocase; classtype:attempted-recon; sid:200000793; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dgmepunjab.gov.pk",nocase; classtype:attempted-recon; sid:200000794; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dgsh2ws45.lovestoblog.com",nocase; classtype:attempted-recon; sid:200000795; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dhanushr24.github.io",nocase; classtype:attempted-recon; sid:200000796; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dhl-event.app",nocase; classtype:attempted-recon; sid:200000797; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dhl.recruitmentplatform.com",nocase; classtype:attempted-recon; sid:200000798; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"diamondplate.us",nocase; classtype:attempted-recon; sid:200000799; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"die-post-swiss-id-19782635812.psd2any.com",nocase; classtype:attempted-recon; sid:200000800; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"diginto.org",nocase; classtype:attempted-recon; sid:200000801; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dilscord.gift",nocase; classtype:attempted-recon; sid:200000802; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"directqpuprozaakp.weebly.com",nocase; classtype:attempted-recon; sid:200000803; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dirtyez.com",nocase; classtype:attempted-recon; sid:200000804; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"disccrdapp.com",nocase; classtype:attempted-recon; sid:200000805; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"disckord.club",nocase; classtype:attempted-recon; sid:200000806; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"discoord-nittro.com",nocase; classtype:attempted-recon; sid:200000807; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"discorc.gift",nocase; classtype:attempted-recon; sid:200000808; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"discordbugs.com",nocase; classtype:attempted-recon; sid:200000809; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dispositivoapp.azurewebsites.net",nocase; classtype:attempted-recon; sid:200000810; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"distinctivei.com",nocase; classtype:attempted-recon; sid:200000811; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"distrial.ec",nocase; classtype:attempted-recon; sid:200000812; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"divinasoutfit.cl",nocase; classtype:attempted-recon; sid:200000813; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"djfh.wmfc241.cn",nocase; classtype:attempted-recon; sid:200000814; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dkb-info.com",nocase; classtype:attempted-recon; sid:200000815; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dkbtan07.com",nocase; classtype:attempted-recon; sid:200000816; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dke060122.page.link",nocase; classtype:attempted-recon; sid:200000817; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dkglobaljobs.com",nocase; classtype:attempted-recon; sid:200000818; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dl.9xu.com",nocase; classtype:attempted-recon; sid:200000819; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dlink.me",nocase; classtype:attempted-recon; sid:200000820; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dmaxpesca.com.es",nocase; classtype:attempted-recon; sid:200000821; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dminer.cloud",nocase; classtype:attempted-recon; sid:200000822; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"doclab-console-auth.firebaseapp.com",nocase; classtype:attempted-recon; sid:200000823; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs-verify-c671.thajetiase.workers.dev",nocase; classtype:attempted-recon; sid:200000824; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.revv.so",nocase; classtype:attempted-recon; sid:200000825; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docsharex-authorize.firebaseapp.com",nocase; classtype:attempted-recon; sid:200000826; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docuservice.us",nocase; classtype:attempted-recon; sid:200000827; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docusign-lnc.info",nocase; classtype:attempted-recon; sid:200000828; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domaincontroller.pmeimg.co.uk",nocase; classtype:attempted-recon; sid:200000829; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa100.web.app",nocase; classtype:attempted-recon; sid:200000830; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa101.web.app",nocase; classtype:attempted-recon; sid:200000831; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa102.web.app",nocase; classtype:attempted-recon; sid:200000832; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa103.web.app",nocase; classtype:attempted-recon; sid:200000833; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa104.web.app",nocase; classtype:attempted-recon; sid:200000834; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa105.web.app",nocase; classtype:attempted-recon; sid:200000835; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa108.web.app",nocase; classtype:attempted-recon; sid:200000836; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa109.web.app",nocase; classtype:attempted-recon; sid:200000837; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa110.web.app",nocase; classtype:attempted-recon; sid:200000838; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa111.web.app",nocase; classtype:attempted-recon; sid:200000839; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa112.web.app",nocase; classtype:attempted-recon; sid:200000840; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa113.web.app",nocase; classtype:attempted-recon; sid:200000841; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa114.web.app",nocase; classtype:attempted-recon; sid:200000842; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa115.web.app",nocase; classtype:attempted-recon; sid:200000843; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa116.web.app",nocase; classtype:attempted-recon; sid:200000844; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa117.web.app",nocase; classtype:attempted-recon; sid:200000845; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa118.web.app",nocase; classtype:attempted-recon; sid:200000846; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa119.web.app",nocase; classtype:attempted-recon; sid:200000847; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa120.web.app",nocase; classtype:attempted-recon; sid:200000848; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa121.web.app",nocase; classtype:attempted-recon; sid:200000849; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa122.web.app",nocase; classtype:attempted-recon; sid:200000850; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa123.web.app",nocase; classtype:attempted-recon; sid:200000851; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa124.web.app",nocase; classtype:attempted-recon; sid:200000852; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa125.web.app",nocase; classtype:attempted-recon; sid:200000853; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa126.web.app",nocase; classtype:attempted-recon; sid:200000854; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa127.web.app",nocase; classtype:attempted-recon; sid:200000855; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa128.web.app",nocase; classtype:attempted-recon; sid:200000856; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa129.web.app",nocase; classtype:attempted-recon; sid:200000857; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa13.web.app",nocase; classtype:attempted-recon; sid:200000858; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa130.web.app",nocase; classtype:attempted-recon; sid:200000859; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa131.web.app",nocase; classtype:attempted-recon; sid:200000860; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa132.web.app",nocase; classtype:attempted-recon; sid:200000861; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa133.web.app",nocase; classtype:attempted-recon; sid:200000862; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa134.web.app",nocase; classtype:attempted-recon; sid:200000863; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa135.web.app",nocase; classtype:attempted-recon; sid:200000864; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa136.web.app",nocase; classtype:attempted-recon; sid:200000865; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa137.web.app",nocase; classtype:attempted-recon; sid:200000866; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa138.web.app",nocase; classtype:attempted-recon; sid:200000867; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa139.web.app",nocase; classtype:attempted-recon; sid:200000868; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa14.web.app",nocase; classtype:attempted-recon; sid:200000869; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa140.web.app",nocase; classtype:attempted-recon; sid:200000870; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa141.web.app",nocase; classtype:attempted-recon; sid:200000871; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa142.web.app",nocase; classtype:attempted-recon; sid:200000872; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa143.web.app",nocase; classtype:attempted-recon; sid:200000873; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa144.web.app",nocase; classtype:attempted-recon; sid:200000874; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa145.web.app",nocase; classtype:attempted-recon; sid:200000875; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa146.web.app",nocase; classtype:attempted-recon; sid:200000876; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa147.web.app",nocase; classtype:attempted-recon; sid:200000877; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa148.web.app",nocase; classtype:attempted-recon; sid:200000878; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa149.web.app",nocase; classtype:attempted-recon; sid:200000879; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa150.web.app",nocase; classtype:attempted-recon; sid:200000880; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa151.web.app",nocase; classtype:attempted-recon; sid:200000881; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa152.web.app",nocase; classtype:attempted-recon; sid:200000882; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa153.web.app",nocase; classtype:attempted-recon; sid:200000883; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa154.web.app",nocase; classtype:attempted-recon; sid:200000884; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa155.web.app",nocase; classtype:attempted-recon; sid:200000885; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa156.web.app",nocase; classtype:attempted-recon; sid:200000886; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa157.web.app",nocase; classtype:attempted-recon; sid:200000887; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa158.web.app",nocase; classtype:attempted-recon; sid:200000888; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa159.web.app",nocase; classtype:attempted-recon; sid:200000889; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa160.web.app",nocase; classtype:attempted-recon; sid:200000890; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa161.web.app",nocase; classtype:attempted-recon; sid:200000891; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa162.web.app",nocase; classtype:attempted-recon; sid:200000892; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa163.web.app",nocase; classtype:attempted-recon; sid:200000893; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa164.web.app",nocase; classtype:attempted-recon; sid:200000894; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa165.web.app",nocase; classtype:attempted-recon; sid:200000895; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa166.web.app",nocase; classtype:attempted-recon; sid:200000896; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa167.web.app",nocase; classtype:attempted-recon; sid:200000897; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa168.web.app",nocase; classtype:attempted-recon; sid:200000898; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa169.web.app",nocase; classtype:attempted-recon; sid:200000899; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa17.web.app",nocase; classtype:attempted-recon; sid:200000900; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa170.web.app",nocase; classtype:attempted-recon; sid:200000901; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa171.web.app",nocase; classtype:attempted-recon; sid:200000902; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa172.web.app",nocase; classtype:attempted-recon; sid:200000903; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa173.web.app",nocase; classtype:attempted-recon; sid:200000904; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa174.web.app",nocase; classtype:attempted-recon; sid:200000905; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa175.web.app",nocase; classtype:attempted-recon; sid:200000906; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa176.web.app",nocase; classtype:attempted-recon; sid:200000907; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa177.web.app",nocase; classtype:attempted-recon; sid:200000908; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"365unfreezesecurity.com",nocase; classtype:attempted-recon; sid:200000068; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3782365.com",nocase; classtype:attempted-recon; sid:200000069; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3a10a178.s6t6sj4s46tu4sys54y5.pages.dev",nocase; classtype:attempted-recon; sid:200000070; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3bvjh.sbs",nocase; classtype:attempted-recon; sid:200000071; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3c5.com",nocase; classtype:attempted-recon; sid:200000072; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3ck.me",nocase; classtype:attempted-recon; sid:200000073; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3dprintersupplies.com.au",nocase; classtype:attempted-recon; sid:200000074; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3dsecure-update-service-info-live.duckdns.org",nocase; classtype:attempted-recon; sid:200000075; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3ff7c459-86b2-4f6d-b6b0-ba6402ef6cb0.htmlcomponentservice.com",nocase; classtype:attempted-recon; sid:200000076; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3j124.csb.app",nocase; classtype:attempted-recon; sid:200000077; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"42.193.110.254",nocase; classtype:attempted-recon; sid:200000078; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"45.186.132.130",nocase; classtype:attempted-recon; sid:200000079; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"45.9.20.146",nocase; classtype:attempted-recon; sid:200000080; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"48tlp.codesandbox.io",nocase; classtype:attempted-recon; sid:200000081; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"4a14def9.sibforms.com",nocase; classtype:attempted-recon; sid:200000082; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"4c0mr.93.8934.easyflv.com",nocase; classtype:attempted-recon; sid:200000083; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"4lxkd.r.ag.d.sendibm3.com",nocase; classtype:attempted-recon; sid:200000084; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"4r1un.app.link",nocase; classtype:attempted-recon; sid:200000085; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"4w8bmmjcw86e.clickfunnels.com",nocase; classtype:attempted-recon; sid:200000086; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"5.qarshishxtb.uz",nocase; classtype:attempted-recon; sid:200000087; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"51.fi",nocase; classtype:attempted-recon; sid:200000088; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"5181365.com",nocase; classtype:attempted-recon; sid:200000089; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"52.148.252.166",nocase; classtype:attempted-recon; sid:200000090; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"52292936869418365.web.id",nocase; classtype:attempted-recon; sid:200000091; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"53vzxcnk6rwp.clickfunnels.com",nocase; classtype:attempted-recon; sid:200000092; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"54-160-232-146.cprapid.com",nocase; classtype:attempted-recon; sid:200000093; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"5736365.com",nocase; classtype:attempted-recon; sid:200000094; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"5b0f6cb9-0485-4fc7-9775-eb74bb45bbf6.htmlcomponentservice.com",nocase; classtype:attempted-recon; sid:200000095; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"5e841ae2.srvr-cloudmail-srvr6765e7tg.pages.dev",nocase; classtype:attempted-recon; sid:200000096; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"613707.selcdn.ru",nocase; classtype:attempted-recon; sid:200000097; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"61da8ae6.6u6566hrrthsh45.pages.dev",nocase; classtype:attempted-recon; sid:200000098; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"638ca12d-ba2f-451c-8418-faf56b7de7ff.htmlcomponentservice.com",nocase; classtype:attempted-recon; sid:200000099; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"6734365.com",nocase; classtype:attempted-recon; sid:200000100; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"67lksxgjd.bttmassage-thai-tanger.com",nocase; classtype:attempted-recon; sid:200000101; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"6a7zu9he6mqh.clickfunnels.com",nocase; classtype:attempted-recon; sid:200000102; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"6c7f0acc.sibforms.com",nocase; classtype:attempted-recon; sid:200000103; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"6stupefacentevideo2022.pagedemo.co",nocase; classtype:attempted-recon; sid:200000104; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"754675377.xyz",nocase; classtype:attempted-recon; sid:200000105; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"78.108.89.240",nocase; classtype:attempted-recon; sid:200000106; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"7837365.com",nocase; classtype:attempted-recon; sid:200000107; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"7a4298b9.sso-mail-secure234ds23d23wd1.pages.dev",nocase; classtype:attempted-recon; sid:200000108; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"7wr4u.csb.app",nocase; classtype:attempted-recon; sid:200000109; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"7yu3v.csb.app",nocase; classtype:attempted-recon; sid:200000110; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"8.215.32.173",nocase; classtype:attempted-recon; sid:200000111; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"859411.icu",nocase; classtype:attempted-recon; sid:200000112; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"8760365.com",nocase; classtype:attempted-recon; sid:200000113; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"885211.icu",nocase; classtype:attempted-recon; sid:200000114; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"889381.icu",nocase; classtype:attempted-recon; sid:200000115; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"8899.jp",nocase; classtype:attempted-recon; sid:200000116; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"89ix7y0.cn",nocase; classtype:attempted-recon; sid:200000117; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"92.rev.sfr.net.gghost.ru",nocase; classtype:attempted-recon; sid:200000118; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"94183655229293686.web.id",nocase; classtype:attempted-recon; sid:200000119; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"98yiujh.9peop5jzad1945.workers.dev",nocase; classtype:attempted-recon; sid:200000120; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"9d62cfee-59b3-42a8-9542-4b3a32692792.htmlcomponentservice.com",nocase; classtype:attempted-recon; sid:200000121; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"9faf19faf1.virkrupaengg.com",nocase; classtype:attempted-recon; sid:200000122; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"9ftytucsh4ph.clickfunnels.com",nocase; classtype:attempted-recon; sid:200000123; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a.2827e82ca6640ef29594fb288383c901159970954a6ca74d562cd3aa.com",nocase; classtype:attempted-recon; sid:200000124; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a.insecurpage.recovery-safty.workers.dev",nocase; classtype:attempted-recon; sid:200000125; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a.mauofeg.com",nocase; classtype:attempted-recon; sid:200000126; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a.mauofog.com",nocase; classtype:attempted-recon; sid:200000127; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a.scicemecod.com",nocase; classtype:attempted-recon; sid:200000128; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a.snadc-oecddo.com",nocase; classtype:attempted-recon; sid:200000129; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a0570626.xsph.ru",nocase; classtype:attempted-recon; sid:200000130; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a4d3b42c.chgmar-d8y.pages.dev",nocase; classtype:attempted-recon; sid:200000131; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a71843c1.mailssocloud-srvr65e5rd.pages.dev",nocase; classtype:attempted-recon; sid:200000132; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a894ec7f.46t33454t4.pages.dev",nocase; classtype:attempted-recon; sid:200000133; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aa.snadc-oecddo.com",nocase; classtype:attempted-recon; sid:200000134; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aagamsteelcorporation.com",nocase; classtype:attempted-recon; sid:200000135; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aar.macecri.com",nocase; classtype:attempted-recon; sid:200000136; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"abeermultimediadesign.com",nocase; classtype:attempted-recon; sid:200000137; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"absaonline2021.website2.me",nocase; classtype:attempted-recon; sid:200000138; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"absolute-containers-sip.business.site",nocase; classtype:attempted-recon; sid:200000139; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"absolutepleasure.com.my",nocase; classtype:attempted-recon; sid:200000140; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"acacia.webdevonline.net",nocase; classtype:attempted-recon; sid:200000141; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"account-recovery.org",nocase; classtype:attempted-recon; sid:200000142; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"account.herephyshy.info",nocase; classtype:attempted-recon; sid:200000143; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"account.verifications.help-page.workers.dev",nocase; classtype:attempted-recon; sid:200000144; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"accounts-autoscout24.de",nocase; classtype:attempted-recon; sid:200000145; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"acessobradesco.digital",nocase; classtype:attempted-recon; sid:200000146; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ach111.xyz",nocase; classtype:attempted-recon; sid:200000147; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"activate-hulu-com-activate.sitey.me",nocase; classtype:attempted-recon; sid:200000148; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"activatingmymainnet.com",nocase; classtype:attempted-recon; sid:200000149; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"adamfeber.com",nocase; classtype:attempted-recon; sid:200000150; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"adcloudserver.com",nocase; classtype:attempted-recon; sid:200000151; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"admin-formserviceupdates.weeblysite.com",nocase; classtype:attempted-recon; sid:200000152; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"administer-708aa.web.app",nocase; classtype:attempted-recon; sid:200000153; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"administraciondefincaspereznovo.com",nocase; classtype:attempted-recon; sid:200000154; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"adorablepomskyhome.net",nocase; classtype:attempted-recon; sid:200000155; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"adpunemploymentclaims.sharefile.com",nocase; classtype:attempted-recon; sid:200000156; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"adsmarca.com",nocase; classtype:attempted-recon; sid:200000157; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ae.snadc-oecddo.com",nocase; classtype:attempted-recon; sid:200000158; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"affixsports.net",nocase; classtype:attempted-recon; sid:200000159; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"afreemart.xyz",nocase; classtype:attempted-recon; sid:200000160; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"africansecrets.ca",nocase; classtype:attempted-recon; sid:200000161; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"agora.imb.br",nocase; classtype:attempted-recon; sid:200000162; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"agrimetiersmartinique.fr",nocase; classtype:attempted-recon; sid:200000163; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"agurimu-nagoya.com",nocase; classtype:attempted-recon; sid:200000164; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ahhhh.pe.kr",nocase; classtype:attempted-recon; sid:200000165; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ai.macecri.com",nocase; classtype:attempted-recon; sid:200000166; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aid-validation-human.run-us-west2.goorm.io",nocase; classtype:attempted-recon; sid:200000167; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aimekidya-recpag.web.id",nocase; classtype:attempted-recon; sid:200000168; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"airbnb.book-space-b851927.live",nocase; classtype:attempted-recon; sid:200000169; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"airportprescreening.com",nocase; classtype:attempted-recon; sid:200000170; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aitsidihamh.my-place.us",nocase; classtype:attempted-recon; sid:200000171; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"akanksha3012.github.io",nocase; classtype:attempted-recon; sid:200000172; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aks34.github.io",nocase; classtype:attempted-recon; sid:200000173; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aksehirelittotel.com",nocase; classtype:attempted-recon; sid:200000174; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aksjdkas.6icmtmbvlj5916.workers.dev",nocase; classtype:attempted-recon; sid:200000175; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aksjoeomraadet.no",nocase; classtype:attempted-recon; sid:200000176; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aktualizacja.jst.pl",nocase; classtype:attempted-recon; sid:200000177; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"akun-peringatan03.webnode.page",nocase; classtype:attempted-recon; sid:200000178; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alareentading-catalog.page.tl",nocase; classtype:attempted-recon; sid:200000179; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"albel.intnet.mu",nocase; classtype:attempted-recon; sid:200000180; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aldana.in",nocase; classtype:attempted-recon; sid:200000181; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alerts.department.improvement.workers.dev",nocase; classtype:attempted-recon; sid:200000182; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alexellis.gr",nocase; classtype:attempted-recon; sid:200000183; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alexxou.website2.me",nocase; classtype:attempted-recon; sid:200000184; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"algotextil.com.br",nocase; classtype:attempted-recon; sid:200000185; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aliciabot.azurewebsites.net",nocase; classtype:attempted-recon; sid:200000186; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alkhalilgraphics.com",nocase; classtype:attempted-recon; sid:200000187; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"allegrolokalnie-pl-3dsafe.id-43051.xyz",nocase; classtype:attempted-recon; sid:200000188; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"allegrolokalnie-pl-3dsafe.id-91501.xyz",nocase; classtype:attempted-recon; sid:200000189; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"allegrolokalnie-pl-3dseif.id-43051.xyz",nocase; classtype:attempted-recon; sid:200000190; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"allegrolokalnie-pl-safe.id-43051.xyz",nocase; classtype:attempted-recon; sid:200000191; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alliancesuper.com",nocase; classtype:attempted-recon; sid:200000192; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"almarjantours.com",nocase; classtype:attempted-recon; sid:200000193; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"almighty.edu.np",nocase; classtype:attempted-recon; sid:200000194; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alnajahh.com",nocase; classtype:attempted-recon; sid:200000195; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aloun.ps",nocase; classtype:attempted-recon; sid:200000196; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alphabnkgre.com",nocase; classtype:attempted-recon; sid:200000197; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alqadi.ps",nocase; classtype:attempted-recon; sid:200000198; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alquilervillora.net",nocase; classtype:attempted-recon; sid:200000199; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alsofft.com",nocase; classtype:attempted-recon; sid:200000200; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alupi-frey.shop",nocase; classtype:attempted-recon; sid:200000201; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amacez.jyrtery4.top",nocase; classtype:attempted-recon; sid:200000202; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amacredit.amacardpkey.xyz",nocase; classtype:attempted-recon; sid:200000203; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amaenv.fgasdfw6.xyz",nocase; classtype:attempted-recon; sid:200000204; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amaozn.ywcimei.com",nocase; classtype:attempted-recon; sid:200000205; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amaznllo.co.jp.amauioda.net",nocase; classtype:attempted-recon; sid:200000206; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazom.supesn.xyz",nocase; classtype:attempted-recon; sid:200000207; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazom.supwwe.xyz",nocase; classtype:attempted-recon; sid:200000208; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazomsse.shop",nocase; classtype:attempted-recon; sid:200000209; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazon-gcatech.com",nocase; classtype:attempted-recon; sid:200000210; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazon-interruption.com",nocase; classtype:attempted-recon; sid:200000211; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazon.co.jp.abaiaccounting.cn",nocase; classtype:attempted-recon; sid:200000212; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazon.gousana.casa",nocase; classtype:attempted-recon; sid:200000213; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazon.logins-co.jp",nocase; classtype:attempted-recon; sid:200000214; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazon.works.ga",nocase; classtype:attempted-recon; sid:200000215; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazonhome.sfrmobiles.com",nocase; classtype:attempted-recon; sid:200000216; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazonjapsne.cf",nocase; classtype:attempted-recon; sid:200000217; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazonses.authflows.com",nocase; classtype:attempted-recon; sid:200000218; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amazoon.co.op.o4j.top",nocase; classtype:attempted-recon; sid:200000219; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amc-training.com",nocase; classtype:attempted-recon; sid:200000220; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amecmasmerd.ga",nocase; classtype:attempted-recon; sid:200000221; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ameozom.jp.onaworks.com",nocase; classtype:attempted-recon; sid:200000222; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"americanexpress-auth.azurewebsites.net",nocase; classtype:attempted-recon; sid:200000223; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amguevara.com",nocase; classtype:attempted-recon; sid:200000224; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amhsd.com",nocase; classtype:attempted-recon; sid:200000225; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amidabuli.com",nocase; classtype:attempted-recon; sid:200000226; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amlnov7.web.app",nocase; classtype:attempted-recon; sid:200000227; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amnzma-jp.top",nocase; classtype:attempted-recon; sid:200000228; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amnzms1-jp.top",nocase; classtype:attempted-recon; sid:200000229; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amnzms4-jp.shop",nocase; classtype:attempted-recon; sid:200000230; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amnzmsf-jp.shop",nocase; classtype:attempted-recon; sid:200000231; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amnzmsn3-jp.shop",nocase; classtype:attempted-recon; sid:200000232; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amoazom.rm82j6-t8.cn",nocase; classtype:attempted-recon; sid:200000233; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amonzau_co_take.ktbf.shop",nocase; classtype:attempted-recon; sid:200000234; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amosleh.com",nocase; classtype:attempted-recon; sid:200000235; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amreeth.github.io",nocase; classtype:attempted-recon; sid:200000236; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amusebouche-bg.com",nocase; classtype:attempted-recon; sid:200000237; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"amzcredit.dearva.xyz",nocase; classtype:attempted-recon; sid:200000238; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"an.macecri.com",nocase; classtype:attempted-recon; sid:200000239; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"anandsr-dev.github.io",nocase; classtype:attempted-recon; sid:200000240; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"anarchitecturestudio.com",nocase; classtype:attempted-recon; sid:200000241; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"anbn.ru",nocase; classtype:attempted-recon; sid:200000242; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"andersonstrategic.com.au",nocase; classtype:attempted-recon; sid:200000243; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"androapk.in",nocase; classtype:attempted-recon; sid:200000244; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"andromeda-manageer-association-27.web.id",nocase; classtype:attempted-recon; sid:200000245; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"angiofsi.page.link",nocase; classtype:attempted-recon; sid:200000246; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"angryezgames.com",nocase; classtype:attempted-recon; sid:200000247; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"anhduongjsc.com",nocase; classtype:attempted-recon; sid:200000248; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"anj-azakp.run.goorm.io",nocase; classtype:attempted-recon; sid:200000249; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"anjalijha167.github.io",nocase; classtype:attempted-recon; sid:200000250; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"annacatania.com.mt",nocase; classtype:attempted-recon; sid:200000251; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"anon-keep-admin-keep.rvsla.workers.dev",nocase; classtype:attempted-recon; sid:200000252; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ansr.ro",nocase; classtype:attempted-recon; sid:200000253; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aolmailukhelplinecustomerservice.blogspot.com",nocase; classtype:attempted-recon; sid:200000254; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aolmailukhelplinecustomerservice.blogspot.com.au",nocase; classtype:attempted-recon; sid:200000255; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aolverixon11dfd.weebly.com",nocase; classtype:attempted-recon; sid:200000256; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aolxperience.com",nocase; classtype:attempted-recon; sid:200000257; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"api-saisoncard-co-jp.md160.net",nocase; classtype:attempted-recon; sid:200000258; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"api-saisoncard-co-jp.o4ay8.net",nocase; classtype:attempted-recon; sid:200000259; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"api.florense.com.br",nocase; classtype:attempted-recon; sid:200000260; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"api.redirect-bentobot199.com",nocase; classtype:attempted-recon; sid:200000261; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"api.redirect-safebrowser-online.com",nocase; classtype:attempted-recon; sid:200000262; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aplintec.com.mx",nocase; classtype:attempted-recon; sid:200000263; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app-928e4a31-5ecb-44ae-8c1e-5a710ac73f9f.cleverapps.io",nocase; classtype:attempted-recon; sid:200000264; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app-bombcrypto-io-login-ab.blogspot.com",nocase; classtype:attempted-recon; sid:200000265; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.bydn217.club",nocase; classtype:attempted-recon; sid:200000266; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.duel.network",nocase; classtype:attempted-recon; sid:200000267; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.fiiber.ca",nocase; classtype:attempted-recon; sid:200000268; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.moneylinecreditcorporation.com",nocase; classtype:attempted-recon; sid:200000269; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.skiff.org",nocase; classtype:attempted-recon; sid:200000270; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.sugarsync.com",nocase; classtype:attempted-recon; sid:200000271; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"appatualizecef.com",nocase; classtype:attempted-recon; sid:200000272; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"appibsolicitud.com",nocase; classtype:attempted-recon; sid:200000273; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"appleid-check.info",nocase; classtype:attempted-recon; sid:200000274; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"applekra.com",nocase; classtype:attempted-recon; sid:200000275; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"applepichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200000276; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"apply.aua.am",nocase; classtype:attempted-recon; sid:200000277; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"apps.mobile-form-verification40124572700208277579.xjzsg0tqkl-ewl6ngk8w352.p.runcloud.link",nocase; classtype:attempted-recon; sid:200000278; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aprilgagenesh.com",nocase; classtype:attempted-recon; sid:200000279; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aquaqualitas.com",nocase; classtype:attempted-recon; sid:200000280; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"arafathrumman.github.io",nocase; classtype:attempted-recon; sid:200000281; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"arcacg.com",nocase; classtype:attempted-recon; sid:200000282; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"archivio-supporto.sitoper.it",nocase; classtype:attempted-recon; sid:200000283; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"are.scicemecod.com",nocase; classtype:attempted-recon; sid:200000284; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"areueaom.gtpzcve.cn",nocase; classtype:attempted-recon; sid:200000285; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"areueaom.gtva.cn",nocase; classtype:attempted-recon; sid:200000286; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"arif.com.bd",nocase; classtype:attempted-recon; sid:200000287; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aromatic.webenliven.in",nocase; classtype:attempted-recon; sid:200000288; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"arthamahotels.com",nocase; classtype:attempted-recon; sid:200000289; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"artlux.com.pl",nocase; classtype:attempted-recon; sid:200000290; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"arub-service.org",nocase; classtype:attempted-recon; sid:200000291; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aruba.fatt.ids-sys.com",nocase; classtype:attempted-recon; sid:200000292; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"as.macecri.com",nocase; classtype:attempted-recon; sid:200000293; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"as.scicemecod.com",nocase; classtype:attempted-recon; sid:200000294; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"asaipestcontrol.com",nocase; classtype:attempted-recon; sid:200000295; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ascom.co.tz",nocase; classtype:attempted-recon; sid:200000296; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"asd.9sw53wk.cn",nocase; classtype:attempted-recon; sid:200000297; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"asdxa.p2x11pi.cn",nocase; classtype:attempted-recon; sid:200000298; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"asgard-ampqy.run-us-west2.goorm.io",nocase; classtype:attempted-recon; sid:200000299; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"asimpwsh.com",nocase; classtype:attempted-recon; sid:200000300; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"asistentetramitadordigitalda.com",nocase; classtype:attempted-recon; sid:200000301; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"askarmotorluaraclar.com",nocase; classtype:attempted-recon; sid:200000302; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"asrefanavary.com",nocase; classtype:attempted-recon; sid:200000303; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"at-t-support-service1.sitey.me",nocase; classtype:attempted-recon; sid:200000304; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"at-t-yahoo.sitey.me",nocase; classtype:attempted-recon; sid:200000305; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"atento-fdi.plusoftomni.com.br",nocase; classtype:attempted-recon; sid:200000306; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ativacao-online73681.com",nocase; classtype:attempted-recon; sid:200000307; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"atlanticeconcrete.com",nocase; classtype:attempted-recon; sid:200000308; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"atnr76dxku336szy.clickfunnels.com",nocase; classtype:attempted-recon; sid:200000309; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"att556.weebly.com",nocase; classtype:attempted-recon; sid:200000310; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"att87.weebly.com",nocase; classtype:attempted-recon; sid:200000311; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"attinfoser.weebly.com",nocase; classtype:attempted-recon; sid:200000312; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"attonlinemanagementpage.weebly.com",nocase; classtype:attempted-recon; sid:200000313; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"attonlineuserverification.weebly.com",nocase; classtype:attempted-recon; sid:200000314; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"attpage1121.weebly.com",nocase; classtype:attempted-recon; sid:200000315; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"atualizacao-online547864.com",nocase; classtype:attempted-recon; sid:200000316; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"atualizarmodolo.com",nocase; classtype:attempted-recon; sid:200000317; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"atulrathore-dev.github.io",nocase; classtype:attempted-recon; sid:200000318; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"auid-japan.com",nocase; classtype:attempted-recon; sid:200000319; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aurumship.com",nocase; classtype:attempted-recon; sid:200000320; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aushotel.es",nocase; classtype:attempted-recon; sid:200000321; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"auth-task1-m.web.app",nocase; classtype:attempted-recon; sid:200000322; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"auth-webmailakeonetcom.yolasite.com",nocase; classtype:attempted-recon; sid:200000323; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"auth.topgamers.cn",nocase; classtype:attempted-recon; sid:200000324; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"authent54-sedure32.duckdns.org",nocase; classtype:attempted-recon; sid:200000325; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"authorize-trustvallet-protocol.com",nocase; classtype:attempted-recon; sid:200000326; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"authorizewallet.app",nocase; classtype:attempted-recon; sid:200000327; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"authuxeehmutconjxmailssocl.web.app",nocase; classtype:attempted-recon; sid:200000328; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"authxntico.cc",nocase; classtype:attempted-recon; sid:200000329; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"autodiscover.ryder-dutton.co.uk",nocase; classtype:attempted-recon; sid:200000330; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"autoexprs.com",nocase; classtype:attempted-recon; sid:200000331; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"autoranplususeremailprocessingupdate.pages.dev",nocase; classtype:attempted-recon; sid:200000332; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"autoscurt24.de",nocase; classtype:attempted-recon; sid:200000333; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"autumn-sun-4a21.paqesads-scure.workers.dev",nocase; classtype:attempted-recon; sid:200000334; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"avelocidad.com",nocase; classtype:attempted-recon; sid:200000335; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"avrorganics.com",nocase; classtype:attempted-recon; sid:200000336; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"awesome-gates-8bdd6f.netlify.app",nocase; classtype:attempted-recon; sid:200000337; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ax.xiguw.workers.dev",nocase; classtype:attempted-recon; sid:200000338; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"axieinfinity-supportwallet.com",nocase; classtype:attempted-recon; sid:200000339; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"axlr.in",nocase; classtype:attempted-recon; sid:200000340; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ayushenterprise.in",nocase; classtype:attempted-recon; sid:200000341; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"az.macecri.com",nocase; classtype:attempted-recon; sid:200000342; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"azb3s.cf",nocase; classtype:attempted-recon; sid:200000343; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"azmznonos_co_long.akys.shop",nocase; classtype:attempted-recon; sid:200000344; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"b.com.0cdb6084fc320a42a6418192753f5960.laremolonarestaurante.com",nocase; classtype:attempted-recon; sid:200000345; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"b059c86968a6427389952025bcee9886.svc.dynamics.com",nocase; classtype:attempted-recon; sid:200000346; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"b4e921f0.sso-mailsrvr-4344e5teed.pages.dev",nocase; classtype:attempted-recon; sid:200000347; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"b96f7f93.sibforms.com",nocase; classtype:attempted-recon; sid:200000348; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"b97bca39.srvr-cloudmail-srvr6754e5rte.pages.dev",nocase; classtype:attempted-recon; sid:200000349; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bacteralia.com",nocase; classtype:attempted-recon; sid:200000350; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bag-macben.eu",nocase; classtype:attempted-recon; sid:200000351; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bakhai.vn",nocase; classtype:attempted-recon; sid:200000352; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"balajihospital.net",nocase; classtype:attempted-recon; sid:200000353; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"balalabala090.diskstation.eu",nocase; classtype:attempted-recon; sid:200000354; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bamarfoundation.org",nocase; classtype:attempted-recon; sid:200000355; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"banca-electronica1.odoo.com",nocase; classtype:attempted-recon; sid:200000356; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaenlineal-interbark2.com",nocase; classtype:attempted-recon; sid:200000357; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporinternet-interbark.pcriot.com",nocase; classtype:attempted-recon; sid:200000358; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporinternet.interban.pe.magictourscancun.com",nocase; classtype:attempted-recon; sid:200000359; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporinternet.interbrnpe.com",nocase; classtype:attempted-recon; sid:200000360; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporinternet.lnterbank.pronductos.com",nocase; classtype:attempted-recon; sid:200000361; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporinternetinterbank.pe-promocion.app",nocase; classtype:attempted-recon; sid:200000362; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporintrnet.interbnkperu.es",nocase; classtype:attempted-recon; sid:200000363; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporlnternetlnterbarnk.dominandoagestao.com.br",nocase; classtype:attempted-recon; sid:200000364; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporlnternetlnterbarnk.infinitegoldjewelry.com",nocase; classtype:attempted-recon; sid:200000365; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporlnternetlnterbarnk.jifad.org",nocase; classtype:attempted-recon; sid:200000366; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancaporlnternetlnterbarnk.libertycanais.com.br",nocase; classtype:attempted-recon; sid:200000367; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancoiinng.site44.com",nocase; classtype:attempted-recon; sid:200000368; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bancooccidentalb.com",nocase; classtype:attempted-recon; sid:200000369; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bankapolska.com",nocase; classtype:attempted-recon; sid:200000370; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"banki0wa.us",nocase; classtype:attempted-recon; sid:200000371; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bankocaoffo.webcindario.com",nocase; classtype:attempted-recon; sid:200000372; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bankofamer86.ddns.net",nocase; classtype:attempted-recon; sid:200000373; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bannerbank.control-inc.com",nocase; classtype:attempted-recon; sid:200000374; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bannerchampnyc.com",nocase; classtype:attempted-recon; sid:200000375; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"banproseguridadasistenteenlineanic.webnode.es",nocase; classtype:attempted-recon; sid:200000376; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"baradua.it",nocase; classtype:attempted-recon; sid:200000377; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"barbecuef.top",nocase; classtype:attempted-recon; sid:200000378; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"battlelastmont.cyou",nocase; classtype:attempted-recon; sid:200000379; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bc1.paiementervice.com",nocase; classtype:attempted-recon; sid:200000380; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bconclutmjy.ru",nocase; classtype:attempted-recon; sid:200000381; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bcp-marketing.com",nocase; classtype:attempted-recon; sid:200000382; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bcpzonaseguirabeta.com",nocase; classtype:attempted-recon; sid:200000383; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"be-home.web.do",nocase; classtype:attempted-recon; sid:200000384; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bearmybrand.com",nocase; classtype:attempted-recon; sid:200000385; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"beast-blog.com",nocase; classtype:attempted-recon; sid:200000386; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"beccu07.zzux.com",nocase; classtype:attempted-recon; sid:200000387; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"beijing.vfzfy1v.cn",nocase; classtype:attempted-recon; sid:200000388; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"belovedaroma.com",nocase; classtype:attempted-recon; sid:200000389; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bendmytrend.com",nocase; classtype:attempted-recon; sid:200000390; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"berketurizm.com",nocase; classtype:attempted-recon; sid:200000391; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"beupdatedmust.pricesrakutenlogin.buzz",nocase; classtype:attempted-recon; sid:200000392; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bexwebmailupdate.web.app",nocase; classtype:attempted-recon; sid:200000393; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"beyondsmiles.co.in",nocase; classtype:attempted-recon; sid:200000394; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bghgcd.psuxscm.cn",nocase; classtype:attempted-recon; sid:200000395; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bharathi1809.github.io",nocase; classtype:attempted-recon; sid:200000396; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhavin0077.github.io",nocase; classtype:attempted-recon; sid:200000397; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhddf.uwe6ui0.cn",nocase; classtype:attempted-recon; sid:200000398; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhdf.bdc9985.cn",nocase; classtype:attempted-recon; sid:200000399; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhdf.ryhk63.cn",nocase; classtype:attempted-recon; sid:200000400; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhdf.t18v2kr.cn",nocase; classtype:attempted-recon; sid:200000401; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhdf.y0ai5w8.cn",nocase; classtype:attempted-recon; sid:200000402; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhgcd.8h391um.cn",nocase; classtype:attempted-recon; sid:200000403; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhgcxz.00e5gfu.cn",nocase; classtype:attempted-recon; sid:200000404; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhgd.48ud0ez.cn",nocase; classtype:attempted-recon; sid:200000405; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhgdd.qlljdgs.cn",nocase; classtype:attempted-recon; sid:200000406; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhgxa.eo76sni.cn",nocase; classtype:attempted-recon; sid:200000407; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhhcd.9bzuw49.cn",nocase; classtype:attempted-recon; sid:200000408; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhhxaa.123qi7b.cn",nocase; classtype:attempted-recon; sid:200000409; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhxas.rb0xts7.cn",nocase; classtype:attempted-recon; sid:200000410; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bhxdd.2hllf8x.cn",nocase; classtype:attempted-recon; sid:200000411; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bicicentroslezama.com",nocase; classtype:attempted-recon; sid:200000412; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"biedronka-news.biz",nocase; classtype:attempted-recon; sid:200000413; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"biedronka-news.us",nocase; classtype:attempted-recon; sid:200000414; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"biedronkainvest.biz",nocase; classtype:attempted-recon; sid:200000415; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bienlinea.com",nocase; classtype:attempted-recon; sid:200000416; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bijoycity.com",nocase; classtype:attempted-recon; sid:200000417; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bilacintatakk.institute-pagess.workers.dev",nocase; classtype:attempted-recon; sid:200000418; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bilasajaterjadii.institute-pagess.workers.dev",nocase; classtype:attempted-recon; sid:200000419; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"billingfailure-o2.com",nocase; classtype:attempted-recon; sid:200000420; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bioenergyevitalite.com",nocase; classtype:attempted-recon; sid:200000421; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"birlacitywaterpark.com",nocase; classtype:attempted-recon; sid:200000422; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bisanew.20931.repl.co",nocase; classtype:attempted-recon; sid:200000423; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"biswap.fm",nocase; classtype:attempted-recon; sid:200000424; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"biswapdapp.org",nocase; classtype:attempted-recon; sid:200000425; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitbaink.web.app",nocase; classtype:attempted-recon; sid:200000426; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitflye87.com",nocase; classtype:attempted-recon; sid:200000427; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitflyerfr.cc",nocase; classtype:attempted-recon; sid:200000428; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bithunnb.web.app",nocase; classtype:attempted-recon; sid:200000429; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitmexinc.com",nocase; classtype:attempted-recon; sid:200000430; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitso.cm",nocase; classtype:attempted-recon; sid:200000431; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitsrflyer.com",nocase; classtype:attempted-recon; sid:200000432; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bizlinktek.com",nocase; classtype:attempted-recon; sid:200000433; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bizzcityinfo.com",nocase; classtype:attempted-recon; sid:200000434; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blanchevetements.com",nocase; classtype:attempted-recon; sid:200000435; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blllsoth.weebly.com",nocase; classtype:attempted-recon; sid:200000436; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blockchain-fix.org",nocase; classtype:attempted-recon; sid:200000437; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blockchainwallet-tool.com",nocase; classtype:attempted-recon; sid:200000438; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blocks.rn86.ru",nocase; classtype:attempted-recon; sid:200000439; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blog.booxium.com",nocase; classtype:attempted-recon; sid:200000440; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blog.drmostafafouadivf.com",nocase; classtype:attempted-recon; sid:200000441; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blog.storrea.com",nocase; classtype:attempted-recon; sid:200000442; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blog.visionconsulting.ro",nocase; classtype:attempted-recon; sid:200000443; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blog.weiwanjia.com",nocase; classtype:attempted-recon; sid:200000444; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blowfish-ltd.co.uk",nocase; classtype:attempted-recon; sid:200000445; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blslightinginc.com",nocase; classtype:attempted-recon; sid:200000446; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bmcporlnternet.lnterbamkpe.extracaslh.shop",nocase; classtype:attempted-recon; sid:200000447; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bn-seguridadperu.com",nocase; classtype:attempted-recon; sid:200000448; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bnconacional.odoo.com",nocase; classtype:attempted-recon; sid:200000449; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bncre.odoo.com",nocase; classtype:attempted-recon; sid:200000450; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bncxz.9wx9b27.cn",nocase; classtype:attempted-recon; sid:200000451; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bndigitalpersonas.com",nocase; classtype:attempted-recon; sid:200000452; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"boaupdate.bfaoscr.com",nocase; classtype:attempted-recon; sid:200000453; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bogdonovlerer.com",nocase; classtype:attempted-recon; sid:200000454; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bogged-finance.com",nocase; classtype:attempted-recon; sid:200000455; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"boi.365online-replacement.com",nocase; classtype:attempted-recon; sid:200000456; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"boke4-indonesia-2022a7whatsapp.duckdns.org",nocase; classtype:attempted-recon; sid:200000457; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bokep-virall-sange33.duckdns.org",nocase; classtype:attempted-recon; sid:200000458; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bokgabanesolutions.co.za",nocase; classtype:attempted-recon; sid:200000459; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bold-lichterman.45-81-232-15.plesk.page",nocase; classtype:attempted-recon; sid:200000460; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bookfbs.evangsamuelministries.com",nocase; classtype:attempted-recon; sid:200000461; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"boxes.com.py",nocase; classtype:attempted-recon; sid:200000462; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"br4.in",nocase; classtype:attempted-recon; sid:200000463; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"br622.teste.website",nocase; classtype:attempted-recon; sid:200000464; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"breople.com",nocase; classtype:attempted-recon; sid:200000465; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooks-forrunning.top",nocase; classtype:attempted-recon; sid:200000466; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooks-justforjogging.top",nocase; classtype:attempted-recon; sid:200000467; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooks-move.top",nocase; classtype:attempted-recon; sid:200000468; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooks-ooke.top",nocase; classtype:attempted-recon; sid:200000469; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooks-runfarther.top",nocase; classtype:attempted-recon; sid:200000470; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooks-xsdaodab.top",nocase; classtype:attempted-recon; sid:200000471; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooks-xsdauofc.top",nocase; classtype:attempted-recon; sid:200000472; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooks-xsgdfaja.top",nocase; classtype:attempted-recon; sid:200000473; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooks1984.shop",nocase; classtype:attempted-recon; sid:200000474; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksair.top",nocase; classtype:attempted-recon; sid:200000475; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksale.top",nocase; classtype:attempted-recon; sid:200000476; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksboom.top",nocase; classtype:attempted-recon; sid:200000477; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksdiscount.top",nocase; classtype:attempted-recon; sid:200000478; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksnewmethod.top",nocase; classtype:attempted-recon; sid:200000479; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksnewsports.top",nocase; classtype:attempted-recon; sid:200000480; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksprime.top",nocase; classtype:attempted-recon; sid:200000481; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksrevel.top",nocase; classtype:attempted-recon; sid:200000482; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksrunble.top",nocase; classtype:attempted-recon; sid:200000483; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksrunshoeshopping.top",nocase; classtype:attempted-recon; sid:200000484; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brooksshopsft.top",nocase; classtype:attempted-recon; sid:200000485; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"brookssoft.top",nocase; classtype:attempted-recon; sid:200000486; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bruno-genthial.mykajabi.com",nocase; classtype:attempted-recon; sid:200000487; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bt-108665.square.site",nocase; classtype:attempted-recon; sid:200000488; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"btbusinessbilling.wordpress.com",nocase; classtype:attempted-recon; sid:200000489; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"btclickpreview365pdf.1msite.eu",nocase; classtype:attempted-recon; sid:200000490; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"btconnect-109798.square.site",nocase; classtype:attempted-recon; sid:200000491; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"btconnectfilesecurebthomelogindropboxinupdatetdropboxpdf-logss.yolasite.com",nocase; classtype:attempted-recon; sid:200000492; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"btconnectfilesecurebthomelogindropboxlinkupdatetdropboxpdf-logs.yolasite.com",nocase; classtype:attempted-recon; sid:200000493; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"btconnectfilesecurebthomeloginpdropboxupdatepdf-logsssss-websit.yolasite.com",nocase; classtype:attempted-recon; sid:200000494; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"btconnectfilesecurebthomesloginpdropboxupdatepdf-logsssss-websi.yolasite.com",nocase; classtype:attempted-recon; sid:200000495; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bthak.com",nocase; classtype:attempted-recon; sid:200000496; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"btinfoldddasasa.weebly.com",nocase; classtype:attempted-recon; sid:200000497; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bttelecommunicatiiion.weebly.com",nocase; classtype:attempted-recon; sid:200000498; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"budrimon.xyz",nocase; classtype:attempted-recon; sid:200000499; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"builmon.xyz",nocase; classtype:attempted-recon; sid:200000500; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bujikena.web.app",nocase; classtype:attempted-recon; sid:200000501; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bundel-cobragratis2022.duckdns.org",nocase; classtype:attempted-recon; sid:200000502; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"busanopen.org",nocase; classtype:attempted-recon; sid:200000503; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-action-page129591.web.app",nocase; classtype:attempted-recon; sid:200000504; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-appeal-copyright8211.web.app",nocase; classtype:attempted-recon; sid:200000505; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-appeal-form-18222.web.app",nocase; classtype:attempted-recon; sid:200000506; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-copyright-alert100821.web.app",nocase; classtype:attempted-recon; sid:200000507; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-copyright-alert198082.web.app",nocase; classtype:attempted-recon; sid:200000508; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-copyright-alert19882.web.app",nocase; classtype:attempted-recon; sid:200000509; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-copyright-detected920.web.app",nocase; classtype:attempted-recon; sid:200000510; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-required-helpcenter82.web.app",nocase; classtype:attempted-recon; sid:200000511; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"business-required-info188221.web.app",nocase; classtype:attempted-recon; sid:200000512; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"businessemailss.biz",nocase; classtype:attempted-recon; sid:200000513; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"buyelectronicsnyc.com",nocase; classtype:attempted-recon; sid:200000514; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"c.curiousmorty.be",nocase; classtype:attempted-recon; sid:200000515; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"c.jardindemiedo.es",nocase; classtype:attempted-recon; sid:200000516; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"c.loveawaits.be",nocase; classtype:attempted-recon; sid:200000517; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"c.mail.com",nocase; classtype:attempted-recon; sid:200000518; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"c0m-r51znzlh8i.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000519; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"c1christine.tjelmeland2e.cso.gov.tt",nocase; classtype:attempted-recon; sid:200000520; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"c2dc5b99.chgmar.pages.dev",nocase; classtype:attempted-recon; sid:200000521; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"c6ebv708.caspio.com",nocase; classtype:attempted-recon; sid:200000522; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cabsiler.com",nocase; classtype:attempted-recon; sid:200000523; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cache.nebula.phx3.secureserver.net",nocase; classtype:attempted-recon; sid:200000524; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cadeau-orange.fr",nocase; classtype:attempted-recon; sid:200000525; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"caixabanki.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200000526; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"caixaseguradora.quadientcloud.com",nocase; classtype:attempted-recon; sid:200000527; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cakesbyannemotha.com",nocase; classtype:attempted-recon; sid:200000528; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cammymiller.com",nocase; classtype:attempted-recon; sid:200000529; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"canadapost.reschedule.online.portal.services.parcel01868972.mh-group.net",nocase; classtype:attempted-recon; sid:200000530; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cann-life.com",nocase; classtype:attempted-recon; sid:200000531; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cannellandcoflooring.co.uk",nocase; classtype:attempted-recon; sid:200000532; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"capservice.online",nocase; classtype:attempted-recon; sid:200000533; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"caracasmateriais.blogspot.com",nocase; classtype:attempted-recon; sid:200000534; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"carpediemxp.com",nocase; classtype:attempted-recon; sid:200000535; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"carservicessaupdate.xyz",nocase; classtype:attempted-recon; sid:200000536; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cartamorin-geometres.fr",nocase; classtype:attempted-recon; sid:200000537; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"carwash.tv",nocase; classtype:attempted-recon; sid:200000538; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"casbygroup.com",nocase; classtype:attempted-recon; sid:200000539; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"caseforpage1003496539563.web.app",nocase; classtype:attempted-recon; sid:200000540; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"catalogue-orange.com",nocase; classtype:attempted-recon; sid:200000541; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cateringfoodanddrinksupplies777.business.site",nocase; classtype:attempted-recon; sid:200000542; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"catus.cat",nocase; classtype:attempted-recon; sid:200000543; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"caycos.beispielseite-wmka.de",nocase; classtype:attempted-recon; sid:200000544; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"caymanreno.com",nocase; classtype:attempted-recon; sid:200000545; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cbmonlinegroups.com",nocase; classtype:attempted-recon; sid:200000546; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cc.scicemecod.com",nocase; classtype:attempted-recon; sid:200000547; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cc23674.tmweb.ru",nocase; classtype:attempted-recon; sid:200000548; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ccjrlaw.com",nocase; classtype:attempted-recon; sid:200000549; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cdas.nxzigco.cn",nocase; classtype:attempted-recon; sid:200000550; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cdsoa.wuefyta.cn",nocase; classtype:attempted-recon; sid:200000551; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ce33312.tmweb.ru",nocase; classtype:attempted-recon; sid:200000552; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cekpointfacebook.wixsite.com",nocase; classtype:attempted-recon; sid:200000553; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"celikoglumakina.com",nocase; classtype:attempted-recon; sid:200000554; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cellfunworld.com",nocase; classtype:attempted-recon; sid:200000555; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cema-fossano.it",nocase; classtype:attempted-recon; sid:200000556; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"centralconsulta.link",nocase; classtype:attempted-recon; sid:200000557; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"centre1.bubbleapps.io",nocase; classtype:attempted-recon; sid:200000558; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ceresgulf.com",nocase; classtype:attempted-recon; sid:200000559; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"certifica-montepaschii.com",nocase; classtype:attempted-recon; sid:200000560; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"charitascb.com",nocase; classtype:attempted-recon; sid:200000561; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"charperimagedesign.com",nocase; classtype:attempted-recon; sid:200000562; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chat-whatasapp.com",nocase; classtype:attempted-recon; sid:200000563; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chat-whatsaap99.duckdns.org",nocase; classtype:attempted-recon; sid:200000564; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chat-whatsapp-com-go8i7q-qregrabc-ibuxub.duckdns.org",nocase; classtype:attempted-recon; sid:200000565; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chat-whatsapp-grupo-invitacion.blogspot.com",nocase; classtype:attempted-recon; sid:200000566; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chat-whatsapp-gscfghjsgsu.duckdns.org",nocase; classtype:attempted-recon; sid:200000567; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill1.web.app",nocase; classtype:attempted-recon; sid:200000568; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill10.web.app",nocase; classtype:attempted-recon; sid:200000569; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill11.web.app",nocase; classtype:attempted-recon; sid:200000570; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill12.web.app",nocase; classtype:attempted-recon; sid:200000571; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill13.web.app",nocase; classtype:attempted-recon; sid:200000572; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill14.web.app",nocase; classtype:attempted-recon; sid:200000573; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill15.web.app",nocase; classtype:attempted-recon; sid:200000574; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill17.web.app",nocase; classtype:attempted-recon; sid:200000575; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill18.web.app",nocase; classtype:attempted-recon; sid:200000576; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill19.web.app",nocase; classtype:attempted-recon; sid:200000577; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill2.web.app",nocase; classtype:attempted-recon; sid:200000578; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill20.web.app",nocase; classtype:attempted-recon; sid:200000579; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill21.web.app",nocase; classtype:attempted-recon; sid:200000580; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill22.web.app",nocase; classtype:attempted-recon; sid:200000581; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill23.web.app",nocase; classtype:attempted-recon; sid:200000582; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill24.web.app",nocase; classtype:attempted-recon; sid:200000583; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill25.web.app",nocase; classtype:attempted-recon; sid:200000584; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill3.web.app",nocase; classtype:attempted-recon; sid:200000585; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill4.web.app",nocase; classtype:attempted-recon; sid:200000586; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill5.web.app",nocase; classtype:attempted-recon; sid:200000587; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill6.web.app",nocase; classtype:attempted-recon; sid:200000588; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill7.web.app",nocase; classtype:attempted-recon; sid:200000589; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill8.web.app",nocase; classtype:attempted-recon; sid:200000590; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chckmaill9.web.app",nocase; classtype:attempted-recon; sid:200000591; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"checkkeyvip.000webhostapp.com",nocase; classtype:attempted-recon; sid:200000592; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"checkverifymyatt.weebly.com",nocase; classtype:attempted-recon; sid:200000593; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chefsenaccion.org",nocase; classtype:attempted-recon; sid:200000594; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chikkuthomas.github.io",nocase; classtype:attempted-recon; sid:200000595; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chinmayavidyalayarspuram.com",nocase; classtype:attempted-recon; sid:200000596; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chiragrajoria.github.io",nocase; classtype:attempted-recon; sid:200000597; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chois.jp",nocase; classtype:attempted-recon; sid:200000598; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"christienstudystl.wixsite.com",nocase; classtype:attempted-recon; sid:200000599; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"christmas-dhl-express-delvr.hopekosmos.com",nocase; classtype:attempted-recon; sid:200000600; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chronopostaws.com",nocase; classtype:attempted-recon; sid:200000601; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chtbnk.uk",nocase; classtype:attempted-recon; sid:200000602; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chutomen.com",nocase; classtype:attempted-recon; sid:200000603; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cinemaleftech.com",nocase; classtype:attempted-recon; sid:200000604; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"citagestionenlineabn.com",nocase; classtype:attempted-recon; sid:200000605; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"city-of-jazz.de",nocase; classtype:attempted-recon; sid:200000606; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ckwgruppe.service-now.com",nocase; classtype:attempted-recon; sid:200000607; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"claiimdiamondgratis84.duckdns.org",nocase; classtype:attempted-recon; sid:200000608; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"claim-event-freefire-garena-oldfree-a4.duckdns.org",nocase; classtype:attempted-recon; sid:200000609; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"claim-skingratis-mobailegends161.duckdns.org",nocase; classtype:attempted-recon; sid:200000610; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"claims-funds-enczj.run-us-west2.goorm.io",nocase; classtype:attempted-recon; sid:200000611; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"claimseventmlbb.duckdns.org",nocase; classtype:attempted-recon; sid:200000612; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"claimshopee.yolasite.com",nocase; classtype:attempted-recon; sid:200000613; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"claro-link.brsafe.com.br",nocase; classtype:attempted-recon; sid:200000614; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"claus.bz",nocase; classtype:attempted-recon; sid:200000615; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"click-here-help.in",nocase; classtype:attempted-recon; sid:200000616; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"client-support-page.com",nocase; classtype:attempted-recon; sid:200000617; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"clientid-h5p8n7f9e6fbmkhbr3i4gbnia7e9zpts4nbk3ebk0zj625t2ol.website.yandexcloud.net",nocase; classtype:attempted-recon; sid:200000618; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"clientid-ij66191jgbm96ujp40bz1gzmpc8iquhoff3ocmbrzs6g5i89t0.website.yandexcloud.net",nocase; classtype:attempted-recon; sid:200000619; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"clients.devtux.com",nocase; classtype:attempted-recon; sid:200000620; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"clone-7473c.web.app",nocase; classtype:attempted-recon; sid:200000621; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"closingdocs9480.myportfolio.com",nocase; classtype:attempted-recon; sid:200000622; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cloud-object-storage-o9-cos-static-web-hocsx2.pages.dev",nocase; classtype:attempted-recon; sid:200000623; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cloud.go4clients.com",nocase; classtype:attempted-recon; sid:200000624; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cloud102.hostgator.com",nocase; classtype:attempted-recon; sid:200000625; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"clouddoc-authorize.firebaseapp.com",nocase; classtype:attempted-recon; sid:200000626; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cloudflare-rbnuo.run.goorm.io",nocase; classtype:attempted-recon; sid:200000627; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cloudshare-account-auth.firebaseapp.com",nocase; classtype:attempted-recon; sid:200000628; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cloudtracker.com.br",nocase; classtype:attempted-recon; sid:200000629; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"club.quomodo.com",nocase; classtype:attempted-recon; sid:200000630; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"clubeamigosdopedrosegundo.com.br",nocase; classtype:attempted-recon; sid:200000631; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cms.time-investments.com",nocase; classtype:attempted-recon; sid:200000632; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cnbxa.1of2o6k.cn",nocase; classtype:attempted-recon; sid:200000633; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cner283829.odoo.com",nocase; classtype:attempted-recon; sid:200000634; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cninflables.com",nocase; classtype:attempted-recon; sid:200000635; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.azoynfq.cn",nocase; classtype:attempted-recon; sid:200000636; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.bh1fgg1.cn",nocase; classtype:attempted-recon; sid:200000637; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.bzkgfzj.cn",nocase; classtype:attempted-recon; sid:200000638; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.clblrvh.cn",nocase; classtype:attempted-recon; sid:200000639; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.csfknas.cn",nocase; classtype:attempted-recon; sid:200000640; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.daailrf.cn",nocase; classtype:attempted-recon; sid:200000641; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.eiatphe.cn",nocase; classtype:attempted-recon; sid:200000642; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.fjzzgxx.cn",nocase; classtype:attempted-recon; sid:200000643; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.fxdwtxc.cn",nocase; classtype:attempted-recon; sid:200000644; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.ghemivv.cn",nocase; classtype:attempted-recon; sid:200000645; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.hivbdco.cn",nocase; classtype:attempted-recon; sid:200000646; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.iiaqjrp.cn",nocase; classtype:attempted-recon; sid:200000647; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.rkrabsk.cn",nocase; classtype:attempted-recon; sid:200000648; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.rqqidd.cn",nocase; classtype:attempted-recon; sid:200000649; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.rukbcga.cn",nocase; classtype:attempted-recon; sid:200000650; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.sefdvsi.cn",nocase; classtype:attempted-recon; sid:200000651; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.tezkkbp.cn",nocase; classtype:attempted-recon; sid:200000652; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"co.jp.ztxzzup.cn",nocase; classtype:attempted-recon; sid:200000653; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cobaincurlduluom.duckdns.org",nocase; classtype:attempted-recon; sid:200000654; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"codwarzonemobile.com",nocase; classtype:attempted-recon; sid:200000655; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"coindappsync.online",nocase; classtype:attempted-recon; sid:200000656; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev",nocase; classtype:attempted-recon; sid:200000657; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"collab-land.net",nocase; classtype:attempted-recon; sid:200000658; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"collabland.info",nocase; classtype:attempted-recon; sid:200000659; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"collablandfi.com",nocase; classtype:attempted-recon; sid:200000660; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"colorfastinv.com",nocase; classtype:attempted-recon; sid:200000661; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"com-3z9m3j9qhp.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000662; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"com-4tfgonrlym.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000663; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"com-dnq84vac.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000664; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"com-h3v9t9zycu.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000665; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"com-l5tpetwb.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000666; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"com-mm2ai86orr.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000667; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"com-r51znzlh8i.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000668; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"com-sauuvazpjo.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000669; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"com-ugsyk69nqb.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200000670; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"community.fb-pages-01138913366342885284.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link",nocase; classtype:attempted-recon; sid:200000671; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"community.fb-pages-28202553629866144006.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link",nocase; classtype:attempted-recon; sid:200000672; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"community.fb-pages-44883444930165123303.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link",nocase; classtype:attempted-recon; sid:200000673; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"completeegali.webcindario.com",nocase; classtype:attempted-recon; sid:200000674; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"completeyorcorp.lunsrgovert.net",nocase; classtype:attempted-recon; sid:200000675; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"comunicazione-europe.net",nocase; classtype:attempted-recon; sid:200000676; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"comunity-isue-ideent-andromeda-29.web.id",nocase; classtype:attempted-recon; sid:200000677; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"comunity-isue-ideent-andromeda-33.web.id",nocase; classtype:attempted-recon; sid:200000678; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"con-firma.firebaseapp.com",nocase; classtype:attempted-recon; sid:200000679; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"congresosba.com.ar",nocase; classtype:attempted-recon; sid:200000680; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"conhecaonlinedigital.com.br",nocase; classtype:attempted-recon; sid:200000681; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"connect.au-login.0662smt.com",nocase; classtype:attempted-recon; sid:200000682; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"connect.auone.jp-login.kddi-sys.com",nocase; classtype:attempted-recon; sid:200000683; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"connect.myauone.jp-auid.jp-auid.com",nocase; classtype:attempted-recon; sid:200000684; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"connect.myauone.jp-auid.kddi-mail.com",nocase; classtype:attempted-recon; sid:200000685; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"connectlivewallet.io",nocase; classtype:attempted-recon; sid:200000686; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"connectwallet.me",nocase; classtype:attempted-recon; sid:200000687; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"conoscofaturahiiiper.com",nocase; classtype:attempted-recon; sid:200000688; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"contabilidaderabello.com.br",nocase; classtype:attempted-recon; sid:200000689; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"contact2acceptpoilcyverifingyouracceptancemailfullinbox.pages.dev",nocase; classtype:attempted-recon; sid:200000690; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"contapessoal.digital",nocase; classtype:attempted-recon; sid:200000691; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"content.av1.com.au",nocase; classtype:attempted-recon; sid:200000692; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"content.edgerockwealth.com",nocase; classtype:attempted-recon; sid:200000693; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"content.meetmagic.org",nocase; classtype:attempted-recon; sid:200000694; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"continentepecas.com",nocase; classtype:attempted-recon; sid:200000695; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"contratodeparceria.com.br",nocase; classtype:attempted-recon; sid:200000696; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"controlpichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200000697; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"copyright-center-live.ml",nocase; classtype:attempted-recon; sid:200000698; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"coroplastusa.com",nocase; classtype:attempted-recon; sid:200000699; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"correosdemexico-web.com",nocase; classtype:attempted-recon; sid:200000700; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"corta.ai",nocase; classtype:attempted-recon; sid:200000701; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cosemu.com",nocase; classtype:attempted-recon; sid:200000702; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cottonwooddentalg.nimbusweb.me",nocase; classtype:attempted-recon; sid:200000703; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"courtcase.co.in",nocase; classtype:attempted-recon; sid:200000704; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"covid-foyyn.run-us-west2.goorm.io",nocase; classtype:attempted-recon; sid:200000705; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cox0.yolasite.com",nocase; classtype:attempted-recon; sid:200000706; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cp.digitalprocurements.co.uk",nocase; classtype:attempted-recon; sid:200000707; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cp45362.tmweb.ru",nocase; classtype:attempted-recon; sid:200000708; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cpanel10wh.bkk1.cloud.z.com",nocase; classtype:attempted-recon; sid:200000709; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cr24185.tmweb.ru",nocase; classtype:attempted-recon; sid:200000710; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"crackfreekey.com",nocase; classtype:attempted-recon; sid:200000711; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cranetech.com.br",nocase; classtype:attempted-recon; sid:200000712; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creatorsverificationandsafetybusiness.co.vu",nocase; classtype:attempted-recon; sid:200000713; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"credcloud-object-storage-o9-cos-static-web-hocsd3d.pages.dev",nocase; classtype:attempted-recon; sid:200000714; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"credicorp-capital.net",nocase; classtype:attempted-recon; sid:200000715; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"credicorpfiduciariasa.com",nocase; classtype:attempted-recon; sid:200000716; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"credifinanciera.didacsis.com",nocase; classtype:attempted-recon; sid:200000717; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"crediserfinanza.com",nocase; classtype:attempted-recon; sid:200000718; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creditagricole-sudrhonealpes.blogspot.ba",nocase; classtype:attempted-recon; sid:200000719; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creditagricole-sudrhonealpes.blogspot.com",nocase; classtype:attempted-recon; sid:200000720; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creditagricole-sudrhonealpes.blogspot.ro",nocase; classtype:attempted-recon; sid:200000721; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creditinternationalbank.com",nocase; classtype:attempted-recon; sid:200000722; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creditiperhabbogratissicuro100.blogspot.it",nocase; classtype:attempted-recon; sid:200000723; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cresvin.com",nocase; classtype:attempted-recon; sid:200000724; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"criticalcarevizag.com",nocase; classtype:attempted-recon; sid:200000725; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"crrdxwjap7t.typeform.com",nocase; classtype:attempted-recon; sid:200000726; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cryptocars-plays.buzz",nocase; classtype:attempted-recon; sid:200000727; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cryptocarsme.com",nocase; classtype:attempted-recon; sid:200000728; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cryptscars-logs.com",nocase; classtype:attempted-recon; sid:200000729; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cryqtocars.me",nocase; classtype:attempted-recon; sid:200000730; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cuans.bkaamiv.cn",nocase; classtype:attempted-recon; sid:200000731; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"currentlyupgrade.mystrikingly.com",nocase; classtype:attempted-recon; sid:200000732; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cusnas.366wuv.cn",nocase; classtype:attempted-recon; sid:200000733; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cxas.bvd2q18.cn",nocase; classtype:attempted-recon; sid:200000734; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cxas.zk6w4dt.cn",nocase; classtype:attempted-recon; sid:200000735; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cxasd.easghbl.cn",nocase; classtype:attempted-recon; sid:200000736; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cxmnsa.04frh0w.cn",nocase; classtype:attempted-recon; sid:200000737; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cxnbas.nmkbmqk.cn",nocase; classtype:attempted-recon; sid:200000738; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cxuahs.1wc9bxm.cn",nocase; classtype:attempted-recon; sid:200000739; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cyna.rkpmage.cn",nocase; classtype:attempted-recon; sid:200000740; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cyqsnwx.cn",nocase; classtype:attempted-recon; sid:200000741; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"czechposta-cz.cz.swtest.ru",nocase; classtype:attempted-recon; sid:200000742; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"czvon.4fan.cz",nocase; classtype:attempted-recon; sid:200000743; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"czxasd.3ot975v.cn",nocase; classtype:attempted-recon; sid:200000744; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"d.app32150.xyz",nocase; classtype:attempted-recon; sid:200000745; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"d18gc1ytkdv37u.cloudfront.net",nocase; classtype:attempted-recon; sid:200000746; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"d2aae6a6.srvr-cloudmail-srvr675eu6r.pages.dev",nocase; classtype:attempted-recon; sid:200000747; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"d3ncuwwrr82.typeform.com",nocase; classtype:attempted-recon; sid:200000748; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"daatahomes.com",nocase; classtype:attempted-recon; sid:200000749; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dadafa88.com",nocase; classtype:attempted-recon; sid:200000750; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"damp-f43e.recovery-page-secur.workers.dev",nocase; classtype:attempted-recon; sid:200000751; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"danitraseoexperts.com",nocase; classtype:attempted-recon; sid:200000752; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dappconnecttvalidator.net",nocase; classtype:attempted-recon; sid:200000753; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dapponlines.com",nocase; classtype:attempted-recon; sid:200000754; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dappscoins.com",nocase; classtype:attempted-recon; sid:200000755; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dappsiconnect.com",nocase; classtype:attempted-recon; sid:200000756; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dappsmainnetverify.com",nocase; classtype:attempted-recon; sid:200000757; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dappswalletapp.org",nocase; classtype:attempted-recon; sid:200000758; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dappswalletliveauthenticate.com",nocase; classtype:attempted-recon; sid:200000759; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dasd.atio2tq.cn",nocase; classtype:attempted-recon; sid:200000760; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"date-on-14-01.totaltrackingimproveupscanada.com",nocase; classtype:attempted-recon; sid:200000761; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"datos-pichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200000762; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"davidshopeaz.org",nocase; classtype:attempted-recon; sid:200000763; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"daycoval.contrato.srv.br",nocase; classtype:attempted-recon; sid:200000764; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"daycoval.facildepagar.com.br",nocase; classtype:attempted-recon; sid:200000765; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"db-web-client.com",nocase; classtype:attempted-recon; sid:200000766; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dbesmdcjzturhizszllesbthsn-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200000767; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dbkuzwes.online",nocase; classtype:attempted-recon; sid:200000768; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dbs.limited",nocase; classtype:attempted-recon; sid:200000769; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dbs.online.webdbslistinonline.com",nocase; classtype:attempted-recon; sid:200000770; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dbs.webdbslistinonline.com",nocase; classtype:attempted-recon; sid:200000771; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dbw.gr",nocase; classtype:attempted-recon; sid:200000772; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dcm1.ae.iwc.static.tungmung.co.id",nocase; classtype:attempted-recon; sid:200000773; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dd90001.github.io",nocase; classtype:attempted-recon; sid:200000774; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"de.eurohome.civ.pl",nocase; classtype:attempted-recon; sid:200000775; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"de22c9kukppr.clickfunnels.com",nocase; classtype:attempted-recon; sid:200000776; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"deactivemsnon-8k98-l9k8-98j8-98j78u.pages.dev",nocase; classtype:attempted-recon; sid:200000777; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"deborahholland.net",nocase; classtype:attempted-recon; sid:200000778; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"debuil.xyz",nocase; classtype:attempted-recon; sid:200000779; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"declicgestion.fr",nocase; classtype:attempted-recon; sid:200000780; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"decorcenter.com.pe",nocase; classtype:attempted-recon; sid:200000781; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dejpaad.com",nocase; classtype:attempted-recon; sid:200000782; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"delacproperties.com.mx",nocase; classtype:attempted-recon; sid:200000783; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"delezhen.mashalezhen.com",nocase; classtype:attempted-recon; sid:200000784; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"delhiescort69.com",nocase; classtype:attempted-recon; sid:200000785; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"deltaairlinecourier.com",nocase; classtype:attempted-recon; sid:200000786; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"demallplot-tra.web.app",nocase; classtype:attempted-recon; sid:200000787; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"demiregalos.com.ar",nocase; classtype:attempted-recon; sid:200000788; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"demo.bradescocontrol.vertitecnologia.com.br",nocase; classtype:attempted-recon; sid:200000789; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"demo2.cloudwp.dev",nocase; classtype:attempted-recon; sid:200000790; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"denuihuongson.com.vn",nocase; classtype:attempted-recon; sid:200000791; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"deportesartiza.com",nocase; classtype:attempted-recon; sid:200000792; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"deregister-lbpayee.com",nocase; classtype:attempted-recon; sid:200000793; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"desejoourocard.com.br",nocase; classtype:attempted-recon; sid:200000794; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"desidiatech.com",nocase; classtype:attempted-recon; sid:200000795; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"designerlakehouse.com",nocase; classtype:attempted-recon; sid:200000796; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"desksellcompany.com",nocase; classtype:attempted-recon; sid:200000797; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"destinationth.com",nocase; classtype:attempted-recon; sid:200000798; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"deutsche-post.apurvathespygenesh.com",nocase; classtype:attempted-recon; sid:200000799; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dev-nadaj.orlenpaczka.ce5.pl",nocase; classtype:attempted-recon; sid:200000800; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dev-secu-credit-union.pantheonsite.io",nocase; classtype:attempted-recon; sid:200000801; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dev-www.orlenpaczka.ce5.pl",nocase; classtype:attempted-recon; sid:200000802; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dev.massageliabilityinsurancegroup.com",nocase; classtype:attempted-recon; sid:200000803; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dev.shivaxi.com",nocase; classtype:attempted-recon; sid:200000804; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"devicepichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200000805; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"devops.help",nocase; classtype:attempted-recon; sid:200000806; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dfscord-app.club",nocase; classtype:attempted-recon; sid:200000807; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dgi.is",nocase; classtype:attempted-recon; sid:200000808; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dgmepunjab.gov.pk",nocase; classtype:attempted-recon; sid:200000809; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dgsh2ws45.lovestoblog.com",nocase; classtype:attempted-recon; sid:200000810; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dhanushr24.github.io",nocase; classtype:attempted-recon; sid:200000811; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dhl-event.app",nocase; classtype:attempted-recon; sid:200000812; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dhl.recruitmentplatform.com",nocase; classtype:attempted-recon; sid:200000813; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"diamondplate.us",nocase; classtype:attempted-recon; sid:200000814; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"die-post-swiss-id-19782635812.psd2any.com",nocase; classtype:attempted-recon; sid:200000815; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"diepost-paketevhost207932.lowhost.ru",nocase; classtype:attempted-recon; sid:200000816; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"diginto.org",nocase; classtype:attempted-recon; sid:200000817; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"diligentverify.com",nocase; classtype:attempted-recon; sid:200000818; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"directqpuprozaakp.weebly.com",nocase; classtype:attempted-recon; sid:200000819; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dirtyez.com",nocase; classtype:attempted-recon; sid:200000820; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"disccrdapp.com",nocase; classtype:attempted-recon; sid:200000821; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"disckord.club",nocase; classtype:attempted-recon; sid:200000822; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"discoord-nittro.com",nocase; classtype:attempted-recon; sid:200000823; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"discordbugs.com",nocase; classtype:attempted-recon; sid:200000824; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"discordnitroos.com",nocase; classtype:attempted-recon; sid:200000825; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"discrods.gift",nocase; classtype:attempted-recon; sid:200000826; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dispositivoapp.azurewebsites.net",nocase; classtype:attempted-recon; sid:200000827; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"distinctivei.com",nocase; classtype:attempted-recon; sid:200000828; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"distrial.ec",nocase; classtype:attempted-recon; sid:200000829; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"divinasoutfit.cl",nocase; classtype:attempted-recon; sid:200000830; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"djfh.wmfc241.cn",nocase; classtype:attempted-recon; sid:200000831; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dkb-info.com",nocase; classtype:attempted-recon; sid:200000832; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dkbtan07.com",nocase; classtype:attempted-recon; sid:200000833; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dke060122.page.link",nocase; classtype:attempted-recon; sid:200000834; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dkglobaljobs.com",nocase; classtype:attempted-recon; sid:200000835; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dl.9xu.com",nocase; classtype:attempted-recon; sid:200000836; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dlink.me",nocase; classtype:attempted-recon; sid:200000837; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dmaxpesca.com.es",nocase; classtype:attempted-recon; sid:200000838; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"doclab-console-auth.firebaseapp.com",nocase; classtype:attempted-recon; sid:200000839; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs-verify-c671.thajetiase.workers.dev",nocase; classtype:attempted-recon; sid:200000840; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.revv.so",nocase; classtype:attempted-recon; sid:200000841; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docsharex-authorize.firebaseapp.com",nocase; classtype:attempted-recon; sid:200000842; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docuservice.us",nocase; classtype:attempted-recon; sid:200000843; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docusign-lnc.info",nocase; classtype:attempted-recon; sid:200000844; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domaincontroller.pmeimg.co.uk",nocase; classtype:attempted-recon; sid:200000845; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa100.web.app",nocase; classtype:attempted-recon; sid:200000846; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa101.web.app",nocase; classtype:attempted-recon; sid:200000847; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa102.web.app",nocase; classtype:attempted-recon; sid:200000848; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa103.web.app",nocase; classtype:attempted-recon; sid:200000849; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa104.web.app",nocase; classtype:attempted-recon; sid:200000850; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa105.web.app",nocase; classtype:attempted-recon; sid:200000851; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa108.web.app",nocase; classtype:attempted-recon; sid:200000852; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa109.web.app",nocase; classtype:attempted-recon; sid:200000853; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa110.web.app",nocase; classtype:attempted-recon; sid:200000854; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa111.web.app",nocase; classtype:attempted-recon; sid:200000855; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa112.web.app",nocase; classtype:attempted-recon; sid:200000856; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa113.web.app",nocase; classtype:attempted-recon; sid:200000857; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa114.web.app",nocase; classtype:attempted-recon; sid:200000858; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa115.web.app",nocase; classtype:attempted-recon; sid:200000859; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa116.web.app",nocase; classtype:attempted-recon; sid:200000860; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa117.web.app",nocase; classtype:attempted-recon; sid:200000861; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa118.web.app",nocase; classtype:attempted-recon; sid:200000862; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa119.web.app",nocase; classtype:attempted-recon; sid:200000863; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa122.web.app",nocase; classtype:attempted-recon; sid:200000864; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa123.web.app",nocase; classtype:attempted-recon; sid:200000865; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa124.web.app",nocase; classtype:attempted-recon; sid:200000866; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa126.web.app",nocase; classtype:attempted-recon; sid:200000867; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa127.web.app",nocase; classtype:attempted-recon; sid:200000868; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa128.web.app",nocase; classtype:attempted-recon; sid:200000869; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa129.web.app",nocase; classtype:attempted-recon; sid:200000870; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa13.web.app",nocase; classtype:attempted-recon; sid:200000871; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa130.web.app",nocase; classtype:attempted-recon; sid:200000872; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa131.web.app",nocase; classtype:attempted-recon; sid:200000873; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa132.web.app",nocase; classtype:attempted-recon; sid:200000874; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa134.web.app",nocase; classtype:attempted-recon; sid:200000875; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa135.web.app",nocase; classtype:attempted-recon; sid:200000876; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa136.web.app",nocase; classtype:attempted-recon; sid:200000877; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa137.web.app",nocase; classtype:attempted-recon; sid:200000878; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa139.web.app",nocase; classtype:attempted-recon; sid:200000879; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa14.web.app",nocase; classtype:attempted-recon; sid:200000880; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa142.web.app",nocase; classtype:attempted-recon; sid:200000881; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa143.web.app",nocase; classtype:attempted-recon; sid:200000882; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa144.web.app",nocase; classtype:attempted-recon; sid:200000883; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa145.web.app",nocase; classtype:attempted-recon; sid:200000884; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa146.web.app",nocase; classtype:attempted-recon; sid:200000885; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa148.web.app",nocase; classtype:attempted-recon; sid:200000886; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa149.web.app",nocase; classtype:attempted-recon; sid:200000887; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa150.web.app",nocase; classtype:attempted-recon; sid:200000888; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa152.web.app",nocase; classtype:attempted-recon; sid:200000889; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa153.web.app",nocase; classtype:attempted-recon; sid:200000890; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa155.web.app",nocase; classtype:attempted-recon; sid:200000891; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa156.web.app",nocase; classtype:attempted-recon; sid:200000892; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa158.web.app",nocase; classtype:attempted-recon; sid:200000893; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa159.web.app",nocase; classtype:attempted-recon; sid:200000894; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa160.web.app",nocase; classtype:attempted-recon; sid:200000895; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa161.web.app",nocase; classtype:attempted-recon; sid:200000896; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa162.web.app",nocase; classtype:attempted-recon; sid:200000897; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa163.web.app",nocase; classtype:attempted-recon; sid:200000898; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa164.web.app",nocase; classtype:attempted-recon; sid:200000899; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa166.web.app",nocase; classtype:attempted-recon; sid:200000900; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa167.web.app",nocase; classtype:attempted-recon; sid:200000901; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa168.web.app",nocase; classtype:attempted-recon; sid:200000902; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa169.web.app",nocase; classtype:attempted-recon; sid:200000903; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa171.web.app",nocase; classtype:attempted-recon; sid:200000904; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa172.web.app",nocase; classtype:attempted-recon; sid:200000905; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa173.web.app",nocase; classtype:attempted-recon; sid:200000906; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa174.web.app",nocase; classtype:attempted-recon; sid:200000907; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa176.web.app",nocase; classtype:attempted-recon; sid:200000908; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa178.web.app",nocase; classtype:attempted-recon; sid:200000909; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa179.web.app",nocase; classtype:attempted-recon; sid:200000910; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa18.web.app",nocase; classtype:attempted-recon; sid:200000911; rev:1;)
@@ -922,4415 +922,4235 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing web
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa182.web.app",nocase; classtype:attempted-recon; sid:200000914; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa183.web.app",nocase; classtype:attempted-recon; sid:200000915; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa184.web.app",nocase; classtype:attempted-recon; sid:200000916; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa185.web.app",nocase; classtype:attempted-recon; sid:200000917; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa186.web.app",nocase; classtype:attempted-recon; sid:200000918; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa187.web.app",nocase; classtype:attempted-recon; sid:200000919; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa188.web.app",nocase; classtype:attempted-recon; sid:200000920; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa189.web.app",nocase; classtype:attempted-recon; sid:200000921; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa19.web.app",nocase; classtype:attempted-recon; sid:200000922; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa190.web.app",nocase; classtype:attempted-recon; sid:200000923; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa191.web.app",nocase; classtype:attempted-recon; sid:200000924; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa193.web.app",nocase; classtype:attempted-recon; sid:200000925; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa194.web.app",nocase; classtype:attempted-recon; sid:200000926; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa195.web.app",nocase; classtype:attempted-recon; sid:200000927; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa196.web.app",nocase; classtype:attempted-recon; sid:200000928; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa197.web.app",nocase; classtype:attempted-recon; sid:200000929; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa198.web.app",nocase; classtype:attempted-recon; sid:200000930; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa199.web.app",nocase; classtype:attempted-recon; sid:200000931; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa20.web.app",nocase; classtype:attempted-recon; sid:200000932; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa200.web.app",nocase; classtype:attempted-recon; sid:200000933; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa201.web.app",nocase; classtype:attempted-recon; sid:200000934; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa202.web.app",nocase; classtype:attempted-recon; sid:200000935; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa203.web.app",nocase; classtype:attempted-recon; sid:200000936; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa204.web.app",nocase; classtype:attempted-recon; sid:200000937; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa205.web.app",nocase; classtype:attempted-recon; sid:200000938; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa206.web.app",nocase; classtype:attempted-recon; sid:200000939; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa207.web.app",nocase; classtype:attempted-recon; sid:200000940; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa208.web.app",nocase; classtype:attempted-recon; sid:200000941; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa209.web.app",nocase; classtype:attempted-recon; sid:200000942; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa21.web.app",nocase; classtype:attempted-recon; sid:200000943; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa210.web.app",nocase; classtype:attempted-recon; sid:200000944; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa211.web.app",nocase; classtype:attempted-recon; sid:200000945; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa212.web.app",nocase; classtype:attempted-recon; sid:200000946; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa213.web.app",nocase; classtype:attempted-recon; sid:200000947; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa214.web.app",nocase; classtype:attempted-recon; sid:200000948; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa215.web.app",nocase; classtype:attempted-recon; sid:200000949; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa216.web.app",nocase; classtype:attempted-recon; sid:200000950; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa217.web.app",nocase; classtype:attempted-recon; sid:200000951; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa218.web.app",nocase; classtype:attempted-recon; sid:200000952; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa219.web.app",nocase; classtype:attempted-recon; sid:200000953; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa220.web.app",nocase; classtype:attempted-recon; sid:200000954; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa221.web.app",nocase; classtype:attempted-recon; sid:200000955; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa222.web.app",nocase; classtype:attempted-recon; sid:200000956; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa223.web.app",nocase; classtype:attempted-recon; sid:200000957; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa224.web.app",nocase; classtype:attempted-recon; sid:200000958; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa225.web.app",nocase; classtype:attempted-recon; sid:200000959; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa226.web.app",nocase; classtype:attempted-recon; sid:200000960; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa227.web.app",nocase; classtype:attempted-recon; sid:200000961; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa228.web.app",nocase; classtype:attempted-recon; sid:200000962; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa229.web.app",nocase; classtype:attempted-recon; sid:200000963; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa230.web.app",nocase; classtype:attempted-recon; sid:200000964; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa231.web.app",nocase; classtype:attempted-recon; sid:200000965; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa232.web.app",nocase; classtype:attempted-recon; sid:200000966; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa233.web.app",nocase; classtype:attempted-recon; sid:200000967; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa234.web.app",nocase; classtype:attempted-recon; sid:200000968; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa235.web.app",nocase; classtype:attempted-recon; sid:200000969; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa237.web.app",nocase; classtype:attempted-recon; sid:200000970; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa238.web.app",nocase; classtype:attempted-recon; sid:200000971; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa239.web.app",nocase; classtype:attempted-recon; sid:200000972; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa240.web.app",nocase; classtype:attempted-recon; sid:200000973; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa241.web.app",nocase; classtype:attempted-recon; sid:200000974; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa242.web.app",nocase; classtype:attempted-recon; sid:200000975; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa243.web.app",nocase; classtype:attempted-recon; sid:200000976; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa244.web.app",nocase; classtype:attempted-recon; sid:200000977; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa245.web.app",nocase; classtype:attempted-recon; sid:200000978; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa246.web.app",nocase; classtype:attempted-recon; sid:200000979; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa247.web.app",nocase; classtype:attempted-recon; sid:200000980; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa248.web.app",nocase; classtype:attempted-recon; sid:200000981; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa249.web.app",nocase; classtype:attempted-recon; sid:200000982; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa25.web.app",nocase; classtype:attempted-recon; sid:200000983; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa250.web.app",nocase; classtype:attempted-recon; sid:200000984; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa251.web.app",nocase; classtype:attempted-recon; sid:200000985; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa252.web.app",nocase; classtype:attempted-recon; sid:200000986; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa253.web.app",nocase; classtype:attempted-recon; sid:200000987; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa254.web.app",nocase; classtype:attempted-recon; sid:200000988; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa255.web.app",nocase; classtype:attempted-recon; sid:200000989; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa256.web.app",nocase; classtype:attempted-recon; sid:200000990; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa257.web.app",nocase; classtype:attempted-recon; sid:200000991; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa258.web.app",nocase; classtype:attempted-recon; sid:200000992; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa259.web.app",nocase; classtype:attempted-recon; sid:200000993; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa26.web.app",nocase; classtype:attempted-recon; sid:200000994; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa260.web.app",nocase; classtype:attempted-recon; sid:200000995; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa261.web.app",nocase; classtype:attempted-recon; sid:200000996; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa262.web.app",nocase; classtype:attempted-recon; sid:200000997; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa263.web.app",nocase; classtype:attempted-recon; sid:200000998; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa264.web.app",nocase; classtype:attempted-recon; sid:200000999; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa265.web.app",nocase; classtype:attempted-recon; sid:200001000; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa266.web.app",nocase; classtype:attempted-recon; sid:200001001; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa267.web.app",nocase; classtype:attempted-recon; sid:200001002; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa268.web.app",nocase; classtype:attempted-recon; sid:200001003; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa269.web.app",nocase; classtype:attempted-recon; sid:200001004; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa270.web.app",nocase; classtype:attempted-recon; sid:200001005; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa271.web.app",nocase; classtype:attempted-recon; sid:200001006; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa272.web.app",nocase; classtype:attempted-recon; sid:200001007; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa273.web.app",nocase; classtype:attempted-recon; sid:200001008; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa274.web.app",nocase; classtype:attempted-recon; sid:200001009; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa275.web.app",nocase; classtype:attempted-recon; sid:200001010; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa276.web.app",nocase; classtype:attempted-recon; sid:200001011; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa277.web.app",nocase; classtype:attempted-recon; sid:200001012; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa278.web.app",nocase; classtype:attempted-recon; sid:200001013; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa279.web.app",nocase; classtype:attempted-recon; sid:200001014; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa280.web.app",nocase; classtype:attempted-recon; sid:200001015; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa281.web.app",nocase; classtype:attempted-recon; sid:200001016; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa282.web.app",nocase; classtype:attempted-recon; sid:200001017; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa283.web.app",nocase; classtype:attempted-recon; sid:200001018; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa284.web.app",nocase; classtype:attempted-recon; sid:200001019; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa285.web.app",nocase; classtype:attempted-recon; sid:200001020; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa286.web.app",nocase; classtype:attempted-recon; sid:200001021; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa287.web.app",nocase; classtype:attempted-recon; sid:200001022; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa289.web.app",nocase; classtype:attempted-recon; sid:200001023; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa29.web.app",nocase; classtype:attempted-recon; sid:200001024; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa290.web.app",nocase; classtype:attempted-recon; sid:200001025; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa292.web.app",nocase; classtype:attempted-recon; sid:200001026; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa293.web.app",nocase; classtype:attempted-recon; sid:200001027; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa294.web.app",nocase; classtype:attempted-recon; sid:200001028; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa295.web.app",nocase; classtype:attempted-recon; sid:200001029; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa296.web.app",nocase; classtype:attempted-recon; sid:200001030; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa297.web.app",nocase; classtype:attempted-recon; sid:200001031; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa298.web.app",nocase; classtype:attempted-recon; sid:200001032; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa299.web.app",nocase; classtype:attempted-recon; sid:200001033; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa30.web.app",nocase; classtype:attempted-recon; sid:200001034; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa300.web.app",nocase; classtype:attempted-recon; sid:200001035; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa301.web.app",nocase; classtype:attempted-recon; sid:200001036; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa302.web.app",nocase; classtype:attempted-recon; sid:200001037; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa303.web.app",nocase; classtype:attempted-recon; sid:200001038; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa304.web.app",nocase; classtype:attempted-recon; sid:200001039; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa305.web.app",nocase; classtype:attempted-recon; sid:200001040; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa306.web.app",nocase; classtype:attempted-recon; sid:200001041; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa307.web.app",nocase; classtype:attempted-recon; sid:200001042; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa308.web.app",nocase; classtype:attempted-recon; sid:200001043; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa309.web.app",nocase; classtype:attempted-recon; sid:200001044; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa31.web.app",nocase; classtype:attempted-recon; sid:200001045; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa310.web.app",nocase; classtype:attempted-recon; sid:200001046; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa311.web.app",nocase; classtype:attempted-recon; sid:200001047; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa312.web.app",nocase; classtype:attempted-recon; sid:200001048; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa313.web.app",nocase; classtype:attempted-recon; sid:200001049; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa314.web.app",nocase; classtype:attempted-recon; sid:200001050; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa315.web.app",nocase; classtype:attempted-recon; sid:200001051; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa316.web.app",nocase; classtype:attempted-recon; sid:200001052; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa317.web.app",nocase; classtype:attempted-recon; sid:200001053; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa318.web.app",nocase; classtype:attempted-recon; sid:200001054; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa319.web.app",nocase; classtype:attempted-recon; sid:200001055; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa32.web.app",nocase; classtype:attempted-recon; sid:200001056; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa320.web.app",nocase; classtype:attempted-recon; sid:200001057; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa321.web.app",nocase; classtype:attempted-recon; sid:200001058; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa322.web.app",nocase; classtype:attempted-recon; sid:200001059; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa323.web.app",nocase; classtype:attempted-recon; sid:200001060; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa324.web.app",nocase; classtype:attempted-recon; sid:200001061; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa325.web.app",nocase; classtype:attempted-recon; sid:200001062; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa326.web.app",nocase; classtype:attempted-recon; sid:200001063; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa327.web.app",nocase; classtype:attempted-recon; sid:200001064; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa328.web.app",nocase; classtype:attempted-recon; sid:200001065; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa329.web.app",nocase; classtype:attempted-recon; sid:200001066; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa33.web.app",nocase; classtype:attempted-recon; sid:200001067; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa330.web.app",nocase; classtype:attempted-recon; sid:200001068; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa331.web.app",nocase; classtype:attempted-recon; sid:200001069; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa332.web.app",nocase; classtype:attempted-recon; sid:200001070; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa333.web.app",nocase; classtype:attempted-recon; sid:200001071; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa334.web.app",nocase; classtype:attempted-recon; sid:200001072; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa335.web.app",nocase; classtype:attempted-recon; sid:200001073; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa336.web.app",nocase; classtype:attempted-recon; sid:200001074; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa337.web.app",nocase; classtype:attempted-recon; sid:200001075; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa338.web.app",nocase; classtype:attempted-recon; sid:200001076; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa339.web.app",nocase; classtype:attempted-recon; sid:200001077; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa34.web.app",nocase; classtype:attempted-recon; sid:200001078; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa340.web.app",nocase; classtype:attempted-recon; sid:200001079; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa341.web.app",nocase; classtype:attempted-recon; sid:200001080; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa342.web.app",nocase; classtype:attempted-recon; sid:200001081; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa343.web.app",nocase; classtype:attempted-recon; sid:200001082; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa344.web.app",nocase; classtype:attempted-recon; sid:200001083; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa345.web.app",nocase; classtype:attempted-recon; sid:200001084; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa346.web.app",nocase; classtype:attempted-recon; sid:200001085; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa347.web.app",nocase; classtype:attempted-recon; sid:200001086; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa348.web.app",nocase; classtype:attempted-recon; sid:200001087; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa35.web.app",nocase; classtype:attempted-recon; sid:200001088; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa350.web.app",nocase; classtype:attempted-recon; sid:200001089; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa351.web.app",nocase; classtype:attempted-recon; sid:200001090; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa352.web.app",nocase; classtype:attempted-recon; sid:200001091; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa353.web.app",nocase; classtype:attempted-recon; sid:200001092; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa354.web.app",nocase; classtype:attempted-recon; sid:200001093; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa355.web.app",nocase; classtype:attempted-recon; sid:200001094; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa356.web.app",nocase; classtype:attempted-recon; sid:200001095; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa357.web.app",nocase; classtype:attempted-recon; sid:200001096; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa358.web.app",nocase; classtype:attempted-recon; sid:200001097; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa359.web.app",nocase; classtype:attempted-recon; sid:200001098; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa36.web.app",nocase; classtype:attempted-recon; sid:200001099; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa360.web.app",nocase; classtype:attempted-recon; sid:200001100; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa361.web.app",nocase; classtype:attempted-recon; sid:200001101; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa362.web.app",nocase; classtype:attempted-recon; sid:200001102; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa363.web.app",nocase; classtype:attempted-recon; sid:200001103; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa364.web.app",nocase; classtype:attempted-recon; sid:200001104; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa365.web.app",nocase; classtype:attempted-recon; sid:200001105; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa367.web.app",nocase; classtype:attempted-recon; sid:200001106; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa368.web.app",nocase; classtype:attempted-recon; sid:200001107; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa369.web.app",nocase; classtype:attempted-recon; sid:200001108; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa37.web.app",nocase; classtype:attempted-recon; sid:200001109; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa370.web.app",nocase; classtype:attempted-recon; sid:200001110; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa371.web.app",nocase; classtype:attempted-recon; sid:200001111; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa372.web.app",nocase; classtype:attempted-recon; sid:200001112; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa373.web.app",nocase; classtype:attempted-recon; sid:200001113; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa374.web.app",nocase; classtype:attempted-recon; sid:200001114; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa375.web.app",nocase; classtype:attempted-recon; sid:200001115; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa376.web.app",nocase; classtype:attempted-recon; sid:200001116; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa377.web.app",nocase; classtype:attempted-recon; sid:200001117; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa378.web.app",nocase; classtype:attempted-recon; sid:200001118; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa379.web.app",nocase; classtype:attempted-recon; sid:200001119; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa38.web.app",nocase; classtype:attempted-recon; sid:200001120; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa380.web.app",nocase; classtype:attempted-recon; sid:200001121; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa381.web.app",nocase; classtype:attempted-recon; sid:200001122; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa382.web.app",nocase; classtype:attempted-recon; sid:200001123; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa383.web.app",nocase; classtype:attempted-recon; sid:200001124; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa384.web.app",nocase; classtype:attempted-recon; sid:200001125; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa385.web.app",nocase; classtype:attempted-recon; sid:200001126; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa386.web.app",nocase; classtype:attempted-recon; sid:200001127; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa387.web.app",nocase; classtype:attempted-recon; sid:200001128; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa388.web.app",nocase; classtype:attempted-recon; sid:200001129; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa389.web.app",nocase; classtype:attempted-recon; sid:200001130; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa39.web.app",nocase; classtype:attempted-recon; sid:200001131; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa390.web.app",nocase; classtype:attempted-recon; sid:200001132; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa391.web.app",nocase; classtype:attempted-recon; sid:200001133; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa392.web.app",nocase; classtype:attempted-recon; sid:200001134; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa393.web.app",nocase; classtype:attempted-recon; sid:200001135; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa394.web.app",nocase; classtype:attempted-recon; sid:200001136; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa395.web.app",nocase; classtype:attempted-recon; sid:200001137; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa396.web.app",nocase; classtype:attempted-recon; sid:200001138; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa397.web.app",nocase; classtype:attempted-recon; sid:200001139; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa398.web.app",nocase; classtype:attempted-recon; sid:200001140; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa40.web.app",nocase; classtype:attempted-recon; sid:200001141; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa400.web.app",nocase; classtype:attempted-recon; sid:200001142; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa401.web.app",nocase; classtype:attempted-recon; sid:200001143; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa402.web.app",nocase; classtype:attempted-recon; sid:200001144; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa403.web.app",nocase; classtype:attempted-recon; sid:200001145; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa404.web.app",nocase; classtype:attempted-recon; sid:200001146; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa405.web.app",nocase; classtype:attempted-recon; sid:200001147; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa406.web.app",nocase; classtype:attempted-recon; sid:200001148; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa407.web.app",nocase; classtype:attempted-recon; sid:200001149; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa408.web.app",nocase; classtype:attempted-recon; sid:200001150; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa409.web.app",nocase; classtype:attempted-recon; sid:200001151; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa41.web.app",nocase; classtype:attempted-recon; sid:200001152; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa410.web.app",nocase; classtype:attempted-recon; sid:200001153; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa411.web.app",nocase; classtype:attempted-recon; sid:200001154; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa412.web.app",nocase; classtype:attempted-recon; sid:200001155; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa413.web.app",nocase; classtype:attempted-recon; sid:200001156; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa414.web.app",nocase; classtype:attempted-recon; sid:200001157; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa415.web.app",nocase; classtype:attempted-recon; sid:200001158; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa416.web.app",nocase; classtype:attempted-recon; sid:200001159; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa417.web.app",nocase; classtype:attempted-recon; sid:200001160; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa418.web.app",nocase; classtype:attempted-recon; sid:200001161; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa419.web.app",nocase; classtype:attempted-recon; sid:200001162; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa42.web.app",nocase; classtype:attempted-recon; sid:200001163; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa420.web.app",nocase; classtype:attempted-recon; sid:200001164; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa421.web.app",nocase; classtype:attempted-recon; sid:200001165; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa422.web.app",nocase; classtype:attempted-recon; sid:200001166; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa423.web.app",nocase; classtype:attempted-recon; sid:200001167; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa424.web.app",nocase; classtype:attempted-recon; sid:200001168; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa425.web.app",nocase; classtype:attempted-recon; sid:200001169; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa426.web.app",nocase; classtype:attempted-recon; sid:200001170; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa427.web.app",nocase; classtype:attempted-recon; sid:200001171; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa428.web.app",nocase; classtype:attempted-recon; sid:200001172; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa429.web.app",nocase; classtype:attempted-recon; sid:200001173; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa43.web.app",nocase; classtype:attempted-recon; sid:200001174; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa430.web.app",nocase; classtype:attempted-recon; sid:200001175; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa431.web.app",nocase; classtype:attempted-recon; sid:200001176; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa432.web.app",nocase; classtype:attempted-recon; sid:200001177; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa433.web.app",nocase; classtype:attempted-recon; sid:200001178; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa434.web.app",nocase; classtype:attempted-recon; sid:200001179; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa435.web.app",nocase; classtype:attempted-recon; sid:200001180; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa436.web.app",nocase; classtype:attempted-recon; sid:200001181; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa437.web.app",nocase; classtype:attempted-recon; sid:200001182; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa438.web.app",nocase; classtype:attempted-recon; sid:200001183; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa439.web.app",nocase; classtype:attempted-recon; sid:200001184; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa44.web.app",nocase; classtype:attempted-recon; sid:200001185; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa440.web.app",nocase; classtype:attempted-recon; sid:200001186; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa441.web.app",nocase; classtype:attempted-recon; sid:200001187; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa442.web.app",nocase; classtype:attempted-recon; sid:200001188; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa443.web.app",nocase; classtype:attempted-recon; sid:200001189; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa444.web.app",nocase; classtype:attempted-recon; sid:200001190; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa445.web.app",nocase; classtype:attempted-recon; sid:200001191; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa446.web.app",nocase; classtype:attempted-recon; sid:200001192; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa447.web.app",nocase; classtype:attempted-recon; sid:200001193; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa448.web.app",nocase; classtype:attempted-recon; sid:200001194; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa449.web.app",nocase; classtype:attempted-recon; sid:200001195; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa45.web.app",nocase; classtype:attempted-recon; sid:200001196; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa450.web.app",nocase; classtype:attempted-recon; sid:200001197; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa451.web.app",nocase; classtype:attempted-recon; sid:200001198; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa452.web.app",nocase; classtype:attempted-recon; sid:200001199; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa453.web.app",nocase; classtype:attempted-recon; sid:200001200; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa454.web.app",nocase; classtype:attempted-recon; sid:200001201; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa455.web.app",nocase; classtype:attempted-recon; sid:200001202; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa456.web.app",nocase; classtype:attempted-recon; sid:200001203; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa457.web.app",nocase; classtype:attempted-recon; sid:200001204; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa458.web.app",nocase; classtype:attempted-recon; sid:200001205; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa459.web.app",nocase; classtype:attempted-recon; sid:200001206; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa46.web.app",nocase; classtype:attempted-recon; sid:200001207; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa460.web.app",nocase; classtype:attempted-recon; sid:200001208; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa461.web.app",nocase; classtype:attempted-recon; sid:200001209; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa462.web.app",nocase; classtype:attempted-recon; sid:200001210; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa463.web.app",nocase; classtype:attempted-recon; sid:200001211; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa464.web.app",nocase; classtype:attempted-recon; sid:200001212; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa465.web.app",nocase; classtype:attempted-recon; sid:200001213; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa466.web.app",nocase; classtype:attempted-recon; sid:200001214; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa467.web.app",nocase; classtype:attempted-recon; sid:200001215; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa468.web.app",nocase; classtype:attempted-recon; sid:200001216; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa469.web.app",nocase; classtype:attempted-recon; sid:200001217; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa47.web.app",nocase; classtype:attempted-recon; sid:200001218; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa470.web.app",nocase; classtype:attempted-recon; sid:200001219; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa471.web.app",nocase; classtype:attempted-recon; sid:200001220; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa472.web.app",nocase; classtype:attempted-recon; sid:200001221; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa473.web.app",nocase; classtype:attempted-recon; sid:200001222; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa474.web.app",nocase; classtype:attempted-recon; sid:200001223; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa475.web.app",nocase; classtype:attempted-recon; sid:200001224; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa476.web.app",nocase; classtype:attempted-recon; sid:200001225; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa477.web.app",nocase; classtype:attempted-recon; sid:200001226; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa478.web.app",nocase; classtype:attempted-recon; sid:200001227; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa479.web.app",nocase; classtype:attempted-recon; sid:200001228; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa480.web.app",nocase; classtype:attempted-recon; sid:200001229; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa481.web.app",nocase; classtype:attempted-recon; sid:200001230; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa482.web.app",nocase; classtype:attempted-recon; sid:200001231; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa483.web.app",nocase; classtype:attempted-recon; sid:200001232; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa484.web.app",nocase; classtype:attempted-recon; sid:200001233; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa485.web.app",nocase; classtype:attempted-recon; sid:200001234; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa486.web.app",nocase; classtype:attempted-recon; sid:200001235; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa487.web.app",nocase; classtype:attempted-recon; sid:200001236; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa488.web.app",nocase; classtype:attempted-recon; sid:200001237; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa489.web.app",nocase; classtype:attempted-recon; sid:200001238; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa49.web.app",nocase; classtype:attempted-recon; sid:200001239; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa490.web.app",nocase; classtype:attempted-recon; sid:200001240; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa491.web.app",nocase; classtype:attempted-recon; sid:200001241; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa492.web.app",nocase; classtype:attempted-recon; sid:200001242; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa493.web.app",nocase; classtype:attempted-recon; sid:200001243; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa494.web.app",nocase; classtype:attempted-recon; sid:200001244; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa495.web.app",nocase; classtype:attempted-recon; sid:200001245; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa496.web.app",nocase; classtype:attempted-recon; sid:200001246; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa497.web.app",nocase; classtype:attempted-recon; sid:200001247; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa498.web.app",nocase; classtype:attempted-recon; sid:200001248; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa499.web.app",nocase; classtype:attempted-recon; sid:200001249; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa50.web.app",nocase; classtype:attempted-recon; sid:200001250; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa500.web.app",nocase; classtype:attempted-recon; sid:200001251; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa501.web.app",nocase; classtype:attempted-recon; sid:200001252; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa502.web.app",nocase; classtype:attempted-recon; sid:200001253; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa503.web.app",nocase; classtype:attempted-recon; sid:200001254; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa504.web.app",nocase; classtype:attempted-recon; sid:200001255; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa505.web.app",nocase; classtype:attempted-recon; sid:200001256; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa506.web.app",nocase; classtype:attempted-recon; sid:200001257; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa507.web.app",nocase; classtype:attempted-recon; sid:200001258; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa508.web.app",nocase; classtype:attempted-recon; sid:200001259; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa509.web.app",nocase; classtype:attempted-recon; sid:200001260; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa51.web.app",nocase; classtype:attempted-recon; sid:200001261; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa510.web.app",nocase; classtype:attempted-recon; sid:200001262; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa511.web.app",nocase; classtype:attempted-recon; sid:200001263; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa513.web.app",nocase; classtype:attempted-recon; sid:200001264; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa514.web.app",nocase; classtype:attempted-recon; sid:200001265; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa515.web.app",nocase; classtype:attempted-recon; sid:200001266; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa516.web.app",nocase; classtype:attempted-recon; sid:200001267; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa517.web.app",nocase; classtype:attempted-recon; sid:200001268; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa518.web.app",nocase; classtype:attempted-recon; sid:200001269; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa519.web.app",nocase; classtype:attempted-recon; sid:200001270; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa52.web.app",nocase; classtype:attempted-recon; sid:200001271; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa520.web.app",nocase; classtype:attempted-recon; sid:200001272; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa521.web.app",nocase; classtype:attempted-recon; sid:200001273; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa522.web.app",nocase; classtype:attempted-recon; sid:200001274; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa523.web.app",nocase; classtype:attempted-recon; sid:200001275; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa524.web.app",nocase; classtype:attempted-recon; sid:200001276; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa525.web.app",nocase; classtype:attempted-recon; sid:200001277; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa526.web.app",nocase; classtype:attempted-recon; sid:200001278; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa527.web.app",nocase; classtype:attempted-recon; sid:200001279; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa528.web.app",nocase; classtype:attempted-recon; sid:200001280; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa529.web.app",nocase; classtype:attempted-recon; sid:200001281; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa53.web.app",nocase; classtype:attempted-recon; sid:200001282; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa530.web.app",nocase; classtype:attempted-recon; sid:200001283; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa531.web.app",nocase; classtype:attempted-recon; sid:200001284; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa532.web.app",nocase; classtype:attempted-recon; sid:200001285; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa533.web.app",nocase; classtype:attempted-recon; sid:200001286; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa534.web.app",nocase; classtype:attempted-recon; sid:200001287; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa535.web.app",nocase; classtype:attempted-recon; sid:200001288; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa536.web.app",nocase; classtype:attempted-recon; sid:200001289; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa537.web.app",nocase; classtype:attempted-recon; sid:200001290; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa538.web.app",nocase; classtype:attempted-recon; sid:200001291; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa539.web.app",nocase; classtype:attempted-recon; sid:200001292; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa54.web.app",nocase; classtype:attempted-recon; sid:200001293; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa540.web.app",nocase; classtype:attempted-recon; sid:200001294; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa541.web.app",nocase; classtype:attempted-recon; sid:200001295; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa542.web.app",nocase; classtype:attempted-recon; sid:200001296; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa543.web.app",nocase; classtype:attempted-recon; sid:200001297; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa544.web.app",nocase; classtype:attempted-recon; sid:200001298; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa545.web.app",nocase; classtype:attempted-recon; sid:200001299; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa546.web.app",nocase; classtype:attempted-recon; sid:200001300; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa547.web.app",nocase; classtype:attempted-recon; sid:200001301; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa548.web.app",nocase; classtype:attempted-recon; sid:200001302; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa549.web.app",nocase; classtype:attempted-recon; sid:200001303; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa550.web.app",nocase; classtype:attempted-recon; sid:200001304; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa551.web.app",nocase; classtype:attempted-recon; sid:200001305; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa552.web.app",nocase; classtype:attempted-recon; sid:200001306; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa553.web.app",nocase; classtype:attempted-recon; sid:200001307; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa554.web.app",nocase; classtype:attempted-recon; sid:200001308; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa555.web.app",nocase; classtype:attempted-recon; sid:200001309; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa556.web.app",nocase; classtype:attempted-recon; sid:200001310; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa557.web.app",nocase; classtype:attempted-recon; sid:200001311; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa558.web.app",nocase; classtype:attempted-recon; sid:200001312; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa559.web.app",nocase; classtype:attempted-recon; sid:200001313; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa56.web.app",nocase; classtype:attempted-recon; sid:200001314; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa560.web.app",nocase; classtype:attempted-recon; sid:200001315; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa561.web.app",nocase; classtype:attempted-recon; sid:200001316; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa562.web.app",nocase; classtype:attempted-recon; sid:200001317; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa563.web.app",nocase; classtype:attempted-recon; sid:200001318; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa564.web.app",nocase; classtype:attempted-recon; sid:200001319; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa565.web.app",nocase; classtype:attempted-recon; sid:200001320; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa566.web.app",nocase; classtype:attempted-recon; sid:200001321; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa567.web.app",nocase; classtype:attempted-recon; sid:200001322; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa568.web.app",nocase; classtype:attempted-recon; sid:200001323; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa569.web.app",nocase; classtype:attempted-recon; sid:200001324; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa57.web.app",nocase; classtype:attempted-recon; sid:200001325; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa570.web.app",nocase; classtype:attempted-recon; sid:200001326; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa571.web.app",nocase; classtype:attempted-recon; sid:200001327; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa572.web.app",nocase; classtype:attempted-recon; sid:200001328; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa573.web.app",nocase; classtype:attempted-recon; sid:200001329; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa574.web.app",nocase; classtype:attempted-recon; sid:200001330; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa575.web.app",nocase; classtype:attempted-recon; sid:200001331; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa576.web.app",nocase; classtype:attempted-recon; sid:200001332; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa577.web.app",nocase; classtype:attempted-recon; sid:200001333; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa578.web.app",nocase; classtype:attempted-recon; sid:200001334; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa579.web.app",nocase; classtype:attempted-recon; sid:200001335; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa58.web.app",nocase; classtype:attempted-recon; sid:200001336; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa580.web.app",nocase; classtype:attempted-recon; sid:200001337; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa581.web.app",nocase; classtype:attempted-recon; sid:200001338; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa582.web.app",nocase; classtype:attempted-recon; sid:200001339; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa583.web.app",nocase; classtype:attempted-recon; sid:200001340; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa584.web.app",nocase; classtype:attempted-recon; sid:200001341; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa585.web.app",nocase; classtype:attempted-recon; sid:200001342; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa586.web.app",nocase; classtype:attempted-recon; sid:200001343; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa587.web.app",nocase; classtype:attempted-recon; sid:200001344; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa588.web.app",nocase; classtype:attempted-recon; sid:200001345; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa589.web.app",nocase; classtype:attempted-recon; sid:200001346; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa59.web.app",nocase; classtype:attempted-recon; sid:200001347; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa590.web.app",nocase; classtype:attempted-recon; sid:200001348; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa591.web.app",nocase; classtype:attempted-recon; sid:200001349; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa592.web.app",nocase; classtype:attempted-recon; sid:200001350; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa593.web.app",nocase; classtype:attempted-recon; sid:200001351; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa594.web.app",nocase; classtype:attempted-recon; sid:200001352; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa595.web.app",nocase; classtype:attempted-recon; sid:200001353; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa596.web.app",nocase; classtype:attempted-recon; sid:200001354; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa597.web.app",nocase; classtype:attempted-recon; sid:200001355; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa598.web.app",nocase; classtype:attempted-recon; sid:200001356; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa599.web.app",nocase; classtype:attempted-recon; sid:200001357; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa60.web.app",nocase; classtype:attempted-recon; sid:200001358; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa600.web.app",nocase; classtype:attempted-recon; sid:200001359; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa601.web.app",nocase; classtype:attempted-recon; sid:200001360; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa602.web.app",nocase; classtype:attempted-recon; sid:200001361; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa603.web.app",nocase; classtype:attempted-recon; sid:200001362; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa604.web.app",nocase; classtype:attempted-recon; sid:200001363; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa605.web.app",nocase; classtype:attempted-recon; sid:200001364; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa606.web.app",nocase; classtype:attempted-recon; sid:200001365; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa607.web.app",nocase; classtype:attempted-recon; sid:200001366; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa608.web.app",nocase; classtype:attempted-recon; sid:200001367; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa609.web.app",nocase; classtype:attempted-recon; sid:200001368; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa61.web.app",nocase; classtype:attempted-recon; sid:200001369; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa610.web.app",nocase; classtype:attempted-recon; sid:200001370; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa611.web.app",nocase; classtype:attempted-recon; sid:200001371; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa612.web.app",nocase; classtype:attempted-recon; sid:200001372; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa613.web.app",nocase; classtype:attempted-recon; sid:200001373; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa614.web.app",nocase; classtype:attempted-recon; sid:200001374; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa615.web.app",nocase; classtype:attempted-recon; sid:200001375; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa616.web.app",nocase; classtype:attempted-recon; sid:200001376; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa617.web.app",nocase; classtype:attempted-recon; sid:200001377; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa618.web.app",nocase; classtype:attempted-recon; sid:200001378; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa619.web.app",nocase; classtype:attempted-recon; sid:200001379; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa62.web.app",nocase; classtype:attempted-recon; sid:200001380; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa620.web.app",nocase; classtype:attempted-recon; sid:200001381; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa621.web.app",nocase; classtype:attempted-recon; sid:200001382; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa622.web.app",nocase; classtype:attempted-recon; sid:200001383; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa623.web.app",nocase; classtype:attempted-recon; sid:200001384; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa624.web.app",nocase; classtype:attempted-recon; sid:200001385; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa625.web.app",nocase; classtype:attempted-recon; sid:200001386; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa626.web.app",nocase; classtype:attempted-recon; sid:200001387; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa627.web.app",nocase; classtype:attempted-recon; sid:200001388; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa628.web.app",nocase; classtype:attempted-recon; sid:200001389; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa629.web.app",nocase; classtype:attempted-recon; sid:200001390; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa63.web.app",nocase; classtype:attempted-recon; sid:200001391; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa630.web.app",nocase; classtype:attempted-recon; sid:200001392; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa631.web.app",nocase; classtype:attempted-recon; sid:200001393; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa632.web.app",nocase; classtype:attempted-recon; sid:200001394; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa633.web.app",nocase; classtype:attempted-recon; sid:200001395; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa634.web.app",nocase; classtype:attempted-recon; sid:200001396; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa635.web.app",nocase; classtype:attempted-recon; sid:200001397; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa636.web.app",nocase; classtype:attempted-recon; sid:200001398; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa637.web.app",nocase; classtype:attempted-recon; sid:200001399; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa638.web.app",nocase; classtype:attempted-recon; sid:200001400; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa639.web.app",nocase; classtype:attempted-recon; sid:200001401; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa64.web.app",nocase; classtype:attempted-recon; sid:200001402; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa640.web.app",nocase; classtype:attempted-recon; sid:200001403; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa641.web.app",nocase; classtype:attempted-recon; sid:200001404; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa642.web.app",nocase; classtype:attempted-recon; sid:200001405; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa643.web.app",nocase; classtype:attempted-recon; sid:200001406; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa644.web.app",nocase; classtype:attempted-recon; sid:200001407; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa645.web.app",nocase; classtype:attempted-recon; sid:200001408; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa646.web.app",nocase; classtype:attempted-recon; sid:200001409; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa647.web.app",nocase; classtype:attempted-recon; sid:200001410; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa648.web.app",nocase; classtype:attempted-recon; sid:200001411; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa649.web.app",nocase; classtype:attempted-recon; sid:200001412; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa65.web.app",nocase; classtype:attempted-recon; sid:200001413; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa650.web.app",nocase; classtype:attempted-recon; sid:200001414; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa651.web.app",nocase; classtype:attempted-recon; sid:200001415; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa652.web.app",nocase; classtype:attempted-recon; sid:200001416; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa653.web.app",nocase; classtype:attempted-recon; sid:200001417; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa654.web.app",nocase; classtype:attempted-recon; sid:200001418; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa655.web.app",nocase; classtype:attempted-recon; sid:200001419; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa656.web.app",nocase; classtype:attempted-recon; sid:200001420; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa657.web.app",nocase; classtype:attempted-recon; sid:200001421; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa658.web.app",nocase; classtype:attempted-recon; sid:200001422; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa659.web.app",nocase; classtype:attempted-recon; sid:200001423; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa66.web.app",nocase; classtype:attempted-recon; sid:200001424; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa660.web.app",nocase; classtype:attempted-recon; sid:200001425; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa661.web.app",nocase; classtype:attempted-recon; sid:200001426; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa662.web.app",nocase; classtype:attempted-recon; sid:200001427; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa663.web.app",nocase; classtype:attempted-recon; sid:200001428; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa664.web.app",nocase; classtype:attempted-recon; sid:200001429; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa665.web.app",nocase; classtype:attempted-recon; sid:200001430; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa666.web.app",nocase; classtype:attempted-recon; sid:200001431; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa667.web.app",nocase; classtype:attempted-recon; sid:200001432; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa668.web.app",nocase; classtype:attempted-recon; sid:200001433; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa669.web.app",nocase; classtype:attempted-recon; sid:200001434; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa67.web.app",nocase; classtype:attempted-recon; sid:200001435; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa670.web.app",nocase; classtype:attempted-recon; sid:200001436; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa671.web.app",nocase; classtype:attempted-recon; sid:200001437; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa672.web.app",nocase; classtype:attempted-recon; sid:200001438; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa673.web.app",nocase; classtype:attempted-recon; sid:200001439; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa674.web.app",nocase; classtype:attempted-recon; sid:200001440; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa675.web.app",nocase; classtype:attempted-recon; sid:200001441; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa676.web.app",nocase; classtype:attempted-recon; sid:200001442; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa677.web.app",nocase; classtype:attempted-recon; sid:200001443; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa678.web.app",nocase; classtype:attempted-recon; sid:200001444; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa679.web.app",nocase; classtype:attempted-recon; sid:200001445; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa68.web.app",nocase; classtype:attempted-recon; sid:200001446; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa680.web.app",nocase; classtype:attempted-recon; sid:200001447; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa681.web.app",nocase; classtype:attempted-recon; sid:200001448; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa682.web.app",nocase; classtype:attempted-recon; sid:200001449; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa683.web.app",nocase; classtype:attempted-recon; sid:200001450; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa684.web.app",nocase; classtype:attempted-recon; sid:200001451; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa685.web.app",nocase; classtype:attempted-recon; sid:200001452; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa686.web.app",nocase; classtype:attempted-recon; sid:200001453; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa687.web.app",nocase; classtype:attempted-recon; sid:200001454; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa688.web.app",nocase; classtype:attempted-recon; sid:200001455; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa689.web.app",nocase; classtype:attempted-recon; sid:200001456; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa69.web.app",nocase; classtype:attempted-recon; sid:200001457; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa690.web.app",nocase; classtype:attempted-recon; sid:200001458; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa691.web.app",nocase; classtype:attempted-recon; sid:200001459; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa692.web.app",nocase; classtype:attempted-recon; sid:200001460; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa693.web.app",nocase; classtype:attempted-recon; sid:200001461; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa694.web.app",nocase; classtype:attempted-recon; sid:200001462; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa695.web.app",nocase; classtype:attempted-recon; sid:200001463; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa696.web.app",nocase; classtype:attempted-recon; sid:200001464; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa697.web.app",nocase; classtype:attempted-recon; sid:200001465; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa698.web.app",nocase; classtype:attempted-recon; sid:200001466; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa699.web.app",nocase; classtype:attempted-recon; sid:200001467; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa70.web.app",nocase; classtype:attempted-recon; sid:200001468; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa700.web.app",nocase; classtype:attempted-recon; sid:200001469; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa701.web.app",nocase; classtype:attempted-recon; sid:200001470; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa702.web.app",nocase; classtype:attempted-recon; sid:200001471; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa703.web.app",nocase; classtype:attempted-recon; sid:200001472; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa704.web.app",nocase; classtype:attempted-recon; sid:200001473; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa705.web.app",nocase; classtype:attempted-recon; sid:200001474; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa706.web.app",nocase; classtype:attempted-recon; sid:200001475; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa707.web.app",nocase; classtype:attempted-recon; sid:200001476; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa708.web.app",nocase; classtype:attempted-recon; sid:200001477; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa709.web.app",nocase; classtype:attempted-recon; sid:200001478; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa71.web.app",nocase; classtype:attempted-recon; sid:200001479; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa710.web.app",nocase; classtype:attempted-recon; sid:200001480; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa711.web.app",nocase; classtype:attempted-recon; sid:200001481; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa712.web.app",nocase; classtype:attempted-recon; sid:200001482; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa713.web.app",nocase; classtype:attempted-recon; sid:200001483; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa714.web.app",nocase; classtype:attempted-recon; sid:200001484; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa715.web.app",nocase; classtype:attempted-recon; sid:200001485; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa716.web.app",nocase; classtype:attempted-recon; sid:200001486; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa717.web.app",nocase; classtype:attempted-recon; sid:200001487; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa718.web.app",nocase; classtype:attempted-recon; sid:200001488; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa719.web.app",nocase; classtype:attempted-recon; sid:200001489; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa72.web.app",nocase; classtype:attempted-recon; sid:200001490; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa720.web.app",nocase; classtype:attempted-recon; sid:200001491; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa721.web.app",nocase; classtype:attempted-recon; sid:200001492; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa722.web.app",nocase; classtype:attempted-recon; sid:200001493; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa723.web.app",nocase; classtype:attempted-recon; sid:200001494; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa724.web.app",nocase; classtype:attempted-recon; sid:200001495; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa725.web.app",nocase; classtype:attempted-recon; sid:200001496; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa726.web.app",nocase; classtype:attempted-recon; sid:200001497; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa727.web.app",nocase; classtype:attempted-recon; sid:200001498; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa728.web.app",nocase; classtype:attempted-recon; sid:200001499; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa729.web.app",nocase; classtype:attempted-recon; sid:200001500; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa73.web.app",nocase; classtype:attempted-recon; sid:200001501; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa730.web.app",nocase; classtype:attempted-recon; sid:200001502; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa731.web.app",nocase; classtype:attempted-recon; sid:200001503; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa732.web.app",nocase; classtype:attempted-recon; sid:200001504; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa733.web.app",nocase; classtype:attempted-recon; sid:200001505; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa734.web.app",nocase; classtype:attempted-recon; sid:200001506; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa735.web.app",nocase; classtype:attempted-recon; sid:200001507; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa736.web.app",nocase; classtype:attempted-recon; sid:200001508; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa737.web.app",nocase; classtype:attempted-recon; sid:200001509; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa738.web.app",nocase; classtype:attempted-recon; sid:200001510; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa739.web.app",nocase; classtype:attempted-recon; sid:200001511; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa74.web.app",nocase; classtype:attempted-recon; sid:200001512; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa740.web.app",nocase; classtype:attempted-recon; sid:200001513; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa741.web.app",nocase; classtype:attempted-recon; sid:200001514; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa742.web.app",nocase; classtype:attempted-recon; sid:200001515; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa743.web.app",nocase; classtype:attempted-recon; sid:200001516; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa744.web.app",nocase; classtype:attempted-recon; sid:200001517; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa745.web.app",nocase; classtype:attempted-recon; sid:200001518; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa746.web.app",nocase; classtype:attempted-recon; sid:200001519; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa747.web.app",nocase; classtype:attempted-recon; sid:200001520; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa748.web.app",nocase; classtype:attempted-recon; sid:200001521; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa749.web.app",nocase; classtype:attempted-recon; sid:200001522; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa75.web.app",nocase; classtype:attempted-recon; sid:200001523; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa750.web.app",nocase; classtype:attempted-recon; sid:200001524; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa751.web.app",nocase; classtype:attempted-recon; sid:200001525; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa752.web.app",nocase; classtype:attempted-recon; sid:200001526; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa753.web.app",nocase; classtype:attempted-recon; sid:200001527; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa754.web.app",nocase; classtype:attempted-recon; sid:200001528; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa755.web.app",nocase; classtype:attempted-recon; sid:200001529; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa756.web.app",nocase; classtype:attempted-recon; sid:200001530; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa757.web.app",nocase; classtype:attempted-recon; sid:200001531; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa758.web.app",nocase; classtype:attempted-recon; sid:200001532; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa759.web.app",nocase; classtype:attempted-recon; sid:200001533; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa76.web.app",nocase; classtype:attempted-recon; sid:200001534; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa760.web.app",nocase; classtype:attempted-recon; sid:200001535; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa761.web.app",nocase; classtype:attempted-recon; sid:200001536; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa762.web.app",nocase; classtype:attempted-recon; sid:200001537; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa763.web.app",nocase; classtype:attempted-recon; sid:200001538; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa764.web.app",nocase; classtype:attempted-recon; sid:200001539; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa765.web.app",nocase; classtype:attempted-recon; sid:200001540; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa766.web.app",nocase; classtype:attempted-recon; sid:200001541; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa767.web.app",nocase; classtype:attempted-recon; sid:200001542; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa768.web.app",nocase; classtype:attempted-recon; sid:200001543; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa769.web.app",nocase; classtype:attempted-recon; sid:200001544; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa77.web.app",nocase; classtype:attempted-recon; sid:200001545; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa770.web.app",nocase; classtype:attempted-recon; sid:200001546; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa771.web.app",nocase; classtype:attempted-recon; sid:200001547; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa772.web.app",nocase; classtype:attempted-recon; sid:200001548; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa773.web.app",nocase; classtype:attempted-recon; sid:200001549; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa774.web.app",nocase; classtype:attempted-recon; sid:200001550; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa775.web.app",nocase; classtype:attempted-recon; sid:200001551; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa776.web.app",nocase; classtype:attempted-recon; sid:200001552; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa777.web.app",nocase; classtype:attempted-recon; sid:200001553; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa778.web.app",nocase; classtype:attempted-recon; sid:200001554; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa779.web.app",nocase; classtype:attempted-recon; sid:200001555; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa78.web.app",nocase; classtype:attempted-recon; sid:200001556; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa780.web.app",nocase; classtype:attempted-recon; sid:200001557; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa781.web.app",nocase; classtype:attempted-recon; sid:200001558; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa782.web.app",nocase; classtype:attempted-recon; sid:200001559; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa783.web.app",nocase; classtype:attempted-recon; sid:200001560; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa784.web.app",nocase; classtype:attempted-recon; sid:200001561; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa785.web.app",nocase; classtype:attempted-recon; sid:200001562; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa786.web.app",nocase; classtype:attempted-recon; sid:200001563; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa787.web.app",nocase; classtype:attempted-recon; sid:200001564; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa788.web.app",nocase; classtype:attempted-recon; sid:200001565; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa789.web.app",nocase; classtype:attempted-recon; sid:200001566; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa79.web.app",nocase; classtype:attempted-recon; sid:200001567; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa790.web.app",nocase; classtype:attempted-recon; sid:200001568; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa791.web.app",nocase; classtype:attempted-recon; sid:200001569; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa792.web.app",nocase; classtype:attempted-recon; sid:200001570; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa793.web.app",nocase; classtype:attempted-recon; sid:200001571; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa794.web.app",nocase; classtype:attempted-recon; sid:200001572; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa795.web.app",nocase; classtype:attempted-recon; sid:200001573; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa796.web.app",nocase; classtype:attempted-recon; sid:200001574; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa797.web.app",nocase; classtype:attempted-recon; sid:200001575; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa798.web.app",nocase; classtype:attempted-recon; sid:200001576; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa799.web.app",nocase; classtype:attempted-recon; sid:200001577; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa80.web.app",nocase; classtype:attempted-recon; sid:200001578; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa800.web.app",nocase; classtype:attempted-recon; sid:200001579; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa801.web.app",nocase; classtype:attempted-recon; sid:200001580; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa802.web.app",nocase; classtype:attempted-recon; sid:200001581; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa803.web.app",nocase; classtype:attempted-recon; sid:200001582; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa804.web.app",nocase; classtype:attempted-recon; sid:200001583; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa806.web.app",nocase; classtype:attempted-recon; sid:200001584; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa807.web.app",nocase; classtype:attempted-recon; sid:200001585; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa808.web.app",nocase; classtype:attempted-recon; sid:200001586; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa809.web.app",nocase; classtype:attempted-recon; sid:200001587; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa81.web.app",nocase; classtype:attempted-recon; sid:200001588; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa810.web.app",nocase; classtype:attempted-recon; sid:200001589; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa811.web.app",nocase; classtype:attempted-recon; sid:200001590; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa812.web.app",nocase; classtype:attempted-recon; sid:200001591; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa813.web.app",nocase; classtype:attempted-recon; sid:200001592; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa814.web.app",nocase; classtype:attempted-recon; sid:200001593; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa815.web.app",nocase; classtype:attempted-recon; sid:200001594; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa816.web.app",nocase; classtype:attempted-recon; sid:200001595; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa817.web.app",nocase; classtype:attempted-recon; sid:200001596; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa818.web.app",nocase; classtype:attempted-recon; sid:200001597; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa819.web.app",nocase; classtype:attempted-recon; sid:200001598; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa82.web.app",nocase; classtype:attempted-recon; sid:200001599; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa820.web.app",nocase; classtype:attempted-recon; sid:200001600; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa821.web.app",nocase; classtype:attempted-recon; sid:200001601; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa822.web.app",nocase; classtype:attempted-recon; sid:200001602; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa823.web.app",nocase; classtype:attempted-recon; sid:200001603; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa824.web.app",nocase; classtype:attempted-recon; sid:200001604; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa825.web.app",nocase; classtype:attempted-recon; sid:200001605; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa826.web.app",nocase; classtype:attempted-recon; sid:200001606; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa827.web.app",nocase; classtype:attempted-recon; sid:200001607; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa828.web.app",nocase; classtype:attempted-recon; sid:200001608; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa829.web.app",nocase; classtype:attempted-recon; sid:200001609; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa83.web.app",nocase; classtype:attempted-recon; sid:200001610; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa830.web.app",nocase; classtype:attempted-recon; sid:200001611; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa831.web.app",nocase; classtype:attempted-recon; sid:200001612; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa832.web.app",nocase; classtype:attempted-recon; sid:200001613; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa833.web.app",nocase; classtype:attempted-recon; sid:200001614; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa834.web.app",nocase; classtype:attempted-recon; sid:200001615; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa835.web.app",nocase; classtype:attempted-recon; sid:200001616; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa836.web.app",nocase; classtype:attempted-recon; sid:200001617; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa837.web.app",nocase; classtype:attempted-recon; sid:200001618; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa838.web.app",nocase; classtype:attempted-recon; sid:200001619; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa839.web.app",nocase; classtype:attempted-recon; sid:200001620; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa84.web.app",nocase; classtype:attempted-recon; sid:200001621; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa840.web.app",nocase; classtype:attempted-recon; sid:200001622; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa841.web.app",nocase; classtype:attempted-recon; sid:200001623; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa842.web.app",nocase; classtype:attempted-recon; sid:200001624; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa843.web.app",nocase; classtype:attempted-recon; sid:200001625; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa844.web.app",nocase; classtype:attempted-recon; sid:200001626; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa845.web.app",nocase; classtype:attempted-recon; sid:200001627; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa846.web.app",nocase; classtype:attempted-recon; sid:200001628; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa847.web.app",nocase; classtype:attempted-recon; sid:200001629; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa848.web.app",nocase; classtype:attempted-recon; sid:200001630; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa849.web.app",nocase; classtype:attempted-recon; sid:200001631; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa85.web.app",nocase; classtype:attempted-recon; sid:200001632; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa850.web.app",nocase; classtype:attempted-recon; sid:200001633; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa851.web.app",nocase; classtype:attempted-recon; sid:200001634; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa852.web.app",nocase; classtype:attempted-recon; sid:200001635; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa853.web.app",nocase; classtype:attempted-recon; sid:200001636; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa854.web.app",nocase; classtype:attempted-recon; sid:200001637; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa855.web.app",nocase; classtype:attempted-recon; sid:200001638; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa856.web.app",nocase; classtype:attempted-recon; sid:200001639; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa857.web.app",nocase; classtype:attempted-recon; sid:200001640; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa858.web.app",nocase; classtype:attempted-recon; sid:200001641; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa859.web.app",nocase; classtype:attempted-recon; sid:200001642; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa86.web.app",nocase; classtype:attempted-recon; sid:200001643; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa860.web.app",nocase; classtype:attempted-recon; sid:200001644; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa861.web.app",nocase; classtype:attempted-recon; sid:200001645; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa862.web.app",nocase; classtype:attempted-recon; sid:200001646; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa863.web.app",nocase; classtype:attempted-recon; sid:200001647; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa864.web.app",nocase; classtype:attempted-recon; sid:200001648; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa865.web.app",nocase; classtype:attempted-recon; sid:200001649; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa866.web.app",nocase; classtype:attempted-recon; sid:200001650; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa867.web.app",nocase; classtype:attempted-recon; sid:200001651; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa868.web.app",nocase; classtype:attempted-recon; sid:200001652; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa869.web.app",nocase; classtype:attempted-recon; sid:200001653; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa87.web.app",nocase; classtype:attempted-recon; sid:200001654; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa870.web.app",nocase; classtype:attempted-recon; sid:200001655; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa871.web.app",nocase; classtype:attempted-recon; sid:200001656; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa872.web.app",nocase; classtype:attempted-recon; sid:200001657; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa873.web.app",nocase; classtype:attempted-recon; sid:200001658; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa874.web.app",nocase; classtype:attempted-recon; sid:200001659; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa875.web.app",nocase; classtype:attempted-recon; sid:200001660; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa877.web.app",nocase; classtype:attempted-recon; sid:200001661; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa878.web.app",nocase; classtype:attempted-recon; sid:200001662; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa879.web.app",nocase; classtype:attempted-recon; sid:200001663; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa88.web.app",nocase; classtype:attempted-recon; sid:200001664; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa880.web.app",nocase; classtype:attempted-recon; sid:200001665; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa881.web.app",nocase; classtype:attempted-recon; sid:200001666; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa882.web.app",nocase; classtype:attempted-recon; sid:200001667; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa883.web.app",nocase; classtype:attempted-recon; sid:200001668; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa884.web.app",nocase; classtype:attempted-recon; sid:200001669; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa885.web.app",nocase; classtype:attempted-recon; sid:200001670; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa886.web.app",nocase; classtype:attempted-recon; sid:200001671; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa888.web.app",nocase; classtype:attempted-recon; sid:200001672; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa889.web.app",nocase; classtype:attempted-recon; sid:200001673; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa89.web.app",nocase; classtype:attempted-recon; sid:200001674; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa890.web.app",nocase; classtype:attempted-recon; sid:200001675; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa891.web.app",nocase; classtype:attempted-recon; sid:200001676; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa892.web.app",nocase; classtype:attempted-recon; sid:200001677; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa894.web.app",nocase; classtype:attempted-recon; sid:200001678; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa895.web.app",nocase; classtype:attempted-recon; sid:200001679; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa896.web.app",nocase; classtype:attempted-recon; sid:200001680; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa897.web.app",nocase; classtype:attempted-recon; sid:200001681; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa898.web.app",nocase; classtype:attempted-recon; sid:200001682; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa899.web.app",nocase; classtype:attempted-recon; sid:200001683; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa90.web.app",nocase; classtype:attempted-recon; sid:200001684; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa900.web.app",nocase; classtype:attempted-recon; sid:200001685; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa901.web.app",nocase; classtype:attempted-recon; sid:200001686; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa902.web.app",nocase; classtype:attempted-recon; sid:200001687; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa903.web.app",nocase; classtype:attempted-recon; sid:200001688; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa904.web.app",nocase; classtype:attempted-recon; sid:200001689; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa905.web.app",nocase; classtype:attempted-recon; sid:200001690; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa906.web.app",nocase; classtype:attempted-recon; sid:200001691; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa907.web.app",nocase; classtype:attempted-recon; sid:200001692; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa908.web.app",nocase; classtype:attempted-recon; sid:200001693; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa909.web.app",nocase; classtype:attempted-recon; sid:200001694; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa91.web.app",nocase; classtype:attempted-recon; sid:200001695; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa910.web.app",nocase; classtype:attempted-recon; sid:200001696; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa911.web.app",nocase; classtype:attempted-recon; sid:200001697; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa912.web.app",nocase; classtype:attempted-recon; sid:200001698; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa913.web.app",nocase; classtype:attempted-recon; sid:200001699; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa914.web.app",nocase; classtype:attempted-recon; sid:200001700; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa915.web.app",nocase; classtype:attempted-recon; sid:200001701; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa916.web.app",nocase; classtype:attempted-recon; sid:200001702; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa917.web.app",nocase; classtype:attempted-recon; sid:200001703; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa918.web.app",nocase; classtype:attempted-recon; sid:200001704; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa92.web.app",nocase; classtype:attempted-recon; sid:200001705; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa920.web.app",nocase; classtype:attempted-recon; sid:200001706; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa921.web.app",nocase; classtype:attempted-recon; sid:200001707; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa922.web.app",nocase; classtype:attempted-recon; sid:200001708; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa923.web.app",nocase; classtype:attempted-recon; sid:200001709; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa924.web.app",nocase; classtype:attempted-recon; sid:200001710; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa925.web.app",nocase; classtype:attempted-recon; sid:200001711; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa926.web.app",nocase; classtype:attempted-recon; sid:200001712; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa927.web.app",nocase; classtype:attempted-recon; sid:200001713; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa929.web.app",nocase; classtype:attempted-recon; sid:200001714; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa93.web.app",nocase; classtype:attempted-recon; sid:200001715; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa930.web.app",nocase; classtype:attempted-recon; sid:200001716; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa931.web.app",nocase; classtype:attempted-recon; sid:200001717; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa932.web.app",nocase; classtype:attempted-recon; sid:200001718; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa933.web.app",nocase; classtype:attempted-recon; sid:200001719; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa934.web.app",nocase; classtype:attempted-recon; sid:200001720; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa935.web.app",nocase; classtype:attempted-recon; sid:200001721; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa936.web.app",nocase; classtype:attempted-recon; sid:200001722; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa937.web.app",nocase; classtype:attempted-recon; sid:200001723; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa938.web.app",nocase; classtype:attempted-recon; sid:200001724; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa939.web.app",nocase; classtype:attempted-recon; sid:200001725; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa94.web.app",nocase; classtype:attempted-recon; sid:200001726; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa940.web.app",nocase; classtype:attempted-recon; sid:200001727; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa941.web.app",nocase; classtype:attempted-recon; sid:200001728; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa942.web.app",nocase; classtype:attempted-recon; sid:200001729; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa943.web.app",nocase; classtype:attempted-recon; sid:200001730; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa944.web.app",nocase; classtype:attempted-recon; sid:200001731; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa945.web.app",nocase; classtype:attempted-recon; sid:200001732; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa946.web.app",nocase; classtype:attempted-recon; sid:200001733; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa947.web.app",nocase; classtype:attempted-recon; sid:200001734; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa948.web.app",nocase; classtype:attempted-recon; sid:200001735; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa949.web.app",nocase; classtype:attempted-recon; sid:200001736; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa95.web.app",nocase; classtype:attempted-recon; sid:200001737; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa950.web.app",nocase; classtype:attempted-recon; sid:200001738; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa951.web.app",nocase; classtype:attempted-recon; sid:200001739; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa952.web.app",nocase; classtype:attempted-recon; sid:200001740; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa953.web.app",nocase; classtype:attempted-recon; sid:200001741; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa954.web.app",nocase; classtype:attempted-recon; sid:200001742; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa955.web.app",nocase; classtype:attempted-recon; sid:200001743; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa957.web.app",nocase; classtype:attempted-recon; sid:200001744; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa958.web.app",nocase; classtype:attempted-recon; sid:200001745; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa959.web.app",nocase; classtype:attempted-recon; sid:200001746; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa96.web.app",nocase; classtype:attempted-recon; sid:200001747; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa960.web.app",nocase; classtype:attempted-recon; sid:200001748; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa961.web.app",nocase; classtype:attempted-recon; sid:200001749; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa962.web.app",nocase; classtype:attempted-recon; sid:200001750; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa963.web.app",nocase; classtype:attempted-recon; sid:200001751; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa964.web.app",nocase; classtype:attempted-recon; sid:200001752; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa965.web.app",nocase; classtype:attempted-recon; sid:200001753; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa966.web.app",nocase; classtype:attempted-recon; sid:200001754; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa967.web.app",nocase; classtype:attempted-recon; sid:200001755; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa968.web.app",nocase; classtype:attempted-recon; sid:200001756; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa969.web.app",nocase; classtype:attempted-recon; sid:200001757; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa97.web.app",nocase; classtype:attempted-recon; sid:200001758; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa970.web.app",nocase; classtype:attempted-recon; sid:200001759; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa971.web.app",nocase; classtype:attempted-recon; sid:200001760; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa972.web.app",nocase; classtype:attempted-recon; sid:200001761; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa973.web.app",nocase; classtype:attempted-recon; sid:200001762; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa974.web.app",nocase; classtype:attempted-recon; sid:200001763; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa975.web.app",nocase; classtype:attempted-recon; sid:200001764; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa976.web.app",nocase; classtype:attempted-recon; sid:200001765; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa977.web.app",nocase; classtype:attempted-recon; sid:200001766; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa978.web.app",nocase; classtype:attempted-recon; sid:200001767; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa979.web.app",nocase; classtype:attempted-recon; sid:200001768; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa98.web.app",nocase; classtype:attempted-recon; sid:200001769; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa980.web.app",nocase; classtype:attempted-recon; sid:200001770; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa981.web.app",nocase; classtype:attempted-recon; sid:200001771; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa982.web.app",nocase; classtype:attempted-recon; sid:200001772; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa983.web.app",nocase; classtype:attempted-recon; sid:200001773; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa984.web.app",nocase; classtype:attempted-recon; sid:200001774; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa985.web.app",nocase; classtype:attempted-recon; sid:200001775; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa986.web.app",nocase; classtype:attempted-recon; sid:200001776; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa987.web.app",nocase; classtype:attempted-recon; sid:200001777; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa988.web.app",nocase; classtype:attempted-recon; sid:200001778; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa989.web.app",nocase; classtype:attempted-recon; sid:200001779; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa99.web.app",nocase; classtype:attempted-recon; sid:200001780; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa990.web.app",nocase; classtype:attempted-recon; sid:200001781; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa991.web.app",nocase; classtype:attempted-recon; sid:200001782; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa992.web.app",nocase; classtype:attempted-recon; sid:200001783; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa993.web.app",nocase; classtype:attempted-recon; sid:200001784; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa994.web.app",nocase; classtype:attempted-recon; sid:200001785; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa995.web.app",nocase; classtype:attempted-recon; sid:200001786; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa996.web.app",nocase; classtype:attempted-recon; sid:200001787; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa997.web.app",nocase; classtype:attempted-recon; sid:200001788; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa998.web.app",nocase; classtype:attempted-recon; sid:200001789; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa999.web.app",nocase; classtype:attempted-recon; sid:200001790; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"doooog.cn",nocase; classtype:attempted-recon; sid:200001791; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dopeydog.co.nz",nocase; classtype:attempted-recon; sid:200001792; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dorouscom.com",nocase; classtype:attempted-recon; sid:200001793; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"douuodwoman.com",nocase; classtype:attempted-recon; sid:200001794; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dowaba-s2dhl.blogspot.com",nocase; classtype:attempted-recon; sid:200001795; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"doz.tode.cz",nocase; classtype:attempted-recon; sid:200001796; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dpasdasfasfasfas.pages.dev",nocase; classtype:attempted-recon; sid:200001797; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dpd-redelivery-uk.com",nocase; classtype:attempted-recon; sid:200001798; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dpmasdaskj.pages.dev",nocase; classtype:attempted-recon; sid:200001799; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dr-joannepeeler.com",nocase; classtype:attempted-recon; sid:200001800; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dr3aq.byethost32.com",nocase; classtype:attempted-recon; sid:200001801; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dreamotion-jp.com",nocase; classtype:attempted-recon; sid:200001802; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drivingschoolglasgow.co.uk",nocase; classtype:attempted-recon; sid:200001803; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drmarciovaleriano.com.br",nocase; classtype:attempted-recon; sid:200001804; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dsadsadsa.diskstation.eu",nocase; classtype:attempted-recon; sid:200001805; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dsgcbeonline.com",nocase; classtype:attempted-recon; sid:200001806; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dsp2codemdp.t.justns.ru",nocase; classtype:attempted-recon; sid:200001807; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dswboot.cc",nocase; classtype:attempted-recon; sid:200001808; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dtpprtmwbtudyquwgytcqcthzc-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200001809; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dtrpsystasfasgas.pages.dev",nocase; classtype:attempted-recon; sid:200001810; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"duanemanor.tk",nocase; classtype:attempted-recon; sid:200001811; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dukhovnist.in.ua",nocase; classtype:attempted-recon; sid:200001812; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"durecorpperu.com",nocase; classtype:attempted-recon; sid:200001813; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dwrat.andalous.org",nocase; classtype:attempted-recon; sid:200001814; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dwvwq.cwfc.workers.dev",nocase; classtype:attempted-recon; sid:200001815; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dydex.org",nocase; classtype:attempted-recon; sid:200001816; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dyn.co",nocase; classtype:attempted-recon; sid:200001817; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dynastyclinic.ae",nocase; classtype:attempted-recon; sid:200001818; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"e-cassare.org",nocase; classtype:attempted-recon; sid:200001819; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"e4ff557e.sso-secure-mail04wtwdw4.pages.dev",nocase; classtype:attempted-recon; sid:200001820; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"e4ra.byethost8.com",nocase; classtype:attempted-recon; sid:200001821; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"e63q45f9h5fr.clickfunnels.com",nocase; classtype:attempted-recon; sid:200001822; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eagleeyeapparel.com",nocase; classtype:attempted-recon; sid:200001823; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"earth01.info",nocase; classtype:attempted-recon; sid:200001824; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"easy-webtdapp.com",nocase; classtype:attempted-recon; sid:200001825; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"easywalletfix.net",nocase; classtype:attempted-recon; sid:200001826; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"easywalletsfix.com",nocase; classtype:attempted-recon; sid:200001827; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eba0200d0c.nxcli.net",nocase; classtype:attempted-recon; sid:200001828; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ebay-de.ad49103.xyz",nocase; classtype:attempted-recon; sid:200001829; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ebay.com.dashboard-seller.center",nocase; classtype:attempted-recon; sid:200001830; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eberhardtedwige.wixsite.com",nocase; classtype:attempted-recon; sid:200001831; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ebuddynews.com",nocase; classtype:attempted-recon; sid:200001832; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ec.snadc-oecddo.com",nocase; classtype:attempted-recon; sid:200001833; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ecloanmoney.com",nocase; classtype:attempted-recon; sid:200001834; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ecogreenjanitorial.com",nocase; classtype:attempted-recon; sid:200001835; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ecomcrew.staging.wpengine.com",nocase; classtype:attempted-recon; sid:200001836; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ecosteelsolution.ro",nocase; classtype:attempted-recon; sid:200001837; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"editpdfonline.tk",nocase; classtype:attempted-recon; sid:200001838; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"edje.com",nocase; classtype:attempted-recon; sid:200001839; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"edukickmexico.com",nocase; classtype:attempted-recon; sid:200001840; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ee-sms.co.uk",nocase; classtype:attempted-recon; sid:200001841; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ee.mseocri.com",nocase; classtype:attempted-recon; sid:200001842; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ee.scicemecod.com",nocase; classtype:attempted-recon; sid:200001843; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"efarms.com.ng",nocase; classtype:attempted-recon; sid:200001844; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eharmonyservice.com",nocase; classtype:attempted-recon; sid:200001845; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ekabel.hu",nocase; classtype:attempted-recon; sid:200001846; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ekbofexjlnsdsfaqxbcfpnfift-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200001847; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ekobebe.cn",nocase; classtype:attempted-recon; sid:200001848; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"electrocoolhvacr.com",nocase; classtype:attempted-recon; sid:200001849; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"electronicanehuen.com",nocase; classtype:attempted-recon; sid:200001850; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"elektroonline.pl",nocase; classtype:attempted-recon; sid:200001851; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ellatinodigital.com",nocase; classtype:attempted-recon; sid:200001852; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"elomo.ro",nocase; classtype:attempted-recon; sid:200001853; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eluniversallatinworld.com",nocase; classtype:attempted-recon; sid:200001854; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"email302.com",nocase; classtype:attempted-recon; sid:200001855; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"emailsettings.webflow.io",nocase; classtype:attempted-recon; sid:200001856; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"emailwebaccess.co.uk",nocase; classtype:attempted-recon; sid:200001857; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"embarquefloripa.com.br",nocase; classtype:attempted-recon; sid:200001858; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"emlink.me",nocase; classtype:attempted-recon; sid:200001859; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"emojis.bons.bar",nocase; classtype:attempted-recon; sid:200001860; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"emojis.dels.bar",nocase; classtype:attempted-recon; sid:200001861; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"emsi-lobo.firebaseapp.com",nocase; classtype:attempted-recon; sid:200001862; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"en-template-solicito-16414253314897.onepage.website",nocase; classtype:attempted-recon; sid:200001863; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"enbolivia.com",nocase; classtype:attempted-recon; sid:200001864; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"enchanting-guiltless-suede.glitch.me",nocase; classtype:attempted-recon; sid:200001865; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"encryptdrive.booogle.net",nocase; classtype:attempted-recon; sid:200001866; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"engcamp.org",nocase; classtype:attempted-recon; sid:200001867; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"enoman.fqzsdgtg.cn",nocase; classtype:attempted-recon; sid:200001868; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"erinaflorist.com",nocase; classtype:attempted-recon; sid:200001869; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ershamshad.github.io",nocase; classtype:attempted-recon; sid:200001870; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"escortinraipur.com",nocase; classtype:attempted-recon; sid:200001871; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eseax.ws",nocase; classtype:attempted-recon; sid:200001872; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"esfdesentakip.com",nocase; classtype:attempted-recon; sid:200001873; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eshetkari.com",nocase; classtype:attempted-recon; sid:200001874; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"esi-texas.com",nocase; classtype:attempted-recon; sid:200001875; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"esinnovativeinteriors.com",nocase; classtype:attempted-recon; sid:200001876; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"establecimientoscolonia-uy.com",nocase; classtype:attempted-recon; sid:200001877; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"estorneaqui.blogspot.com",nocase; classtype:attempted-recon; sid:200001878; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"etc-co-jp.f2ss.co",nocase; classtype:attempted-recon; sid:200001879; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"etc-co-jp.f3ss.co",nocase; classtype:attempted-recon; sid:200001880; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"etc-meisfrq.xyz",nocase; classtype:attempted-recon; sid:200001881; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"etc-uhfjk.monster",nocase; classtype:attempted-recon; sid:200001882; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"etc.jp.anzhanfrp.cn",nocase; classtype:attempted-recon; sid:200001883; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"etc.kcjis.com",nocase; classtype:attempted-recon; sid:200001884; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"etc.oxqk.cn",nocase; classtype:attempted-recon; sid:200001885; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"etc.synwy.cn",nocase; classtype:attempted-recon; sid:200001886; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eth-coinwallet.net",nocase; classtype:attempted-recon; sid:200001887; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eth.coinscout.cc",nocase; classtype:attempted-recon; sid:200001888; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ethnictrendz.com",nocase; classtype:attempted-recon; sid:200001889; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ets.jwr.pa-fakfak.go.id",nocase; classtype:attempted-recon; sid:200001890; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"etwtny.cf",nocase; classtype:attempted-recon; sid:200001891; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eucriomeumundo.com",nocase; classtype:attempted-recon; sid:200001892; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eugnerally-wixsite-com.filesusr.com",nocase; classtype:attempted-recon; sid:200001893; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"euraby.com",nocase; classtype:attempted-recon; sid:200001894; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eusa-lombo.firebaseapp.com",nocase; classtype:attempted-recon; sid:200001895; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"evashoes.com.ua",nocase; classtype:attempted-recon; sid:200001896; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"even-ff-gratisterbaru2022.duckdns.org",nocase; classtype:attempted-recon; sid:200001897; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"even-ff-terbarugratis2022.duckdns.org",nocase; classtype:attempted-recon; sid:200001898; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"event-freefire728.duckdns.org",nocase; classtype:attempted-recon; sid:200001899; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"event-garenafreefire263.duckdns.org",nocase; classtype:attempted-recon; sid:200001900; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"event-skin-resmi-2022.duckdns.org",nocase; classtype:attempted-recon; sid:200001901; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eventclaimfreefiregratis2022.duckdns.org",nocase; classtype:attempted-recon; sid:200001902; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eventclaimsff0.duckdns.org",nocase; classtype:attempted-recon; sid:200001903; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eventgarenafreefiremax2022.duckdns.org",nocase; classtype:attempted-recon; sid:200001904; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"everestmotors.com.np",nocase; classtype:attempted-recon; sid:200001905; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"evo-revolutioncups.com",nocase; classtype:attempted-recon; sid:200001906; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"evolbithman.web.app",nocase; classtype:attempted-recon; sid:200001907; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"excel-cloud-document-2021.square.site",nocase; classtype:attempted-recon; sid:200001908; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"excelhana.com",nocase; classtype:attempted-recon; sid:200001909; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exchange-pancakeswaps.com",nocase; classtype:attempted-recon; sid:200001910; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exchangedictionary.com",nocase; classtype:attempted-recon; sid:200001911; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exodlus.net",nocase; classtype:attempted-recon; sid:200001912; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exodus.com-wallet-signin.com",nocase; classtype:attempted-recon; sid:200001913; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exodus.com-web-wallet-online.com",nocase; classtype:attempted-recon; sid:200001914; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exodus.com.tccaponline.com",nocase; classtype:attempted-recon; sid:200001915; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exoduspool.io",nocase; classtype:attempted-recon; sid:200001916; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exondus-lokin.com",nocase; classtype:attempted-recon; sid:200001917; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exploretrace.xyz",nocase; classtype:attempted-recon; sid:200001918; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"expocid.mx",nocase; classtype:attempted-recon; sid:200001919; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"extracash-interlbankonline.com",nocase; classtype:attempted-recon; sid:200001920; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"extracloud.com.au",nocase; classtype:attempted-recon; sid:200001921; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ezblox.site",nocase; classtype:attempted-recon; sid:200001922; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ezssausage.com",nocase; classtype:attempted-recon; sid:200001923; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"f6fr7.codesandbox.io",nocase; classtype:attempted-recon; sid:200001924; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"f9w1lned0ruqblxi6jahwotak.filesusr.com",nocase; classtype:attempted-recon; sid:200001925; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"faccebook.azurewebsites.net",nocase; classtype:attempted-recon; sid:200001926; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook--videos----app----today.blogspot.com",nocase; classtype:attempted-recon; sid:200001927; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook-0.se.ke",nocase; classtype:attempted-recon; sid:200001928; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook-accts.pages-recovery.workers.dev",nocase; classtype:attempted-recon; sid:200001929; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook-login.tbit.vn",nocase; classtype:attempted-recon; sid:200001930; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook.com-4tfgonrlym.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200001931; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook.com-j706zmy49r.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200001932; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook.com-qze9zt75vm.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200001933; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook.com-r51znzih8i.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200001934; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook.com-zxsrf038k.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200001935; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook.eventspinff.wtf",nocase; classtype:attempted-recon; sid:200001936; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook.kingstopup.com",nocase; classtype:attempted-recon; sid:200001937; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebookk.azurewebsites.net",nocase; classtype:attempted-recon; sid:200001938; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebooks.azurewebsites.net",nocase; classtype:attempted-recon; sid:200001939; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"faic.in",nocase; classtype:attempted-recon; sid:200001940; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"faizankhan0408.github.io",nocase; classtype:attempted-recon; sid:200001941; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"falling-scene-3ac3.updatelogaccountprogramedrfwerwrdhskk.workers.dev#winnie@soupro.com",nocase; classtype:attempted-recon; sid:200001942; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fancy-rain-22bf.vakagew948.workers.dev",nocase; classtype:attempted-recon; sid:200001943; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fantech.co.il",nocase; classtype:attempted-recon; sid:200001944; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fanxtv.info",nocase; classtype:attempted-recon; sid:200001945; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fassilneit.ultimatefreehost.in",nocase; classtype:attempted-recon; sid:200001946; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fassilnet.ultimatefreehost.in",nocase; classtype:attempted-recon; sid:200001947; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fassilnet5.ultimatefreehost.in",nocase; classtype:attempted-recon; sid:200001948; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fax.gruppobiesse.it",nocase; classtype:attempted-recon; sid:200001949; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fb-case-id-28031803-fcdc-48af.web.app",nocase; classtype:attempted-recon; sid:200001950; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fb-pages.proteksion-help.workers.dev",nocase; classtype:attempted-recon; sid:200001951; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fb.expressturkeyi.com",nocase; classtype:attempted-recon; sid:200001952; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fb7927.bget.ru",nocase; classtype:attempted-recon; sid:200001953; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fdasd.2e4jept.cn",nocase; classtype:attempted-recon; sid:200001954; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fdhgf.xyz",nocase; classtype:attempted-recon; sid:200001955; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"feceboolk.blogspot.com",nocase; classtype:attempted-recon; sid:200001956; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"federalaccesscredit.com",nocase; classtype:attempted-recon; sid:200001957; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fedner.net",nocase; classtype:attempted-recon; sid:200001958; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fer-brooks.top",nocase; classtype:attempted-recon; sid:200001959; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"feriadempleos.com",nocase; classtype:attempted-recon; sid:200001960; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ferienhof-gempel.de",nocase; classtype:attempted-recon; sid:200001961; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ff-anivesary225.duckdns.org",nocase; classtype:attempted-recon; sid:200001962; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ff-membership-garena.com",nocase; classtype:attempted-recon; sid:200001963; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ff-membershipz-garena.ga",nocase; classtype:attempted-recon; sid:200001964; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ff.membership.garenaj.vn",nocase; classtype:attempted-recon; sid:200001965; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ffim-event-2022.duckdns.org",nocase; classtype:attempted-recon; sid:200001966; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fghjr74rhudfguhtfguji.blogspot.com",nocase; classtype:attempted-recon; sid:200001967; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fi.uy",nocase; classtype:attempted-recon; sid:200001968; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fiber10.iaasdns.com",nocase; classtype:attempted-recon; sid:200001969; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fidelitybank-mn.net",nocase; classtype:attempted-recon; sid:200001970; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fighting40s.com",nocase; classtype:attempted-recon; sid:200001971; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fikir.id",nocase; classtype:attempted-recon; sid:200001972; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fileundelete.net",nocase; classtype:attempted-recon; sid:200001973; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"filmkenner.com",nocase; classtype:attempted-recon; sid:200001974; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"filtrosmil.com.br",nocase; classtype:attempted-recon; sid:200001975; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"finalfantasyguide.co.uk",nocase; classtype:attempted-recon; sid:200001976; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"finiiishingedgex.tk",nocase; classtype:attempted-recon; sid:200001977; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fir-9s-0s.web.app",nocase; classtype:attempted-recon; sid:200001978; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firstsourcesbus.com",nocase; classtype:attempted-recon; sid:200001979; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fixi.rest",nocase; classtype:attempted-recon; sid:200001980; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fixingtodaymailuserupdates.pages.dev",nocase; classtype:attempted-recon; sid:200001981; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fixwalletissues.com",nocase; classtype:attempted-recon; sid:200001982; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flcancer39-px.rtrk.com",nocase; classtype:attempted-recon; sid:200001983; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flowerfactoryonline.com",nocase; classtype:attempted-recon; sid:200001984; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fluksrv.mycpanel.rs",nocase; classtype:attempted-recon; sid:200001985; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fmwebapp.azurewebsites.net",nocase; classtype:attempted-recon; sid:200001986; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"foliar.pl",nocase; classtype:attempted-recon; sid:200001987; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"foma-ura-lote.firebaseapp.com",nocase; classtype:attempted-recon; sid:200001988; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"foresta-mod.firebaseapp.com",nocase; classtype:attempted-recon; sid:200001989; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forhimself9999.co.vu",nocase; classtype:attempted-recon; sid:200001990; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"formbuddy.com",nocase; classtype:attempted-recon; sid:200001991; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.formium.io",nocase; classtype:attempted-recon; sid:200001992; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"formtools.com",nocase; classtype:attempted-recon; sid:200001993; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forum-dofus.com.co",nocase; classtype:attempted-recon; sid:200001994; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"foryour.gov-information.info",nocase; classtype:attempted-recon; sid:200001995; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fpalpha.myportfolio.com",nocase; classtype:attempted-recon; sid:200001996; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fpmaam.org",nocase; classtype:attempted-recon; sid:200001997; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fr-europe564598-com.filesusr.com",nocase; classtype:attempted-recon; sid:200001998; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"frankfurtertsparkasse.web.app",nocase; classtype:attempted-recon; sid:200001999; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"free-covid-19-stimulus-bonus.nethouse.ru",nocase; classtype:attempted-recon; sid:200002000; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"free-firecoderedem.blogspot.com",nocase; classtype:attempted-recon; sid:200002001; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"free-mail4.yolasite.com",nocase; classtype:attempted-recon; sid:200002002; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"freefire.pontorecargajogo.com",nocase; classtype:attempted-recon; sid:200002003; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"freefiredot-comerhadiah.duckdns.org",nocase; classtype:attempted-recon; sid:200002004; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"freefireevent-codashop2022.duckdns.org",nocase; classtype:attempted-recon; sid:200002005; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"freeitemff-allreward.duckdns.org",nocase; classtype:attempted-recon; sid:200002006; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"freeliker.net",nocase; classtype:attempted-recon; sid:200002007; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"frefire-membership-garena.sukienfreefire2021.top",nocase; classtype:attempted-recon; sid:200002008; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"freg-nine.pt",nocase; classtype:attempted-recon; sid:200002009; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"friendsofnechockey.com",nocase; classtype:attempted-recon; sid:200002010; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fromtheofficial.pricesrakutenlogin.top",nocase; classtype:attempted-recon; sid:200002011; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftx-ca.com",nocase; classtype:attempted-recon; sid:200002012; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftx-exchangex.com",nocase; classtype:attempted-recon; sid:200002013; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftx-me.com",nocase; classtype:attempted-recon; sid:200002014; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftx-register-pro.world",nocase; classtype:attempted-recon; sid:200002015; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftx-register.biz",nocase; classtype:attempted-recon; sid:200002016; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftx-register.website",nocase; classtype:attempted-recon; sid:200002017; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftx-signup.click",nocase; classtype:attempted-recon; sid:200002018; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftx.com.vn",nocase; classtype:attempted-recon; sid:200002019; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftx.cool",nocase; classtype:attempted-recon; sid:200002020; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftxbonus.site",nocase; classtype:attempted-recon; sid:200002021; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"funiswap.exchange",nocase; classtype:attempted-recon; sid:200002022; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fusionrestobar.cl",nocase; classtype:attempted-recon; sid:200002023; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fxhalifax.com",nocase; classtype:attempted-recon; sid:200002024; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fxxmpavktyihgyqitmuaimubui-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200002025; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"g-mtcc.com",nocase; classtype:attempted-recon; sid:200002026; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"g.greatsubstance.com.my",nocase; classtype:attempted-recon; sid:200002027; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ga.teesmith.shop",nocase; classtype:attempted-recon; sid:200002028; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gabrielamims.com",nocase; classtype:attempted-recon; sid:200002029; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gabung-grubnew1342.duckdns.org",nocase; classtype:attempted-recon; sid:200002030; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gagaclinic.com",nocase; classtype:attempted-recon; sid:200002031; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gakrvwufrvhxjaabezdbltlhff-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200002032; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gallciaonllne.webcindario.com",nocase; classtype:attempted-recon; sid:200002033; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"garena-xacminhtaikhoan.com",nocase; classtype:attempted-recon; sid:200002034; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"garenafreefire728.duckdns.org",nocase; classtype:attempted-recon; sid:200002035; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gastronomiarobertos.com",nocase; classtype:attempted-recon; sid:200002036; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gasunige.mfs.gg",nocase; classtype:attempted-recon; sid:200002037; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gedfdfsd.eu",nocase; classtype:attempted-recon; sid:200002038; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"geg.li",nocase; classtype:attempted-recon; sid:200002039; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"generali-italia-ag.hrweb.it",nocase; classtype:attempted-recon; sid:200002040; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"genie-alba.firebaseapp.com",nocase; classtype:attempted-recon; sid:200002041; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"getapps.vip",nocase; classtype:attempted-recon; sid:200002042; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"getimpacteipay.com",nocase; classtype:attempted-recon; sid:200002043; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"getitapprovedacceptourterms2021.pages.dev",nocase; classtype:attempted-recon; sid:200002044; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"getlikesfree.com",nocase; classtype:attempted-recon; sid:200002045; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gfxx.creatorlink.net",nocase; classtype:attempted-recon; sid:200002046; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ghorana.com",nocase; classtype:attempted-recon; sid:200002047; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gif-discorde.com",nocase; classtype:attempted-recon; sid:200002048; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"giris-papara.net",nocase; classtype:attempted-recon; sid:200002049; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"girleatsworld.org",nocase; classtype:attempted-recon; sid:200002050; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200002051; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"glogo.org",nocase; classtype:attempted-recon; sid:200002052; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"glsword.com",nocase; classtype:attempted-recon; sid:200002053; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gmailposteingangi.de",nocase; classtype:attempted-recon; sid:200002054; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gmgroupllc.co",nocase; classtype:attempted-recon; sid:200002055; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gmxmailme.yolasite.com",nocase; classtype:attempted-recon; sid:200002056; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go.simplify.co.nz",nocase; classtype:attempted-recon; sid:200002057; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go24link.com",nocase; classtype:attempted-recon; sid:200002058; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"goldenlasgidi10.web.app",nocase; classtype:attempted-recon; sid:200002059; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"golkondaresorts.com",nocase; classtype:attempted-recon; sid:200002060; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"goo-gl.me",nocase; classtype:attempted-recon; sid:200002061; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"good12345.tripod.com",nocase; classtype:attempted-recon; sid:200002062; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"goofy-wozniak.192-210-226-164.plesk.page",nocase; classtype:attempted-recon; sid:200002063; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gorol-cost.web.app",nocase; classtype:attempted-recon; sid:200002064; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gorol-investor.web.app",nocase; classtype:attempted-recon; sid:200002065; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gosafes.com",nocase; classtype:attempted-recon; sid:200002066; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gosteveshawtraining.com",nocase; classtype:attempted-recon; sid:200002067; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gov.pl-covid.pl",nocase; classtype:attempted-recon; sid:200002068; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gramarcales.com.br",nocase; classtype:attempted-recon; sid:200002069; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"greekinfra.com",nocase; classtype:attempted-recon; sid:200002070; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"greenclasses.in",nocase; classtype:attempted-recon; sid:200002071; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grosshandel-mevida.de",nocase; classtype:attempted-recon; sid:200002072; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"group-mantap-seger.duckdns.org",nocase; classtype:attempted-recon; sid:200002073; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"group-wa-1.duckdns.org",nocase; classtype:attempted-recon; sid:200002074; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"groupbkep-vral15.duckdns.org",nocase; classtype:attempted-recon; sid:200002075; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"groworldinternational.com",nocase; classtype:attempted-recon; sid:200002076; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grp02.member.mycld-rakuten.info",nocase; classtype:attempted-recon; sid:200002077; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grub-sangex.wikaba.com",nocase; classtype:attempted-recon; sid:200002078; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grubgabung.duckdns.org",nocase; classtype:attempted-recon; sid:200002079; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grubnatajadeh12.duckdns.org",nocase; classtype:attempted-recon; sid:200002080; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grubviralterbaru65c.duckdns.org",nocase; classtype:attempted-recon; sid:200002081; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grup-bokephot-terbaru2022.duckdns.org",nocase; classtype:attempted-recon; sid:200002082; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grup-bokepviral4.duckdns.org",nocase; classtype:attempted-recon; sid:200002083; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grup-dwsa-indomesia845.duckdns.org",nocase; classtype:attempted-recon; sid:200002084; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grup-viral-seleb.duckdns.org",nocase; classtype:attempted-recon; sid:200002085; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grup-viralbokep111.myftp.org",nocase; classtype:attempted-recon; sid:200002086; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grup-viralbokep2.ddns.net",nocase; classtype:attempted-recon; sid:200002087; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grup-whatsapp121.duckdns.org",nocase; classtype:attempted-recon; sid:200002088; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grup-whatsappbokep1.duckdns.org",nocase; classtype:attempted-recon; sid:200002089; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grup-whatsappbokep2.duckdns.org",nocase; classtype:attempted-recon; sid:200002090; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grupbokeppadacantik.duckdns.org",nocase; classtype:attempted-recon; sid:200002091; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grupofsp.com.br",nocase; classtype:attempted-recon; sid:200002092; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gruposanpio.com",nocase; classtype:attempted-recon; sid:200002093; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gruptiktok.wikaba.com",nocase; classtype:attempted-recon; sid:200002094; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grupviral-xx.duckdns.org",nocase; classtype:attempted-recon; sid:200002095; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grupviral109.duckdns.org",nocase; classtype:attempted-recon; sid:200002096; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grupviralterbaru.duckdns.org",nocase; classtype:attempted-recon; sid:200002097; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grupwhatsappnobar-2022.duckdns.org",nocase; classtype:attempted-recon; sid:200002098; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gscommunityspirit.greenschool.org",nocase; classtype:attempted-recon; sid:200002099; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gstsolutions.online",nocase; classtype:attempted-recon; sid:200002100; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gunatanahku.perkimtan.sumbarprov.go.id",nocase; classtype:attempted-recon; sid:200002101; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gurukanth.com",nocase; classtype:attempted-recon; sid:200002102; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gwenet.org",nocase; classtype:attempted-recon; sid:200002103; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gyfnqyk.cn",nocase; classtype:attempted-recon; sid:200002104; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gymjaokhanakho.azurewebsites.net",nocase; classtype:attempted-recon; sid:200002105; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"habbocreditosparati.blogspot.com",nocase; classtype:attempted-recon; sid:200002106; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"haftteam.ir",nocase; classtype:attempted-recon; sid:200002107; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hahdaeupdate.es.tl",nocase; classtype:attempted-recon; sid:200002108; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"halaisabudhabi.com",nocase; classtype:attempted-recon; sid:200002109; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"halifax-securelink.com",nocase; classtype:attempted-recon; sid:200002110; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"halisdurum.com",nocase; classtype:attempted-recon; sid:200002111; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"haliuk-secure-device.com",nocase; classtype:attempted-recon; sid:200002112; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"handakai.github.io",nocase; classtype:attempted-recon; sid:200002113; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hangovertest1.blogspot.com",nocase; classtype:attempted-recon; sid:200002114; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hans-ledlite.com",nocase; classtype:attempted-recon; sid:200002115; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"happycabbagechicago.us",nocase; classtype:attempted-recon; sid:200002116; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"haroldhazard1-wixsite-com.filesusr.com",nocase; classtype:attempted-recon; sid:200002117; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hasseanhannitybeenwaterboarded.com",nocase; classtype:attempted-recon; sid:200002118; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"haunlimited.org",nocase; classtype:attempted-recon; sid:200002119; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hcnprdvz.azureedge.net",nocase; classtype:attempted-recon; sid:200002120; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hdmediahub.club",nocase; classtype:attempted-recon; sid:200002121; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hdss-stream.org",nocase; classtype:attempted-recon; sid:200002122; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"heinthu1.github.io",nocase; classtype:attempted-recon; sid:200002123; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hellenic-postbank.com",nocase; classtype:attempted-recon; sid:200002124; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"helloparis.co.uk",nocase; classtype:attempted-recon; sid:200002125; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"help-account-bxsfe.ondigitalocean.app",nocase; classtype:attempted-recon; sid:200002126; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"help-notice-center-identity-6532.web.id",nocase; classtype:attempted-recon; sid:200002127; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"help.insecur.saftyalert.workers.dev",nocase; classtype:attempted-recon; sid:200002128; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"help.validation-page.workers.dev",nocase; classtype:attempted-recon; sid:200002129; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"henan.vxim58i.cn",nocase; classtype:attempted-recon; sid:200002130; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hermes.parcel-tracker.com",nocase; classtype:attempted-recon; sid:200002131; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hetershaven.net",nocase; classtype:attempted-recon; sid:200002132; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"heuristic-gagarin.45-88-108-231.plesk.page",nocase; classtype:attempted-recon; sid:200002133; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hfemail.ntneancns.com",nocase; classtype:attempted-recon; sid:200002134; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hgda.db0u4hs.cn",nocase; classtype:attempted-recon; sid:200002135; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hgdaa.lfoxcct.cn",nocase; classtype:attempted-recon; sid:200002136; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hghgda.erjl0hx.cn",nocase; classtype:attempted-recon; sid:200002137; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hhdd.mzhemfi.cn",nocase; classtype:attempted-recon; sid:200002138; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hi.switchy.io",nocase; classtype:attempted-recon; sid:200002139; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hidzzs.com",nocase; classtype:attempted-recon; sid:200002140; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hifly01721.top",nocase; classtype:attempted-recon; sid:200002141; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hifly06356.top",nocase; classtype:attempted-recon; sid:200002142; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hifly31916.top",nocase; classtype:attempted-recon; sid:200002143; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hifly32053.top",nocase; classtype:attempted-recon; sid:200002144; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hifly38926.top",nocase; classtype:attempted-recon; sid:200002145; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hifly39091.top",nocase; classtype:attempted-recon; sid:200002146; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hifly61215.top",nocase; classtype:attempted-recon; sid:200002147; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hifly71191.top",nocase; classtype:attempted-recon; sid:200002148; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hikaheal.com",nocase; classtype:attempted-recon; sid:200002149; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"himalayansherpa.com.au",nocase; classtype:attempted-recon; sid:200002150; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"himbauane.blogspot.com",nocase; classtype:attempted-recon; sid:200002151; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hitman71hd-wixsite-com.filesusr.com",nocase; classtype:attempted-recon; sid:200002152; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hjhjjhjhjh.pagedemo.co",nocase; classtype:attempted-recon; sid:200002153; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hockian.com",nocase; classtype:attempted-recon; sid:200002154; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"holobeam.000webhostapp.com",nocase; classtype:attempted-recon; sid:200002155; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"home.ei1ns.de",nocase; classtype:attempted-recon; sid:200002156; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"home.myfairpoint.net",nocase; classtype:attempted-recon; sid:200002157; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"homepichilinea2.webcindario.com",nocase; classtype:attempted-recon; sid:200002158; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"homesinlogin.com",nocase; classtype:attempted-recon; sid:200002159; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"homestaylongho.com",nocase; classtype:attempted-recon; sid:200002160; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hostnix.net",nocase; classtype:attempted-recon; sid:200002161; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hostpoint.ch.17a902ef.tcorner.fr",nocase; classtype:attempted-recon; sid:200002162; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hotbrooks.com",nocase; classtype:attempted-recon; sid:200002163; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hotel-pontos.gr",nocase; classtype:attempted-recon; sid:200002164; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hoteltigerplus.com",nocase; classtype:attempted-recon; sid:200002165; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hounbvc-c7661.web.app",nocase; classtype:attempted-recon; sid:200002166; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"houseofscotland.com.au",nocase; classtype:attempted-recon; sid:200002167; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hpnepgnmwrgdrrsdshzrvyirlx-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200002168; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hpplotters.in",nocase; classtype:attempted-recon; sid:200002169; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hs-giveaways.ca",nocase; classtype:attempted-recon; sid:200002170; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ht-cargo.com.vn",nocase; classtype:attempted-recon; sid:200002171; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"htlgroup.com.my",nocase; classtype:attempted-recon; sid:200002172; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"httpeugnerally-wixsite-com.filesusr.com",nocase; classtype:attempted-recon; sid:200002173; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"https-scert-con04.xyz",nocase; classtype:attempted-recon; sid:200002174; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"https-scert-srv02.xyz",nocase; classtype:attempted-recon; sid:200002175; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"https-scert-srv06.xyz",nocase; classtype:attempted-recon; sid:200002176; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"https-scert-srv08.xyz",nocase; classtype:attempted-recon; sid:200002177; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"httpsfaceb00k.com-r51znzih8l.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002178; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"httpsfacebo0k.com-r51znzlh8i.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002179; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"httpsfacebook.com-r51znzih8i.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002180; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"httpsfacebook.com-r51znzlh8i.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002181; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"httpsmarketplace.facebook.com-wd5sulr0f5.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002182; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hubcare.co.in",nocase; classtype:attempted-recon; sid:200002183; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hulu-com-activate.sitey.me",nocase; classtype:attempted-recon; sid:200002184; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hulu-hulu-com-activate.sitey.me",nocase; classtype:attempted-recon; sid:200002185; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hulu.sitey.me",nocase; classtype:attempted-recon; sid:200002186; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"humc.in",nocase; classtype:attempted-recon; sid:200002187; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hutoknepper.de",nocase; classtype:attempted-recon; sid:200002188; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"huxleyfran.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200002189; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"huynguyen2k.github.io",nocase; classtype:attempted-recon; sid:200002190; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hypegames.shop",nocase; classtype:attempted-recon; sid:200002191; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"i-ask332.dga.jp",nocase; classtype:attempted-recon; sid:200002192; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"i.violationspage.validationspege.workers.dev",nocase; classtype:attempted-recon; sid:200002193; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ialvkqkadlmcdltczoqpwoociz-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200002194; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ibpm.ru",nocase; classtype:attempted-recon; sid:200002195; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"icloud-map-live.com",nocase; classtype:attempted-recon; sid:200002196; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"icloudstatus.com.ng",nocase; classtype:attempted-recon; sid:200002197; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"icy.martulangbelulalng.workers.dev",nocase; classtype:attempted-recon; sid:200002198; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"idappswallets.com",nocase; classtype:attempted-recon; sid:200002199; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"identifiez-vous-avec-votre-compte.yolasite.com",nocase; classtype:attempted-recon; sid:200002200; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"identifiez-vous598.yolasite.com",nocase; classtype:attempted-recon; sid:200002201; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"identify.run-us-west2.goorm.io",nocase; classtype:attempted-recon; sid:200002202; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"idhuman-verification.run-us-west2.goorm.io",nocase; classtype:attempted-recon; sid:200002203; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"idnpokerweb.com",nocase; classtype:attempted-recon; sid:200002204; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ieqdlhv.cn",nocase; classtype:attempted-recon; sid:200002205; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"iframejld.avent-media.fr",nocase; classtype:attempted-recon; sid:200002206; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ighk.umjlrs7uci2751.workers.dev",nocase; classtype:attempted-recon; sid:200002207; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"iipvit.by",nocase; classtype:attempted-recon; sid:200002208; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ijcda.bukkats.cn",nocase; classtype:attempted-recon; sid:200002209; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ijeioqhawdqioqho.weebly.com",nocase; classtype:attempted-recon; sid:200002210; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ijhca.0gb0h7z.cn",nocase; classtype:attempted-recon; sid:200002211; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ijjd.h8nmtcc.cn",nocase; classtype:attempted-recon; sid:200002212; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ijmna.p2y00vd.cn",nocase; classtype:attempted-recon; sid:200002213; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ijmnc.x7o1tut.cn",nocase; classtype:attempted-recon; sid:200002214; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ijnssa.w005zmk.cn",nocase; classtype:attempted-recon; sid:200002215; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ijsa.x3585z7.cn",nocase; classtype:attempted-recon; sid:200002216; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ikcda.a2g5xvs.cn",nocase; classtype:attempted-recon; sid:200002217; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ikcsa.ajiqvjf.cn",nocase; classtype:attempted-recon; sid:200002218; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ikdff.jmo904i.cn",nocase; classtype:attempted-recon; sid:200002219; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ikja.lbanwqp.cn",nocase; classtype:attempted-recon; sid:200002220; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ikjd.uk0xnp8.cn",nocase; classtype:attempted-recon; sid:200002221; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ikjgd.rg6bzk7.cn",nocase; classtype:attempted-recon; sid:200002222; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ikmcd.u4jdbxm.cn",nocase; classtype:attempted-recon; sid:200002223; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ikmxaa.qcqxlrq.cn",nocase; classtype:attempted-recon; sid:200002224; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"iloveyourglasses.com",nocase; classtype:attempted-recon; sid:200002225; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ilpconnect.org",nocase; classtype:attempted-recon; sid:200002226; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"imersao.impulseingles.com.br",nocase; classtype:attempted-recon; sid:200002227; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"imf0rm4t10nc3nt3r-1d3nt1tys.000webhostapp.com",nocase; classtype:attempted-recon; sid:200002228; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"imi-ksa.jajainfo.net",nocase; classtype:attempted-recon; sid:200002229; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"imobiliaria-cardinali-com-br.blogspot.com",nocase; classtype:attempted-recon; sid:200002230; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"impostazionebper.000webhostapp.com",nocase; classtype:attempted-recon; sid:200002231; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"in.deraya.org",nocase; classtype:attempted-recon; sid:200002232; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"inaueab.com",nocase; classtype:attempted-recon; sid:200002233; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"indo-viral2022.duckdns.org",nocase; classtype:attempted-recon; sid:200002234; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"info.lionnets.com",nocase; classtype:attempted-recon; sid:200002235; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"infohypesquad.com",nocase; classtype:attempted-recon; sid:200002236; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"infopichinchaweb.webcindario.com",nocase; classtype:attempted-recon; sid:200002237; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"informations.recovery.confiryourpage.workers.dev",nocase; classtype:attempted-recon; sid:200002238; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"infos00001.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200002239; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"infosecplace.com",nocase; classtype:attempted-recon; sid:200002240; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"infosprologinmatrisemomols.yolasite.com",nocase; classtype:attempted-recon; sid:200002241; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ing.ingdirect-app.com",nocase; classtype:attempted-recon; sid:200002242; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ingaveiculos.creatorlink.net",nocase; classtype:attempted-recon; sid:200002243; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ingresadatosbono210.com",nocase; classtype:attempted-recon; sid:200002244; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"inicia-bancalnterbank.com",nocase; classtype:attempted-recon; sid:200002245; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"inna.cedymll.cn",nocase; classtype:attempted-recon; sid:200002246; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"innca.ol90k56.cn",nocase; classtype:attempted-recon; sid:200002247; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"innovasjon.as",nocase; classtype:attempted-recon; sid:200002248; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"inps-ep.com",nocase; classtype:attempted-recon; sid:200002249; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"instagram-9.blogspot.com",nocase; classtype:attempted-recon; sid:200002250; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"instagramhelpp.agency",nocase; classtype:attempted-recon; sid:200002251; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"intellidata-analytica.com",nocase; classtype:attempted-recon; sid:200002252; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"interbankempresahome.rankforever.com",nocase; classtype:attempted-recon; sid:200002253; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"interbankempresas.pe-il.ru",nocase; classtype:attempted-recon; sid:200002254; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"intern.unibas-com.ch",nocase; classtype:attempted-recon; sid:200002255; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"international-formulier.91-218-65-223.plesk.page",nocase; classtype:attempted-recon; sid:200002256; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"internetbanking-caixa-gov.xyz",nocase; classtype:attempted-recon; sid:200002257; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"internetbankinghelp.com",nocase; classtype:attempted-recon; sid:200002258; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"internetservicetech.com",nocase; classtype:attempted-recon; sid:200002259; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"intexargentina.com.ar",nocase; classtype:attempted-recon; sid:200002260; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"inthewildproductions.com",nocase; classtype:attempted-recon; sid:200002261; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"intoli.ru",nocase; classtype:attempted-recon; sid:200002262; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"intrafloraplants.com",nocase; classtype:attempted-recon; sid:200002263; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"intranet.sztpe.info",nocase; classtype:attempted-recon; sid:200002264; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"investpl.work",nocase; classtype:attempted-recon; sid:200002265; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"iplogger.info",nocase; classtype:attempted-recon; sid:200002266; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ironmantech.shop",nocase; classtype:attempted-recon; sid:200002267; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"irs-gov.us-get-funds-assistance.com",nocase; classtype:attempted-recon; sid:200002268; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"isfirsatibul.com",nocase; classtype:attempted-recon; sid:200002269; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ismamorlin.my-place.us",nocase; classtype:attempted-recon; sid:200002270; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"istudyalumni.com",nocase; classtype:attempted-recon; sid:200002271; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"it-europe564598-com.filesusr.com",nocase; classtype:attempted-recon; sid:200002272; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"it.melnikhotels.com",nocase; classtype:attempted-recon; sid:200002273; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"itcentralsupport.net",nocase; classtype:attempted-recon; sid:200002274; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"its.tikkycloud.com",nocase; classtype:attempted-recon; sid:200002275; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"itsmdshahin.github.io",nocase; classtype:attempted-recon; sid:200002276; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"iuhkj.r4f4vmtlso.workers.dev",nocase; classtype:attempted-recon; sid:200002277; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"iuhs.tyopfhn.cn",nocase; classtype:attempted-recon; sid:200002278; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"iujdas.yfwxlc9.cn",nocase; classtype:attempted-recon; sid:200002279; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"iuyydd.ebeg6uk.cn",nocase; classtype:attempted-recon; sid:200002280; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"j9w77d0.cn",nocase; classtype:attempted-recon; sid:200002281; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jacobliston.com",nocase; classtype:attempted-recon; sid:200002282; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jadaart.org",nocase; classtype:attempted-recon; sid:200002283; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jagex-rewards.com",nocase; classtype:attempted-recon; sid:200002284; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jam-023d.gitlab.io",nocase; classtype:attempted-recon; sid:200002285; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"james8.aidaform.com",nocase; classtype:attempted-recon; sid:200002286; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"javarockingland.com",nocase; classtype:attempted-recon; sid:200002287; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jax.bz",nocase; classtype:attempted-recon; sid:200002288; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jbwbzta.alfens8.cc",nocase; classtype:attempted-recon; sid:200002289; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jeanbaileyrobor.com",nocase; classtype:attempted-recon; sid:200002290; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jendelajogja.com",nocase; classtype:attempted-recon; sid:200002291; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jerinja.github.io",nocase; classtype:attempted-recon; sid:200002292; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jessicasproul.com",nocase; classtype:attempted-recon; sid:200002293; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jetser-electrical-supply.business.site",nocase; classtype:attempted-recon; sid:200002294; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jetstoop.top",nocase; classtype:attempted-recon; sid:200002295; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jett.gator.site",nocase; classtype:attempted-recon; sid:200002296; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jflkp.csb.app",nocase; classtype:attempted-recon; sid:200002297; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jfovukvysqnglcjghfxncklqih-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200002298; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jhda.wfdyk9p.cn",nocase; classtype:attempted-recon; sid:200002299; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jhdd.fjcslad.cn",nocase; classtype:attempted-recon; sid:200002300; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jhff.93oe0u9.cn",nocase; classtype:attempted-recon; sid:200002301; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jiwanramchemical.com",nocase; classtype:attempted-recon; sid:200002302; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jjhcd.27ke98i.cn",nocase; classtype:attempted-recon; sid:200002303; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jk99j.sbs",nocase; classtype:attempted-recon; sid:200002304; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jkhkjjkjk.pagedemo.co",nocase; classtype:attempted-recon; sid:200002305; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jlogine.com",nocase; classtype:attempted-recon; sid:200002306; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jnlope.tangguakrapekpuik.link",nocase; classtype:attempted-recon; sid:200002307; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jnnc.grnxkoj.cn",nocase; classtype:attempted-recon; sid:200002308; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"job-type.com",nocase; classtype:attempted-recon; sid:200002309; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jobs.job.com.bd",nocase; classtype:attempted-recon; sid:200002310; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"joecamera.net",nocase; classtype:attempted-recon; sid:200002311; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"john-ashley.de",nocase; classtype:attempted-recon; sid:200002312; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"join-chat-whatssap-viral-2022.duckdns.org",nocase; classtype:attempted-recon; sid:200002313; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"join-group-wa2022.duckdns.org",nocase; classtype:attempted-recon; sid:200002314; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"join-grub-bokep-gratis.duckdns.org",nocase; classtype:attempted-recon; sid:200002315; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"join-grubkienzy849.duckdns.org",nocase; classtype:attempted-recon; sid:200002316; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"join-whatsapp-tante-hot18.duckdns.org",nocase; classtype:attempted-recon; sid:200002317; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"joingrupp-bkep156.duckdns.org",nocase; classtype:attempted-recon; sid:200002318; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"joingrupterbaru-0.duckdns.org",nocase; classtype:attempted-recon; sid:200002319; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"joinlinkviral729.duckdns.org",nocase; classtype:attempted-recon; sid:200002320; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"joinssgropshot18.duckdns.org",nocase; classtype:attempted-recon; sid:200002321; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"joinssgropssney6.duckdns.org",nocase; classtype:attempted-recon; sid:200002322; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jow-japan.or.jp",nocase; classtype:attempted-recon; sid:200002323; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"joyeriajireh.com.mx",nocase; classtype:attempted-recon; sid:200002324; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jp-bnnk.japappoit.asdwb.xyz",nocase; classtype:attempted-recon; sid:200002325; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jp-bnnk.japappoit.asdwd.xyz",nocase; classtype:attempted-recon; sid:200002326; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jptechdocsign.net",nocase; classtype:attempted-recon; sid:200002327; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jrhayley.plus.com",nocase; classtype:attempted-recon; sid:200002328; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"juandfar.github.io",nocase; classtype:attempted-recon; sid:200002329; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jurlebedev.ru",nocase; classtype:attempted-recon; sid:200002330; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"justgot.gonevis.com",nocase; classtype:attempted-recon; sid:200002331; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"justsayingbro.com",nocase; classtype:attempted-recon; sid:200002332; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jvk.zultifarza.workers.dev",nocase; classtype:attempted-recon; sid:200002333; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jyeue43rm95p.clickfunnels.com",nocase; classtype:attempted-recon; sid:200002334; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jz2bab.webwave.dev",nocase; classtype:attempted-recon; sid:200002335; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"k3ja6d.webwave.dev",nocase; classtype:attempted-recon; sid:200002336; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kaamwalibais.co.in",nocase; classtype:attempted-recon; sid:200002337; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kamdhenurealities.com",nocase; classtype:attempted-recon; sid:200002338; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kargonova.com",nocase; classtype:attempted-recon; sid:200002339; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kartaltepespor.com",nocase; classtype:attempted-recon; sid:200002340; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kasba.in",nocase; classtype:attempted-recon; sid:200002341; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"katanaroninchains.com",nocase; classtype:attempted-recon; sid:200002342; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kbstitchdesigns.com",nocase; classtype:attempted-recon; sid:200002343; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kcas.ygvlrlo.cn",nocase; classtype:attempted-recon; sid:200002344; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kdhdf34j6dfh.dealerwebsite.com",nocase; classtype:attempted-recon; sid:200002345; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kdlscaffolding.co.uk",nocase; classtype:attempted-recon; sid:200002346; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kecc.com",nocase; classtype:attempted-recon; sid:200002347; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kecmanijada.com",nocase; classtype:attempted-recon; sid:200002348; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"keep-passw0rd-supp0rt20211129-0106.supp0rtaaqkadq2zgnizte3ltbly2etnge5yi05ntm3lty2yjcwyzywzdjhmwa.workers.dev",nocase; classtype:attempted-recon; sid:200002349; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"keepactive-8k98-l9k8-98j8-98j78u-d3d3-fr3d34d-2.pages.dev",nocase; classtype:attempted-recon; sid:200002350; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"keepboxactive-msoe3e3-osd2rrf432-d342f4-3f34e32edetferef.pages.dev",nocase; classtype:attempted-recon; sid:200002351; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kevinsmovingservice.com",nocase; classtype:attempted-recon; sid:200002352; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kex81.sbs",nocase; classtype:attempted-recon; sid:200002353; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"key-drcp.com",nocase; classtype:attempted-recon; sid:200002354; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kghm-invest.web.app",nocase; classtype:attempted-recon; sid:200002355; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ki89.pckmlc0cus5667.workers.dev",nocase; classtype:attempted-recon; sid:200002356; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kienthucykhoa.org",nocase; classtype:attempted-recon; sid:200002357; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kimaki.001www.com",nocase; classtype:attempted-recon; sid:200002358; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kingfaisalprize.org",nocase; classtype:attempted-recon; sid:200002359; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kingmhd95p.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200002360; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kissapps.io",nocase; classtype:attempted-recon; sid:200002361; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kit.mishkanhakavana.com",nocase; classtype:attempted-recon; sid:200002362; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kjhdda.tetfeec.cn",nocase; classtype:attempted-recon; sid:200002363; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"klaim-item-mlbb-terbaru8.duckdns.org",nocase; classtype:attempted-recon; sid:200002364; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kleinsigns.net",nocase; classtype:attempted-recon; sid:200002365; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"klockorochsmycken.se",nocase; classtype:attempted-recon; sid:200002366; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"knocktheskool.in",nocase; classtype:attempted-recon; sid:200002367; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"koerich-c-empresarial.com",nocase; classtype:attempted-recon; sid:200002368; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"koji.to",nocase; classtype:attempted-recon; sid:200002369; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kone-ali123-mon-site-web-cheetah-5.cheetah.builderall.com",nocase; classtype:attempted-recon; sid:200002370; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"konfirmasi-identitas-2022.webnode.page",nocase; classtype:attempted-recon; sid:200002371; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"konnect2kamadhenu.com",nocase; classtype:attempted-recon; sid:200002372; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"koteng.odoo.com",nocase; classtype:attempted-recon; sid:200002373; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kr-bithumb.web.app",nocase; classtype:attempted-recon; sid:200002374; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kraftongame.net",nocase; classtype:attempted-recon; sid:200002375; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"krupije.com",nocase; classtype:attempted-recon; sid:200002376; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"krx887.com",nocase; classtype:attempted-recon; sid:200002377; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ksschool.org.in",nocase; classtype:attempted-recon; sid:200002378; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kuchkuchnights.com",nocase; classtype:attempted-recon; sid:200002379; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kurortnoye.com.ua",nocase; classtype:attempted-recon; sid:200002380; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l-abe.com",nocase; classtype:attempted-recon; sid:200002381; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l-q.in",nocase; classtype:attempted-recon; sid:200002382; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lambdaweb.info",nocase; classtype:attempted-recon; sid:200002383; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"laposada.roncesvalles.es",nocase; classtype:attempted-recon; sid:200002384; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"laposte-france.web.app",nocase; classtype:attempted-recon; sid:200002385; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lapotosinaexpress.com",nocase; classtype:attempted-recon; sid:200002386; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"larindbr.creatorlink.net",nocase; classtype:attempted-recon; sid:200002387; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"larvalab.to",nocase; classtype:attempted-recon; sid:200002388; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lasyaja.github.io",nocase; classtype:attempted-recon; sid:200002389; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"latelevitation.com",nocase; classtype:attempted-recon; sid:200002390; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"latest-recharge-reorder.co.uk",nocase; classtype:attempted-recon; sid:200002391; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"latestnews.pricesrakutenlogin.xyz",nocase; classtype:attempted-recon; sid:200002392; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"latinotravel.cz",nocase; classtype:attempted-recon; sid:200002393; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lazada889.com",nocase; classtype:attempted-recon; sid:200002394; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lbce.lecservilbc.com",nocase; classtype:attempted-recon; sid:200002395; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ldsplanettt.yolasite.com",nocase; classtype:attempted-recon; sid:200002396; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"le-diablotin-rouen.com",nocase; classtype:attempted-recon; sid:200002397; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"leadershipmail.org",nocase; classtype:attempted-recon; sid:200002398; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"learningimpactmodel.com",nocase; classtype:attempted-recon; sid:200002399; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"leboncoiinlbc.000webhostapp.com",nocase; classtype:attempted-recon; sid:200002400; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"leboncoin.delivery01588.icu",nocase; classtype:attempted-recon; sid:200002401; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lemeiesta.com",nocase; classtype:attempted-recon; sid:200002402; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lenagruessdich.net",nocase; classtype:attempted-recon; sid:200002403; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"leroycu.ca",nocase; classtype:attempted-recon; sid:200002404; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lettertracing4kids.com",nocase; classtype:attempted-recon; sid:200002405; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lexnotes.com.ng",nocase; classtype:attempted-recon; sid:200002406; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lg-bluebadgecenter.ml",nocase; classtype:attempted-recon; sid:200002407; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lg-onecom-io.web.app",nocase; classtype:attempted-recon; sid:200002408; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"liberasrl.it",nocase; classtype:attempted-recon; sid:200002409; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lihi3.cc",nocase; classtype:attempted-recon; sid:200002410; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkcontract.tech",nocase; classtype:attempted-recon; sid:200002411; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"liongear.com",nocase; classtype:attempted-recon; sid:200002412; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lirc.cep.edu.vn",nocase; classtype:attempted-recon; sid:200002413; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"little-frost-1a15.chrisc11004842.workers.dev",nocase; classtype:attempted-recon; sid:200002414; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"little-rain-39c4.newdhlacceslogins.workers.dev",nocase; classtype:attempted-recon; sid:200002415; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"little-wood-23ca.abssupdatedlogin.workers.dev",nocase; classtype:attempted-recon; sid:200002416; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"litty.shop",nocase; classtype:attempted-recon; sid:200002417; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"liusanchuan.github.io",nocase; classtype:attempted-recon; sid:200002418; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"live-site.hopto.me",nocase; classtype:attempted-recon; sid:200002419; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"live.rawfednews.com",nocase; classtype:attempted-recon; sid:200002420; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"livechat-ronin.com",nocase; classtype:attempted-recon; sid:200002421; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"livecryptolab.com",nocase; classtype:attempted-recon; sid:200002422; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"livelifelimitless.com.au",nocase; classtype:attempted-recon; sid:200002423; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ljkds.hvkmjdq.cn",nocase; classtype:attempted-recon; sid:200002424; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lkjds.nlmwjta.cn",nocase; classtype:attempted-recon; sid:200002425; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lloydbank-accountbreach.com",nocase; classtype:attempted-recon; sid:200002426; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lloydbank-secure-customers.com",nocase; classtype:attempted-recon; sid:200002427; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lloydbank-support-team.com",nocase; classtype:attempted-recon; sid:200002428; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lloydbanking-securelogin.com",nocase; classtype:attempted-recon; sid:200002429; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lloydsbank.deregister-payee-secure-auth.com",nocase; classtype:attempted-recon; sid:200002430; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lloydsbank.secure-online-deregister.com",nocase; classtype:attempted-recon; sid:200002431; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lloydsbank.secure-personal-device-login.com",nocase; classtype:attempted-recon; sid:200002432; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lloyduk-newdevice-registered-online.com",nocase; classtype:attempted-recon; sid:200002433; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"llsckhuhskcamuqwbonsrhwpvk-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200002434; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnkd.dev",nocase; classtype:attempted-recon; sid:200002435; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnterbancape-lbk.com",nocase; classtype:attempted-recon; sid:200002436; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnterbank.pe.starneonsignsug.com",nocase; classtype:attempted-recon; sid:200002437; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"localwithg.com",nocase; classtype:attempted-recon; sid:200002438; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lockpichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200002439; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"loengregkuetngferu.live",nocase; classtype:attempted-recon; sid:200002440; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lofon-add.firebaseapp.com",nocase; classtype:attempted-recon; sid:200002441; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"loftywallet.com",nocase; classtype:attempted-recon; sid:200002442; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"login-a5x1ir9bkd0dfo9nrbe2akijf3ux35u2gard0djpitipusxxc8.website.yandexcloud.net",nocase; classtype:attempted-recon; sid:200002443; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"login-facebook18.webnode.page",nocase; classtype:attempted-recon; sid:200002444; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"login-live.com-s02.net",nocase; classtype:attempted-recon; sid:200002445; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"login-np6hh1hdf6csg7hcskopd44b7e7z4clqa8lput68g5abukevka.website.yandexcloud.net",nocase; classtype:attempted-recon; sid:200002446; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"login-postfinance.com",nocase; classtype:attempted-recon; sid:200002447; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"login.dbs.webdbslistinonline.com",nocase; classtype:attempted-recon; sid:200002448; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"login.privategold.uytrtyuhij987.gowithapex.com",nocase; classtype:attempted-recon; sid:200002449; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"login.smbc.weddirecttop.com",nocase; classtype:attempted-recon; sid:200002450; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"logindhlaccess.dhlupdatelogin.workers.dev",nocase; classtype:attempted-recon; sid:200002451; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"logverify-df12e-verify-1230-eu.web.app",nocase; classtype:attempted-recon; sid:200002452; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"loinesports.com",nocase; classtype:attempted-recon; sid:200002453; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lomadesarrollos.mx",nocase; classtype:attempted-recon; sid:200002454; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lombard11.eu",nocase; classtype:attempted-recon; sid:200002455; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lot-lp-x.web.app",nocase; classtype:attempted-recon; sid:200002456; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lp.vp4.me",nocase; classtype:attempted-recon; sid:200002457; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lrs.financial",nocase; classtype:attempted-recon; sid:200002458; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lrs.foundation",nocase; classtype:attempted-recon; sid:200002459; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lrs.fund",nocase; classtype:attempted-recon; sid:200002460; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ltdv1signinui.website.yandexcloud.net",nocase; classtype:attempted-recon; sid:200002461; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lucid-lichterman.45-81-232-17.plesk.page",nocase; classtype:attempted-recon; sid:200002462; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"luciolee17.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200002463; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lucky-glitter-f89f.jimmysitt.workers.dev",nocase; classtype:attempted-recon; sid:200002464; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lucy-walker.com",nocase; classtype:attempted-recon; sid:200002465; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lukysepinfreefire2022.duckdns.org",nocase; classtype:attempted-recon; sid:200002466; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lunugrcpujwcfnajuctkojawrh-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200002467; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lydab.com",nocase; classtype:attempted-recon; sid:200002468; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"m.help.insecurpage.workers.dev",nocase; classtype:attempted-recon; sid:200002469; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"m.maseocoad.top",nocase; classtype:attempted-recon; sid:200002470; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"m.mauofcg.com",nocase; classtype:attempted-recon; sid:200002471; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"m.protc.safty-pege.workers.dev",nocase; classtype:attempted-recon; sid:200002472; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"m.recovery.safetyacount.workers.dev",nocase; classtype:attempted-recon; sid:200002473; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"m.recovery.saftypageupdate.workers.dev",nocase; classtype:attempted-recon; sid:200002474; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"m.salsomascard.top",nocase; classtype:attempted-recon; sid:200002475; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"m4-appcaixia.com",nocase; classtype:attempted-recon; sid:200002476; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"m42club.com",nocase; classtype:attempted-recon; sid:200002477; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"m5bundle.com",nocase; classtype:attempted-recon; sid:200002478; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"machineryzoneservice.com",nocase; classtype:attempted-recon; sid:200002479; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"macjakarta.com",nocase; classtype:attempted-recon; sid:200002480; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"macst.cc",nocase; classtype:attempted-recon; sid:200002481; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"madamailru.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200002482; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"madens.com.pl",nocase; classtype:attempted-recon; sid:200002483; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"madrhinoconsulting.com",nocase; classtype:attempted-recon; sid:200002484; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maestro.my.prod.dfg152.ru",nocase; classtype:attempted-recon; sid:200002485; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"magyar-posta.ddns.net",nocase; classtype:attempted-recon; sid:200002486; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"magyar-posta.sytes.net",nocase; classtype:attempted-recon; sid:200002487; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mahikapur.in",nocase; classtype:attempted-recon; sid:200002488; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mahud.globizsapp.com",nocase; classtype:attempted-recon; sid:200002489; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail-account-verify-f4723.web.app",nocase; classtype:attempted-recon; sid:200002490; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail-gmxaktualisierung.yolasite.com",nocase; classtype:attempted-recon; sid:200002491; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail-ovhcloud.web.app",nocase; classtype:attempted-recon; sid:200002492; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail-ssocloud-srvr67yhguh.pages.dev",nocase; classtype:attempted-recon; sid:200002493; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.enrollmoreclientsbootcamp.com",nocase; classtype:attempted-recon; sid:200002494; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.gov-taxid.completofyours.info",nocase; classtype:attempted-recon; sid:200002495; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.grup-dwsa-indomesia845.duckdns.org",nocase; classtype:attempted-recon; sid:200002496; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.ims-fe.com",nocase; classtype:attempted-recon; sid:200002497; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.kuttabalfatih.com",nocase; classtype:attempted-recon; sid:200002498; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.santepluspharma.com",nocase; classtype:attempted-recon; sid:200002499; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.sweetshopspecialtycoffee.com.au",nocase; classtype:attempted-recon; sid:200002500; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.tariqalaraimi.com",nocase; classtype:attempted-recon; sid:200002501; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.updateinfo-billingo2.com",nocase; classtype:attempted-recon; sid:200002502; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.wheel1factory.net",nocase; classtype:attempted-recon; sid:200002503; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.zenstream.com",nocase; classtype:attempted-recon; sid:200002504; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck1.web.app",nocase; classtype:attempted-recon; sid:200002505; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck10.web.app",nocase; classtype:attempted-recon; sid:200002506; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck11.web.app",nocase; classtype:attempted-recon; sid:200002507; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck12.web.app",nocase; classtype:attempted-recon; sid:200002508; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck13.web.app",nocase; classtype:attempted-recon; sid:200002509; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck14.web.app",nocase; classtype:attempted-recon; sid:200002510; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck15.web.app",nocase; classtype:attempted-recon; sid:200002511; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck16.web.app",nocase; classtype:attempted-recon; sid:200002512; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck17.web.app",nocase; classtype:attempted-recon; sid:200002513; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck18.web.app",nocase; classtype:attempted-recon; sid:200002514; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck19.web.app",nocase; classtype:attempted-recon; sid:200002515; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck2.web.app",nocase; classtype:attempted-recon; sid:200002516; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck20.web.app",nocase; classtype:attempted-recon; sid:200002517; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck4.web.app",nocase; classtype:attempted-recon; sid:200002518; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck5.web.app",nocase; classtype:attempted-recon; sid:200002519; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck6.web.app",nocase; classtype:attempted-recon; sid:200002520; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck7.web.app",nocase; classtype:attempted-recon; sid:200002521; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck8.web.app",nocase; classtype:attempted-recon; sid:200002522; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck9.web.app",nocase; classtype:attempted-recon; sid:200002523; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailgmxaktualiisieren.yolasite.com",nocase; classtype:attempted-recon; sid:200002524; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailplusrolerequestedprivatemailupdates.pages.dev",nocase; classtype:attempted-recon; sid:200002525; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailserver7656566.blob.core.windows.net",nocase; classtype:attempted-recon; sid:200002526; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee10.web.app",nocase; classtype:attempted-recon; sid:200002527; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee11.web.app",nocase; classtype:attempted-recon; sid:200002528; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee12.web.app",nocase; classtype:attempted-recon; sid:200002529; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee13.web.app",nocase; classtype:attempted-recon; sid:200002530; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee14.web.app",nocase; classtype:attempted-recon; sid:200002531; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee15.web.app",nocase; classtype:attempted-recon; sid:200002532; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee16.web.app",nocase; classtype:attempted-recon; sid:200002533; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee17.web.app",nocase; classtype:attempted-recon; sid:200002534; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee18.web.app",nocase; classtype:attempted-recon; sid:200002535; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee19.web.app",nocase; classtype:attempted-recon; sid:200002536; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee20.web.app",nocase; classtype:attempted-recon; sid:200002537; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee21.web.app",nocase; classtype:attempted-recon; sid:200002538; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee22.web.app",nocase; classtype:attempted-recon; sid:200002539; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee23.web.app",nocase; classtype:attempted-recon; sid:200002540; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee24.web.app",nocase; classtype:attempted-recon; sid:200002541; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee26.web.app",nocase; classtype:attempted-recon; sid:200002542; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee27.web.app",nocase; classtype:attempted-recon; sid:200002543; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee28.web.app",nocase; classtype:attempted-recon; sid:200002544; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee29.web.app",nocase; classtype:attempted-recon; sid:200002545; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee32.web.app",nocase; classtype:attempted-recon; sid:200002546; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee34.web.app",nocase; classtype:attempted-recon; sid:200002547; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee35.web.app",nocase; classtype:attempted-recon; sid:200002548; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee40.web.app",nocase; classtype:attempted-recon; sid:200002549; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee5.web.app",nocase; classtype:attempted-recon; sid:200002550; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee6.web.app",nocase; classtype:attempted-recon; sid:200002551; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee7.web.app",nocase; classtype:attempted-recon; sid:200002552; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee8.web.app",nocase; classtype:attempted-recon; sid:200002553; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee9.web.app",nocase; classtype:attempted-recon; sid:200002554; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maintoken.org",nocase; classtype:attempted-recon; sid:200002555; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mainwalletappconnect.com",nocase; classtype:attempted-recon; sid:200002556; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"makcts-go.ru",nocase; classtype:attempted-recon; sid:200002557; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"make-anon-keep-past.rvsla.workers.dev",nocase; classtype:attempted-recon; sid:200002558; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mala-riba.com",nocase; classtype:attempted-recon; sid:200002559; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"malaprontaargentina.com.br",nocase; classtype:attempted-recon; sid:200002560; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"malehaenterprises.com",nocase; classtype:attempted-recon; sid:200002561; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"malukutenggarakab.go.id",nocase; classtype:attempted-recon; sid:200002562; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mandirilivinlinksystem.brizy.site",nocase; classtype:attempted-recon; sid:200002563; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mandirilivinlinksystem2.brizy.site",nocase; classtype:attempted-recon; sid:200002564; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mandirilivinlinksystem3.brizy.site",nocase; classtype:attempted-recon; sid:200002565; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"manthsedty.live",nocase; classtype:attempted-recon; sid:200002566; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"manualsync.com",nocase; classtype:attempted-recon; sid:200002567; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mapsa.com.pe",nocase; classtype:attempted-recon; sid:200002568; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marinthe.poingaitongamlm.link",nocase; classtype:attempted-recon; sid:200002569; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace-axieinfinity.io",nocase; classtype:attempted-recon; sid:200002570; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace-axlelnfiniity.com",nocase; classtype:attempted-recon; sid:200002571; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-1b6x8r3ep.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002572; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-29ta3qbv.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002573; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-hzup1bae.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002574; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-kq1oh2ae.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002575; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-qze9zt75vm.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002576; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-sauuvazpjo.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002577; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-tyeuieb7.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002578; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-wd5sulr0f5.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002579; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-z1au8cxghl.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002580; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplaceaxieinfiniity.com",nocase; classtype:attempted-recon; sid:200002581; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marmardian.co.vu",nocase; classtype:attempted-recon; sid:200002582; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marylkmatzenger.com",nocase; classtype:attempted-recon; sid:200002583; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"masdas0932.co.vu",nocase; classtype:attempted-recon; sid:200002584; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"masum.lawyer",nocase; classtype:attempted-recon; sid:200002585; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"match.lookatmynewphotos.com",nocase; classtype:attempted-recon; sid:200002586; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"matchoklahoma.com",nocase; classtype:attempted-recon; sid:200002587; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"matelamsiska.com",nocase; classtype:attempted-recon; sid:200002588; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"matiruys.co.vu",nocase; classtype:attempted-recon; sid:200002589; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maxclinic.ru",nocase; classtype:attempted-recon; sid:200002590; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maxis-winner-2020.webs.com",nocase; classtype:attempted-recon; sid:200002591; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mayormoveis.com",nocase; classtype:attempted-recon; sid:200002592; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mboutique.cfd",nocase; classtype:attempted-recon; sid:200002593; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mccarthyelectrical.com",nocase; classtype:attempted-recon; sid:200002594; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mcconcep.cluster005.ovh.net",nocase; classtype:attempted-recon; sid:200002595; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mchganistore.solofolio.net",nocase; classtype:attempted-recon; sid:200002596; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mdex.li",nocase; classtype:attempted-recon; sid:200002597; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mdurucan.com",nocase; classtype:attempted-recon; sid:200002598; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"medelinahealth.com",nocase; classtype:attempted-recon; sid:200002599; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"medeniyetakademisi.org",nocase; classtype:attempted-recon; sid:200002600; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mediasystembusiness.xyz",nocase; classtype:attempted-recon; sid:200002601; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mednungtanpoudan-acvwe3.ga",nocase; classtype:attempted-recon; sid:200002602; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"medo.world",nocase; classtype:attempted-recon; sid:200002603; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"medtamr.com",nocase; classtype:attempted-recon; sid:200002604; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"meeting-23900123090123.bitbucket.io",nocase; classtype:attempted-recon; sid:200002605; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"memestock.xyz",nocase; classtype:attempted-recon; sid:200002606; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mercani.pomyt.info",nocase; classtype:attempted-recon; sid:200002607; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mercariz.xyz",nocase; classtype:attempted-recon; sid:200002608; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"meremanovegabana.website2.me",nocase; classtype:attempted-recon; sid:200002609; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mbudeu.cn",nocase; classtype:attempted-recon; sid:200002610; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mg0gbo1.cn",nocase; classtype:attempted-recon; sid:200002611; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mgeukpx.cn",nocase; classtype:attempted-recon; sid:200002612; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mglsffs.cn",nocase; classtype:attempted-recon; sid:200002613; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mksydb.cn",nocase; classtype:attempted-recon; sid:200002614; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mktbbr.cn",nocase; classtype:attempted-recon; sid:200002615; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mlyffa.cn",nocase; classtype:attempted-recon; sid:200002616; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mnfjwy.cn",nocase; classtype:attempted-recon; sid:200002617; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mnheijt.cn",nocase; classtype:attempted-recon; sid:200002618; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mrzcafk.cn",nocase; classtype:attempted-recon; sid:200002619; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.msnygk.cn",nocase; classtype:attempted-recon; sid:200002620; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericorci-logining.sfhs26r.lyb6srb.cn",nocase; classtype:attempted-recon; sid:200002621; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"meriocori-logining.2y3uio.pyqbas.cn",nocase; classtype:attempted-recon; sid:200002622; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mestertignseekjet4.blogspot.com",nocase; classtype:attempted-recon; sid:200002623; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mestertignseekjet5.blogspot.com",nocase; classtype:attempted-recon; sid:200002624; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mestertignseekjet6.blogspot.com",nocase; classtype:attempted-recon; sid:200002625; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mestredaobra.com",nocase; classtype:attempted-recon; sid:200002626; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metalurgicagiom.com.br",nocase; classtype:attempted-recon; sid:200002627; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamasc.club",nocase; classtype:attempted-recon; sid:200002628; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask-connect.com",nocase; classtype:attempted-recon; sid:200002629; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask-connect.org",nocase; classtype:attempted-recon; sid:200002630; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask-extension.com.hsurge.com",nocase; classtype:attempted-recon; sid:200002631; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask-wallets-protection.web.app",nocase; classtype:attempted-recon; sid:200002632; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask-wallets.yahoosites.com",nocase; classtype:attempted-recon; sid:200002633; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask.cam",nocase; classtype:attempted-recon; sid:200002634; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask.io-php.com",nocase; classtype:attempted-recon; sid:200002635; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask.kiwi",nocase; classtype:attempted-recon; sid:200002636; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask.protocol-process.me",nocase; classtype:attempted-recon; sid:200002637; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask.security-information.cc",nocase; classtype:attempted-recon; sid:200002638; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask.social",nocase; classtype:attempted-recon; sid:200002639; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask.wallets-reauth.net",nocase; classtype:attempted-recon; sid:200002640; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamaskdownloadandroid.xyz",nocase; classtype:attempted-recon; sid:200002641; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamassklogins-us.tumblr.com",nocase; classtype:attempted-recon; sid:200002642; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metaversepadapp.com",nocase; classtype:attempted-recon; sid:200002643; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"meusabor.com.br",nocase; classtype:attempted-recon; sid:200002644; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mfacebook.blogspot.com.cy",nocase; classtype:attempted-recon; sid:200002645; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mfacebook.blogspot.lt",nocase; classtype:attempted-recon; sid:200002646; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mfacebook.blogspot.rs",nocase; classtype:attempted-recon; sid:200002647; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mgpskartarpur.com",nocase; classtype:attempted-recon; sid:200002648; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mibancocrece.com.co",nocase; classtype:attempted-recon; sid:200002649; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"micacd.elshov.com",nocase; classtype:attempted-recon; sid:200002650; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"michaelxrandazzo.com",nocase; classtype:attempted-recon; sid:200002651; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"michiyado.com",nocase; classtype:attempted-recon; sid:200002652; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"microcav.square.site",nocase; classtype:attempted-recon; sid:200002653; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"microsoftonline.pages.dev",nocase; classtype:attempted-recon; sid:200002654; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"microsoftwebserver.mfs.gg",nocase; classtype:attempted-recon; sid:200002655; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"micuenta01.github.io",nocase; classtype:attempted-recon; sid:200002656; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mijnics-actualisatie.185-236-231-64.plesk.page",nocase; classtype:attempted-recon; sid:200002657; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mikhali.com",nocase; classtype:attempted-recon; sid:200002658; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"milanobet301.com",nocase; classtype:attempted-recon; sid:200002659; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"militarybikers.org",nocase; classtype:attempted-recon; sid:200002660; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"minamikaga.or.jp",nocase; classtype:attempted-recon; sid:200002661; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mingming20160152.github.io",nocase; classtype:attempted-recon; sid:200002662; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"miozpro.com",nocase; classtype:attempted-recon; sid:200002663; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"miracdoviz.com",nocase; classtype:attempted-recon; sid:200002664; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"miss-paym02.com",nocase; classtype:attempted-recon; sid:200002665; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"missionshashank.org",nocase; classtype:attempted-recon; sid:200002666; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjayme9jdg9izxixmjeydgg.filesusr.com",nocase; classtype:attempted-recon; sid:200002667; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjayme9jdg9izxiymjnyza.filesusr.com",nocase; classtype:attempted-recon; sid:200002668; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymu1heta1dgg.filesusr.com",nocase; classtype:attempted-recon; sid:200002669; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymu1hetezmtj0aa.filesusr.com",nocase; classtype:attempted-recon; sid:200002670; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymu1hetgym3jk.filesusr.com",nocase; classtype:attempted-recon; sid:200002671; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymu1hetizmtl0aa.filesusr.com",nocase; classtype:attempted-recon; sid:200002672; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymu1hetqymhro.filesusr.com",nocase; classtype:attempted-recon; sid:200002673; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymu1hetu3dgg.filesusr.com",nocase; classtype:attempted-recon; sid:200002674; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymu1hetuymhro.filesusr.com",nocase; classtype:attempted-recon; sid:200002675; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymu5vdmvtymvymji5dgg.filesusr.com",nocase; classtype:attempted-recon; sid:200002676; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymu5vdmvtymvymtexdgg.filesusr.com",nocase; classtype:attempted-recon; sid:200002677; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymuf1z3vzdde4mtf0aa.filesusr.com",nocase; classtype:attempted-recon; sid:200002678; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymufwcmlsmde5dgg.filesusr.com",nocase; classtype:attempted-recon; sid:200002679; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymup1bhk0mtf0aa.filesusr.com",nocase; classtype:attempted-recon; sid:200002680; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymup1bhk1mtr0aa.filesusr.com",nocase; classtype:attempted-recon; sid:200002681; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymup1bhkzmtn0aa.filesusr.com",nocase; classtype:attempted-recon; sid:200002682; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymup1bmu0mtf0aa.filesusr.com",nocase; classtype:attempted-recon; sid:200002683; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymup1bmuymzfzda.filesusr.com",nocase; classtype:attempted-recon; sid:200002684; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymuphbnvhcnkxmzv0aa.filesusr.com",nocase; classtype:attempted-recon; sid:200002685; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymurly2vtymvymjiyn3ro.filesusr.com",nocase; classtype:attempted-recon; sid:200002686; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymvnlchrlbwjlcjizmxn0.filesusr.com",nocase; classtype:attempted-recon; sid:200002687; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mk2.ge",nocase; classtype:attempted-recon; sid:200002688; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mkjiool.weebly.com",nocase; classtype:attempted-recon; sid:200002689; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mnbxa.73kfer9.cn",nocase; classtype:attempted-recon; sid:200002690; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mncxx.qbeepor.cn",nocase; classtype:attempted-recon; sid:200002691; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mnnbx.r1rpj09.cn",nocase; classtype:attempted-recon; sid:200002692; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mobiile.systemredirect-pages.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link",nocase; classtype:attempted-recon; sid:200002693; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mobil-singaporre.digital-online-login-opportunity.com",nocase; classtype:attempted-recon; sid:200002694; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mobile-orange-forever.yolasite.com",nocase; classtype:attempted-recon; sid:200002695; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mobile-portail.live",nocase; classtype:attempted-recon; sid:200002696; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mobile.hedgesportst.me",nocase; classtype:attempted-recon; sid:200002697; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"moccasinyellowbetatest--josekkk.repl.co",nocase; classtype:attempted-recon; sid:200002698; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"moccasinyellowbetatest.josekkk.repl.co",nocase; classtype:attempted-recon; sid:200002699; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"modest-hertz.45-81-232-15.plesk.page",nocase; classtype:attempted-recon; sid:200002700; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mon-token.com",nocase; classtype:attempted-recon; sid:200002701; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mon.espace.lcl.fr.certosini.info",nocase; classtype:attempted-recon; sid:200002702; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"monbudri.xyz",nocase; classtype:attempted-recon; sid:200002703; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mondrive.xyz",nocase; classtype:attempted-recon; sid:200002704; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"monedri.xyz",nocase; classtype:attempted-recon; sid:200002705; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"monirshouvo.github.io",nocase; classtype:attempted-recon; sid:200002706; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"monomobileservice.yolasite.com",nocase; classtype:attempted-recon; sid:200002707; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"monprofilclient.web.app",nocase; classtype:attempted-recon; sid:200002708; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"monstercarp.rn86.ru",nocase; classtype:attempted-recon; sid:200002709; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"montenegrolandscape.com",nocase; classtype:attempted-recon; sid:200002710; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"montrealidiomas.com.br",nocase; classtype:attempted-recon; sid:200002711; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"monyeward.com",nocase; classtype:attempted-recon; sid:200002712; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"morcario.xyz",nocase; classtype:attempted-recon; sid:200002713; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"morfybox.com",nocase; classtype:attempted-recon; sid:200002714; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mqzlsim.mindlogicinfotech.com",nocase; classtype:attempted-recon; sid:200002715; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mrpitchman.com",nocase; classtype:attempted-recon; sid:200002716; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"msc-doelsach.at",nocase; classtype:attempted-recon; sid:200002717; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mscc1s.ultimatefreehost.in",nocase; classtype:attempted-recon; sid:200002718; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"msnserviceverifivation.wordpress.com",nocase; classtype:attempted-recon; sid:200002719; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"msofficemessagescenter-1.mfs.gg",nocase; classtype:attempted-recon; sid:200002720; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mtngifts2021.blogspot.com",nocase; classtype:attempted-recon; sid:200002721; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mtron.in",nocase; classtype:attempted-recon; sid:200002722; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mtsn1kotabekasi.sch.id",nocase; classtype:attempted-recon; sid:200002723; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"muddy-credit-ea7b.0fflce-mlcr0sfot-online-supposrts3jp-tokcloud.workers.dev",nocase; classtype:attempted-recon; sid:200002724; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mudraloans.biz",nocase; classtype:attempted-recon; sid:200002725; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mufg.jp.yjfszs.com",nocase; classtype:attempted-recon; sid:200002726; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"muriiityua.krywanbobaanja.link",nocase; classtype:attempted-recon; sid:200002727; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mxrr.com",nocase; classtype:attempted-recon; sid:200002728; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my-bithumb.web.app",nocase; classtype:attempted-recon; sid:200002729; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my-gmail.ir",nocase; classtype:attempted-recon; sid:200002730; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my-site219.yolasite.com",nocase; classtype:attempted-recon; sid:200002731; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my.jcpwb.com",nocase; classtype:attempted-recon; sid:200002732; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my.nhs-get-pass.com",nocase; classtype:attempted-recon; sid:200002733; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my.paydi.login-index-home.x4typfc.cn",nocase; classtype:attempted-recon; sid:200002734; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my.paydi.logining-nexy-home.en6cnm.asia",nocase; classtype:attempted-recon; sid:200002735; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my02billing-login.com",nocase; classtype:attempted-recon; sid:200002736; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"myaccount.aol.wallat-billing.com.authlog.gq",nocase; classtype:attempted-recon; sid:200002737; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mycoerver.es",nocase; classtype:attempted-recon; sid:200002738; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mygoogleaccount.stantrade.xyz",nocase; classtype:attempted-recon; sid:200002739; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"myjcb.cyyptoi.cn",nocase; classtype:attempted-recon; sid:200002740; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"myjcb.thxpj.cn",nocase; classtype:attempted-recon; sid:200002741; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mymbg-aa2e2.web.app",nocase; classtype:attempted-recon; sid:200002742; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mymeta-securearea.plesk07.zap-webspace.com",nocase; classtype:attempted-recon; sid:200002743; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mymetamask-clientarea.185-236-231-227.plesk.page",nocase; classtype:attempted-recon; sid:200002744; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mymweb-owner.at.ua",nocase; classtype:attempted-recon; sid:200002745; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mypo-delivery.com",nocase; classtype:attempted-recon; sid:200002746; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mypsm.psm.edu.mm",nocase; classtype:attempted-recon; sid:200002747; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"myshedbuilder.com",nocase; classtype:attempted-recon; sid:200002748; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mytheamsauthecent.wapgem.com",nocase; classtype:attempted-recon; sid:200002749; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"myupdates-mynetflix.com",nocase; classtype:attempted-recon; sid:200002750; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mywalletsvalidation.com",nocase; classtype:attempted-recon; sid:200002751; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mzqualitycleaning.com",nocase; classtype:attempted-recon; sid:200002752; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"n-naoko-0319.github.io",nocase; classtype:attempted-recon; sid:200002753; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"n.salsomascard.top",nocase; classtype:attempted-recon; sid:200002754; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"n26.sa-france.fr",nocase; classtype:attempted-recon; sid:200002755; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"n26servicetechnique.click",nocase; classtype:attempted-recon; sid:200002756; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"n7orton.com",nocase; classtype:attempted-recon; sid:200002757; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nab-access-breach.com",nocase; classtype:attempted-recon; sid:200002758; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nab-alert.mobi",nocase; classtype:attempted-recon; sid:200002759; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nab-www.303.si",nocase; classtype:attempted-recon; sid:200002760; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"naderkhani.ir",nocase; classtype:attempted-recon; sid:200002761; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"najboljeuslugezavas.betterservicesforyou.com",nocase; classtype:attempted-recon; sid:200002762; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nalandaias.com",nocase; classtype:attempted-recon; sid:200002763; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nalodke.com.ua",nocase; classtype:attempted-recon; sid:200002764; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nanjing.itud167.cn",nocase; classtype:attempted-recon; sid:200002765; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"napgamelienquan.net",nocase; classtype:attempted-recon; sid:200002766; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"naranja-users.auth0.com",nocase; classtype:attempted-recon; sid:200002767; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"native-possession-josh-asks.trycloudflare.com",nocase; classtype:attempted-recon; sid:200002768; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nattionaliy.000webhostapp.com",nocase; classtype:attempted-recon; sid:200002769; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"natu-mx.com",nocase; classtype:attempted-recon; sid:200002770; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"naturalrocksand.com",nocase; classtype:attempted-recon; sid:200002771; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"natwest.nwolb-login-auth.com",nocase; classtype:attempted-recon; sid:200002772; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"natwest.secure-auth-personal-device.com",nocase; classtype:attempted-recon; sid:200002773; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"natwest.secured-online-verify.com",nocase; classtype:attempted-recon; sid:200002774; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"natwest.secured-personal-verify.com",nocase; classtype:attempted-recon; sid:200002775; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nayablabs.com",nocase; classtype:attempted-recon; sid:200002776; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nayameehomes.com",nocase; classtype:attempted-recon; sid:200002777; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbcc.0bit08a.cn",nocase; classtype:attempted-recon; sid:200002778; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbcvs.gd65y69.cn",nocase; classtype:attempted-recon; sid:200002779; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbcxa.lctlfdq.cn",nocase; classtype:attempted-recon; sid:200002780; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbhjxa.hblhi96.cn",nocase; classtype:attempted-recon; sid:200002781; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbnonres.com",nocase; classtype:attempted-recon; sid:200002782; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbxaa.b1b6nac.cn",nocase; classtype:attempted-recon; sid:200002783; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbxas.uabzfbm.cn",nocase; classtype:attempted-recon; sid:200002784; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbxasd.rm625b.cn",nocase; classtype:attempted-recon; sid:200002785; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbxha.74zdws.cn",nocase; classtype:attempted-recon; sid:200002786; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbxza.giodzij.cn",nocase; classtype:attempted-recon; sid:200002787; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ncgroup.club",nocase; classtype:attempted-recon; sid:200002788; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"necessitymag.com",nocase; classtype:attempted-recon; sid:200002789; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nedbankqa.flowblocks.com",nocase; classtype:attempted-recon; sid:200002790; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nedriw.xyz",nocase; classtype:attempted-recon; sid:200002791; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"neftlexi.com",nocase; classtype:attempted-recon; sid:200002792; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"negociebra.com.br",nocase; classtype:attempted-recon; sid:200002793; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"neptuneinnovations.com",nocase; classtype:attempted-recon; sid:200002794; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"netciti.id",nocase; classtype:attempted-recon; sid:200002795; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"netf1ix.us-891691712-local-781652.airalgeriecanada.ca",nocase; classtype:attempted-recon; sid:200002796; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"netfl-lixids938mailmealkas.duckdns.org",nocase; classtype:attempted-recon; sid:200002797; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"netflix-techarmy.me",nocase; classtype:attempted-recon; sid:200002798; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"netflixus-uwm-916726-sbi-917827.kamaliakhaddar.pk",nocase; classtype:attempted-recon; sid:200002799; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"networksol-f35e7.web.app",nocase; classtype:attempted-recon; sid:200002800; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"neversencommun.fr",nocase; classtype:attempted-recon; sid:200002801; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"newlifenursery.com",nocase; classtype:attempted-recon; sid:200002802; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"newrydramafestival.co.uk",nocase; classtype:attempted-recon; sid:200002803; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"newsletter.pagueonlinebra.com.br",nocase; classtype:attempted-recon; sid:200002804; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"newsodisha.in",nocase; classtype:attempted-recon; sid:200002805; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nextgensoftbd.com",nocase; classtype:attempted-recon; sid:200002806; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nftsmainnet.com",nocase; classtype:attempted-recon; sid:200002807; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhattinsteel.com",nocase; classtype:attempted-recon; sid:200002808; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhbcd.40ggify.cn",nocase; classtype:attempted-recon; sid:200002809; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhbcd.xitgfmh.cn",nocase; classtype:attempted-recon; sid:200002810; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhbcda.g4g5mgc.cn",nocase; classtype:attempted-recon; sid:200002811; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhbd.yl7g7qz.cn",nocase; classtype:attempted-recon; sid:200002812; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhbdd.ncoavvx.cn",nocase; classtype:attempted-recon; sid:200002813; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhfactor.com",nocase; classtype:attempted-recon; sid:200002814; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhgcs.ugvvluf.cn",nocase; classtype:attempted-recon; sid:200002815; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhhvd.zb06w77.cn",nocase; classtype:attempted-recon; sid:200002816; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhri.net",nocase; classtype:attempted-recon; sid:200002817; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhs.my-vaccine-status.com",nocase; classtype:attempted-recon; sid:200002818; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"niagarapower.com",nocase; classtype:attempted-recon; sid:200002819; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nic-home.com",nocase; classtype:attempted-recon; sid:200002820; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nisuper.com",nocase; classtype:attempted-recon; sid:200002821; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nizotchauffage.bilty.be",nocase; classtype:attempted-recon; sid:200002822; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nontonvidioviral2022nohoax.duckdns.org",nocase; classtype:attempted-recon; sid:200002823; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"northlane.esy.es",nocase; classtype:attempted-recon; sid:200002824; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"notife.help.institutepages.workers.dev",nocase; classtype:attempted-recon; sid:200002825; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"notification-fb.secure-pages.workers.dev",nocase; classtype:attempted-recon; sid:200002826; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"notificationmember.mystrikingly.com",nocase; classtype:attempted-recon; sid:200002827; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nour-ala-nour.com",nocase; classtype:attempted-recon; sid:200002828; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"novolimitenu.azurewebsites.net",nocase; classtype:attempted-recon; sid:200002829; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nserviceserviceat.mystrikingly.com",nocase; classtype:attempted-recon; sid:200002830; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nslg8.codesandbox.io",nocase; classtype:attempted-recon; sid:200002831; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nt.embluemail.com",nocase; classtype:attempted-recon; sid:200002832; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nueva-acropolis.cl",nocase; classtype:attempted-recon; sid:200002833; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nutroquin.com",nocase; classtype:attempted-recon; sid:200002834; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nw-securedfailure.com",nocase; classtype:attempted-recon; sid:200002835; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ny989.com",nocase; classtype:attempted-recon; sid:200002836; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nyhet.cc",nocase; classtype:attempted-recon; sid:200002837; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"o.scicemecod.com",nocase; classtype:attempted-recon; sid:200002838; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"o2-failure-billing-update.com",nocase; classtype:attempted-recon; sid:200002839; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"o2-updatebillingvia.com",nocase; classtype:attempted-recon; sid:200002840; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"o2billingauth-update.com",nocase; classtype:attempted-recon; sid:200002841; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"o2phone-billingupdate.com",nocase; classtype:attempted-recon; sid:200002842; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oanmce.hjwxkugs.cn",nocase; classtype:attempted-recon; sid:200002843; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ocareportesweb.webcindario.com",nocase; classtype:attempted-recon; sid:200002844; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ocaxvefific.webcindario.com",nocase; classtype:attempted-recon; sid:200002845; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oceantires.com",nocase; classtype:attempted-recon; sid:200002846; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ocioturismogalicia.com",nocase; classtype:attempted-recon; sid:200002847; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oco.or.tz",nocase; classtype:attempted-recon; sid:200002848; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oddplug.cfd",nocase; classtype:attempted-recon; sid:200002849; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"odiasamaj.net",nocase; classtype:attempted-recon; sid:200002850; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"offic365.online",nocase; classtype:attempted-recon; sid:200002851; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"offic4046217.sitebuilder.name.tools",nocase; classtype:attempted-recon; sid:200002852; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"officeee.bubbleapps.io",nocase; classtype:attempted-recon; sid:200002853; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"officialevent.way.live",nocase; classtype:attempted-recon; sid:200002854; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"officialliker.co",nocase; classtype:attempted-recon; sid:200002855; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ogrodywlochy.pl",nocase; classtype:attempted-recon; sid:200002856; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oiasasca.asiocsacszc.xyz",nocase; classtype:attempted-recon; sid:200002857; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oiasd.herorny.cn",nocase; classtype:attempted-recon; sid:200002858; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oicm.oobqrxh.cn",nocase; classtype:attempted-recon; sid:200002859; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oidda.5s2iamp.cn",nocase; classtype:attempted-recon; sid:200002860; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oijcd.qvjcddv.cn",nocase; classtype:attempted-recon; sid:200002861; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oikca.smwceku.cn",nocase; classtype:attempted-recon; sid:200002862; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oikcas.6b914ty.cn",nocase; classtype:attempted-recon; sid:200002863; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oikcxa.zvvx01z.cn",nocase; classtype:attempted-recon; sid:200002864; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oivac.com",nocase; classtype:attempted-recon; sid:200002865; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"okcs.qj8yua.cn",nocase; classtype:attempted-recon; sid:200002866; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"okds.bbtlcve.cn",nocase; classtype:attempted-recon; sid:200002867; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"okep-terbaru-viral-2022.duckdns.org",nocase; classtype:attempted-recon; sid:200002868; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"okmca.8xcrn6w.cn",nocase; classtype:attempted-recon; sid:200002869; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"okmca.bxkfham.cn",nocase; classtype:attempted-recon; sid:200002870; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"okmca.uwudagu.cn",nocase; classtype:attempted-recon; sid:200002871; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"okmxa.lfgpror.cn",nocase; classtype:attempted-recon; sid:200002872; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"okpwtu.webwave.dev",nocase; classtype:attempted-recon; sid:200002873; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"olidooo.waca.tw",nocase; classtype:attempted-recon; sid:200002874; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"olk.us7apye.cn",nocase; classtype:attempted-recon; sid:200002875; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"olmnxa.wc2ikux.cn",nocase; classtype:attempted-recon; sid:200002876; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"olx-pay-pl.pay-id22343.top",nocase; classtype:attempted-recon; sid:200002877; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"olx.saferegulatory.com",nocase; classtype:attempted-recon; sid:200002878; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"omesqiwines.de",nocase; classtype:attempted-recon; sid:200002879; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"omicronvariat.pagedemo.co",nocase; classtype:attempted-recon; sid:200002880; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oncopharma-ae.com",nocase; classtype:attempted-recon; sid:200002881; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"onecreator.info",nocase; classtype:attempted-recon; sid:200002882; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"onedrive.zhaoge.workers.dev",nocase; classtype:attempted-recon; sid:200002883; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"onee-a0488.web.app",nocase; classtype:attempted-recon; sid:200002884; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oneisallandone.web.app",nocase; classtype:attempted-recon; sid:200002885; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oneone-19cd8.web.app",nocase; classtype:attempted-recon; sid:200002886; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oneone-a38ef.web.app",nocase; classtype:attempted-recon; sid:200002887; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"online-sistem.com",nocase; classtype:attempted-recon; sid:200002888; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"onlineasesor01.hostfree.pw",nocase; classtype:attempted-recon; sid:200002889; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"onlineffn2.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200002890; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"onlysportplus.com",nocase; classtype:attempted-recon; sid:200002891; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ooxvocalor.yolasite.com",nocase; classtype:attempted-recon; sid:200002892; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"opansea.live",nocase; classtype:attempted-recon; sid:200002893; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"open24.ie-tsb.email",nocase; classtype:attempted-recon; sid:200002894; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"opticabattilana.com.ar",nocase; classtype:attempted-recon; sid:200002895; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"optika-anda.hr",nocase; classtype:attempted-recon; sid:200002896; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ora-n.yolasite.com",nocase; classtype:attempted-recon; sid:200002897; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orabu.it",nocase; classtype:attempted-recon; sid:200002898; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orange-dcr.fr",nocase; classtype:attempted-recon; sid:200002899; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orange-security.cloud.coreoz.com",nocase; classtype:attempted-recon; sid:200002900; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orange.iobeya.com",nocase; classtype:attempted-recon; sid:200002901; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orange.sphinxonline.net",nocase; classtype:attempted-recon; sid:200002902; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orange2k22.wixsite.com",nocase; classtype:attempted-recon; sid:200002903; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orangeb191.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200002904; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orangess.contactin.bio",nocase; classtype:attempted-recon; sid:200002905; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"org-nr.yolasite.com",nocase; classtype:attempted-recon; sid:200002906; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orlen-inwe.web.app",nocase; classtype:attempted-recon; sid:200002907; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orlen-x.web.app",nocase; classtype:attempted-recon; sid:200002908; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orlen.digital",nocase; classtype:attempted-recon; sid:200002909; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ormantencs112.odoo.com",nocase; classtype:attempted-recon; sid:200002910; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oryxcaracalsecurity.com",nocase; classtype:attempted-recon; sid:200002911; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"osis.world",nocase; classtype:attempted-recon; sid:200002912; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"otomoto-h229.net",nocase; classtype:attempted-recon; sid:200002913; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"otomoto3452.com",nocase; classtype:attempted-recon; sid:200002914; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"otwmaxx.com",nocase; classtype:attempted-recon; sid:200002915; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oudczfbniitcqdsrmaapdztwqo-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200002916; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ourgarden.us",nocase; classtype:attempted-recon; sid:200002917; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"outlook1541489.webcindario.com",nocase; classtype:attempted-recon; sid:200002918; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"outlookcom119.yolasite.com",nocase; classtype:attempted-recon; sid:200002919; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200002920; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"p1c.servleboncoinser.com",nocase; classtype:attempted-recon; sid:200002921; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"package2021.blogspot.ba",nocase; classtype:attempted-recon; sid:200002922; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"package2021.blogspot.bg",nocase; classtype:attempted-recon; sid:200002923; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"package2021.blogspot.com",nocase; classtype:attempted-recon; sid:200002924; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"page-restrict-case22456548.help",nocase; classtype:attempted-recon; sid:200002925; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pages-1008009999700022199021.com",nocase; classtype:attempted-recon; sid:200002926; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pages-1008097555214021.com",nocase; classtype:attempted-recon; sid:200002927; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pages-alert-facebook.ezyro.com",nocase; classtype:attempted-recon; sid:200002928; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pages-community-standart-2022.co",nocase; classtype:attempted-recon; sid:200002929; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pages-marvelous-project.webflow.io",nocase; classtype:attempted-recon; sid:200002930; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pages-support-office-2021.gq",nocase; classtype:attempted-recon; sid:200002931; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pages-support-office-2021.tk",nocase; classtype:attempted-recon; sid:200002932; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pages.secure-accts.workers.dev",nocase; classtype:attempted-recon; sid:200002933; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pagesdetectscopyrightpostingactivitiesreported.co.vu",nocase; classtype:attempted-recon; sid:200002934; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pagos.sinpemovil.cr",nocase; classtype:attempted-recon; sid:200002935; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paleyeer.com",nocase; classtype:attempted-recon; sid:200002936; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"palmm.ps",nocase; classtype:attempted-recon; sid:200002937; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancaakesvap.com",nocase; classtype:attempted-recon; sid:200002938; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancake-sawp.com",nocase; classtype:attempted-recon; sid:200002939; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancake.ellipsis.finance",nocase; classtype:attempted-recon; sid:200002940; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancake7wop.com",nocase; classtype:attempted-recon; sid:200002941; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakesawpes.com",nocase; classtype:attempted-recon; sid:200002942; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakesfinances.info",nocase; classtype:attempted-recon; sid:200002943; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakesvvap-finance.org",nocase; classtype:attempted-recon; sid:200002944; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswap.finance.tradechange.in",nocase; classtype:attempted-recon; sid:200002945; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswap.men",nocase; classtype:attempted-recon; sid:200002946; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswap.multi-wallet.info",nocase; classtype:attempted-recon; sid:200002947; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswap.salsasourcing.com",nocase; classtype:attempted-recon; sid:200002948; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswapes.company",nocase; classtype:attempted-recon; sid:200002949; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswapex.com",nocase; classtype:attempted-recon; sid:200002950; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswapexcgn.com",nocase; classtype:attempted-recon; sid:200002951; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswapexch.com",nocase; classtype:attempted-recon; sid:200002952; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswapexchage.com",nocase; classtype:attempted-recon; sid:200002953; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswapexchg.com",nocase; classtype:attempted-recon; sid:200002954; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswappshop.blogspot.com",nocase; classtype:attempted-recon; sid:200002955; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancaku-swap.com",nocase; classtype:attempted-recon; sid:200002956; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancalteswap.finance",nocase; classtype:attempted-recon; sid:200002957; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"panckaceswap.finance",nocase; classtype:attempted-recon; sid:200002958; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancoke.com",nocase; classtype:attempted-recon; sid:200002959; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pandaskin.ru.com",nocase; classtype:attempted-recon; sid:200002960; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"panelweb-4cae2.web.app",nocase; classtype:attempted-recon; sid:200002961; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pankaceeswap.com",nocase; classtype:attempted-recon; sid:200002962; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pankaceswapes.finance",nocase; classtype:attempted-recon; sid:200002963; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pankakeswap.ledgity.com",nocase; classtype:attempted-recon; sid:200002964; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pannelpub-benin.com",nocase; classtype:attempted-recon; sid:200002965; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pansccakeswap.finance",nocase; classtype:attempted-recon; sid:200002966; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pantazisezopiiuurmail1.web.app",nocase; classtype:attempted-recon; sid:200002967; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pantekkalisakitkepalaku.blogspot.com",nocase; classtype:attempted-recon; sid:200002968; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"parcel-support018.com",nocase; classtype:attempted-recon; sid:200002969; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pardot.assemblecommunities.com",nocase; classtype:attempted-recon; sid:200002970; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pasarbta.info",nocase; classtype:attempted-recon; sid:200002971; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"passionfruit4576261.brizy.site",nocase; classtype:attempted-recon; sid:200002972; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pateltutorials.com",nocase; classtype:attempted-recon; sid:200002973; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"path.faithbible.institute",nocase; classtype:attempted-recon; sid:200002974; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pathospitals.com",nocase; classtype:attempted-recon; sid:200002975; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"patient-cell-40f5.updatedlogmylogin.workers.dev",nocase; classtype:attempted-recon; sid:200002976; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"patwise.co.in",nocase; classtype:attempted-recon; sid:200002977; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paws.org.au",nocase; classtype:attempted-recon; sid:200002978; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paxfulmenu.com",nocase; classtype:attempted-recon; sid:200002979; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pay-sera.web.app",nocase; classtype:attempted-recon; sid:200002980; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pay16-olx.pl",nocase; classtype:attempted-recon; sid:200002981; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paymentnotificationnow.blogspot.com",nocase; classtype:attempted-recon; sid:200002982; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paypal-online-2deposits-paymentaccept.tk",nocase; classtype:attempted-recon; sid:200002983; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paypal-opladen.be",nocase; classtype:attempted-recon; sid:200002984; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paypalforex.co.ke",nocase; classtype:attempted-recon; sid:200002985; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pdf-cloud-document.weeblysite.com",nocase; classtype:attempted-recon; sid:200002986; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pdf-sharefile-doc.weeblysite.com",nocase; classtype:attempted-recon; sid:200002987; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pdflogincnvwo.app.link",nocase; classtype:attempted-recon; sid:200002988; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pdfsecured.mystrikingly.com",nocase; classtype:attempted-recon; sid:200002989; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"peaceful-black.193-70-50-31.plesk.page",nocase; classtype:attempted-recon; sid:200002990; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pembatalanakundinonaktifkan.weebly.com",nocase; classtype:attempted-recon; sid:200002991; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pencakecwap.com",nocase; classtype:attempted-recon; sid:200002992; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"perfectliker.net",nocase; classtype:attempted-recon; sid:200002993; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"peringatanakunfb2k214.webnode.com",nocase; classtype:attempted-recon; sid:200002994; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"phantom-walletweb.app",nocase; classtype:attempted-recon; sid:200002995; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"phantomaa.com",nocase; classtype:attempted-recon; sid:200002996; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"phishingloginmicrosoftonlinecom.zerotrustcorp.workers.dev",nocase; classtype:attempted-recon; sid:200002997; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"phlexx.com",nocase; classtype:attempted-recon; sid:200002998; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"phreshphoto.com",nocase; classtype:attempted-recon; sid:200002999; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pichincha-datos1.webcindario.com",nocase; classtype:attempted-recon; sid:200003000; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pichincha-datos2.webcindario.com",nocase; classtype:attempted-recon; sid:200003001; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pichincha-datos3.webcindario.com",nocase; classtype:attempted-recon; sid:200003002; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pichincha-datos5.webcindario.com",nocase; classtype:attempted-recon; sid:200003003; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pichinchabank.webcindario.com",nocase; classtype:attempted-recon; sid:200003004; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pichinchacomfi.webcindario.com",nocase; classtype:attempted-recon; sid:200003005; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pichinchaecori.webcindario.com",nocase; classtype:attempted-recon; sid:200003006; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pichinchauser.webcindario.com",nocase; classtype:attempted-recon; sid:200003007; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pichinchverify.webcindario.com",nocase; classtype:attempted-recon; sid:200003008; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"picnic.industries",nocase; classtype:attempted-recon; sid:200003009; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pics.lookatmynewphotos.com",nocase; classtype:attempted-recon; sid:200003010; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"piermontbridge.com",nocase; classtype:attempted-recon; sid:200003011; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"piffvancouver.com",nocase; classtype:attempted-recon; sid:200003012; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pikaresailing.com",nocase; classtype:attempted-recon; sid:200003013; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pikay13.github.io",nocase; classtype:attempted-recon; sid:200003014; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pilmezorda.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200003015; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pinchinchaverify.webcindario.com",nocase; classtype:attempted-recon; sid:200003016; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pirana.co.rs",nocase; classtype:attempted-recon; sid:200003017; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pl-swiatowe-wiadomosci.pl",nocase; classtype:attempted-recon; sid:200003018; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pla1060604.nichost.ru",nocase; classtype:attempted-recon; sid:200003019; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"plan-o2-monthlypayments.com",nocase; classtype:attempted-recon; sid:200003020; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"planetaamor.org",nocase; classtype:attempted-recon; sid:200003021; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"plasticaindia.com",nocase; classtype:attempted-recon; sid:200003022; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"platinumserviceac.com",nocase; classtype:attempted-recon; sid:200003023; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"playgirlgold.com",nocase; classtype:attempted-recon; sid:200003024; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ploferta.com",nocase; classtype:attempted-recon; sid:200003025; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"plugmailextraexpiredoldpolicynotificationscenter.pages.dev",nocase; classtype:attempted-recon; sid:200003026; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"plwiadomosciwszystkie.pl",nocase; classtype:attempted-recon; sid:200003027; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"po-deliver-fees.com",nocase; classtype:attempted-recon; sid:200003028; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"po-service-page.com",nocase; classtype:attempted-recon; sid:200003029; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"poc-rewards-program-c2dfc.web.app",nocase; classtype:attempted-recon; sid:200003030; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"podpiska-darom.ru",nocase; classtype:attempted-recon; sid:200003031; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pokajca.web.app",nocase; classtype:attempted-recon; sid:200003032; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pokcda.lnizi9c.cn",nocase; classtype:attempted-recon; sid:200003033; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"poklsa.slodddz.cn",nocase; classtype:attempted-recon; sid:200003034; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polcas.et0bgyf.cn",nocase; classtype:attempted-recon; sid:200003035; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polcd.op59bk5.cn",nocase; classtype:attempted-recon; sid:200003036; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polcda.qcgjwj7.cn",nocase; classtype:attempted-recon; sid:200003037; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"poldf.gejzesp.cn",nocase; classtype:attempted-recon; sid:200003038; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polds.gmj6f2.cn",nocase; classtype:attempted-recon; sid:200003039; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"poliambulatorioadriatico.it",nocase; classtype:attempted-recon; sid:200003040; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"poligrafiapias.com",nocase; classtype:attempted-recon; sid:200003041; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polkadot-france.fr",nocase; classtype:attempted-recon; sid:200003042; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polkastarter.app",nocase; classtype:attempted-recon; sid:200003043; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polsd.pa0cpof.cn",nocase; classtype:attempted-recon; sid:200003044; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polxa.uh8dg67.cn",nocase; classtype:attempted-recon; sid:200003045; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polygon-pro.com",nocase; classtype:attempted-recon; sid:200003046; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polygon-secure.com",nocase; classtype:attempted-recon; sid:200003047; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polygon-technologyes.blogspot.com",nocase; classtype:attempted-recon; sid:200003048; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pomnxaa.181gh1c.cn",nocase; classtype:attempted-recon; sid:200003049; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"post-ch-de.34224.info",nocase; classtype:attempted-recon; sid:200003050; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"post-ch-de.65241.org",nocase; classtype:attempted-recon; sid:200003051; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"post-ch.de",nocase; classtype:attempted-recon; sid:200003052; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"post-track.ch",nocase; classtype:attempted-recon; sid:200003053; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"posta-romana.cameleon-digital.ro",nocase; classtype:attempted-recon; sid:200003054; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"postaledsp2.conexion.fr.savealifemw.org",nocase; classtype:attempted-recon; sid:200003055; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"postalfees-uk.com",nocase; classtype:attempted-recon; sid:200003056; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"postalukservice.com",nocase; classtype:attempted-recon; sid:200003057; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"postch9192.cargo.site",nocase; classtype:attempted-recon; sid:200003058; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"postechsuivre.ileanamlaw.com",nocase; classtype:attempted-recon; sid:200003059; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"postnl.post-tracking-delivery.etelinfra.com",nocase; classtype:attempted-recon; sid:200003060; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"poww.6hkjmb.cn",nocase; classtype:attempted-recon; sid:200003061; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ppkllp.com",nocase; classtype:attempted-recon; sid:200003062; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ppnnttcc.ppcnthsc.me",nocase; classtype:attempted-recon; sid:200003063; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"precisionimpex.com",nocase; classtype:attempted-recon; sid:200003064; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"preg.dspearhead.com",nocase; classtype:attempted-recon; sid:200003065; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"preg.marketingvici.com",nocase; classtype:attempted-recon; sid:200003066; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"prepaid-leboncoin.fr",nocase; classtype:attempted-recon; sid:200003067; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"preppingconfidence.com",nocase; classtype:attempted-recon; sid:200003068; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"prernaindustries.com",nocase; classtype:attempted-recon; sid:200003069; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"priceless-goldstine.35-185-184-61.plesk.page",nocase; classtype:attempted-recon; sid:200003070; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"priceless-mccarthy-8674db.netlify.app",nocase; classtype:attempted-recon; sid:200003071; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"primarypagesmetasecure.co.vu",nocase; classtype:attempted-recon; sid:200003072; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"primeassi5.sslblindado.com",nocase; classtype:attempted-recon; sid:200003073; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"primecentral.jihanjiaopo6.shop",nocase; classtype:attempted-recon; sid:200003074; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"primecentral.jixinggaozhao2.shop",nocase; classtype:attempted-recon; sid:200003075; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"primecentral.qiourn.shop",nocase; classtype:attempted-recon; sid:200003076; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"primeone.org",nocase; classtype:attempted-recon; sid:200003077; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"printtoner.com.mx",nocase; classtype:attempted-recon; sid:200003078; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"privacy-update-page-prtections-association-recovry-secu.web.id",nocase; classtype:attempted-recon; sid:200003079; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"privacy-update-secu-recovry-page-protection-4565544.web.id",nocase; classtype:attempted-recon; sid:200003080; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"privacy-update-secu-recovry-page-protection-comunity-45.web.id",nocase; classtype:attempted-recon; sid:200003081; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"priyankasandokar1606.github.io",nocase; classtype:attempted-recon; sid:200003082; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pro.icloudremovaltool.com",nocase; classtype:attempted-recon; sid:200003083; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"procservautomatizacion.com",nocase; classtype:attempted-recon; sid:200003084; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.anon-rest-keep-reset.sales18130.workers.dev",nocase; classtype:attempted-recon; sid:200003085; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.anon-step-keep-object.sales18130.workers.dev",nocase; classtype:attempted-recon; sid:200003086; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.calm-limit-671e.ralph2481.workers.dev",nocase; classtype:attempted-recon; sid:200003087; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.dry-snow-ddc20ffice.deuceice2.workers.dev",nocase; classtype:attempted-recon; sid:200003088; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.keep-paper-account.sales18130.workers.dev",nocase; classtype:attempted-recon; sid:200003089; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.lively-salad-1c42.updatelogaccountprogramedrfwerwrdhsmc.workers.dev",nocase; classtype:attempted-recon; sid:200003090; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.passtruth-truth-5df4.pass-morn-reset-todaybringsjoy.workers.dev",nocase; classtype:attempted-recon; sid:200003091; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.steep-poetry-1ba3.updatelogaccountprogramedrfwerwrdhscsw.workers.dev",nocase; classtype:attempted-recon; sid:200003092; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.try-murpheos-keep.sales18130.workers.dev",nocase; classtype:attempted-recon; sid:200003093; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.twilight-darkness-9e4b.updatelogaccountprogramedrfwerwrdhscsw.workers.dev",nocase; classtype:attempted-recon; sid:200003094; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"project1-df3e9.web.app",nocase; classtype:attempted-recon; sid:200003095; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"projectlovewell.com",nocase; classtype:attempted-recon; sid:200003096; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"promehedinti.ro",nocase; classtype:attempted-recon; sid:200003097; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"promerica-sv.webcindario.com",nocase; classtype:attempted-recon; sid:200003098; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"promericalinea01.webcindario.com",nocase; classtype:attempted-recon; sid:200003099; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"promo.mycorporate-rewards.net",nocase; classtype:attempted-recon; sid:200003100; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"prosmate.com",nocase; classtype:attempted-recon; sid:200003101; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"prosxsiuser.myfreesites.net",nocase; classtype:attempted-recon; sid:200003102; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"prosys.poweredbygravit-e.co.uk",nocase; classtype:attempted-recon; sid:200003103; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"protect-4d56vca.surge.sh",nocase; classtype:attempted-recon; sid:200003104; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"proteczzguuaaardzzzpagess.000webhostapp.com",nocase; classtype:attempted-recon; sid:200003105; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"proteczzpagezzguarddzzz.000webhostapp.com",nocase; classtype:attempted-recon; sid:200003106; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"provodi.com",nocase; classtype:attempted-recon; sid:200003107; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"proximus-account.azurewebsites.net",nocase; classtype:attempted-recon; sid:200003108; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ptxx.cc",nocase; classtype:attempted-recon; sid:200003109; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pubgmobilevn.mobi",nocase; classtype:attempted-recon; sid:200003110; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"publish-p43452-e180057.adobeaemcloud.com",nocase; classtype:attempted-recon; sid:200003111; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"puffing.com.pk",nocase; classtype:attempted-recon; sid:200003112; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pulihkan-accountt20001.webnode.page",nocase; classtype:attempted-recon; sid:200003113; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"puroxymembrane.com",nocase; classtype:attempted-recon; sid:200003114; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pvr0k.csb.app",nocase; classtype:attempted-recon; sid:200003115; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pydttuxozmzjmjqxayxfxhycfr-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200003116; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qbocd.csb.app",nocase; classtype:attempted-recon; sid:200003117; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qevwisdfztymporlndsckabdil-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200003118; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qf3nt.codesandbox.io",nocase; classtype:attempted-recon; sid:200003119; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qfw.tosex35238.workers.dev",nocase; classtype:attempted-recon; sid:200003120; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qhj39hfxqftr.clickfunnels.com",nocase; classtype:attempted-recon; sid:200003121; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qhmqhgnfqbcoxkwamsioilhdmv-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200003122; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qsh74pekkv5e8.clickfunnels.com",nocase; classtype:attempted-recon; sid:200003123; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qssa.x5yrlr.cn",nocase; classtype:attempted-recon; sid:200003124; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"quinaroja.com",nocase; classtype:attempted-recon; sid:200003125; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"quotex-qx.com",nocase; classtype:attempted-recon; sid:200003126; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qwas.nfi71vw.cn",nocase; classtype:attempted-recon; sid:200003127; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qwea.wvhee0w.cn",nocase; classtype:attempted-recon; sid:200003128; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qweas.hi5g95r.cn",nocase; classtype:attempted-recon; sid:200003129; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qweas.p6rhddj.cn",nocase; classtype:attempted-recon; sid:200003130; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qweas.zwfaclq.cn",nocase; classtype:attempted-recon; sid:200003131; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qxluatbght.cfolks.pl",nocase; classtype:attempted-recon; sid:200003132; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"r3c31v30n3-1d3nt1ty.000webhostapp.com",nocase; classtype:attempted-recon; sid:200003133; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rabellartz.de",nocase; classtype:attempted-recon; sid:200003134; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rabofree.blogspot.com",nocase; classtype:attempted-recon; sid:200003135; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rabofree.blogspot.li",nocase; classtype:attempted-recon; sid:200003136; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rackenfordlabs.com",nocase; classtype:attempted-recon; sid:200003137; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"racuten.nuef.info",nocase; classtype:attempted-recon; sid:200003138; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"radhikamd.github.io",nocase; classtype:attempted-recon; sid:200003139; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rafbbmx.ml",nocase; classtype:attempted-recon; sid:200003140; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"raipurrussianescorts.com",nocase; classtype:attempted-recon; sid:200003141; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rakoten-card.buogfbizkugf.gq",nocase; classtype:attempted-recon; sid:200003142; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rakoten-card.bycsaxwdqunhh.gq",nocase; classtype:attempted-recon; sid:200003143; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rakoten-card.motpefhnpvyz.gq",nocase; classtype:attempted-recon; sid:200003144; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rakoten.potex.info",nocase; classtype:attempted-recon; sid:200003145; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"raktuen.laobanlocker.com",nocase; classtype:attempted-recon; sid:200003146; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rakuitan-card.info",nocase; classtype:attempted-recon; sid:200003147; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rakuten.awjoadc.cn",nocase; classtype:attempted-recon; sid:200003148; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rakuten.card.nuosreaoms.com",nocase; classtype:attempted-recon; sid:200003149; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rakuten.card.uosmcoua.com",nocase; classtype:attempted-recon; sid:200003150; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rakuthn.shop",nocase; classtype:attempted-recon; sid:200003151; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rakuttm.shop",nocase; classtype:attempted-recon; sid:200003152; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ramgarhiamatrimonial.ca",nocase; classtype:attempted-recon; sid:200003153; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rareelements.io",nocase; classtype:attempted-recon; sid:200003154; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rasmer.fi",nocase; classtype:attempted-recon; sid:200003155; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ratewatch.net",nocase; classtype:attempted-recon; sid:200003156; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"raycargo.com",nocase; classtype:attempted-recon; sid:200003157; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"raydiom.io",nocase; classtype:attempted-recon; sid:200003158; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"razcjjf.ga",nocase; classtype:attempted-recon; sid:200003159; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"razcjjf.ml",nocase; classtype:attempted-recon; sid:200003160; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rbcmontgomery.com",nocase; classtype:attempted-recon; sid:200003161; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rd8um.app.link",nocase; classtype:attempted-recon; sid:200003162; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rdirtfuo6t.vov.ru",nocase; classtype:attempted-recon; sid:200003163; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"re-direct-me.com",nocase; classtype:attempted-recon; sid:200003164; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"re-redirection-acc-id923872635122.blogspot.com",nocase; classtype:attempted-recon; sid:200003165; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"real-anon-keep-passing-word.rvsla.workers.dev",nocase; classtype:attempted-recon; sid:200003166; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"realestate-page-10843446024.expresspestcontrol.co.nz",nocase; classtype:attempted-recon; sid:200003167; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"realindiatravel.com",nocase; classtype:attempted-recon; sid:200003168; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reconfirmpost287846656.us",nocase; classtype:attempted-recon; sid:200003169; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"recover-pages-media-problems-secur-782.web.id",nocase; classtype:attempted-recon; sid:200003170; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"recover-pages-secur-media-problems-393.web.id",nocase; classtype:attempted-recon; sid:200003171; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"recover-pages-secur-media-problems-397.web.id",nocase; classtype:attempted-recon; sid:200003172; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"recovery-chain.com",nocase; classtype:attempted-recon; sid:200003173; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"recovery-fb.secure-acct.workers.dev",nocase; classtype:attempted-recon; sid:200003174; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"red-limit-db0e.chseonlinelogins.workers.dev",nocase; classtype:attempted-recon; sid:200003175; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"redbysfrgroupebox.myfreesites.net",nocase; classtype:attempted-recon; sid:200003176; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"redeem-microsoft-code.sitey.me",nocase; classtype:attempted-recon; sid:200003177; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rediractionid547012016089540218057.blogspot.com",nocase; classtype:attempted-recon; sid:200003178; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"redpichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200003179; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reg-3da7f.web.app",nocase; classtype:attempted-recon; sid:200003180; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reg.chaindaohang.com",nocase; classtype:attempted-recon; sid:200003181; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"regisdrive.xyz",nocase; classtype:attempted-recon; sid:200003182; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"register-my-device.com",nocase; classtype:attempted-recon; sid:200003183; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"registerdrive.xyz",nocase; classtype:attempted-recon; sid:200003184; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reglic.in",nocase; classtype:attempted-recon; sid:200003185; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"regularsweeps.xyz",nocase; classtype:attempted-recon; sid:200003186; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reignbike.com",nocase; classtype:attempted-recon; sid:200003187; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reikisadhna.com",nocase; classtype:attempted-recon; sid:200003188; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"relevant.systems",nocase; classtype:attempted-recon; sid:200003189; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"remittance369297292749.goshly.com",nocase; classtype:attempted-recon; sid:200003190; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"renovkonstruksi.com",nocase; classtype:attempted-recon; sid:200003191; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"repl-mess.myfreesites.net",nocase; classtype:attempted-recon; sid:200003192; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"restore.exodusapp.ru",nocase; classtype:attempted-recon; sid:200003193; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"restoredabefore-com.filesusr.com",nocase; classtype:attempted-recon; sid:200003194; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"restorewallet-activation.net",nocase; classtype:attempted-recon; sid:200003195; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"retiro-extracash.com",nocase; classtype:attempted-recon; sid:200003196; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"retiro.cl",nocase; classtype:attempted-recon; sid:200003197; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"retraiteenaction.ca",nocase; classtype:attempted-recon; sid:200003198; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"retrospectiveplanningenforcementwestsussex.co.uk",nocase; classtype:attempted-recon; sid:200003199; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"retrouve-particulier-mailaccord.globaltvnepal.com",nocase; classtype:attempted-recon; sid:200003200; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rev.sfr.net.gghost.ru",nocase; classtype:attempted-recon; sid:200003201; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"review-mynew-device.com",nocase; classtype:attempted-recon; sid:200003202; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reviewbook.org",nocase; classtype:attempted-recon; sid:200003203; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"revistametro.com.ar",nocase; classtype:attempted-recon; sid:200003204; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reximane.cf",nocase; classtype:attempted-recon; sid:200003205; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"riptide-operation.ru.com",nocase; classtype:attempted-recon; sid:200003206; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"riveroflife.org.in",nocase; classtype:attempted-recon; sid:200003207; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rizarichempire.com",nocase; classtype:attempted-recon; sid:200003208; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rizkyinterior.com",nocase; classtype:attempted-recon; sid:200003209; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rkanet.com",nocase; classtype:attempted-recon; sid:200003210; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rkt-co.f1ss.co",nocase; classtype:attempted-recon; sid:200003211; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rlink.vn",nocase; classtype:attempted-recon; sid:200003212; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rmsfcc.com",nocase; classtype:attempted-recon; sid:200003213; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rnercarl-security.co.ip.rnamso.shop",nocase; classtype:attempted-recon; sid:200003214; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rnercarl.co.jp.merinosimo.shop",nocase; classtype:attempted-recon; sid:200003215; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"roadgo.co.uk",nocase; classtype:attempted-recon; sid:200003216; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"robloxrun.000webhostapp.com",nocase; classtype:attempted-recon; sid:200003217; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"roccobonheur1-my-cheetah-website-copy.cheetah.builderall.com",nocase; classtype:attempted-recon; sid:200003218; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"roisnoob.github.io",nocase; classtype:attempted-recon; sid:200003219; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rokulinktechnology.com",nocase; classtype:attempted-recon; sid:200003220; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rolinadd.surveysparrow.com",nocase; classtype:attempted-recon; sid:200003221; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"romanceify.com",nocase; classtype:attempted-recon; sid:200003222; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rondalowa.blogspot.com",nocase; classtype:attempted-recon; sid:200003223; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rondelbarrilito.com",nocase; classtype:attempted-recon; sid:200003224; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ronin-help.com",nocase; classtype:attempted-recon; sid:200003225; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"roninwallet-connect.com",nocase; classtype:attempted-recon; sid:200003226; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"roninwallet.cm",nocase; classtype:attempted-recon; sid:200003227; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rotimi.pandaform.com",nocase; classtype:attempted-recon; sid:200003228; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"roundcube-2c46f.web.app",nocase; classtype:attempted-recon; sid:200003229; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"roundcube-production-cf.tx1.mailhostbox.com",nocase; classtype:attempted-recon; sid:200003230; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"routeksa.com",nocase; classtype:attempted-recon; sid:200003231; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"royalwindsorpub.com",nocase; classtype:attempted-recon; sid:200003232; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"roygijvhluozwnflsypmewrstt-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200003233; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rplg.co",nocase; classtype:attempted-recon; sid:200003234; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rrakutenn.co.jp.azii.cn",nocase; classtype:attempted-recon; sid:200003235; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rrakutenn.co.jp.nanofresh.cn",nocase; classtype:attempted-recon; sid:200003236; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rsujkblokqlyqfonpzgztejdji-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200003237; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rufoxxy.com",nocase; classtype:attempted-recon; sid:200003238; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"runescape-info.com",nocase; classtype:attempted-recon; sid:200003239; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ruth.martulangbelulalng.workers.dev",nocase; classtype:attempted-recon; sid:200003240; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ryanicolehoward.com",nocase; classtype:attempted-recon; sid:200003241; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rymproducciones.com",nocase; classtype:attempted-recon; sid:200003242; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s-sarfati.co.il",nocase; classtype:attempted-recon; sid:200003243; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s.macecri.com",nocase; classtype:attempted-recon; sid:200003244; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s5vzr.app.link",nocase; classtype:attempted-recon; sid:200003245; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s787v.cn",nocase; classtype:attempted-recon; sid:200003246; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sa.macecri.com",nocase; classtype:attempted-recon; sid:200003247; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sadervoyages.intnet.mu",nocase; classtype:attempted-recon; sid:200003248; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"safty.summarycheck.workers.dev",nocase; classtype:attempted-recon; sid:200003249; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"saintbarkleyshoes.com",nocase; classtype:attempted-recon; sid:200003250; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"saitadobrasil.com.br",nocase; classtype:attempted-recon; sid:200003251; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"saldospc.com",nocase; classtype:attempted-recon; sid:200003252; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"saliksnas.lojaintegrada.com.br",nocase; classtype:attempted-recon; sid:200003253; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"salmanfarsi01.github.io",nocase; classtype:attempted-recon; sid:200003254; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"saludypension.com",nocase; classtype:attempted-recon; sid:200003255; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"samarahonda.com",nocase; classtype:attempted-recon; sid:200003256; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"samihalyaman.com",nocase; classtype:attempted-recon; sid:200003257; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"samvoktor.com",nocase; classtype:attempted-recon; sid:200003258; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sanasunty.site",nocase; classtype:attempted-recon; sid:200003259; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sandeeppk03.github.io",nocase; classtype:attempted-recon; sid:200003260; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sandhu.codebucketitsolutions.com",nocase; classtype:attempted-recon; sid:200003261; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sanjilkumar.com",nocase; classtype:attempted-recon; sid:200003262; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sankyo-rz.com",nocase; classtype:attempted-recon; sid:200003263; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sanru.cd",nocase; classtype:attempted-recon; sid:200003264; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"santander.secured-auth-login.com",nocase; classtype:attempted-recon; sid:200003265; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"santanverifyfunction.com",nocase; classtype:attempted-recon; sid:200003266; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"santepluspharma.eclatmediasolution.website",nocase; classtype:attempted-recon; sid:200003267; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"santoshdangi.com.np",nocase; classtype:attempted-recon; sid:200003268; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"saritapariyar.com.np",nocase; classtype:attempted-recon; sid:200003269; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"satay-secur.reconfimations.pagedisabled.workers.dev",nocase; classtype:attempted-recon; sid:200003270; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"satemi.com.ve",nocase; classtype:attempted-recon; sid:200003271; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"satonteams.co.uk",nocase; classtype:attempted-recon; sid:200003272; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"savingsfordentalcare.com",nocase; classtype:attempted-recon; sid:200003273; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sbi.mx",nocase; classtype:attempted-recon; sid:200003274; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sbs-siebanlagen.de",nocase; classtype:attempted-recon; sid:200003275; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sc.macecri.com",nocase; classtype:attempted-recon; sid:200003276; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sc.scicemecod.com",nocase; classtype:attempted-recon; sid:200003277; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sca.scicemecod.com",nocase; classtype:attempted-recon; sid:200003278; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sdgvsdvsdvs.blogspot.com",nocase; classtype:attempted-recon; sid:200003279; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"se.scicemecod.com",nocase; classtype:attempted-recon; sid:200003280; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sebat-dhl.blogspot.com",nocase; classtype:attempted-recon; sid:200003281; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sebene27.github.io",nocase; classtype:attempted-recon; sid:200003282; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secur-standard-media-recover-pages-problems-159.web.id",nocase; classtype:attempted-recon; sid:200003283; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure-boncoincontrol.net",nocase; classtype:attempted-recon; sid:200003284; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure-halifax-device.com",nocase; classtype:attempted-recon; sid:200003285; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure-mynew-devices.com",nocase; classtype:attempted-recon; sid:200003286; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure-runescape.xgm.rnp.mybluehost.me",nocase; classtype:attempted-recon; sid:200003287; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure-service-gateway.com",nocase; classtype:attempted-recon; sid:200003288; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure-zirox.s3.ap-southeast-2.amazonaws.com",nocase; classtype:attempted-recon; sid:200003289; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.legalmetric.com",nocase; classtype:attempted-recon; sid:200003290; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.oldschool.com-cl.ru",nocase; classtype:attempted-recon; sid:200003291; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.oldschool.com-cu.ru",nocase; classtype:attempted-recon; sid:200003292; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.oldschool.com-cv.ru",nocase; classtype:attempted-recon; sid:200003293; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.oldschool.com-oz.ru",nocase; classtype:attempted-recon; sid:200003294; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.oldschool.com-rsu.ru",nocase; classtype:attempted-recon; sid:200003295; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-as.cz",nocase; classtype:attempted-recon; sid:200003296; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-az.ru",nocase; classtype:attempted-recon; sid:200003297; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-cl.ru",nocase; classtype:attempted-recon; sid:200003298; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-co.ru",nocase; classtype:attempted-recon; sid:200003299; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-cu.ru",nocase; classtype:attempted-recon; sid:200003300; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-cv.ru",nocase; classtype:attempted-recon; sid:200003301; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-or.ru",nocase; classtype:attempted-recon; sid:200003302; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-oz.ru",nocase; classtype:attempted-recon; sid:200003303; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-rse.ru",nocase; classtype:attempted-recon; sid:200003304; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-rsu.ru",nocase; classtype:attempted-recon; sid:200003305; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-vs.ru",nocase; classtype:attempted-recon; sid:200003306; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure300.inmotionhosting.com",nocase; classtype:attempted-recon; sid:200003307; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure303.inmotionhosting.com",nocase; classtype:attempted-recon; sid:200003308; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure55.webhostinghub.com",nocase; classtype:attempted-recon; sid:200003309; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure7-servr01-log-in.4nmn.com",nocase; classtype:attempted-recon; sid:200003310; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"securee37-authen21.duckdns.org",nocase; classtype:attempted-recon; sid:200003311; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"securegateway-ovhcloud.csl-sl.de",nocase; classtype:attempted-recon; sid:200003312; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"securelloyd-help-app.com",nocase; classtype:attempted-recon; sid:200003313; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"security-page-community-standards.blogspot.com",nocase; classtype:attempted-recon; sid:200003314; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"seguridad-oca.webcindario.com",nocase; classtype:attempted-recon; sid:200003315; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"seleb-indo.duckdns.org",nocase; classtype:attempted-recon; sid:200003316; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"selector26.gg",nocase; classtype:attempted-recon; sid:200003317; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"selector28.gg",nocase; classtype:attempted-recon; sid:200003318; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sem.my-drs.co.uk",nocase; classtype:attempted-recon; sid:200003319; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sen-manole.firebaseapp.com",nocase; classtype:attempted-recon; sid:200003320; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sendo-meso.firebaseapp.com",nocase; classtype:attempted-recon; sid:200003321; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sendung.eyecatch.ch",nocase; classtype:attempted-recon; sid:200003322; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sergebubnin.space",nocase; classtype:attempted-recon; sid:200003323; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sertyxese.myfreesites.net",nocase; classtype:attempted-recon; sid:200003324; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"server-networksolutions.web.app",nocase; classtype:attempted-recon; sid:200003325; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"serverprotocols.com",nocase; classtype:attempted-recon; sid:200003326; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck103.web.app",nocase; classtype:attempted-recon; sid:200003327; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck104.web.app",nocase; classtype:attempted-recon; sid:200003328; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck105.web.app",nocase; classtype:attempted-recon; sid:200003329; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck107.web.app",nocase; classtype:attempted-recon; sid:200003330; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck108.web.app",nocase; classtype:attempted-recon; sid:200003331; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck111.web.app",nocase; classtype:attempted-recon; sid:200003332; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck112.web.app",nocase; classtype:attempted-recon; sid:200003333; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck117.web.app",nocase; classtype:attempted-recon; sid:200003334; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck118.web.app",nocase; classtype:attempted-recon; sid:200003335; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck121.web.app",nocase; classtype:attempted-recon; sid:200003336; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck122.web.app",nocase; classtype:attempted-recon; sid:200003337; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck123.web.app",nocase; classtype:attempted-recon; sid:200003338; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck126.web.app",nocase; classtype:attempted-recon; sid:200003339; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck127.web.app",nocase; classtype:attempted-recon; sid:200003340; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck129.web.app",nocase; classtype:attempted-recon; sid:200003341; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck13.web.app",nocase; classtype:attempted-recon; sid:200003342; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck130.web.app",nocase; classtype:attempted-recon; sid:200003343; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck134.web.app",nocase; classtype:attempted-recon; sid:200003344; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck135.web.app",nocase; classtype:attempted-recon; sid:200003345; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck137.web.app",nocase; classtype:attempted-recon; sid:200003346; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck138.web.app",nocase; classtype:attempted-recon; sid:200003347; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck139.web.app",nocase; classtype:attempted-recon; sid:200003348; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck14.web.app",nocase; classtype:attempted-recon; sid:200003349; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck140.web.app",nocase; classtype:attempted-recon; sid:200003350; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck142.web.app",nocase; classtype:attempted-recon; sid:200003351; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck143.web.app",nocase; classtype:attempted-recon; sid:200003352; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck145.web.app",nocase; classtype:attempted-recon; sid:200003353; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck149.web.app",nocase; classtype:attempted-recon; sid:200003354; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck155.web.app",nocase; classtype:attempted-recon; sid:200003355; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck207.web.app",nocase; classtype:attempted-recon; sid:200003356; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck21.web.app",nocase; classtype:attempted-recon; sid:200003357; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck23.web.app",nocase; classtype:attempted-recon; sid:200003358; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck334.web.app",nocase; classtype:attempted-recon; sid:200003359; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck36.web.app",nocase; classtype:attempted-recon; sid:200003360; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck410.web.app",nocase; classtype:attempted-recon; sid:200003361; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck429.web.app",nocase; classtype:attempted-recon; sid:200003362; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck442.web.app",nocase; classtype:attempted-recon; sid:200003363; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck443.web.app",nocase; classtype:attempted-recon; sid:200003364; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck46.web.app",nocase; classtype:attempted-recon; sid:200003365; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck54.web.app",nocase; classtype:attempted-recon; sid:200003366; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck60.web.app",nocase; classtype:attempted-recon; sid:200003367; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck70.web.app",nocase; classtype:attempted-recon; sid:200003368; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck736.web.app",nocase; classtype:attempted-recon; sid:200003369; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck74.web.app",nocase; classtype:attempted-recon; sid:200003370; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck75.web.app",nocase; classtype:attempted-recon; sid:200003371; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck77.web.app",nocase; classtype:attempted-recon; sid:200003372; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck8.web.app",nocase; classtype:attempted-recon; sid:200003373; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck87.web.app",nocase; classtype:attempted-recon; sid:200003374; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck995.web.app",nocase; classtype:attempted-recon; sid:200003375; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"service-lkdn2020.gacconstrutora.com.br",nocase; classtype:attempted-recon; sid:200003376; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"serviceinfo-securehost.duckdns.org",nocase; classtype:attempted-recon; sid:200003377; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servicepage.service-page.workers.dev",nocase; classtype:attempted-recon; sid:200003378; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servicepichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200003379; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"services.runescape.com-as.cz",nocase; classtype:attempted-recon; sid:200003380; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"services.runescape.com-oc.ru",nocase; classtype:attempted-recon; sid:200003381; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"services.runescape.com-rse.ru",nocase; classtype:attempted-recon; sid:200003382; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"services.runescape.com-rsu.ru",nocase; classtype:attempted-recon; sid:200003383; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servicesbancaire.com",nocase; classtype:attempted-recon; sid:200003384; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"serviciosbndigitales.com",nocase; classtype:attempted-recon; sid:200003385; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servics.validationsecuradm.workers.dev",nocase; classtype:attempted-recon; sid:200003386; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servinform.quadientcloud.eu",nocase; classtype:attempted-recon; sid:200003387; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"setupmynorton.square.site",nocase; classtype:attempted-recon; sid:200003388; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"seul.unilurio.ac.mz",nocase; classtype:attempted-recon; sid:200003389; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sevoudryserviciobomail.dudaone.com",nocase; classtype:attempted-recon; sid:200003390; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sfc.com.vn",nocase; classtype:attempted-recon; sid:200003391; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sfex12sec.web.app",nocase; classtype:attempted-recon; sid:200003392; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sfirstrepublic.coms.cso.gov.tt",nocase; classtype:attempted-recon; sid:200003393; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sfr.provad.fr",nocase; classtype:attempted-recon; sid:200003394; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sfrpanel.lws.fr",nocase; classtype:attempted-recon; sid:200003395; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sgtbalde991-dot-still-dynamics-321006.ue.r.appspot.com",nocase; classtype:attempted-recon; sid:200003396; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shafischools.com",nocase; classtype:attempted-recon; sid:200003397; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shamajastore.co.ke",nocase; classtype:attempted-recon; sid:200003398; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shanky0.github.io",nocase; classtype:attempted-recon; sid:200003399; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shanza.epos.com.pk",nocase; classtype:attempted-recon; sid:200003400; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"share-eu1.hsforms.com",nocase; classtype:attempted-recon; sid:200003401; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"share.chamaileon.io",nocase; classtype:attempted-recon; sid:200003402; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shared-file.square.site",nocase; classtype:attempted-recon; sid:200003403; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sharedfax815201376.wordpress.com",nocase; classtype:attempted-recon; sid:200003404; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sharedtris.com",nocase; classtype:attempted-recon; sid:200003405; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sharelink.sn.am",nocase; classtype:attempted-recon; sid:200003406; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shayvardphoto.ir",nocase; classtype:attempted-recon; sid:200003407; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shinex.lk",nocase; classtype:attempted-recon; sid:200003408; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shirhokos-mhalskbsiaoutfew43535.duckdns.org",nocase; classtype:attempted-recon; sid:200003409; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shirtshanger.com",nocase; classtype:attempted-recon; sid:200003410; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shiye666.cn",nocase; classtype:attempted-recon; sid:200003411; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shop.cmfurnituremall.com",nocase; classtype:attempted-recon; sid:200003412; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shop.ewerest-stroi.ru",nocase; classtype:attempted-recon; sid:200003413; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shopeecoins.blogspot.com",nocase; classtype:attempted-recon; sid:200003414; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shrutidhall.com",nocase; classtype:attempted-recon; sid:200003415; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sidneyfcuorg.freshy.site",nocase; classtype:attempted-recon; sid:200003416; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sign-trk.empressmd.com",nocase; classtype:attempted-recon; sid:200003417; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"signin-gcq7uwojrw58brcckylebjuy39nk2ivt65ol39k6ut6ura94zk.website.yandexcloud.net",nocase; classtype:attempted-recon; sid:200003418; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"signin-payeer.com",nocase; classtype:attempted-recon; sid:200003419; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"signin.eday.ed.ws.eday.ispi.dll.signin.using.ssl.hors-stade.com",nocase; classtype:attempted-recon; sid:200003420; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"silkroadwines.com",nocase; classtype:attempted-recon; sid:200003421; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"silpovsatb-ua.online",nocase; classtype:attempted-recon; sid:200003422; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"silverberrygroup.com",nocase; classtype:attempted-recon; sid:200003423; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sim0nt0k-viral-terbaru-2022.duckdns.org",nocase; classtype:attempted-recon; sid:200003424; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"simpkk.karanganyarkab.go.id",nocase; classtype:attempted-recon; sid:200003425; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sindarspen.org.br",nocase; classtype:attempted-recon; sid:200003426; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"siporados15585.blogspot.com",nocase; classtype:attempted-recon; sid:200003427; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sirak.se",nocase; classtype:attempted-recon; sid:200003428; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"site-4403463-3995-6112.mystrikingly.com",nocase; classtype:attempted-recon; sid:200003429; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"site9423623.92.webydo.com",nocase; classtype:attempted-recon; sid:200003430; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"site9423773.92.webydo.com",nocase; classtype:attempted-recon; sid:200003431; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"site9434107.92.webydo.com",nocase; classtype:attempted-recon; sid:200003432; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"site9548676.92.webydo.com",nocase; classtype:attempted-recon; sid:200003433; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"site9551459.92.webydo.com",nocase; classtype:attempted-recon; sid:200003434; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"site9552191.92.webydo.com",nocase; classtype:attempted-recon; sid:200003435; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"site9606042.92.webydo.com",nocase; classtype:attempted-recon; sid:200003436; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sitebrasil.azurewebsites.net",nocase; classtype:attempted-recon; sid:200003437; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sitebuilder152832.dynadot.com",nocase; classtype:attempted-recon; sid:200003438; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sitebuilder152935.dynadot.com",nocase; classtype:attempted-recon; sid:200003439; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sitemodify.com",nocase; classtype:attempted-recon; sid:200003440; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"situs-facebook-resmi21.webnode.com",nocase; classtype:attempted-recon; sid:200003441; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"situs-layanan-pemulihan4.webnode.com",nocase; classtype:attempted-recon; sid:200003442; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"situs-pemulihan-resmi0.webnode.com",nocase; classtype:attempted-recon; sid:200003443; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"six-group.xyz",nocase; classtype:attempted-recon; sid:200003444; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sk128.sbs",nocase; classtype:attempted-recon; sid:200003445; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sklepkody.pl",nocase; classtype:attempted-recon; sid:200003446; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"skradvanidance.business.site",nocase; classtype:attempted-recon; sid:200003447; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"skybttv.com",nocase; classtype:attempted-recon; sid:200003448; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"skygobank.com",nocase; classtype:attempted-recon; sid:200003449; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"skylerclarkmusic.com",nocase; classtype:attempted-recon; sid:200003450; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"skymavis-accountupdate.com",nocase; classtype:attempted-recon; sid:200003451; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"skymavisupport.com",nocase; classtype:attempted-recon; sid:200003452; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"slavamel.github.io",nocase; classtype:attempted-recon; sid:200003453; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sleepmaskz.com",nocase; classtype:attempted-recon; sid:200003454; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"slickparties.com",nocase; classtype:attempted-recon; sid:200003455; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"slmkufeckf.jon-jensen.workers.dev",nocase; classtype:attempted-recon; sid:200003456; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"slovenska-posta.sytes.net",nocase; classtype:attempted-recon; sid:200003457; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"slowlinebag.jp",nocase; classtype:attempted-recon; sid:200003458; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sm.scicemecod.com",nocase; classtype:attempted-recon; sid:200003459; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sm777.csb.app",nocase; classtype:attempted-recon; sid:200003460; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smbc-accout.com",nocase; classtype:attempted-recon; sid:200003461; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smbc-credit.shop",nocase; classtype:attempted-recon; sid:200003462; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smbc-veaiana.com",nocase; classtype:attempted-recon; sid:200003463; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smbcbc.com",nocase; classtype:attempted-recon; sid:200003464; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smbccjp.shop",nocase; classtype:attempted-recon; sid:200003465; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smbcr.mrtka.info",nocase; classtype:attempted-recon; sid:200003466; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smbcwodeqingguoshoujicojp.top",nocase; classtype:attempted-recon; sid:200003467; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smeo.org.mx",nocase; classtype:attempted-recon; sid:200003468; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smgolamalif.github.io",nocase; classtype:attempted-recon; sid:200003469; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smirl.org",nocase; classtype:attempted-recon; sid:200003470; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smkkesehatanjember.sch.id",nocase; classtype:attempted-recon; sid:200003471; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smmsvocal.yolasite.com",nocase; classtype:attempted-recon; sid:200003472; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sms-check.sc-q.top",nocase; classtype:attempted-recon; sid:200003473; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sms-shorter.com",nocase; classtype:attempted-recon; sid:200003474; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smsbc-info5.com",nocase; classtype:attempted-recon; sid:200003475; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smsenligne.myfreesites.net",nocase; classtype:attempted-recon; sid:200003476; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smsorangephonemail.myfreesites.net",nocase; classtype:attempted-recon; sid:200003477; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smsorangesmsmessage.myfreesites.net",nocase; classtype:attempted-recon; sid:200003478; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smss-mms.yolasite.com",nocase; classtype:attempted-recon; sid:200003479; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smsverificationmms.myfreesites.net",nocase; classtype:attempted-recon; sid:200003480; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smwam.coms.cso.gov.tt",nocase; classtype:attempted-recon; sid:200003481; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"so.macecri.com",nocase; classtype:attempted-recon; sid:200003482; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soaringskiesrentals.com",nocase; classtype:attempted-recon; sid:200003483; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soci-molen.web.app",nocase; classtype:attempted-recon; sid:200003484; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"socialpinch.com",nocase; classtype:attempted-recon; sid:200003485; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sofe-firma.firebaseapp.com",nocase; classtype:attempted-recon; sid:200003486; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soft-cell-8148.updateloginprogram.workers.dev",nocase; classtype:attempted-recon; sid:200003487; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soft-grass-1edd.acc-update.workers.dev",nocase; classtype:attempted-recon; sid:200003488; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sognointerno.com",nocase; classtype:attempted-recon; sid:200003489; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"solicitarfirmaelectronica-sv.com",nocase; classtype:attempted-recon; sid:200003490; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"solyanayakomnata.ru",nocase; classtype:attempted-recon; sid:200003491; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sopac.org.py",nocase; classtype:attempted-recon; sid:200003492; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soracoes.xyz",nocase; classtype:attempted-recon; sid:200003493; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"souaxwaoh.myfreesites.net",nocase; classtype:attempted-recon; sid:200003494; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soude-masi.firebaseapp.com",nocase; classtype:attempted-recon; sid:200003495; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soufsont.blogspot.com",nocase; classtype:attempted-recon; sid:200003496; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soulocaredirect.webcindario.com",nocase; classtype:attempted-recon; sid:200003497; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soumya252000.github.io",nocase; classtype:attempted-recon; sid:200003498; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"souravtech.com",nocase; classtype:attempted-recon; sid:200003499; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"southamerica-east1-hardy-magpie-334101.cloudfunctions.net",nocase; classtype:attempted-recon; sid:200003500; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"southamerica-east1-manifest-design-330523.cloudfunctions.net",nocase; classtype:attempted-recon; sid:200003501; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"southamerica-east1-my-project-90086352.cloudfunctions.net",nocase; classtype:attempted-recon; sid:200003502; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"southamerica-east1-noted-minutia-330211.cloudfunctions.net",nocase; classtype:attempted-recon; sid:200003503; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sp477389.sitebeat.site",nocase; classtype:attempted-recon; sid:200003504; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sp701876.sitebeat.site",nocase; classtype:attempted-recon; sid:200003505; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spacemanagerent.webcindario.com",nocase; classtype:attempted-recon; sid:200003506; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spark.shaheenwrites.com",nocase; classtype:attempted-recon; sid:200003507; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sparkasse-vereinsbanken.xyz",nocase; classtype:attempted-recon; sid:200003508; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sparkasse.de.internet-filiale.co",nocase; classtype:attempted-recon; sid:200003509; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sparxinteriors.co.zw",nocase; classtype:attempted-recon; sid:200003510; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"specialnotice.pricesamazonlogincard.shop",nocase; classtype:attempted-recon; sid:200003511; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spectrumstorageaccess.yahoosites.com",nocase; classtype:attempted-recon; sid:200003512; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spentamultimedia.com",nocase; classtype:attempted-recon; sid:200003513; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spidertvapp.com",nocase; classtype:attempted-recon; sid:200003514; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spirit.gtwozone.com",nocase; classtype:attempted-recon; sid:200003515; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spk-entsperren.de",nocase; classtype:attempted-recon; sid:200003516; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spk-jahreswechsel.com",nocase; classtype:attempted-recon; sid:200003517; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spk-secure-de.com",nocase; classtype:attempted-recon; sid:200003518; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sport.protected-secur.workers.dev",nocase; classtype:attempted-recon; sid:200003519; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sportshoes.top",nocase; classtype:attempted-recon; sid:200003520; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sportybetpremium.wapka.co",nocase; classtype:attempted-recon; sid:200003521; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spring-pond-62c4.autocreative.workers.dev",nocase; classtype:attempted-recon; sid:200003522; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spring-pond-62c4.autocreative.workers.dev#eimaste@stinpriza.org",nocase; classtype:attempted-recon; sid:200003523; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"squeeze-airwcmalznoun.com",nocase; classtype:attempted-recon; sid:200003524; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"squeeze-amieazoeon.co",nocase; classtype:attempted-recon; sid:200003525; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sr.scicemecod.com",nocase; classtype:attempted-recon; sid:200003526; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"srisritextiles.com",nocase; classtype:attempted-recon; sid:200003527; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"srvr-cloudmail-srvr5s5wd3.pages.dev",nocase; classtype:attempted-recon; sid:200003528; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ssdaz.sqqaepr.cn",nocase; classtype:attempted-recon; sid:200003529; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sse.scicemecod.com",nocase; classtype:attempted-recon; sid:200003530; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ssia.org.sg",nocase; classtype:attempted-recon; sid:200003531; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ssl.dsl.isl.mll.aqmst6.stockestan.ir",nocase; classtype:attempted-recon; sid:200003532; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sso-garena.com",nocase; classtype:attempted-recon; sid:200003533; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sswebmail-4w5twsr.web.app",nocase; classtype:attempted-recon; sid:200003534; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stage.vannaryfowler.com",nocase; classtype:attempted-recon; sid:200003535; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"staging.eliteautomotive.com.au",nocase; classtype:attempted-recon; sid:200003536; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"standardupdatesupportandhelpcenter2021.ga",nocase; classtype:attempted-recon; sid:200003537; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"starforsure.com",nocase; classtype:attempted-recon; sid:200003538; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"starliker.net",nocase; classtype:attempted-recon; sid:200003539; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"starsoftheindustry.com",nocase; classtype:attempted-recon; sid:200003540; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"starttsboxfile.myfreesites.net",nocase; classtype:attempted-recon; sid:200003541; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"static-ak-fbcdn.atspace.com",nocase; classtype:attempted-recon; sid:200003542; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"static-dev.o2alerts.com",nocase; classtype:attempted-recon; sid:200003543; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"static-promote.weebly.com",nocase; classtype:attempted-recon; sid:200003544; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"status-dev.o2alerts.com",nocase; classtype:attempted-recon; sid:200003545; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stbkcoltria.atwebpages.com",nocase; classtype:attempted-recon; sid:200003546; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stclarechurch.net",nocase; classtype:attempted-recon; sid:200003547; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"steamcommunites.com",nocase; classtype:attempted-recon; sid:200003548; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"steamcommunitj.com",nocase; classtype:attempted-recon; sid:200003549; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"steamnitrof.com",nocase; classtype:attempted-recon; sid:200003550; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"steampoweredtrade.org",nocase; classtype:attempted-recon; sid:200003551; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"steampoweredtrades.org",nocase; classtype:attempted-recon; sid:200003552; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stevemadden-sverige.com",nocase; classtype:attempted-recon; sid:200003553; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stevemaddenbutik.com",nocase; classtype:attempted-recon; sid:200003554; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stevemaddenserbia.com",nocase; classtype:attempted-recon; sid:200003555; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stevemaddenshoe.net",nocase; classtype:attempted-recon; sid:200003556; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"steven-coldwellbth9965.web.app",nocase; classtype:attempted-recon; sid:200003557; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stevencrews.com",nocase; classtype:attempted-recon; sid:200003558; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stgrp.ru",nocase; classtype:attempted-recon; sid:200003559; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"still-star-c948.updatelogaccountprogramedrfwerwrdhsjy.workers.dev",nocase; classtype:attempted-recon; sid:200003560; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stimulus-claim.com",nocase; classtype:attempted-recon; sid:200003561; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stjohnmarol.com",nocase; classtype:attempted-recon; sid:200003562; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stjudes.in",nocase; classtype:attempted-recon; sid:200003563; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stolizaparketa.ru",nocase; classtype:attempted-recon; sid:200003564; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stollgroup.coms.cso.gov.tt",nocase; classtype:attempted-recon; sid:200003565; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.yandexcloud.net",nocase; classtype:attempted-recon; sid:200003566; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storenike365.top",nocase; classtype:attempted-recon; sid:200003567; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"studio-lol.com",nocase; classtype:attempted-recon; sid:200003568; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stylifehomedecors.com",nocase; classtype:attempted-recon; sid:200003569; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stz-fmba.ru",nocase; classtype:attempted-recon; sid:200003570; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"submit8099.page.link",nocase; classtype:attempted-recon; sid:200003571; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"successgroup.org",nocase; classtype:attempted-recon; sid:200003572; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sucses-gov.nomtiluy.top",nocase; classtype:attempted-recon; sid:200003573; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sucuvirtcolba.com",nocase; classtype:attempted-recon; sid:200003574; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"suelunn.com",nocase; classtype:attempted-recon; sid:200003575; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"suiviticket.co",nocase; classtype:attempted-recon; sid:200003576; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sukien-pubgmoblevng.ga",nocase; classtype:attempted-recon; sid:200003577; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sultan-raza.github.io",nocase; classtype:attempted-recon; sid:200003578; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sumpandtankcleaners.in",nocase; classtype:attempted-recon; sid:200003579; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sunami.pagedemo.co",nocase; classtype:attempted-recon; sid:200003580; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sunbeltmembers.com",nocase; classtype:attempted-recon; sid:200003581; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sunge-ode.firebaseapp.com",nocase; classtype:attempted-recon; sid:200003582; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sunshineteam.in",nocase; classtype:attempted-recon; sid:200003583; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"super-dawn-3035.ddahluwalia.workers.dev",nocase; classtype:attempted-recon; sid:200003584; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"supermilhas.com",nocase; classtype:attempted-recon; sid:200003585; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"suportecxacesso2020.com",nocase; classtype:attempted-recon; sid:200003586; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"supotsstunes.servehttp.com",nocase; classtype:attempted-recon; sid:200003587; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"suppliers.bitshepherd.org",nocase; classtype:attempted-recon; sid:200003588; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"support-auwebaccessjpnaikpanggung.com",nocase; classtype:attempted-recon; sid:200003589; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"support-axiewallet.com",nocase; classtype:attempted-recon; sid:200003590; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"support-dapps.info",nocase; classtype:attempted-recon; sid:200003591; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"support-process-manager.com",nocase; classtype:attempted-recon; sid:200003592; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"support-verify-mydevices.com",nocase; classtype:attempted-recon; sid:200003593; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"support.atimazo.shop",nocase; classtype:attempted-recon; sid:200003594; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"supportpichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200003595; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"survey18-aws.surveycenter.com",nocase; classtype:attempted-recon; sid:200003596; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"survey18-aws.toluna.com",nocase; classtype:attempted-recon; sid:200003597; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"surveys.adytude.com",nocase; classtype:attempted-recon; sid:200003598; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"suspicious-williamson.193-70-50-31.plesk.page",nocase; classtype:attempted-recon; sid:200003599; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"suumc-one.com",nocase; classtype:attempted-recon; sid:200003600; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sv.scicemecod.com",nocase; classtype:attempted-recon; sid:200003601; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"svelte-kdy6dk.stackblitz.io",nocase; classtype:attempted-recon; sid:200003602; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"swanholm.net",nocase; classtype:attempted-recon; sid:200003603; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"swannatural.com",nocase; classtype:attempted-recon; sid:200003604; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"swap.elena.finance",nocase; classtype:attempted-recon; sid:200003605; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"swappauto.staging.lcsolutions.it",nocase; classtype:attempted-recon; sid:200003606; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"swedbank-apsauga.info",nocase; classtype:attempted-recon; sid:200003607; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"swisscom.myfreesites.net",nocase; classtype:attempted-recon; sid:200003608; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sxb1plvwcpnl489779.prod.sxb1.secureserver.net",nocase; classtype:attempted-recon; sid:200003609; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"synaxisreadymix.com",nocase; classtype:attempted-recon; sid:200003610; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"syncdappconnect.com",nocase; classtype:attempted-recon; sid:200003611; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"syncmultidapp.com",nocase; classtype:attempted-recon; sid:200003612; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"syr.us",nocase; classtype:attempted-recon; sid:200003613; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sysm5rn.cn",nocase; classtype:attempted-recon; sid:200003614; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"system-fassil-net-2-3242353453453--12344443.repl.co",nocase; classtype:attempted-recon; sid:200003615; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t0nline0de0login-001-site1.itempurl.com",nocase; classtype:attempted-recon; sid:200003616; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"taher-mohamed-ahmed-saad.github.io",nocase; classtype:attempted-recon; sid:200003617; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"taoistw345ie.co",nocase; classtype:attempted-recon; sid:200003618; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tarik-fitness.com",nocase; classtype:attempted-recon; sid:200003619; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"taxcare.page.link",nocase; classtype:attempted-recon; sid:200003620; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"taxopus.com",nocase; classtype:attempted-recon; sid:200003621; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tb915hdh89.mfs.gg",nocase; classtype:attempted-recon; sid:200003622; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tby.eb-sites.com",nocase; classtype:attempted-recon; sid:200003623; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tcaconnect.ac-page.com",nocase; classtype:attempted-recon; sid:200003624; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"teamgameswild.com",nocase; classtype:attempted-recon; sid:200003625; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"teamgoogle125590.psee.ly",nocase; classtype:attempted-recon; sid:200003626; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"teamomni4life.com",nocase; classtype:attempted-recon; sid:200003627; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tebapit.com",nocase; classtype:attempted-recon; sid:200003628; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tecmachine.com.br",nocase; classtype:attempted-recon; sid:200003629; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tecnominproductos.com",nocase; classtype:attempted-recon; sid:200003630; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"teekitstorage.blob.core.windows.net",nocase; classtype:attempted-recon; sid:200003631; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tejalashikaindiagrocery.com",nocase; classtype:attempted-recon; sid:200003632; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"telecredutobcp.com",nocase; classtype:attempted-recon; sid:200003633; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"telegramsecurityhelp.ru",nocase; classtype:attempted-recon; sid:200003634; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tellmeliu.github.io",nocase; classtype:attempted-recon; sid:200003635; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"templat65sldh.myfreesites.net",nocase; classtype:attempted-recon; sid:200003636; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"temporary-url.com",nocase; classtype:attempted-recon; sid:200003637; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"terpelsicumple.com",nocase; classtype:attempted-recon; sid:200003638; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"terracontiles.com",nocase; classtype:attempted-recon; sid:200003639; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"test.bayoucitybadges.org",nocase; classtype:attempted-recon; sid:200003640; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"test.bitflye87.com",nocase; classtype:attempted-recon; sid:200003641; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"test.dxbproductions.com",nocase; classtype:attempted-recon; sid:200003642; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"test.webclient4.de",nocase; classtype:attempted-recon; sid:200003643; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"texasfreedomrun.com",nocase; classtype:attempted-recon; sid:200003644; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tgpafasfsakkk.pages.dev",nocase; classtype:attempted-recon; sid:200003645; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"theaceofspaeder.com",nocase; classtype:attempted-recon; sid:200003646; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"theaudazity.com",nocase; classtype:attempted-recon; sid:200003647; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"theavon.co.zw",nocase; classtype:attempted-recon; sid:200003648; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thebeachleague.com",nocase; classtype:attempted-recon; sid:200003649; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thechillipicklecanteen.com",nocase; classtype:attempted-recon; sid:200003650; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thedecorindia.com",nocase; classtype:attempted-recon; sid:200003651; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thedom.kg",nocase; classtype:attempted-recon; sid:200003652; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"theironinnparlour.co.uk",nocase; classtype:attempted-recon; sid:200003653; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"theneontree.in",nocase; classtype:attempted-recon; sid:200003654; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thepointcj.com.br",nocase; classtype:attempted-recon; sid:200003655; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thespiritualtransformation.com",nocase; classtype:attempted-recon; sid:200003656; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thetimecenter.com",nocase; classtype:attempted-recon; sid:200003657; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thomasdentalcentre.com",nocase; classtype:attempted-recon; sid:200003658; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"three-retail-live.devicetradein.co.uk",nocase; classtype:attempted-recon; sid:200003659; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tianyuiyu.uihaish.xyz",nocase; classtype:attempted-recon; sid:200003660; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tieganford.ca",nocase; classtype:attempted-recon; sid:200003661; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tighi.creatorlink.net",nocase; classtype:attempted-recon; sid:200003662; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tight-samiuboc.co",nocase; classtype:attempted-recon; sid:200003663; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tikitaps.com",nocase; classtype:attempted-recon; sid:200003664; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinhtrangdon.com",nocase; classtype:attempted-recon; sid:200003665; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.mobi",nocase; classtype:attempted-recon; sid:200003666; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tipografieonline.ro",nocase; classtype:attempted-recon; sid:200003667; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tirozhjewelry.com",nocase; classtype:attempted-recon; sid:200003668; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"titelinedrillingintl.yolasite.com",nocase; classtype:attempted-recon; sid:200003669; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tktrailerparts.com",nocase; classtype:attempted-recon; sid:200003670; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tlatx.com",nocase; classtype:attempted-recon; sid:200003671; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tlcbcp.com-segurospe.buzz",nocase; classtype:attempted-recon; sid:200003672; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"to-ken.biz",nocase; classtype:attempted-recon; sid:200003673; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"toanhoc247.edu.vn",nocase; classtype:attempted-recon; sid:200003674; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"toddler-town.com",nocase; classtype:attempted-recon; sid:200003675; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tongdaiviettelbienhoa.com",nocase; classtype:attempted-recon; sid:200003676; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tooljerejin.airsite.co",nocase; classtype:attempted-recon; sid:200003677; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"top10cheapairlinesreview.xyz",nocase; classtype:attempted-recon; sid:200003678; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"top10songsnews.com",nocase; classtype:attempted-recon; sid:200003679; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"topearnersafrica.com",nocase; classtype:attempted-recon; sid:200003680; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"topskills.ru",nocase; classtype:attempted-recon; sid:200003681; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"torccolborrachas.blogspot.com",nocase; classtype:attempted-recon; sid:200003682; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"torrinwine.com",nocase; classtype:attempted-recon; sid:200003683; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"touchidea.top",nocase; classtype:attempted-recon; sid:200003684; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"touronline2022.com",nocase; classtype:attempted-recon; sid:200003685; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tovowhuqeojweawmubmaqmqlv.hofferflow.icu",nocase; classtype:attempted-recon; sid:200003686; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tpayleboncoin.com",nocase; classtype:attempted-recon; sid:200003687; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"traders-joesxyz.com",nocase; classtype:attempted-recon; sid:200003688; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tradeswarehouse.com",nocase; classtype:attempted-recon; sid:200003689; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"trams.mot.go.th",nocase; classtype:attempted-recon; sid:200003690; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"transfertconfirmer-payalfrance.com",nocase; classtype:attempted-recon; sid:200003691; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"triangarena-membership.ga",nocase; classtype:attempted-recon; sid:200003692; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tribratanewsbondowoso.com",nocase; classtype:attempted-recon; sid:200003693; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tribunbalikpapan.com",nocase; classtype:attempted-recon; sid:200003694; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"truegrip.com",nocase; classtype:attempted-recon; sid:200003695; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"trust-wallet.com.cn",nocase; classtype:attempted-recon; sid:200003696; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"trustinpichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200003697; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"trustpress.gr",nocase; classtype:attempted-recon; sid:200003698; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"trustypichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200003699; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ts3cacd.jhfshm.com",nocase; classtype:attempted-recon; sid:200003700; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ts3cacd.rzjxbv.com",nocase; classtype:attempted-recon; sid:200003701; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"turntekcnc.com",nocase; classtype:attempted-recon; sid:200003702; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"twoje-zdjecia-622.herokuapp.com",nocase; classtype:attempted-recon; sid:200003703; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tx.vc",nocase; classtype:attempted-recon; sid:200003704; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"txwnmdsbqghviqxpglgzjrgbzv-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200003705; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"typedream.site",nocase; classtype:attempted-recon; sid:200003706; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"typesmartlyocr.com",nocase; classtype:attempted-recon; sid:200003707; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tyrecentre.ru",nocase; classtype:attempted-recon; sid:200003708; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"u08qv44zu5h.typeform.com",nocase; classtype:attempted-recon; sid:200003709; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"u1571226.cp.regruhosting.ru",nocase; classtype:attempted-recon; sid:200003710; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"u1571630.cp.regruhosting.ru",nocase; classtype:attempted-recon; sid:200003711; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"u1571652.cp.regruhosting.ru",nocase; classtype:attempted-recon; sid:200003712; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"u18741649.ct.sendgrid.net",nocase; classtype:attempted-recon; sid:200003713; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"u827857uw6.ha004.t.justns.ru",nocase; classtype:attempted-recon; sid:200003714; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uabaiieo.com",nocase; classtype:attempted-recon; sid:200003715; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ualsemantic.dualsemantics.net",nocase; classtype:attempted-recon; sid:200003716; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ug7jv.sbs",nocase; classtype:attempted-recon; sid:200003717; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uglcsonfonia.org",nocase; classtype:attempted-recon; sid:200003718; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhasd.au6bu8m.cn",nocase; classtype:attempted-recon; sid:200003719; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhdss.xkrx0o.cn",nocase; classtype:attempted-recon; sid:200003720; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhfddsa.t0xpo42.cn",nocase; classtype:attempted-recon; sid:200003721; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhhd.rox847t.cn",nocase; classtype:attempted-recon; sid:200003722; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhhff.cnza7b8.cn",nocase; classtype:attempted-recon; sid:200003723; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhna.5m4zhvd.cn",nocase; classtype:attempted-recon; sid:200003724; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhnas.ib8b40d.cn",nocase; classtype:attempted-recon; sid:200003725; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhnca.yrk1du9.cn",nocase; classtype:attempted-recon; sid:200003726; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhncd.n26k1al.cn",nocase; classtype:attempted-recon; sid:200003727; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhncda.xmilwwp.cn",nocase; classtype:attempted-recon; sid:200003728; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhndd.9943s82.cn",nocase; classtype:attempted-recon; sid:200003729; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhns.mxyzy7i.cn",nocase; classtype:attempted-recon; sid:200003730; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhnsa.sdmpo0s.cn",nocase; classtype:attempted-recon; sid:200003731; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhnxa.d23xsru.cn",nocase; classtype:attempted-recon; sid:200003732; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhnxa.q83itv9.cn",nocase; classtype:attempted-recon; sid:200003733; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhnxas.rvw56l.cn",nocase; classtype:attempted-recon; sid:200003734; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uiuui.pagedemo.co",nocase; classtype:attempted-recon; sid:200003735; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujcd.um2nlru.cn",nocase; classtype:attempted-recon; sid:200003736; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujdaa.fn3m4en.cn",nocase; classtype:attempted-recon; sid:200003737; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujds.5e8tn13.cn",nocase; classtype:attempted-recon; sid:200003738; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhca.oioqmsh.cn",nocase; classtype:attempted-recon; sid:200003739; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhca.xsevdat.cn",nocase; classtype:attempted-recon; sid:200003740; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhcd.8burgvo.cn",nocase; classtype:attempted-recon; sid:200003741; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhd.21k0qik.cn",nocase; classtype:attempted-recon; sid:200003742; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhd.c0c4m46.cn",nocase; classtype:attempted-recon; sid:200003743; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhd.j419kr0.cn",nocase; classtype:attempted-recon; sid:200003744; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhd.kdsiuuc.cn",nocase; classtype:attempted-recon; sid:200003745; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhd.zkshmxt.cn",nocase; classtype:attempted-recon; sid:200003746; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhdca.mdwclcb.cn",nocase; classtype:attempted-recon; sid:200003747; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhdd.cotf8p5.cn",nocase; classtype:attempted-recon; sid:200003748; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhf.m45h2q0.cn",nocase; classtype:attempted-recon; sid:200003749; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhff.nkxefqp.cn",nocase; classtype:attempted-recon; sid:200003750; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhs.o2klowf.cn",nocase; classtype:attempted-recon; sid:200003751; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujnca.wxuqxb7.cn",nocase; classtype:attempted-recon; sid:200003752; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujnca.zgbo0g.cn",nocase; classtype:attempted-recon; sid:200003753; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujncd.kzi68ra.cn",nocase; classtype:attempted-recon; sid:200003754; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujncd.lw2djbm.cn",nocase; classtype:attempted-recon; sid:200003755; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ukcare.in",nocase; classtype:attempted-recon; sid:200003756; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"umbrellaclubla.com",nocase; classtype:attempted-recon; sid:200003757; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unam.myfreesites.net",nocase; classtype:attempted-recon; sid:200003758; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unbxa.byjmcpy.cn",nocase; classtype:attempted-recon; sid:200003759; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"undefinedtrack.xyz",nocase; classtype:attempted-recon; sid:200003760; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unga.c76sioq.cn",nocase; classtype:attempted-recon; sid:200003761; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniassessoria.com.br",nocase; classtype:attempted-recon; sid:200003762; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unicreditaustria.ucs.info",nocase; classtype:attempted-recon; sid:200003763; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unifacema.edu.br",nocase; classtype:attempted-recon; sid:200003764; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unifacvest.net",nocase; classtype:attempted-recon; sid:200003765; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unillantas.com.sv",nocase; classtype:attempted-recon; sid:200003766; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unionheightsresidental.com",nocase; classtype:attempted-recon; sid:200003767; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unipo-a.web.app",nocase; classtype:attempted-recon; sid:200003768; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unisons.store",nocase; classtype:attempted-recon; sid:200003769; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unisonsouthayr.org.uk",nocase; classtype:attempted-recon; sid:200003770; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniswap.ch",nocase; classtype:attempted-recon; sid:200003771; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniswap.financial",nocase; classtype:attempted-recon; sid:200003772; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniswap.openwallet.dev",nocase; classtype:attempted-recon; sid:200003773; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniswap.pages.dev",nocase; classtype:attempted-recon; sid:200003774; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniswap.seal.finance",nocase; classtype:attempted-recon; sid:200003775; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniswap.token.im",nocase; classtype:attempted-recon; sid:200003776; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniswap.trading",nocase; classtype:attempted-recon; sid:200003777; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniswap.vn",nocase; classtype:attempted-recon; sid:200003778; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniswapfinancing.info",nocase; classtype:attempted-recon; sid:200003779; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniswaps.net",nocase; classtype:attempted-recon; sid:200003780; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unitedalliance-online.000webhostapp.com",nocase; classtype:attempted-recon; sid:200003781; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unitus.mk.ua",nocase; classtype:attempted-recon; sid:200003782; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"universidadsanjuan.ac",nocase; classtype:attempted-recon; sid:200003783; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unnca.bbh672u.cn",nocase; classtype:attempted-recon; sid:200003784; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unnxa.pqpchqo.cn",nocase; classtype:attempted-recon; sid:200003785; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unpocodearte.cl",nocase; classtype:attempted-recon; sid:200003786; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unregpayee-lb.com",nocase; classtype:attempted-recon; sid:200003787; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unsub.listhandlr.com",nocase; classtype:attempted-recon; sid:200003788; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"upbeat-dhawan.179-43-173-14.plesk.page",nocase; classtype:attempted-recon; sid:200003789; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"updateinfo-billingo2.com",nocase; classtype:attempted-recon; sid:200003790; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"updateseason.com",nocase; classtype:attempted-recon; sid:200003791; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"updatestory2022.co.vu",nocase; classtype:attempted-recon; sid:200003792; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"updatevoda-billing.com",nocase; classtype:attempted-recon; sid:200003793; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"upgrade-25gb-email.thecornerstudio.com.au",nocase; classtype:attempted-recon; sid:200003794; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"upgradedserver.online",nocase; classtype:attempted-recon; sid:200003795; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"upgradingattonlinee.weebly.com",nocase; classtype:attempted-recon; sid:200003796; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uploadpichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200003797; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uploads.codesandbox.io",nocase; classtype:attempted-recon; sid:200003798; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"upnew.site",nocase; classtype:attempted-recon; sid:200003799; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uppledpichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200003800; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"urbenorte.com",nocase; classtype:attempted-recon; sid:200003801; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"urgent-halifaxlogin.com",nocase; classtype:attempted-recon; sid:200003802; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"userboitevocalweb.flazio.com",nocase; classtype:attempted-recon; sid:200003803; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"userinformationstoreupdatesmail.pages.dev",nocase; classtype:attempted-recon; sid:200003804; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"usfn.net",nocase; classtype:attempted-recon; sid:200003805; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uspsconfirm.iconoomikert.com",nocase; classtype:attempted-recon; sid:200003806; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uspsexpressdeliveryline.com",nocase; classtype:attempted-recon; sid:200003807; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uswowgame.net",nocase; classtype:attempted-recon; sid:200003808; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uueer.7jgy5xe.cn",nocase; classtype:attempted-recon; sid:200003809; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uuid-validation.run-us-west2.goorm.io",nocase; classtype:attempted-recon; sid:200003810; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uukx0h0.cn",nocase; classtype:attempted-recon; sid:200003811; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uyhnxx.urpzkva.cn",nocase; classtype:attempted-recon; sid:200003812; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uyqw.dykowec.cn",nocase; classtype:attempted-recon; sid:200003813; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uz154.sbs",nocase; classtype:attempted-recon; sid:200003814; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"v.macecri.com",nocase; classtype:attempted-recon; sid:200003815; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"v3r1f1c4t10ns-c3nt3rp4g3.000webhostapp.com",nocase; classtype:attempted-recon; sid:200003816; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vaccine-status-info.com",nocase; classtype:attempted-recon; sid:200003817; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vakif.albay-arnold.com",nocase; classtype:attempted-recon; sid:200003818; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"valax-wallet.com",nocase; classtype:attempted-recon; sid:200003819; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"valenciaoptometry.com",nocase; classtype:attempted-recon; sid:200003820; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"valenteplay.com.br",nocase; classtype:attempted-recon; sid:200003821; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"validacionpichincha.odoo.com",nocase; classtype:attempted-recon; sid:200003822; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"validate-solana.com",nocase; classtype:attempted-recon; sid:200003823; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"validator-fzkiy.run-us-west2.goorm.io",nocase; classtype:attempted-recon; sid:200003824; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vallion.motiffliterature.me",nocase; classtype:attempted-recon; sid:200003825; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vcz.gmoqkzu.cn",nocase; classtype:attempted-recon; sid:200003826; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"velvish.com",nocase; classtype:attempted-recon; sid:200003827; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ventas.lnterbarnk.pe.jifad.org",nocase; classtype:attempted-recon; sid:200003828; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verfybadgeappform.com",nocase; classtype:attempted-recon; sid:200003829; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"veri-pichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200003830; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verificaciondeprioridad.com",nocase; classtype:attempted-recon; sid:200003831; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verification-trustwallet.4bl-eg.com",nocase; classtype:attempted-recon; sid:200003832; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verification.fb-page.workers.dev",nocase; classtype:attempted-recon; sid:200003833; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verificationmessage.blob.core.windows.net",nocase; classtype:attempted-recon; sid:200003834; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verififacebookid.wixsite.com",nocase; classtype:attempted-recon; sid:200003835; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verifiikasi-accounts.weebly.com",nocase; classtype:attempted-recon; sid:200003836; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verifikasi-akun-anda0011.weeblysite.com",nocase; classtype:attempted-recon; sid:200003837; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verifikasi-akun-facebook0022.weeblysite.com",nocase; classtype:attempted-recon; sid:200003838; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verifikasi-identitas47.weebly.com",nocase; classtype:attempted-recon; sid:200003839; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verifocaoffa.webcindario.com",nocase; classtype:attempted-recon; sid:200003840; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vgiuhkjnm.b9u6vh5l7g1797.workers.dev",nocase; classtype:attempted-recon; sid:200003841; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"victorarath99.github.io",nocase; classtype:attempted-recon; sid:200003842; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"videobigo.com",nocase; classtype:attempted-recon; sid:200003843; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vietlime.vn",nocase; classtype:attempted-recon; sid:200003844; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vietschi.de",nocase; classtype:attempted-recon; sid:200003845; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"viettel-com-dot-c2c01-531c7.uc.r.appspot.com",nocase; classtype:attempted-recon; sid:200003846; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vigortech.com.np",nocase; classtype:attempted-recon; sid:200003847; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"viguohilkasdsd.izwe6g6lyc.workers.dev",nocase; classtype:attempted-recon; sid:200003848; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vilaanimalviana.pt",nocase; classtype:attempted-recon; sid:200003849; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vinbpcfatfnkjftetwwkucfqsi-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200003850; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vinivet.mk",nocase; classtype:attempted-recon; sid:200003851; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vipfbtools.com",nocase; classtype:attempted-recon; sid:200003852; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vipprofessional.net",nocase; classtype:attempted-recon; sid:200003853; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"viral-groub.duckdns.org",nocase; classtype:attempted-recon; sid:200003854; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"virginia-spi.com",nocase; classtype:attempted-recon; sid:200003855; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"virtual1dattss.com",nocase; classtype:attempted-recon; sid:200003856; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vis-stort.github.io",nocase; classtype:attempted-recon; sid:200003857; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"visa-band.com",nocase; classtype:attempted-recon; sid:200003858; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vishaljangale01.github.io",nocase; classtype:attempted-recon; sid:200003859; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"visione.co.id",nocase; classtype:attempted-recon; sid:200003860; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"visionproperty.in",nocase; classtype:attempted-recon; sid:200003861; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk-posters.ru",nocase; classtype:attempted-recon; sid:200003862; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk-vhods.co",nocase; classtype:attempted-recon; sid:200003863; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vkjbm.4nt4nb464e6113.workers.dev",nocase; classtype:attempted-recon; sid:200003864; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vodaupdatepayment.com",nocase; classtype:attempted-recon; sid:200003865; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"volvocarskc.us1.list-manage.com",nocase; classtype:attempted-recon; sid:200003866; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vps56290.servconfig.com",nocase; classtype:attempted-recon; sid:200003867; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vqed.5xcv81zrx0530.workers.dev",nocase; classtype:attempted-recon; sid:200003868; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vqwd.soboja1994.workers.dev",nocase; classtype:attempted-recon; sid:200003869; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vr-banking-app.de",nocase; classtype:attempted-recon; sid:200003870; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vr-neu.com",nocase; classtype:attempted-recon; sid:200003871; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vr-system89394.com",nocase; classtype:attempted-recon; sid:200003872; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vr-system98622.com",nocase; classtype:attempted-recon; sid:200003873; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vtekllc.com",nocase; classtype:attempted-recon; sid:200003874; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vtxmail2018.myfreesites.net",nocase; classtype:attempted-recon; sid:200003875; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vugik.mecil33784.workers.dev",nocase; classtype:attempted-recon; sid:200003876; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vv.macecri.com",nocase; classtype:attempted-recon; sid:200003877; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vvjde0h0ttttf9hay.com",nocase; classtype:attempted-recon; sid:200003878; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vvpaes-me-index.egvtpp.cn",nocase; classtype:attempted-recon; sid:200003879; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vxdse.myfreesites.net",nocase; classtype:attempted-recon; sid:200003880; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"w2.deraya.org",nocase; classtype:attempted-recon; sid:200003881; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"w5aproject.s3.us-east.cloud-object-storage.appdomain.cloud",nocase; classtype:attempted-recon; sid:200003882; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"w5czf.csb.app",nocase; classtype:attempted-recon; sid:200003883; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wahed-koudsi2001.github.io",nocase; classtype:attempted-recon; sid:200003884; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walkers-dot-composite-store-326315.uk.r.appspot.com",nocase; classtype:attempted-recon; sid:200003885; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallcertifyonmesh.com",nocase; classtype:attempted-recon; sid:200003886; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walldesign.com.tr",nocase; classtype:attempted-recon; sid:200003887; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallet-connect012.web.app",nocase; classtype:attempted-recon; sid:200003888; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallet-reconnection.xyz",nocase; classtype:attempted-recon; sid:200003889; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallet.silesiacoin.com",nocase; classtype:attempted-recon; sid:200003890; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallet22.000webhostapp.com",nocase; classtype:attempted-recon; sid:200003891; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletconnectonline.pages.dev",nocase; classtype:attempted-recon; sid:200003892; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletconnectors.com",nocase; classtype:attempted-recon; sid:200003893; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walleterrorsupport.com",nocase; classtype:attempted-recon; sid:200003894; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletsconnex.com",nocase; classtype:attempted-recon; sid:200003895; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletsliveconnects.net",nocase; classtype:attempted-recon; sid:200003896; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletsreauth.org",nocase; classtype:attempted-recon; sid:200003897; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletsvalidator.org",nocase; classtype:attempted-recon; sid:200003898; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletsynclive.com",nocase; classtype:attempted-recon; sid:200003899; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletvalidation.me",nocase; classtype:attempted-recon; sid:200003900; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletvalidators.com",nocase; classtype:attempted-recon; sid:200003901; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallletsconnectts.com",nocase; classtype:attempted-recon; sid:200003902; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallsynchvalidatevd.com",nocase; classtype:attempted-recon; sid:200003903; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wana78420.myfreesites.net",nocase; classtype:attempted-recon; sid:200003904; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wap.bitffybtcer.club",nocase; classtype:attempted-recon; sid:200003905; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wap.bitffybtcer.xyz",nocase; classtype:attempted-recon; sid:200003906; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wap.bitflyer.plus",nocase; classtype:attempted-recon; sid:200003907; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wap.bitflyer.venus.kim",nocase; classtype:attempted-recon; sid:200003908; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wap.btcffybtcer.com",nocase; classtype:attempted-recon; sid:200003909; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"warbonus.ru",nocase; classtype:attempted-recon; sid:200003910; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"warningshadows.org",nocase; classtype:attempted-recon; sid:200003911; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"warsa.bandungkab.go.id",nocase; classtype:attempted-recon; sid:200003912; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wasites.000webhostapp.com",nocase; classtype:attempted-recon; sid:200003913; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"we-exodus-wallet.yahoosites.com",nocase; classtype:attempted-recon; sid:200003914; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-armas.royale-freefire1garena-bonus.com",nocase; classtype:attempted-recon; sid:200003915; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-b4119.web.app",nocase; classtype:attempted-recon; sid:200003916; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-e1f6d.web.app",nocase; classtype:attempted-recon; sid:200003917; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-exoduss.com",nocase; classtype:attempted-recon; sid:200003918; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-f6612.web.app",nocase; classtype:attempted-recon; sid:200003919; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-ml01.web.app",nocase; classtype:attempted-recon; sid:200003920; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-my-app.com",nocase; classtype:attempted-recon; sid:200003921; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-online-cancel.com",nocase; classtype:attempted-recon; sid:200003922; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-verifi01.webcindario.com",nocase; classtype:attempted-recon; sid:200003923; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-verifi02.webcindario.com",nocase; classtype:attempted-recon; sid:200003924; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-verifi03.webcindario.com",nocase; classtype:attempted-recon; sid:200003925; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-verifi04.webcindario.com",nocase; classtype:attempted-recon; sid:200003926; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-verifi05.webcindario.com",nocase; classtype:attempted-recon; sid:200003927; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-verifi06.webcindario.com",nocase; classtype:attempted-recon; sid:200003928; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web.bredbanque.trans.sylog.co",nocase; classtype:attempted-recon; sid:200003929; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web.royale-freefire1garena-bonus.com",nocase; classtype:attempted-recon; sid:200003930; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web7320.web07.bero-webspace.de",nocase; classtype:attempted-recon; sid:200003931; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webbbb.yolasite.com",nocase; classtype:attempted-recon; sid:200003932; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webbl.yolasite.com",nocase; classtype:attempted-recon; sid:200003933; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webdatamltrainingdiag842.blob.core.windows.net",nocase; classtype:attempted-recon; sid:200003934; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webdesecure.clickfunnels.com",nocase; classtype:attempted-recon; sid:200003935; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webip.yolasite.com",nocase; classtype:attempted-recon; sid:200003936; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webmail-2aaa0.web.app",nocase; classtype:attempted-recon; sid:200003937; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webmail-sso8uyg.web.app",nocase; classtype:attempted-recon; sid:200003938; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webmail.gourmer.co.in",nocase; classtype:attempted-recon; sid:200003939; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webmail.login.access.docs67.live",nocase; classtype:attempted-recon; sid:200003940; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webmailadmin0.myfreesites.net",nocase; classtype:attempted-recon; sid:200003941; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webmailstoragesrvr4567-supportdev.codeanyapp.com",nocase; classtype:attempted-recon; sid:200003942; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webpres.000webhostapp.com",nocase; classtype:attempted-recon; sid:200003943; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webregular.xyz",nocase; classtype:attempted-recon; sid:200003944; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webservice-verify.duckdns.org",nocase; classtype:attempted-recon; sid:200003945; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"websitefun.club",nocase; classtype:attempted-recon; sid:200003946; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"websiteorange.wixsite.com",nocase; classtype:attempted-recon; sid:200003947; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webstories.eu",nocase; classtype:attempted-recon; sid:200003948; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webvalidity.com",nocase; classtype:attempted-recon; sid:200003949; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"well-42d74.web.app",nocase; classtype:attempted-recon; sid:200003950; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wellsfargo-online06.herokuapp.com",nocase; classtype:attempted-recon; sid:200003951; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"weryfikacja-facebookowa-27.herokuapp.com",nocase; classtype:attempted-recon; sid:200003952; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"weryfikacja-facebookowa-28.herokuapp.com",nocase; classtype:attempted-recon; sid:200003953; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"weteachbh.com",nocase; classtype:attempted-recon; sid:200003954; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"whare.100webspace.net",nocase; classtype:attempted-recon; sid:200003955; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wheelsofmercy.org",nocase; classtype:attempted-recon; sid:200003956; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"whitelist-network.com",nocase; classtype:attempted-recon; sid:200003957; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"widadkamillah.github.io",nocase; classtype:attempted-recon; sid:200003958; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wiki.oceanreeflifegame.com",nocase; classtype:attempted-recon; sid:200003959; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wildcard.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200003960; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"windstream-net.firebaseapp.com",nocase; classtype:attempted-recon; sid:200003961; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"winville.biz",nocase; classtype:attempted-recon; sid:200003962; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wireconfirmation68c10a25442a3e13.blogspot.com",nocase; classtype:attempted-recon; sid:200003963; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wires-business-starter.webflow.io",nocase; classtype:attempted-recon; sid:200003964; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wirtschaft.baesweiler.de",nocase; classtype:attempted-recon; sid:200003965; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wizmi.service-now.com",nocase; classtype:attempted-recon; sid:200003966; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wkazisan.github.io",nocase; classtype:attempted-recon; sid:200003967; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"womancreatorofman.com",nocase; classtype:attempted-recon; sid:200003968; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"woofle.ru",nocase; classtype:attempted-recon; sid:200003969; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"workforcerelief.com",nocase; classtype:attempted-recon; sid:200003970; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"workprotocoles-com.webs.com",nocase; classtype:attempted-recon; sid:200003971; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wp-login.azurewebsites.net",nocase; classtype:attempted-recon; sid:200003972; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wpsoar.com",nocase; classtype:attempted-recon; sid:200003973; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wqass-index.chobqu.cn",nocase; classtype:attempted-recon; sid:200003974; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wqass-index.dccigq.cn",nocase; classtype:attempted-recon; sid:200003975; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wqass-index.gbswz.cn",nocase; classtype:attempted-recon; sid:200003976; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wqass-index.jeewiki.cn",nocase; classtype:attempted-recon; sid:200003977; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wqass-index.pygbw.cn",nocase; classtype:attempted-recon; sid:200003978; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wrww-roblox.com",nocase; classtype:attempted-recon; sid:200003979; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wteeoq.pfinanceiro.com.de",nocase; classtype:attempted-recon; sid:200003980; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ww.lnterbank.pe.personas.onlinesocket.in",nocase; classtype:attempted-recon; sid:200003981; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ww16.inpost-pl-3dsecure.clear-id.xyz",nocase; classtype:attempted-recon; sid:200003982; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www-cursosdigitalesmx-com.filesusr.com",nocase; classtype:attempted-recon; sid:200003983; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www-degelyehuda-org-il.filesusr.com",nocase; classtype:attempted-recon; sid:200003984; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www-europe564598-com.filesusr.com",nocase; classtype:attempted-recon; sid:200003985; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www-europessign-com.filesusr.com",nocase; classtype:attempted-recon; sid:200003986; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www-key-com.test.edgekey.net",nocase; classtype:attempted-recon; sid:200003987; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www-mufg-jp.handicraft.ltd",nocase; classtype:attempted-recon; sid:200003988; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www-mufg-jp.kaiqi.ink",nocase; classtype:attempted-recon; sid:200003989; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www-wattsapcom.duckdns.org",nocase; classtype:attempted-recon; sid:200003990; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www2.rakutan.co.jploginffd9dfg7.carwork.cn",nocase; classtype:attempted-recon; sid:200003991; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www2.rakutan.co.jploginffd9dfg7h.iotbaas.cn",nocase; classtype:attempted-recon; sid:200003992; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www2.rakutan.co.jploginvcx8ds.nanoart.cn",nocase; classtype:attempted-recon; sid:200003993; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www2.rakuten-card.co.jp.wzsrc.cn",nocase; classtype:attempted-recon; sid:200003994; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www2.rakutenn.co.jp.nanopark.cn",nocase; classtype:attempted-recon; sid:200003995; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www2.rakutenn.co.jp.zgyo.cn",nocase; classtype:attempted-recon; sid:200003996; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www3.lejournaldugrandparis.fr",nocase; classtype:attempted-recon; sid:200003997; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www3.plenainclusion.org",nocase; classtype:attempted-recon; sid:200003998; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wxsohu.com",nocase; classtype:attempted-recon; sid:200003999; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"x.macecri.com",nocase; classtype:attempted-recon; sid:200004000; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"x.scicemecod.com",nocase; classtype:attempted-recon; sid:200004001; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xcas.xoh29oz.cn",nocase; classtype:attempted-recon; sid:200004002; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xcasd.7vo6bt.cn",nocase; classtype:attempted-recon; sid:200004003; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xcasd.b204uje.cn",nocase; classtype:attempted-recon; sid:200004004; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xcasd.yikn2gd.cn",nocase; classtype:attempted-recon; sid:200004005; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xcryptocars.blogspot.com",nocase; classtype:attempted-recon; sid:200004006; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xcvdsd.page.link",nocase; classtype:attempted-recon; sid:200004007; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xhgs.epgegxj.cn",nocase; classtype:attempted-recon; sid:200004008; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xiajs.0dow0l.cn",nocase; classtype:attempted-recon; sid:200004009; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xid-human-validation.run-us-west2.goorm.io",nocase; classtype:attempted-recon; sid:200004010; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xj333.mjt.lu",nocase; classtype:attempted-recon; sid:200004011; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xj33s.mjt.lu",nocase; classtype:attempted-recon; sid:200004012; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xj33w.mjt.lu",nocase; classtype:attempted-recon; sid:200004013; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xj3pr.mjt.lu",nocase; classtype:attempted-recon; sid:200004014; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xj45g.mjt.lu",nocase; classtype:attempted-recon; sid:200004015; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xj45o.mjt.lu",nocase; classtype:attempted-recon; sid:200004016; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xj4og.mjt.lu",nocase; classtype:attempted-recon; sid:200004017; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xjm7s.mjt.lu",nocase; classtype:attempted-recon; sid:200004018; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xjmr7.mjt.lu",nocase; classtype:attempted-recon; sid:200004019; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xjpyyds.pem4yp3.cn",nocase; classtype:attempted-recon; sid:200004020; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xkljfg.ml",nocase; classtype:attempted-recon; sid:200004021; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xn--gmal-sya.com",nocase; classtype:attempted-recon; sid:200004022; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xn--instagam-sf0d.com",nocase; classtype:attempted-recon; sid:200004023; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xn--ltappen-80a.se",nocase; classtype:attempted-recon; sid:200004024; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xn--metamsk-lwa.link",nocase; classtype:attempted-recon; sid:200004025; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xn--rpondeur-sfr2-bhb.yolasite.com",nocase; classtype:attempted-recon; sid:200004026; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xqr3i.mjt.lu",nocase; classtype:attempted-recon; sid:200004027; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xqr3n.mjt.lu",nocase; classtype:attempted-recon; sid:200004028; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xqr3u.mjt.lu",nocase; classtype:attempted-recon; sid:200004029; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xrx6r.mjt.lu",nocase; classtype:attempted-recon; sid:200004030; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xrxh1.mjt.lu",nocase; classtype:attempted-recon; sid:200004031; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xrxh2.mjt.lu",nocase; classtype:attempted-recon; sid:200004032; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xrxhl.mjt.lu",nocase; classtype:attempted-recon; sid:200004033; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xsbrookshhjx.top",nocase; classtype:attempted-recon; sid:200004034; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xtio.ch",nocase; classtype:attempted-recon; sid:200004035; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xtw42.mjt.lu",nocase; classtype:attempted-recon; sid:200004036; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xx.macecri.com",nocase; classtype:attempted-recon; sid:200004037; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xxaas.tp00jv9.cn",nocase; classtype:attempted-recon; sid:200004038; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xxasd.sf29hrg.cn",nocase; classtype:attempted-recon; sid:200004039; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xxx-com-dot-c2c01-531c7.uc.r.appspot.com",nocase; classtype:attempted-recon; sid:200004040; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xyproject.xtensio.com",nocase; classtype:attempted-recon; sid:200004041; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xzasd.uz64g3.cn",nocase; classtype:attempted-recon; sid:200004042; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@bghgcd.psuxscm.cn",nocase; classtype:attempted-recon; sid:200004043; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@bhgxa.eo76sni.cn",nocase; classtype:attempted-recon; sid:200004044; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@cdas.nxzigco.cn",nocase; classtype:attempted-recon; sid:200004045; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@cxasd.easghbl.cn",nocase; classtype:attempted-recon; sid:200004046; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@hghgda.erjl0hx.cn",nocase; classtype:attempted-recon; sid:200004047; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@inna.cedymll.cn",nocase; classtype:attempted-recon; sid:200004048; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@jhdd.fjcslad.cn",nocase; classtype:attempted-recon; sid:200004049; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@kjhdda.tetfeec.cn",nocase; classtype:attempted-recon; sid:200004050; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@lkjds.nlmwjta.cn",nocase; classtype:attempted-recon; sid:200004051; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@nhbcda.g4g5mgc.cn",nocase; classtype:attempted-recon; sid:200004052; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@poklsa.slodddz.cn",nocase; classtype:attempted-recon; sid:200004053; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@qweas.p6rhddj.cn",nocase; classtype:attempted-recon; sid:200004054; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@ssdaz.sqqaepr.cn",nocase; classtype:attempted-recon; sid:200004055; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@uhncda.xmilwwp.cn",nocase; classtype:attempted-recon; sid:200004056; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@uhnxa.q83itv9.cn",nocase; classtype:attempted-recon; sid:200004057; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@ujdaa.fn3m4en.cn",nocase; classtype:attempted-recon; sid:200004058; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@ujds.5e8tn13.cn",nocase; classtype:attempted-recon; sid:200004059; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@ujhdca.mdwclcb.cn",nocase; classtype:attempted-recon; sid:200004060; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@uyhnxx.urpzkva.cn",nocase; classtype:attempted-recon; sid:200004061; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@zxas.2nd0g8.cn",nocase; classtype:attempted-recon; sid:200004062; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@zxass.jbkyj0o.cn",nocase; classtype:attempted-recon; sid:200004063; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoopoweredservice.duckdns.org",nocase; classtype:attempted-recon; sid:200004064; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahuomall.square.site",nocase; classtype:attempted-recon; sid:200004065; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yairix.github.io",nocase; classtype:attempted-recon; sid:200004066; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yalena.me",nocase; classtype:attempted-recon; sid:200004067; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yaqoobi.org",nocase; classtype:attempted-recon; sid:200004068; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yaranfayez.com",nocase; classtype:attempted-recon; sid:200004069; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yayanti.com",nocase; classtype:attempted-recon; sid:200004070; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ybdaa.oqsgm9r.cn",nocase; classtype:attempted-recon; sid:200004071; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ybggd.fjgjoux.cn",nocase; classtype:attempted-recon; sid:200004072; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yellow-surf-7b04.voiceovermade-today.workers.dev",nocase; classtype:attempted-recon; sid:200004073; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yerelyonetim.net",nocase; classtype:attempted-recon; sid:200004074; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ygbda.ffeufka.cn",nocase; classtype:attempted-recon; sid:200004075; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yhbca.pfs8ylv.cn",nocase; classtype:attempted-recon; sid:200004076; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yhbndd.ryyswjn.cn",nocase; classtype:attempted-recon; sid:200004077; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yhcd.gabprnx.cn",nocase; classtype:attempted-recon; sid:200004078; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yhddf.vtf23ic.cn",nocase; classtype:attempted-recon; sid:200004079; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yhdff.iw6fwu.cn",nocase; classtype:attempted-recon; sid:200004080; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yhnbd.5u3z9i2.cn",nocase; classtype:attempted-recon; sid:200004081; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yhncd.3ycuxr1.cn",nocase; classtype:attempted-recon; sid:200004082; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yiaswqjdtcyeqpvyqthijepeai-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200004083; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ykyevmqxaktnfgrtuufymkhnce-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200004084; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yma1ll0g0n.odoo.com",nocase; classtype:attempted-recon; sid:200004085; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ynbgdc.woprkzp.cn",nocase; classtype:attempted-recon; sid:200004086; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ynbxa.pvgulkz.cn",nocase; classtype:attempted-recon; sid:200004087; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yndda.m117s1s.cn",nocase; classtype:attempted-recon; sid:200004088; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yogeshwarwiremesh.com",nocase; classtype:attempted-recon; sid:200004089; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"youknowar.com",nocase; classtype:attempted-recon; sid:200004090; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"young-snow-7447.tcheviron5269.workers.dev",nocase; classtype:attempted-recon; sid:200004091; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"youreasygoing2022.co.vu",nocase; classtype:attempted-recon; sid:200004092; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yqlpeitost.duckdns.org",nocase; classtype:attempted-recon; sid:200004093; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yuhjjkss.web.app",nocase; classtype:attempted-recon; sid:200004094; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yumpai.cn",nocase; classtype:attempted-recon; sid:200004095; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"z.macecri.com",nocase; classtype:attempted-recon; sid:200004096; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"z.scicemecod.com",nocase; classtype:attempted-recon; sid:200004097; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"z0massegurabclp1.shreeramwoodindustries.com",nocase; classtype:attempted-recon; sid:200004098; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"z2qje.codesandbox.io",nocase; classtype:attempted-recon; sid:200004099; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"z3voicrxxvs.typeform.com",nocase; classtype:attempted-recon; sid:200004100; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zackselectronics.co.zw",nocase; classtype:attempted-recon; sid:200004101; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zaktualizacja-platnosci.netfxtv.co.pl",nocase; classtype:attempted-recon; sid:200004102; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zasd.yhxmd30.cn",nocase; classtype:attempted-recon; sid:200004103; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zb2-home.web.app",nocase; classtype:attempted-recon; sid:200004104; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zenvinyl.com",nocase; classtype:attempted-recon; sid:200004105; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zepe.io",nocase; classtype:attempted-recon; sid:200004106; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zeroquiz.com",nocase; classtype:attempted-recon; sid:200004107; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zgyyds.mm5p1ch.cn",nocase; classtype:attempted-recon; sid:200004108; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zgyyds.nebl4zw.cn",nocase; classtype:attempted-recon; sid:200004109; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zhrmghgyyds.h0tlexl.cn",nocase; classtype:attempted-recon; sid:200004110; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zjzj6688.yihang.ren",nocase; classtype:attempted-recon; sid:200004111; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zmpcoaca.cyou",nocase; classtype:attempted-recon; sid:200004112; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zmpcoacu.cyou",nocase; classtype:attempted-recon; sid:200004113; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zmpcoado.cyou",nocase; classtype:attempted-recon; sid:200004114; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zoho-online.web.app",nocase; classtype:attempted-recon; sid:200004115; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zoho-validationserv.web.app",nocase; classtype:attempted-recon; sid:200004116; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zonalnterbank.com",nocase; classtype:attempted-recon; sid:200004117; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zonmca.hxljatvw.cn",nocase; classtype:attempted-recon; sid:200004118; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zshrvvo.cn",nocase; classtype:attempted-recon; sid:200004119; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zuiunsya.com",nocase; classtype:attempted-recon; sid:200004120; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zxas.2nd0g8.cn",nocase; classtype:attempted-recon; sid:200004121; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zxas.hs0rgq8.cn",nocase; classtype:attempted-recon; sid:200004122; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zxass.jbkyj0o.cn",nocase; classtype:attempted-recon; sid:200004123; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zxcas.ywqfz8.cn",nocase; classtype:attempted-recon; sid:200004124; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zxcaspx.aghwlup.cn",nocase; classtype:attempted-recon; sid:200004125; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zxcnash.seufhsk.cn",nocase; classtype:attempted-recon; sid:200004126; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zxcod.01l241.cn",nocase; classtype:attempted-recon; sid:200004127; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zxcuashs.e0n0gh5.cn",nocase; classtype:attempted-recon; sid:200004128; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zxdlbny.cn",nocase; classtype:attempted-recon; sid:200004129; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zxnahs.3cze6ri.cn",nocase; classtype:attempted-recon; sid:200004130; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zz.macecri.com",nocase; classtype:attempted-recon; sid:200004131; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"0333fa5.netsolhost.com",nocase; http_uri; content:"/comcast/xfinity.php?d1193169ba22c33594765d16035661b1=&amp\;email=a@a.c&amp\;.rand=login.xfinity.com.aspx",nocase; classtype:attempted-recon; sid:200004132; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"045a3c0.wcomhost.com",nocase; http_uri; content:"/ameli-assurance/remboursement/login/",nocase; classtype:attempted-recon; sid:200004133; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"045a3c0.wcomhost.com",nocase; http_uri; content:"/ameli-assurance/remboursement/login/iframe-page2.html",nocase; classtype:attempted-recon; sid:200004134; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"048d7b4.wcomhost.com",nocase; http_uri; content:"/ameli-assurance/remboursement/login",nocase; classtype:attempted-recon; sid:200004135; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"048d7b4.wcomhost.com",nocase; http_uri; content:"/ameli-assurance/remboursement/login/",nocase; classtype:attempted-recon; sid:200004136; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"108ideashop.com",nocase; http_uri; content:"/ads/c/",nocase; classtype:attempted-recon; sid:200004137; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"28ecne20f9u.securetnet.com",nocase; http_uri; content:"/bbva/592cf4/425bdbd3-91cf-4e9f-9498-7a06b3ad75ec/?test=1",nocase; classtype:attempted-recon; sid:200004138; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"377080202567359722137708020256735972.blogspot.com",nocase; http_uri; content:"/?m=0%5c",nocase; classtype:attempted-recon; sid:200004139; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3c5.com",nocase; http_uri; content:"/tnrxs",nocase; classtype:attempted-recon; sid:200004140; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3rdstreetmarket.com",nocase; http_uri; content:"/wp-content/themes/3rdst/8-login-form/",nocase; classtype:attempted-recon; sid:200004141; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"8010361370310234068010361370310234.blogspot.com",nocase; http_uri; content:"/?m=0%5c",nocase; classtype:attempted-recon; sid:200004142; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a-q-f.com",nocase; http_uri; content:"/openpc/directlogin.do",nocase; classtype:attempted-recon; sid:200004143; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"accounts.google.com",nocase; http_uri; content:"/servicelogin?passive=1209600&continue=https://sites.google.com/view/viewbill-bt-1/bt&followup=https://sites.google.com/view/viewbill-bt-1/bt",nocase; classtype:attempted-recon; sid:200004144; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"accounts.google.com",nocase; http_uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/1lordman1man3/oscman2.html&followup=https://storage.cloud.google.com/1lordman1man3/oscman2.html",nocase; classtype:attempted-recon; sid:200004145; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"accounts.google.com",nocase; http_uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/appspotv450i7r8h9vf9y6yt8uiuft58f7uf5yye36u0jtyf78uuyfyy/index.html&followup=https://storage.cloud.google.com/appspotv450i7r8h9vf9y6yt8uiuft58f7uf5yye36u0jtyf78uuyfyy/index.html",nocase; classtype:attempted-recon; sid:200004146; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"accounts.google.com",nocase; http_uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/employt44to49cclrlolcrl94lnlxo.appspot.com/index.html&followup=https://storage.cloud.google.com/employt44to49cclrlolcrl94lnlxo.appspot.com/index.html",nocase; classtype:attempted-recon; sid:200004147; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"accounts.google.com",nocase; http_uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/maintainancecomponeta.appspot.com/mineindex.html&followup=https://storage.cloud.google.com/maintainancecomponeta.appspot.com/mineindex.html",nocase; classtype:attempted-recon; sid:200004148; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"accounts.google.com",nocase; http_uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/officpcpspbcncuser.appspot.com/index.htm&followup=https://storage.cloud.google.com/officpcpspbcncuser.appspot.com/index.htm",nocase; classtype:attempted-recon; sid:200004149; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"accounts.google.com",nocase; http_uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/poopnoomprops-oo987700ok/newrbindex.html&followup=https://storage.cloud.google.com/poopnoomprops-oo987700ok/newrbindex.html",nocase; classtype:attempted-recon; sid:200004150; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"activartransferenciainternacional.com",nocase; http_uri; content:"/?page_id=758",nocase; classtype:attempted-recon; sid:200004151; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"admin.fifoundry.net",nocase; http_uri; content:"/en/bellcocreditunion/",nocase; classtype:attempted-recon; sid:200004152; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aijcs.blogspot.com",nocase; http_uri; content:"/2005/03/colourful-life-of-aij.html",nocase; classtype:attempted-recon; sid:200004153; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alconexport.com",nocase; http_uri; content:"/ion",nocase; classtype:attempted-recon; sid:200004154; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alconexport.com",nocase; http_uri; content:"/ion/",nocase; classtype:attempted-recon; sid:200004155; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alfredtalkelogisticservices-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/venus_gardose_talke_com/_layouts/15/wopiframe.aspx?guestaccesstoken=8extkunxrkqozifs2sycqmk4ox0ntao7cizsavm5mjc=&amp\;docid=1_14abcf62971634e6b8387df30ef7d978b&amp\;wdformid={83a6cfc0-5689-4aa4-ab13-96952b8999ba}&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200004156; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alinachopra.com",nocase; http_uri; content:"/blog/wp-content/themes/10/",nocase; classtype:attempted-recon; sid:200004157; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ambrosecourt.com",nocase; http_uri; content:"/our/ourtime/ourtime.html",nocase; classtype:attempted-recon; sid:200004158; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ams3.digitaloceanspaces.com",nocase; http_uri; content:"/njk/25_40_24_5e_40_26_40_26_28_29_23_23_5e_23_24_26_5e_25_26_40_5e_28_23_26.html",nocase; classtype:attempted-recon; sid:200004159; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"anekaslot.com",nocase; http_uri; content:"/jps/webmail_reset.htm",nocase; classtype:attempted-recon; sid:200004160; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"api-freewallet.com",nocase; http_uri; content:"/app/",nocase; classtype:attempted-recon; sid:200004161; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"api.addthis.com",nocase; http_uri; content:"/oexchange/0.8/wrap/opengraph?url=ahr0chm6ly93zxetnmrlodiud2vilmfwcc8znzg1mje5lze1lziwmjfjdw5plmn6nto1nibbttu6ntygqu13zwjtyxn0zxi5lze1lziwmjeznzg1mjfjdw5plmn6nto1nibbttu6ntygqu13zwjtyxn0zxiznzg1mje5lze1lziwmjfjdw5plmn6nto1nibbttu6ntygqu0znzg1mjf3zwjtyxn0zxi5lze1lziwmjfjdw5plmn6nto1nibbttm3oduymtu6ntygqu13zwjtyxn0zxiznzg1mjejd2vibwfzdgvyqgn1bmkuy3o=",nocase; classtype:attempted-recon; sid:200004162; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.box.com",nocase; http_uri; content:"/s/b9fu9axf9rcv7bhjp80fpcm8zna5wcwi",nocase; classtype:attempted-recon; sid:200004163; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.box.com",nocase; http_uri; content:"/s/x6agocx9zvj049azirk4aw3xrqdedqhl",nocase; classtype:attempted-recon; sid:200004164; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.box.com",nocase; http_uri; content:"/s/ymr0ltw3hmn8icxebz16gjhcyhqa49w4",nocase; classtype:attempted-recon; sid:200004165; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.pipefy.com",nocase; http_uri; content:"/public/form/mnzdivok",nocase; classtype:attempted-recon; sid:200004166; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.pipefy.com",nocase; http_uri; content:"/public/form/xlfe4rw2",nocase; classtype:attempted-recon; sid:200004167; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.simplenote.com",nocase; http_uri; content:"/p/cmxgsj",nocase; classtype:attempted-recon; sid:200004168; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.simplenote.com",nocase; http_uri; content:"/publish/xhrdvc",nocase; classtype:attempted-recon; sid:200004169; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"appurl.io",nocase; http_uri; content:"/6dfhh1yrol",nocase; classtype:attempted-recon; sid:200004170; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"appurl.io",nocase; http_uri; content:"/lsmho6dyl-",nocase; classtype:attempted-recon; sid:200004171; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"appurl.io",nocase; http_uri; content:"/wywajnlbtl",nocase; classtype:attempted-recon; sid:200004172; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"att-yahoo.meculinkvolt.com",nocase; http_uri; content:"/at&t/",nocase; classtype:attempted-recon; sid:200004173; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"azeioaz.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004174; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"baovesusonglcxt.com",nocase; http_uri; content:"/wp-includes/index.html",nocase; classtype:attempted-recon; sid:200004175; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bardaiconnect.com",nocase; http_uri; content:"/app/listeners/ae/n-nv6588123/ae/ae/verify/sms.php",nocase; classtype:attempted-recon; sid:200004176; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"baritasonte.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004177; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bdsfa.sharepoint.com",nocase; http_uri; content:"/:x:/r/_layouts/15/wopiframe.aspx?guestaccesstoken=d96ydzq8vuilprdurtucov60qbtyz20222a95vav4da%3d&docid=1_1f81a6ca97d114a5f8e9829362518b16d&wdformid=%7b11b3b6fc%2d6e67%2d434d%2da029%2d3afe98d81a11%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200004178; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bdsfa.sharepoint.com",nocase; http_uri; content:"/_layouts/15/wopiframe.aspx?guestaccesstoken=d96ydzq8vuilprdurtucov60qbtyz20222a95vav4da%3d&docid=1_1f81a6ca97d114a5f8e9829362518b16d&wdformid=%7b11b3b6fc%2d6e67%2d434d%2da029%2d3afe98d81a11%7d&action=formsubmit&cid=57d50783-8fd3-4515-8ab3-24c639533fdf",nocase; classtype:attempted-recon; sid:200004179; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bendmytrend.com",nocase; http_uri; content:"/mp/china/index.php?login=sindy.zhu@swift.com",nocase; classtype:attempted-recon; sid:200004180; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.do",nocase; http_uri; content:"/fr3kf",nocase; classtype:attempted-recon; sid:200004181; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.do",nocase; http_uri; content:"/frxsz",nocase; classtype:attempted-recon; sid:200004182; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.do",nocase; http_uri; content:"/fs7cb",nocase; classtype:attempted-recon; sid:200004183; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.do",nocase; http_uri; content:"/fs8cx",nocase; classtype:attempted-recon; sid:200004184; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.do",nocase; http_uri; content:"/fsf6l",nocase; classtype:attempted-recon; sid:200004185; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.do",nocase; http_uri; content:"/ftahp",nocase; classtype:attempted-recon; sid:200004186; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly.",nocase; http_uri; content:"/3ijwsm2",nocase; classtype:attempted-recon; sid:200004187; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2iz03nf",nocase; classtype:attempted-recon; sid:200004188; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2kduy2u",nocase; classtype:attempted-recon; sid:200004189; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2nog4ow?facebook_update",nocase; classtype:attempted-recon; sid:200004190; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2nwrbgj",nocase; classtype:attempted-recon; sid:200004191; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2oq6dhz",nocase; classtype:attempted-recon; sid:200004192; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2p28z0h",nocase; classtype:attempted-recon; sid:200004193; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2q7fcpg",nocase; classtype:attempted-recon; sid:200004194; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2uwvcnh",nocase; classtype:attempted-recon; sid:200004195; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2vuwbzk",nocase; classtype:attempted-recon; sid:200004196; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2wqlrea",nocase; classtype:attempted-recon; sid:200004197; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2zaee65",nocase; classtype:attempted-recon; sid:200004198; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2zejaht",nocase; classtype:attempted-recon; sid:200004199; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2zomh31?confirmation",nocase; classtype:attempted-recon; sid:200004200; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/30ceyfq",nocase; classtype:attempted-recon; sid:200004201; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/30dwddq",nocase; classtype:attempted-recon; sid:200004202; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/30vy89r",nocase; classtype:attempted-recon; sid:200004203; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/319qtui",nocase; classtype:attempted-recon; sid:200004204; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/31cwtqd?facebook_update",nocase; classtype:attempted-recon; sid:200004205; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/31d3mp6?facebook_service",nocase; classtype:attempted-recon; sid:200004206; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/31xebzq",nocase; classtype:attempted-recon; sid:200004207; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/32xotak?l=www.bancoripley.cl",nocase; classtype:attempted-recon; sid:200004208; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/33ipjf7",nocase; classtype:attempted-recon; sid:200004209; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/33pcwtj",nocase; classtype:attempted-recon; sid:200004210; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/34mhgdg",nocase; classtype:attempted-recon; sid:200004211; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/37r8zo3",nocase; classtype:attempted-recon; sid:200004212; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/38xmo4d",nocase; classtype:attempted-recon; sid:200004213; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/392hszz",nocase; classtype:attempted-recon; sid:200004214; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3aetm80",nocase; classtype:attempted-recon; sid:200004215; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3afo6kx",nocase; classtype:attempted-recon; sid:200004216; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3an4lcn",nocase; classtype:attempted-recon; sid:200004217; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3aqvwmn",nocase; classtype:attempted-recon; sid:200004218; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3bdkpfx?facebook_update",nocase; classtype:attempted-recon; sid:200004219; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3bmjhx1?confirmation",nocase; classtype:attempted-recon; sid:200004220; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3bq4stv?confirmation",nocase; classtype:attempted-recon; sid:200004221; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3bsgkin",nocase; classtype:attempted-recon; sid:200004222; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3bvwofv?confirmation",nocase; classtype:attempted-recon; sid:200004223; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3c7nozm",nocase; classtype:attempted-recon; sid:200004224; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3ca8owp?facebook_update",nocase; classtype:attempted-recon; sid:200004225; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3cahvv5help-center-notice-comunity",nocase; classtype:attempted-recon; sid:200004226; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3clopj4",nocase; classtype:attempted-recon; sid:200004227; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3cpqerq",nocase; classtype:attempted-recon; sid:200004228; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3cvl6ir",nocase; classtype:attempted-recon; sid:200004229; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3czqfzo?confirmation",nocase; classtype:attempted-recon; sid:200004230; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3d7ezub?facebook_update",nocase; classtype:attempted-recon; sid:200004231; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3dj0r1p",nocase; classtype:attempted-recon; sid:200004232; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3dky0ds?facebook_update",nocase; classtype:attempted-recon; sid:200004233; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3e3wjwp",nocase; classtype:attempted-recon; sid:200004234; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3eeiwqv",nocase; classtype:attempted-recon; sid:200004235; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3ego3xw?redirect=system",nocase; classtype:attempted-recon; sid:200004236; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3eoqvcn",nocase; classtype:attempted-recon; sid:200004237; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3eptccr",nocase; classtype:attempted-recon; sid:200004238; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3exbeuu?i=www.bancoripley.cl",nocase; classtype:attempted-recon; sid:200004239; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3fb9f8f",nocase; classtype:attempted-recon; sid:200004240; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3fd8key",nocase; classtype:attempted-recon; sid:200004241; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3fk3blu",nocase; classtype:attempted-recon; sid:200004242; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3fmvby5?facebook_update",nocase; classtype:attempted-recon; sid:200004243; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3fyg9rf",nocase; classtype:attempted-recon; sid:200004244; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3guiinq?confirmation",nocase; classtype:attempted-recon; sid:200004245; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3gxztog",nocase; classtype:attempted-recon; sid:200004246; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3gyfnlm?confirmation",nocase; classtype:attempted-recon; sid:200004247; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3hvucnu",nocase; classtype:attempted-recon; sid:200004248; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3hwhrlr",nocase; classtype:attempted-recon; sid:200004249; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3i8tjul",nocase; classtype:attempted-recon; sid:200004250; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3jow35g?confirmation",nocase; classtype:attempted-recon; sid:200004251; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3jqfusj?confirmation",nocase; classtype:attempted-recon; sid:200004252; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3jqmbfu",nocase; classtype:attempted-recon; sid:200004253; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3jsnadf?i=www.bancoripley.cl",nocase; classtype:attempted-recon; sid:200004254; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3jvodhm?confirmation",nocase; classtype:attempted-recon; sid:200004255; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3jxszq1?confirmation",nocase; classtype:attempted-recon; sid:200004256; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3k2aaqc?facebook_update",nocase; classtype:attempted-recon; sid:200004257; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3kdifqr",nocase; classtype:attempted-recon; sid:200004258; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3kueruz",nocase; classtype:attempted-recon; sid:200004259; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3kxfgbu",nocase; classtype:attempted-recon; sid:200004260; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3l4jpqg?facebook_update",nocase; classtype:attempted-recon; sid:200004261; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3ldovbh",nocase; classtype:attempted-recon; sid:200004262; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3lgmoqh",nocase; classtype:attempted-recon; sid:200004263; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3mgij5v",nocase; classtype:attempted-recon; sid:200004264; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3mkihc9",nocase; classtype:attempted-recon; sid:200004265; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3mrtcap",nocase; classtype:attempted-recon; sid:200004266; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3mryk6q",nocase; classtype:attempted-recon; sid:200004267; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3mvat1h?confirmation",nocase; classtype:attempted-recon; sid:200004268; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3mwnmia?confirmation",nocase; classtype:attempted-recon; sid:200004269; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3nddkta",nocase; classtype:attempted-recon; sid:200004270; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3nkpgzq",nocase; classtype:attempted-recon; sid:200004271; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3nvr2mn",nocase; classtype:attempted-recon; sid:200004272; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3phrfct",nocase; classtype:attempted-recon; sid:200004273; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3pqid6z?confirmation",nocase; classtype:attempted-recon; sid:200004274; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3qc8jtv",nocase; classtype:attempted-recon; sid:200004275; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3qplrme",nocase; classtype:attempted-recon; sid:200004276; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3r49apq?facebook_update",nocase; classtype:attempted-recon; sid:200004277; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3r8xxmg?facebook_update",nocase; classtype:attempted-recon; sid:200004278; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3rd3dgx",nocase; classtype:attempted-recon; sid:200004279; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3reovvv",nocase; classtype:attempted-recon; sid:200004280; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3rkzqb5",nocase; classtype:attempted-recon; sid:200004281; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3rucafb?confirmations",nocase; classtype:attempted-recon; sid:200004282; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3s7gmhf",nocase; classtype:attempted-recon; sid:200004283; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3sdxkuf",nocase; classtype:attempted-recon; sid:200004284; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3tkk6kn",nocase; classtype:attempted-recon; sid:200004285; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3tks2um",nocase; classtype:attempted-recon; sid:200004286; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3tzc89x",nocase; classtype:attempted-recon; sid:200004287; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3vtbyq5",nocase; classtype:attempted-recon; sid:200004288; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3vyh0x9",nocase; classtype:attempted-recon; sid:200004289; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3w8ru6g?confirmation",nocase; classtype:attempted-recon; sid:200004290; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3wb6m3i",nocase; classtype:attempted-recon; sid:200004291; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3xhfy9m?facebook_update",nocase; classtype:attempted-recon; sid:200004292; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3xkuef1?confirmation",nocase; classtype:attempted-recon; sid:200004293; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3xrdvez?facebook_update",nocase; classtype:attempted-recon; sid:200004294; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3yatzv9?confirmation",nocase; classtype:attempted-recon; sid:200004295; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3zbrsmk?|=www.bancoripley.cl",nocase; classtype:attempted-recon; sid:200004296; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3zv9bif",nocase; classtype:attempted-recon; sid:200004297; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/bancamps-web",nocase; classtype:attempted-recon; sid:200004298; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/click-confirm",nocase; classtype:attempted-recon; sid:200004299; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/coinspot-claim-bonus",nocase; classtype:attempted-recon; sid:200004300; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/community-details",nocase; classtype:attempted-recon; sid:200004301; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/confirm-click",nocase; classtype:attempted-recon; sid:200004302; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/edoardopolaccoufficiale",nocase; classtype:attempted-recon; sid:200004303; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/i-13orange",nocase; classtype:attempted-recon; sid:200004304; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/i-14orange",nocase; classtype:attempted-recon; sid:200004305; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/id-lockpages",nocase; classtype:attempted-recon; sid:200004306; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/id-locksystem",nocase; classtype:attempted-recon; sid:200004307; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/info-details-notification",nocase; classtype:attempted-recon; sid:200004308; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/ip13-orange",nocase; classtype:attempted-recon; sid:200004309; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/ip14-orange",nocase; classtype:attempted-recon; sid:200004310; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/lrs-gov1",nocase; classtype:attempted-recon; sid:200004311; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/main-pages",nocase; classtype:attempted-recon; sid:200004312; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/mr-pin",nocase; classtype:attempted-recon; sid:200004313; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/orange-id13",nocase; classtype:attempted-recon; sid:200004314; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/orange-id2",nocase; classtype:attempted-recon; sid:200004315; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/orange-id3",nocase; classtype:attempted-recon; sid:200004316; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/orange-id4",nocase; classtype:attempted-recon; sid:200004317; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/page-infromation",nocase; classtype:attempted-recon; sid:200004318; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/pandemicreliefpackage",nocase; classtype:attempted-recon; sid:200004319; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/policy-pages",nocase; classtype:attempted-recon; sid:200004320; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/portale-mps-attivazione",nocase; classtype:attempted-recon; sid:200004321; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/recoveryform",nocase; classtype:attempted-recon; sid:200004322; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/verifikasipemblokiran_id",nocase; classtype:attempted-recon; sid:200004323; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitflyertt.com",nocase; http_uri; content:"/#/",nocase; classtype:attempted-recon; sid:200004324; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitly.com",nocase; http_uri; content:"/2p3bbbs",nocase; classtype:attempted-recon; sid:200004325; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitly.com",nocase; http_uri; content:"/3aolo2y",nocase; classtype:attempted-recon; sid:200004326; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitly.com",nocase; http_uri; content:"/3bqoevf",nocase; classtype:attempted-recon; sid:200004327; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitly.com",nocase; http_uri; content:"/3g1epw3",nocase; classtype:attempted-recon; sid:200004328; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitly.com",nocase; http_uri; content:"/3jrtmmu",nocase; classtype:attempted-recon; sid:200004329; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitly.com",nocase; http_uri; content:"/3koilft",nocase; classtype:attempted-recon; sid:200004330; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitly.com",nocase; http_uri; content:"/3xmjxs4",nocase; classtype:attempted-recon; sid:200004331; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitly.com",nocase; http_uri; content:"/taxirsxcy",nocase; classtype:attempted-recon; sid:200004332; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitwayconnect.com",nocase; http_uri; content:"/en/wallets/",nocase; classtype:attempted-recon; sid:200004333; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blackbearcccouk-my.sharepoint.com",nocase; http_uri; content:"/personal/accounts_blackbearcc_co_uk/_layouts/15/onedrive.aspx?id=%2fpersonal%2faccounts%5fblackbearcc%5fco%5fuk%2fdocuments%2fngb%20urgente%20substanti%c3%able%20update%20%5f%20voorstel%2epdf&amp\;parent=%2fpersonal%2faccounts%5fblackbearcc%5fco%5fuk%2fdocuments&amp\;originalpath=ahr0chm6ly9ibgfja2jlyxjjy2nvdwstbxkuc2hhcmvwb2ludc5jb20vomi6l2cvcgvyc29uywwvywnjb3vudhnfymxhy2tizwfyy2nfy29fdwsvrve5as01b19mukjbcutzeunhv3eznw9ccfbtmze3b2fsrnrgnhpzuenbvlfiqt9ydgltzt1tqjzyquroodjvzw",nocase; classtype:attempted-recon; sid:200004334; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bluehorse.in",nocase; http_uri; content:"/sella/info.html",nocase; classtype:attempted-recon; sid:200004335; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bodegalatinacorp-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/012dsd_fiestamart_com/_layouts/15/wopiframe.aspx?guestaccesstoken=t3v5ldmmhrtlw5cyiohlp9z4yo7ufnrop9j1plyfdkm%3d&docid=1_1d89d259f7e704301aca26ac4dbabaa8d&wdformid=%7bfeb771e5%2d93ee%2d4015%2d8e87%2dd1c30d0f406a%7d&action=formsubmit&cid=f609fe16-56c4-4e2b-a964-75e250d31c99",nocase; classtype:attempted-recon; sid:200004336; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bom.to",nocase; http_uri; content:"/nlozan9lgoapq",nocase; classtype:attempted-recon; sid:200004337; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bonomequedoencasa.blogspot.com",nocase; http_uri; content:"/?aplicar",nocase; classtype:attempted-recon; sid:200004338; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bpl.kr",nocase; http_uri; content:"/s9x",nocase; classtype:attempted-recon; sid:200004339; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bre.is",nocase; http_uri; content:"/2r9pyocy",nocase; classtype:attempted-recon; sid:200004340; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"capstroyinvest.com",nocase; http_uri; content:"/assets/content/7fde14dcc130f933dfa5c0283d776eb9/?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft",nocase; classtype:attempted-recon; sid:200004341; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"capstroyinvest.com",nocase; http_uri; content:"/assets/content/c0e9ccedb57ca77a45d83f9bde98224b/?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft",nocase; classtype:attempted-recon; sid:200004342; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"capstroyinvest.com",nocase; http_uri; content:"/assets/content/c0e9ccedb57ca77a45d83f9bde98224b?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft",nocase; classtype:attempted-recon; sid:200004343; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"capstroyinvest.com",nocase; http_uri; content:"/assets/content/c4957ef2c1f1801d0506e35cc3b5a6a8/?user=3d{{email}}&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft",nocase; classtype:attempted-recon; sid:200004344; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"capstroyinvest.com",nocase; http_uri; content:"/assets/content/c4957ef2c1f1801d0506e35cc3b5a6a8?user=3d{{email}}&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft",nocase; classtype:attempted-recon; sid:200004345; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"capstroyinvest.com",nocase; http_uri; content:"/assets/content/d190a3ceefc52c12869c2bee7b9ed710/?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft",nocase; classtype:attempted-recon; sid:200004346; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"capstroyinvest.com",nocase; http_uri; content:"/assets/content/d190a3ceefc52c12869c2bee7b9ed710?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft",nocase; classtype:attempted-recon; sid:200004347; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"capstroyinvest.com",nocase; http_uri; content:"/assets/content/fcc3a33269bb5f281754c49ab86c3d4e/?user=3d{{email}}&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft",nocase; classtype:attempted-recon; sid:200004348; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cdn.shopify.com",nocase; http_uri; content:"/s/files/1/0533/5367/6992/t/3/assets/home.html",nocase; classtype:attempted-recon; sid:200004349; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"centromedicoviladomat.com",nocase; http_uri; content:"/index.php?option=com_content&view=article&id=67",nocase; classtype:attempted-recon; sid:200004350; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chronopostvalidation.blogspot.com",nocase; http_uri; content:"/2021/02/blog-post_12.html",nocase; classtype:attempted-recon; sid:200004351; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ci3.googleusercontent.com",nocase; http_uri; content:"/proxy/rdh-rjsrv9zzrx57iscgov74o1gka4qjdfj01qr7v8-pkjgyvn50tivt7pzqgm5kuqdmonqle3f8eq_t8f4xl6jdozabmf2lxy-888ai8hdji633rg",nocase; classtype:attempted-recon; sid:200004352; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ci4.googleusercontent.com",nocase; http_uri; content:"/proxy/djc3ckf7jcnj8l0duyaqyjwffeskzbccy9spjiauj_jwrplgw0ahyaf1xozvm6n_fjn8q1-2vkhqqujjr1en3qej703lyxxujt6tto-ttwsl6hgsggp3ehcc",nocase; classtype:attempted-recon; sid:200004353; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ci4.googleusercontent.com",nocase; http_uri; content:"/proxy/zjba9cvtmkfnoveyofx6gqong0kqi3s69d9o2y32fmu_gankb59tj-rb79bolx0bwbsemnonfhh2esy9olfdp-20gybztkzstfhfheqrrjuefxwiwkqws29wxm6tdobikwz-qkzfphpaldfr",nocase; classtype:attempted-recon; sid:200004354; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cimslp-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/eric_cimsltd_com/_layouts/15/wopiframe.aspx?guestaccesstoken=wnhqsp58ikn1qzzozpe2oiw%2fmizdr53wegdbyscml7y%3d&amp\;docid=1_1207bcf2f71094b5cb97dcb5bea3e1a3a&amp\;wdformid=%7bd98de46a%2d2777%2d417f%2dbbcf%2d5f08c8244727%7d&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200004355; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"clck.ru",nocase; http_uri; content:"/yc8bd&post=665308711_37&cc_key",nocase; classtype:attempted-recon; sid:200004356; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"clck.ru",nocase; http_uri; content:"/yzuft&post=665308711_32&cc_key",nocase; classtype:attempted-recon; sid:200004357; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"click.icptrack.com",nocase; http_uri; content:"/icp/relay.php?r=57372110&amp\;msgid=807563&amp\;act=af7a&amp\;c=1365247&amp\;destination=https://www.linkedin.com/&amp\;cf=17638&amp\;v=6023ca6bc5e4f8b8568ed04ff6a646a7d7757336e750d772ecc1cb2b3b6063b4",nocase; classtype:attempted-recon; sid:200004358; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"click.message.fruit.com",nocase; http_uri; content:"/?qs=6541641088c869552ced792d84ee93eabf075e23cd5eba83a7d07a40ad9cf2ce36c931984719b9df7de658999defbc87f999ec46970a0280",nocase; classtype:attempted-recon; sid:200004359; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cloud-dot-chaser-331005.uk.r.appspot.com",nocase; http_uri; content:"/#moreinfo@widomaker.com",nocase; classtype:attempted-recon; sid:200004360; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"codepasta.app",nocase; http_uri; content:"/paste/c4tl1sfout2tbkhn5810/raw",nocase; classtype:attempted-recon; sid:200004361; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev",nocase; http_uri; content:"/#investor-relations@cyient.com",nocase; classtype:attempted-recon; sid:200004362; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"community-die.blogspot.com",nocase; http_uri; content:"/?!=%25_col_email%20address_%25",nocase; classtype:attempted-recon; sid:200004363; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"communitychurch-my.sharepoint.com",nocase; http_uri; content:"/:b:/g/personal/infonoreply_communitychurch_tv/eburrky2tklimiiiqf0ia5kbbhkaxaypf06-08wf9wjebq?e=w5jmrb",nocase; classtype:attempted-recon; sid:200004364; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"confabint.com",nocase; http_uri; content:"/discounts_services/writing/loginform2d0e.php",nocase; classtype:attempted-recon; sid:200004365; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"consultorioveterinario7colinas.pt",nocase; http_uri; content:"/it/userbcc/indexx.html",nocase; classtype:attempted-recon; sid:200004366; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"createchsoft.com",nocase; http_uri; content:"/wp-includes/js/crop/cm",nocase; classtype:attempted-recon; sid:200004367; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php",nocase; classtype:attempted-recon; sid:200004368; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?.rand=13inboxlight.aspx?n=1774256418",nocase; classtype:attempted-recon; sid:200004369; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?.rand=13inboxlight.aspx?n=1774256418&amp\;email=jackdavis@eureliosollutions.com&amp\;fid=1&amp\;fid=4&amp\;rand=13inboxlightaspxn.1774256418",nocase; classtype:attempted-recon; sid:200004370; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418",nocase; classtype:attempted-recon; sid:200004371; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;",nocase; classtype:attempted-recon; sid:200004372; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;amp",nocase; classtype:attempted-recon; sid:200004373; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;amp\;ampopensource:observable-35835700-0d08-4c25-a188-b8312ba00a941067515",nocase; classtype:attempted-recon; sid:200004374; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;ampopensource:observable-35835700-0d08-4c25-a188-b8312ba00a941067515",nocase; classtype:attempted-recon; sid:200004375; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;fid.4.1252899642&amp\;fid=1&amp\;fav.1&amp\;rand.13inboxlight.aspxn.1774256418&amp\;fid.1252899642&amp\;fid.1&amp\;fav.1&amp\;email=&amp\;.rand=13inboxlight.aspx?n=1774256418&amp\;fid=4",nocase; classtype:attempted-recon; sid:200004376; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;fid.4.1252899642&amp\;fid=4&amp\;fav.1&amp\;rand.13inboxlight.aspxn.1774256418&amp\;fid.1252899642&amp\;fid.1&amp\;email=jsmith@imaphost.com&amp\;.rand=13inboxlight.aspx?n=1774256418",nocase; classtype:attempted-recon; sid:200004377; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13inboxlight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=jackdavis@eureliosollutions.com&.rand=13inboxlight.aspx?n=1774256418&fid=4",nocase; classtype:attempted-recon; sid:200004378; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct?email=jackdavis@eureliosollutions.com",nocase; classtype:attempted-recon; sid:200004379; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativeingredient.com",nocase; http_uri; content:"/wp-includes/images/verify/update/y.html",nocase; classtype:attempted-recon; sid:200004380; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creditiperhabbogratissicuro100.blogspot.com",nocase; http_uri; content:"/2011/02/habbo-crediti-gratis-sicuro-100.html",nocase; classtype:attempted-recon; sid:200004381; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cusstomerservicee.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004382; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/2isbc3k",nocase; classtype:attempted-recon; sid:200004383; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/3yqokjg",nocase; classtype:attempted-recon; sid:200004384; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/3yy01ci",nocase; classtype:attempted-recon; sid:200004385; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/4ypfq09",nocase; classtype:attempted-recon; sid:200004386; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/5yhe1qn",nocase; classtype:attempted-recon; sid:200004387; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/7yqfwsn",nocase; classtype:attempted-recon; sid:200004388; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/aynunsk",nocase; classtype:attempted-recon; sid:200004389; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/ayw5mev",nocase; classtype:attempted-recon; sid:200004390; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/bundu4e?id/help/pages?ref=cr",nocase; classtype:attempted-recon; sid:200004391; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/byqp8mx",nocase; classtype:attempted-recon; sid:200004392; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/claiminc",nocase; classtype:attempted-recon; sid:200004393; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/ctmlfil",nocase; classtype:attempted-recon; sid:200004394; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/cyni5cc",nocase; classtype:attempted-recon; sid:200004395; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/cyqucr4",nocase; classtype:attempted-recon; sid:200004396; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/dkvkq49/",nocase; classtype:attempted-recon; sid:200004397; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/gyqdc7m",nocase; classtype:attempted-recon; sid:200004398; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/ingdirect-es",nocase; classtype:attempted-recon; sid:200004399; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/iyn1owx",nocase; classtype:attempted-recon; sid:200004400; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/kiiataa",nocase; classtype:attempted-recon; sid:200004401; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/mynrk6q",nocase; classtype:attempted-recon; sid:200004402; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/ny0rjd4",nocase; classtype:attempted-recon; sid:200004403; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/nynglzu",nocase; classtype:attempted-recon; sid:200004404; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/nyxbpmv",nocase; classtype:attempted-recon; sid:200004405; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/oyqykkh",nocase; classtype:attempted-recon; sid:200004406; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/ptl7kd8",nocase; classtype:attempted-recon; sid:200004407; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/py2rr2z",nocase; classtype:attempted-recon; sid:200004408; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/pyqptqe",nocase; classtype:attempted-recon; sid:200004409; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/pywuwcj",nocase; classtype:attempted-recon; sid:200004410; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/qyc4svc",nocase; classtype:attempted-recon; sid:200004411; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/qymd2vc",nocase; classtype:attempted-recon; sid:200004412; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/rykpt4j",nocase; classtype:attempted-recon; sid:200004413; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/ryzqc5o",nocase; classtype:attempted-recon; sid:200004414; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/tyq6jn2",nocase; classtype:attempted-recon; sid:200004415; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/uybigpf",nocase; classtype:attempted-recon; sid:200004416; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/uydktcc",nocase; classtype:attempted-recon; sid:200004417; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/uyqji5z",nocase; classtype:attempted-recon; sid:200004418; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/uyx0po9",nocase; classtype:attempted-recon; sid:200004419; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/wyc154r",nocase; classtype:attempted-recon; sid:200004420; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/xynjuem",nocase; classtype:attempted-recon; sid:200004421; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/ytv0uzv",nocase; classtype:attempted-recon; sid:200004422; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cy.tc",nocase; http_uri; content:"/oglp",nocase; classtype:attempted-recon; sid:200004423; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"d854c624d7.gesundheitundschonheit.com",nocase; http_uri; content:"/#?act=cl&pid=34515_md&uid=1&vid=25&ofid=1615&lid=126&cid=17171",nocase; classtype:attempted-recon; sid:200004424; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"digisigner.com",nocase; http_uri; content:"/online/showdocument?documentid=1fce937a-ba39-4053-a83a-f07711ad8efd&invitationid=82f3e840-cd11-4da4-8579-304bd7e930b0",nocase; classtype:attempted-recon; sid:200004425; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/document/d/e/2pacx-1vszcwxk6nifthkg32wjxfjgq9yc-jjujkbsumqeeau8uw7xkcutyp0tbgux2mvwu8iqfrxxlunajob8/pub",nocase; classtype:attempted-recon; sid:200004426; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/document/d/e/2pacx-1vt_xl-m0ff8yqqhzhgseahgwejo0znh9re6w0qvgbe0qfe084hrebjjg673htphdnvbcdnq6agehncq/pub?mobilelogin",nocase; classtype:attempted-recon; sid:200004427; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/document/d/e/2pacx-1vth3iya0ov7p49rk9ejozgqnueuk8fna2mky389hertlwx4mnoyhl1mlhnwbz8sxnsqtk8i5uysmq68/pub?embedded=true",nocase; classtype:attempted-recon; sid:200004428; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/document/d/e/2pacx-1vts9czxqycsgi-quifs7m1mqjzmlcjlccnhw3dsahdss5ymnpy6y0vsgwvf3piu6js22ydjyew1oyo_/pub?embedded=true",nocase; classtype:attempted-recon; sid:200004429; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/12467akksjbdxtns1aefg-fo9hlxamtxynf5brvbz5tc/viewform?edit_requested=true",nocase; classtype:attempted-recon; sid:200004430; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/1fpyjsolbptidxpf23lqom1jghfw7qrvbbbfxxi82pzg/viewform?edit_requested=true",nocase; classtype:attempted-recon; sid:200004431; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsc-xysogohjsbzmcnoded8ooar2gz1c5zxobgk8envh3jbpow/viewform",nocase; classtype:attempted-recon; sid:200004432; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsc0yyqlieizg0nzouznvhsjfags1h9qi5hpdw3qlgbivm501q/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004433; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsc4bagzjzmstbnjhy7zpy5zsx-xrn7reoouolv54luk5tihha/viewform",nocase; classtype:attempted-recon; sid:200004434; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsc8uc5aztlek3s6dqtk1etorhez5m2yvubyw5qmfkpisrelcq/viewform?usp=pp_url",nocase; classtype:attempted-recon; sid:200004435; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsc_enqwhhv1jnvzy55mb4ghvjd4wcz9plnolh2eoitk7qgbra/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004436; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsc_f0pxmnwzrtbck6u06fdzocmhgzvjzlc8cu7c9b456fhccq/viewform",nocase; classtype:attempted-recon; sid:200004437; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscaoiohhbm7suyz9ol9o9ueunbxn6donxrfjge2cevdw_8jmw/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004438; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscc30j0zmjvz0ct-wi59yhnz9gimpj3snofe5vkbovmeykomg/viewform",nocase; classtype:attempted-recon; sid:200004439; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscc98m5fw4ifog0zeiuquxitizmisrgsdvyxvtxsppunpkwzq/viewform",nocase; classtype:attempted-recon; sid:200004440; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscclmqirehqtkm3vl4u9gm2zv6xfvrddbrgke9fmsfujqbboq/viewform",nocase; classtype:attempted-recon; sid:200004441; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscd8t8sjgxqrsa6dq5kjpmrpsxkvi4bl38sfdu7wa3sl32elg/viewform",nocase; classtype:attempted-recon; sid:200004442; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscda1to5ru4sjeeujg3ki2bimklprvsec6u43kpvhbfyhrldw/viewform",nocase; classtype:attempted-recon; sid:200004443; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscda1to5ru4sjeeujg3ki2bimklprvsec6u43kpvhbfyhrldw/viewform?usp=sf_link",nocase; classtype:attempted-recon; sid:200004444; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscdct8mue2qq3syjr4tnntol30jfdk8vwpco6yjh7dxnq5nyg/viewform",nocase; classtype:attempted-recon; sid:200004445; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscdct8mue2qq3syjr4tnntol30jfdk8vwpco6yjh7dxnq5nyg/viewform?usp=sf_link",nocase; classtype:attempted-recon; sid:200004446; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscdkcb2saiqfhtrh2inewegl56-jrv0e_ncfubvdmdprxpzfq/viewform",nocase; classtype:attempted-recon; sid:200004447; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscdkcb2saiqfhtrh2inewegl56-jrv0e_ncfubvdmdprxpzfq/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004448; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsceoxsfawdsbd2r-jk2sppywnv1bchzjjcw2xkcj7oqkwqriw/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004449; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscf9u8nrld-zvu6clr4jcwnw0buqrykdldtzoullbxy8kc1ta/viewform",nocase; classtype:attempted-recon; sid:200004450; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscfh2njwrve6_rkxxy1yz83keoeekd4maqcnd-ivq7rkg0uca/viewform",nocase; classtype:attempted-recon; sid:200004451; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscfmdl3il-2rcplfeq-12jtre1mwsgbnmh2nhoj9xoflmplew/viewform",nocase; classtype:attempted-recon; sid:200004452; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscirilop6_iti0zvvrlsbk8zfaeo-f10otlhj9k5liyervk4g/viewform",nocase; classtype:attempted-recon; sid:200004453; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscjtat4fmstlxz3hbfkg4qyi-epfdmun7_avcqwvgscoydytw/viewform",nocase; classtype:attempted-recon; sid:200004454; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscjvnhykksssaw-kycyrl6ywg_r3fdjuyqhk2mrmxcpgwfxoa/viewform",nocase; classtype:attempted-recon; sid:200004455; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscmzyecgbuuccfs_5e5axn9hpruzskqmvseedm0xz1qrqb5vg/viewform",nocase; classtype:attempted-recon; sid:200004456; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscn6xxq_xvtivggy_4rkibou1i27e0kpiimikafpaavki1vsq/viewform?usp=send_form&usp=embed_facebook",nocase; classtype:attempted-recon; sid:200004457; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscphvypdecdasu-iqnvt4bvkiu5g1fioskjyfi9gk2z69cemq/viewform",nocase; classtype:attempted-recon; sid:200004458; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscqbbsvkpxnasqgeazpzwxp1ln7qzdurt-nqn4azqa7q14euw/viewform",nocase; classtype:attempted-recon; sid:200004459; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscrgopduxv2yg9memppi-dzfii70kq8hr8pi5zn9o_5amr3xa/viewform",nocase; classtype:attempted-recon; sid:200004460; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscrmsgjymaojts0bfneswvnfekiw6zya5rzyqoa1ydp5wkcrw/viewform",nocase; classtype:attempted-recon; sid:200004461; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscuttypbph1iazuis8aa6xvrlmagwglmdcrrg8g2oymskvbva/viewform",nocase; classtype:attempted-recon; sid:200004462; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscuzwqncl3qs7cwfb7jlimpdueycxy0mv6zknp0uubdbkcu3w/viewform",nocase; classtype:attempted-recon; sid:200004463; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscvp9muuu33wgba4h5kugaleeh0onrqzug-b6n5aj5werrmaw/viewform",nocase; classtype:attempted-recon; sid:200004464; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscvqmhqgwbubzxdynzgvlbmmziyagdiadz2eyhc-s-ro8ndfq/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004465; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscxgbsqs0_gphf4vziykyu_g5rgytw2s9fir3lyfar7kaixew/viewform",nocase; classtype:attempted-recon; sid:200004466; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscxgbsqs0_gphf4vziykyu_g5rgytw2s9fir3lyfar7kaixew/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004467; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscz4uf8dtvwhgxggkzsbbhjcgu9npgc6agxpy5o2fwpo6tv5q/viewform?usp=sf_link",nocase; classtype:attempted-recon; sid:200004468; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsczp3nbsyvoj5-wf-7k4xshjczyxvdc-lc679urtbl_k-9x8q/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004469; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsd1x00gqusaavdvp5ualsrctsjb80y9oy7yln6wwani40srpw/viewform",nocase; classtype:attempted-recon; sid:200004470; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsd1x00gqusaavdvp5ualsrctsjb80y9oy7yln6wwani40srpw/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004471; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsd3x6brnru3toiionptordwmc4zorxcky1ebpmeg6bb4jfuca/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004472; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsd7jgegqudsjg7blscqgfvdftyvlno6xreg6wjuxl0hnfbwtw/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;gxids=7628",nocase; classtype:attempted-recon; sid:200004473; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsd8_xzmknrntxwpeg8bvmvbbzmjsfgejo-vngsmyjx1dnidsg/viewform",nocase; classtype:attempted-recon; sid:200004474; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsd8vkw5fxeroe_pxa7n5cdfpukhahbg_7k7sg0iuosh_xsyoa/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004475; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsd9poeb_wmgffgg8taw4z_np0kdbo32gr35k1zxizj7lcdela/viewform",nocase; classtype:attempted-recon; sid:200004476; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsd_c4wpt0zzouwt5lr9p5kn5cylz3ananv1hlix6u_h36w1rg/viewform",nocase; classtype:attempted-recon; sid:200004477; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsda4flfi-1_gvwqnbb1dcxz_mb5omo9t2oc-vslzfgh6avrag/viewform",nocase; classtype:attempted-recon; sid:200004478; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdbgprbyowwcugqslasnoo-sbqcrgi6ppycsytvsw2_dwfeug/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004479; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdce9c1bqexlzlu9rojtuwtaatyeeshywbkmuiobrw_a-_mga/viewform",nocase; classtype:attempted-recon; sid:200004480; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdce9c1bqexlzlu9rojtuwtaatyeeshywbkmuiobrw_a-_mga/viewform?usp=pp_url",nocase; classtype:attempted-recon; sid:200004481; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdcznggxnwia2ct8kmxid1tdqhgerhnmixukxuj7nmq1lqsma/viewform",nocase; classtype:attempted-recon; sid:200004482; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdfarxg-0eurkyimsg-ukgl4mbtgvwfhe1wzbdxmb7oaosnyg/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004483; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdfyxb1kjjvkaiwbbpbgr0dfaq1xx2ehhzbxnt3adndssy1yw/viewform",nocase; classtype:attempted-recon; sid:200004484; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdfyxb1kjjvkaiwbbpbgr0dfaq1xx2ehhzbxnt3adndssy1yw/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004485; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdgxybkn7btnmkuuyyoe0rlbw8kmdgbwejv6l52fjbm9vledg/viewform",nocase; classtype:attempted-recon; sid:200004486; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdinjm_qvdbv3roybqi073rm1pujmrrs7lid7c3qk-4xwweew/viewform",nocase; classtype:attempted-recon; sid:200004487; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdlwgxgjcqz_53lnvyfaiibnkptndldhs4vd0c__6lufv81zq/viewform",nocase; classtype:attempted-recon; sid:200004488; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdmsww4edj2yofwdenmvl3uvyibigishgajtsfa7chvcan0wg/viewform",nocase; classtype:attempted-recon; sid:200004489; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdmsww4edj2yofwdenmvl3uvyibigishgajtsfa7chvcan0wg/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004490; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdnngh7an2vfxw1k7cotxcb24wwne2qcm3j5deelwsn676z2q/viewform?usp=pp_url",nocase; classtype:attempted-recon; sid:200004491; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdpetadtoy4qkid3frxtq_jkthudhyvm17bkmb8iqonismzvw/viewform",nocase; classtype:attempted-recon; sid:200004492; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdvo-nueiprck-o5gw7-bnmsz9jvwlyspeqfhfr2g2osbsrba/viewform",nocase; classtype:attempted-recon; sid:200004493; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdvwkczn_rxvn1522z1mcojbs40ymrctyizpyuv72_0wbypgq/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004494; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdwbz5hapgqojwjyndeeyjxamg0wnaj3kolh3fb6xf4c-fxjw/viewform",nocase; classtype:attempted-recon; sid:200004495; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdwbz5hapgqojwjyndeeyjxamg0wnaj3kolh3fb6xf4c-fxjw/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004496; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdxm-rwnv41p3wdcbtetukrctoakvuoe1h_uy8jgnxy7kldza/viewform",nocase; classtype:attempted-recon; sid:200004497; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdy1071rbhheyidjzo6fw5busqot5eunllw_thawo6udamfaq/viewform",nocase; classtype:attempted-recon; sid:200004498; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdybqflfptobqslhflytic3g936bnojaljztk6ct1d5mjvnnw/viewform",nocase; classtype:attempted-recon; sid:200004499; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdyygc4-s_a1dcdvcf9z9n1yhvz2dnehdr2aij-bcetxe2csg/viewform",nocase; classtype:attempted-recon; sid:200004500; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdzrubbm3nrqdzjs6q7phutjgmn-dm8zquphjg9ge31q7bdhg/viewform",nocase; classtype:attempted-recon; sid:200004501; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlse3-zgmg83lctfks0egmambwonybkscrvxix--n1azwngkphg/viewform",nocase; classtype:attempted-recon; sid:200004502; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlse5htthgifmniezokiypnjjhanvkvlehsrk9esgcpoauqutiw/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004503; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlse8ds15kxxdcrhfspcfrbvy6sbdhp0e4540zzmhhvzouewvka/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link",nocase; classtype:attempted-recon; sid:200004504; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlse_mo9pzgdahzdgz0wctr7lm0cqm_zwos8ljc4cqgtvnqfmfq/viewform",nocase; classtype:attempted-recon; sid:200004505; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseaoj1gseoc72inocx9jofb1nqgqm81_firdsookdvnd4fz3q/viewform",nocase; classtype:attempted-recon; sid:200004506; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsebpakzyvtprhygwe23jlsdieyoca0jtiyy-f68nqwofparww/viewform",nocase; classtype:attempted-recon; sid:200004507; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsebyedalhc7exqq5fljf8x1akbwz0h8l8ojbx5nx3go7bh3sa/viewform",nocase; classtype:attempted-recon; sid:200004508; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsebyedalhc7exqq5fljf8x1akbwz0h8l8ojbx5nx3go7bh3sa/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004509; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseck8-g3um70ihw-ajfait5whcec3qdowobizswz8_-et_jkq/viewform",nocase; classtype:attempted-recon; sid:200004510; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsed7ckwpjf0hndj7zb3qtjmirtkv6pwcrmhplptuczapfmdew/viewform",nocase; classtype:attempted-recon; sid:200004511; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseerl98zqhhsjdo_vwhfzft3njmrw-es6isa689uqc2opalkg/viewform",nocase; classtype:attempted-recon; sid:200004512; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsefdjhvlb8j4f16k5uewfckrm6sxun7mb8kmt6hnsw4twzb1a/viewform",nocase; classtype:attempted-recon; sid:200004513; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsefv5nkokmsxbkw84jsid2gwxxq8hhcvvajj-hjwl43irewza/viewform?vc=0&amp\;c=0&amp\;w=1",nocase; classtype:attempted-recon; sid:200004514; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseggxi9u9oxdijtvvfpdkom7-bau-dstzgnovfyndrhxtk_ew/viewform?fbzx=450838898210045776",nocase; classtype:attempted-recon; sid:200004515; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseht4cdltkad8967jjarcb5nafonbaw3dtpynth9mdk94hf-q/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004516; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseirld9oyigwxmec2bc-ax4yd-m-rhezlne00aminsjf0uteq/viewform",nocase; classtype:attempted-recon; sid:200004517; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseja63wnjv6158neslzqwlnlui4yluhb0nlou-vx0ehpwkexg/viewform",nocase; classtype:attempted-recon; sid:200004518; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsejavlqdkikylynqlg6p7kyfu4qnlyy31opnfttucuhgmek4a/viewform",nocase; classtype:attempted-recon; sid:200004519; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsekx9ewwwdcej4qewpnqgzq3bzhqogrop2ui9vxaeswphzyvq/viewform",nocase; classtype:attempted-recon; sid:200004520; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsemwyrvcln1ql8uxd0dsiswveuehikz5hwalfeni7jjfaefmg/viewform?usp=sf_link",nocase; classtype:attempted-recon; sid:200004521; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseoz9zpmm0c0fjksklv-p1hsrwsuybmj6bvbd_fkewzzcv_ea/viewform?usp=pp_url",nocase; classtype:attempted-recon; sid:200004522; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsepe4jevfm3mjc-vndxuq_9wjpc7afrjadkxvp8czawh27cqg/viewform?usp=sf_link",nocase; classtype:attempted-recon; sid:200004523; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseq5h3-5stw3bwnpoi6g-gfwcgej7q82incdm01dd1lf182iq/viewform",nocase; classtype:attempted-recon; sid:200004524; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseqdx2wgybdxlhascsuopq1xqsmwrxjf4erl_cpmvtt96dq_g/viewform",nocase; classtype:attempted-recon; sid:200004525; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlser-b6q--nvif2fj7nbn88dh8lj-s2yfbgjyuygwsacbhm6lw/viewform",nocase; classtype:attempted-recon; sid:200004526; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsesuqyiwovf64ujl8ewzqpw-vq7_ljhh96vouros2rqn1vunw/viewform",nocase; classtype:attempted-recon; sid:200004527; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseszgantjzuxgteg0dsiizzmadcwjbjqcsri5nidod2rd2_lg/viewform",nocase; classtype:attempted-recon; sid:200004528; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlset42bzecl3yrdnnffv6f7kecxpd1sy4rbh3h3govwg1k1z1w/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004529; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseumxp-wga1x873upqxmi_hx8nbbllh12zzmxia1xuqp2mgbq/viewform",nocase; classtype:attempted-recon; sid:200004530; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsevpkt1byhl-oqjptw8wbecnm7-iqnax-mz8zd-mxp0fol3jg/viewform",nocase; classtype:attempted-recon; sid:200004531; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsewr7-ksdpydhc1tv8tkcxrlad8zrf3q_uqt-rj9a_fmmzxya/viewform",nocase; classtype:attempted-recon; sid:200004532; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsewr7-ksdpydhc1tv8tkcxrlad8zrf3q_uqt-rj9a_fmmzxya/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004533; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsewymtg0_yxlw9-prz205ldklpt1q0_aklvlput4ndg_coetq/viewform",nocase; classtype:attempted-recon; sid:200004534; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsf-exsf9vm0rleksdp46wa2dfca3dhphayf4tl4rktjvmgguw/viewform",nocase; classtype:attempted-recon; sid:200004535; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsf32hx6ujsi_gqji38udpamxxxnhyrx8qhmqcqnteinj_0cmg/viewform",nocase; classtype:attempted-recon; sid:200004536; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsf43dgkrjoe0kbhyqzxvaswkmbstzlu6x-40xi-sxxgfevhww/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link",nocase; classtype:attempted-recon; sid:200004537; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsf9wlt_kxvre3b2hhpi0hcx4zia83c9bbkabo4w15nfekvwuw/viewform",nocase; classtype:attempted-recon; sid:200004538; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfacaqo8c7hsu7mr6zkbsfulv8m710ke2qna_7tyusomgmtjw/viewform",nocase; classtype:attempted-recon; sid:200004539; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfacaqo8c7hsu7mr6zkbsfulv8m710ke2qna_7tyusomgmtjw/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004540; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfanborkr2ivrhpsjdnvnb-jktwkjbuub3wnsxb-md7haddsq/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004541; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfbu-bfa-om2nk21gbc1gbbeoy4veybh7qcrj8jw7nwthmh_w/viewform",nocase; classtype:attempted-recon; sid:200004542; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfeoy_w3jwkkz8psgsw4nrja9tmg2lx0x0nvtmv38k0hjzzmq/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004543; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfgomlcpbyhodks1bwjmx6f5jr0tqwhngun_juf2qk0jp8dbq/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link",nocase; classtype:attempted-recon; sid:200004544; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfgrkvxsp4vv3h2jpge8n2rwi_acvt3o91y4av8-nbjpc0xxw/viewform?c=0&amp\;w=1",nocase; classtype:attempted-recon; sid:200004545; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfhzli805cycnlai887dfo6ra8bwbwjbc8uehmv5amiaqdbyq/viewform",nocase; classtype:attempted-recon; sid:200004546; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfjpx-sxpejnp_q2fmfu0jy8oqoesrx9wbrqplcychw9luupa/viewform",nocase; classtype:attempted-recon; sid:200004547; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfjsgjhbjke-mlmni8cfg1tacz-hdpvmy5j2br9upjr1f7nda/viewform",nocase; classtype:attempted-recon; sid:200004548; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfjsgjhbjke-mlmni8cfg1tacz-hdpvmy5j2br9upjr1f7nda/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004549; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfk9fn6xlhju27dzlzxp6nzvjlaqbtzb3uf20uakw6ddguvnw/viewform",nocase; classtype:attempted-recon; sid:200004550; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfk9fn6xlhju27dzlzxp6nzvjlaqbtzb3uf20uakw6ddguvnw/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004551; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfk9hpkld9-qwaxs8b0cpslaw2-oomu6bcwpxkmp-fo8kr3ew/viewform",nocase; classtype:attempted-recon; sid:200004552; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfksirdejkit-tdeiwrnkf00ygsqdsqth0hmwydiqdik10tna/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004553; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfnjyzbmw-pd1byw4b4opoksx2cealounsnhg5fjc3fk1qocq/viewform",nocase; classtype:attempted-recon; sid:200004554; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfnlsbejsiacubkj2geltmn7slefoweeczuagp3jfmfkijg4a/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004555; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsforgq2zksc0soenei1m7xcow9surjrynoh6ppsku6_kxvdpw/viewform?usp=sf_link",nocase; classtype:attempted-recon; sid:200004556; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfp1eukgsktriyraz2csynqwfwtv6ehlnbszu69dbxz9lirtq/viewform",nocase; classtype:attempted-recon; sid:200004557; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfp1eukgsktriyraz2csynqwfwtv6ehlnbszu69dbxz9lirtq/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004558; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfpvmlfha5uwdz_4bnvq19l2mctpltose6aszym6w9ls0hxza/viewform",nocase; classtype:attempted-recon; sid:200004559; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfqpqpbuxrrc0ubvtbrr86nxa4pt68zft0bm_2ufdvt1tzvuw/viewform",nocase; classtype:attempted-recon; sid:200004560; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfrzt6zpkhgtvzqutkypqtjffxaucn3evqpf6ytbqug3t41yw/viewform?usp=pp_urlorganization",nocase; classtype:attempted-recon; sid:200004561; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfsia_g4fb5yg_cu8fjuxcndbgqz1setzfedm0cw0eaonb57g/viewform?usp=sf_link",nocase; classtype:attempted-recon; sid:200004562; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsftriyys-rvphnbmh6v6lyimxjy3rpog8xvtb3v1agqhawiva/viewform?usp=sf_link",nocase; classtype:attempted-recon; sid:200004563; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfuzr1yx2exrzt3ysxszgcawjpp45t9gz3nqtkvhfqslxw_ig/viewform",nocase; classtype:attempted-recon; sid:200004564; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfvgwgijgampx2qfseard_pb2bcyonllojnjhrv9qxb8vpeva/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link",nocase; classtype:attempted-recon; sid:200004565; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfvgwgijgampx2qfseard_pb2bcyonllojnjhrv9qxb8vpeva/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link",nocase; classtype:attempted-recon; sid:200004566; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfvhavjlgw4__-x0qdg5tbot5uo9vkn4csn8mx3lpvkdah8ag/viewform",nocase; classtype:attempted-recon; sid:200004567; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfwbcfrxuktidm2ctjalngebxbx4k_dijxbekg2y-naausaqw/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link",nocase; classtype:attempted-recon; sid:200004568; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfwdsuczwrih_wnciwh_qjpg1v5p-qk8zyjjoccpbhmyeygrq/viewform",nocase; classtype:attempted-recon; sid:200004569; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfygwrauuzg0kcnd6w_s42qneyhqpha0zs1rift0akntmlugq/viewform",nocase; classtype:attempted-recon; sid:200004570; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfzhyjvw1nn6bvqhbwmd3rcrm6gukuzir5u9tmsszmcrr8nyw/viewform",nocase; classtype:attempted-recon; sid:200004571; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/presentation/d/e/2pacx-1vrp2k-b45tcwcadgwzkulyaqrs1f9vfjs3y19o6fs_7p34ymzwuascr7lkuijhc83-o6fmsbbvehcf2/pub?start=false&amp\;loop=false&amp\;delayms=3000&amp\;slide=id.p",nocase; classtype:attempted-recon; sid:200004572; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dodgersdigest.com",nocase; http_uri; content:"/wp-content/uploads/2013/12/thereal_dv",nocase; classtype:attempted-recon; sid:200004573; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/19zpw90jgon3j5merxi1pauvkjdmx8nfq/edit",nocase; classtype:attempted-recon; sid:200004574; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1bcdyitw2vo5jp6yrbdmiy8cfrkcf4tby/view?usp=drive_web",nocase; classtype:attempted-recon; sid:200004575; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1c5o9_y8_octsepwyojfarn1k-kj4d9fe",nocase; classtype:attempted-recon; sid:200004576; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1cppgzjnodnftsks_w82um_b_ctgzn-ah/edit",nocase; classtype:attempted-recon; sid:200004577; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1fdgs5g6fqqkudcl2meym63ua3yu0o-tb/view?usp=drive_web",nocase; classtype:attempted-recon; sid:200004578; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1fsvmjkcq7ennrsfdufkcxshfhnda_fui/view",nocase; classtype:attempted-recon; sid:200004579; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1ginbnlpvt7kpfnog9a68fqmn7k3aivui",nocase; classtype:attempted-recon; sid:200004580; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1hdvx7j89h5l7yz39idgzhqji93jnkl_c/view",nocase; classtype:attempted-recon; sid:200004581; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1jixb69t_nw9tmkhvfrejkfzof3d-ijet/view",nocase; classtype:attempted-recon; sid:200004582; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1jvfh6wq9ea9kxr1shhwbh3pecflqzppc/edit",nocase; classtype:attempted-recon; sid:200004583; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1mg5asnyoeet7qsg2n0d_2paxc3j7wx3k/edit",nocase; classtype:attempted-recon; sid:200004584; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1qf58h-1lunq1pubplwdhwd3uooj_vjxa/view",nocase; classtype:attempted-recon; sid:200004585; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1robiosanbh8doqa7yuiewn3akz4094ho/edit",nocase; classtype:attempted-recon; sid:200004586; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ecomcrew.staging.wpengine.com",nocase; http_uri; content:"/wp-content/plugins/alldomain/domain/dmain/index.php?i=i&amp\;0=abuse@optusnet.com.au",nocase; classtype:attempted-recon; sid:200004587; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ecusltd-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/angela_ure_ecusltd_co_uk/_layouts/15/wopiframe.aspx?guestaccesstoken=umwosbguhwaqic3hhtqfly7zjwf8oggrcn6d%2bggohoc%3d&docid=1_1956f6e254d71417a89981b2a1c8d0a99&wdformid=%7be61ca4f5-c461-425a-a52e-4598e7b699e5%7d&action=formsubmit&cid=4ab9a2a7-7cf4-43ae-8149-ffead8d66e7b",nocase; classtype:attempted-recon; sid:200004588; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eeverywhere-my.sharepoint.com",nocase; http_uri; content:"/personal/marco_eeverywhere_com/_layouts/15/onedrive.aspx?id=/personal/marco_eeverywhere_com/documents/documents&amp\;originalpath=ahr0chm6ly9lzxzlcnl3agvyzs1tes5zagfyzxbvaw50lmnvbs86zjovcc9tyxjjby9fcwhvbeq1x3hltknorzbdmdvvmgjvvujoy1z3b25futjvejhtlwxqrg9svwvrp3j0aw1lpvduaunytfu4mlvn",nocase; classtype:attempted-recon; sid:200004589; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eleoelswka.blogspot.com",nocase; http_uri; content:"/?m&#61\;0",nocase; classtype:attempted-recon; sid:200004590; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ersfilter-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=t6t%2fhn1dkbyhlyx%2beimbazufa43rrgz6%2faaaewnocdi%3d&docid=1_18168db23429e45f29fdf2e7be120efc4&wdformid=%7bb9970f62%2d44c3%2d4d09%2d9929%2d6e1eb652da57%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200004591; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ersfilter-my.sharepoint.com",nocase; http_uri; content:"/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=6ywmlbqi9%20sjfgzhadhvte2gyowjf83iqbjrjehik4s=&amp\;docid=1_135f7008dfbfa44e6b09dab0eb165b997&amp\;wdformid={e037f2d9-5daa-4916-ba03-eb11d0aa6dea}&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200004592; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ersfilter-my.sharepoint.com",nocase; http_uri; content:"/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=6ywmlbqi9%2bsjfgzhadhvte2gyowjf83iqbjrjehik4s%3d&docid=1_135f7008dfbfa44e6b09dab0eb165b997&wdformid=%7be037f2d9%2d5daa%2d4916%2dba03%2deb11d0aa6dea%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200004593; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eu.questionpro.com",nocase; http_uri; content:"/a/takesurvey?tt=/p9xlsw/pwa97qdwq8ubbg%3d%3d",nocase; classtype:attempted-recon; sid:200004594; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eu.questionpro.com",nocase; http_uri; content:"/t/ab3uufjzb3vk20",nocase; classtype:attempted-recon; sid:200004595; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eurobankovnikredit.com",nocase; http_uri; content:"/?fbclid=iwar3cu_8pblosqw-rwa7evcrs5jpl6zvzkou0qrf7vl9oqge4h2ctmcxrdyk",nocase; classtype:attempted-recon; sid:200004596; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"evernote.com",nocase; http_uri; content:"/shard/s339/client/snv?noteguid=f48e12fd-48da-e57f-8e76-cdf6e4054e1d&amp\;notekey=02a9fa6bd051dc6b4581ee3b617b3f88&amp\;sn=https://www.evernote.com/shard/s339/sh/f48e12fd-48da-e57f-8e76-cdf6e4054e1d/02a9fa6bd051dc6b4581ee3b617b3f88&amp\;title=optus%20webmail",nocase; classtype:attempted-recon; sid:200004597; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"evernote.com",nocase; http_uri; content:"/shard/s446/client/snv?noteguid=4dc119ab-57d6-b8e0-4fcb-c11c0a637b94&notekey=9ddb3753cb700b0c86a78176be71f4f5&sn=https%3a%2f%2fwww.evernote.com%2fshard%2fs446%2fsh%2f4dc119ab-57d6-b8e0-4fcb-c11c0a637b94%2f9ddb3753cb700b0c86a78176be71f4f5&title=you%2bhave%2breceived%2ban%2binvoice.",nocase; classtype:attempted-recon; sid:200004598; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"evernote.com",nocase; http_uri; content:"/shard/s446/sh/4dc119ab-57d6-b8e0-4fcb-c11c0a637b94/9ddb3753cb700b0c86a78176be71f4f5",nocase; classtype:attempted-recon; sid:200004599; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"everythingmobilelimited-my.sharepoint.com",nocase; http_uri; content:"/personal/jameswaterston_everythingmobilelimited_onmicrosoft_com/_layouts/15/onedrive.aspx",nocase; classtype:attempted-recon; sid:200004600; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"excelelectrical0-my.sharepoint.com",nocase; http_uri; content:"/personal/tim_hansen_excelelectrical_com/_layouts/15/onedrive.aspx?id=/personal/tim_hansen_excelelectrical_com/documents/open%20to%20view%20shared%20document%20in%20hitech%20sharepoint&amp\;originalpath=ahr0chm6ly9legnlbgvszwn0cmljywwwlw15lnnoyxjlcg9pbnquy29tlzpmoi9nl3blcnnvbmfsl3rpbv9oyw5zzw5fzxhjzwxlbgvjdhjpy2fsx2nvbs9fa2zoazdydndfaettvl9pwulkctdzmejlveeyr3awzwjnsdfkrgdjrfdfttznp3j0aw1lpunrvevzrwxcmlvn",nocase; classtype:attempted-recon; sid:200004601; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exch.quantserve.com",nocase; http_uri; content:"/r?us_privacy=&amp\;a=p-w_ayumw3pzr2w&amp\;labels=_qc.clk,_click.adserver.rtb,_click.rand.60541&amp\;rtbip=192.184.70.137&amp\;rtbdata2=eaaaiencvf9odwdnzxrzx1e0mjfftwfuywdlzf9tzxj2awnlimofncj-jtiws_b-ohnodhrwczovl3d3dy5syxcuy29twihbt0llsefpmvdcvwi0vmdxvi1julfbztjdullinvfzuuitwjdutjfpdu3bfukaayfd3aqeoaebqahv4fyeugeawahq-aniadv5u4til9obfllxavhtz0fpaghnqs1sufktuvntqkhlaarzydroawsyaviznracclocbmc4ronaagliagdqas7hhvv4n_fmqqhgagdoagd4agckaxywlnb1yi0xmjyxotkyndq0odazodc1mamaqamasgmejmh7angd_dgd4gmpcc13x0fzdu13m1baujj36gmfcngfefryawu5mjeymfgdaiaeayoedxf1yw50y2fzdc1xyzhybajvuw&amp\;redirecturl3=https://www.cbtnuggets.com/?utm_source=quantcast&amp\;utm_medium=prospecting&amp\;utm_campaign=general_us&amp\;utm_term=testimonial&amp\;qc_campaign=cbt_nuggets_q421_managed_service&amp\;qc_adid=2078771",nocase; classtype:attempted-recon; sid:200004602; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exchange4free.com",nocase; http_uri; content:"/remote/mandate/4jya9anuerrpmikrph7-j5pl9nyz_uw1bc7q1vvmmhw",nocase; classtype:attempted-recon; sid:200004603; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"explorebathurst.com.au",nocase; http_uri; content:"/rrefeeieoj.html?erectrcsq@*cthiytvcdx$zsxycuikjmkjivee$terdtygjyvtrre",nocase; classtype:attempted-recon; sid:200004604; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fbapps.milestoneinternet.com",nocase; http_uri; content:"/gvrmpushnotification/nbproject/private/fbapps/melis/",nocase; classtype:attempted-recon; sid:200004605; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fclighting.sharepoint.com",nocase; http_uri; content:"/:x:/r/customercare/_layouts/15/wopiframe.aspx?guestaccesstoken=ce%2fd5uzxeu8hlntd6e5v18nttv4whxgmlwyudt4igom%3d&docid=1_1eb5df03726a240859b223a44b8b16724&wdformid=%7bb8008e00-21bc-4a4a-91dc-1e1b63610c96%7d&action=formsubmit&cid=c766f7bd-9562-4c9e-a9b0-75cf38b33e48",nocase; classtype:attempted-recon; sid:200004606; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"feeds.feedburner.com",nocase; http_uri; content:"/investorway",nocase; classtype:attempted-recon; sid:200004607; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ferferfccezs.blogspot.com",nocase; http_uri; content:"//?m=0",nocase; classtype:attempted-recon; sid:200004608; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ferferfrefe.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004609; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fifit.co.uk",nocase; http_uri; content:"/jelxwqrcrvhj&amp\;ijosing&amp\;kontakt@wmb-walther.de.html",nocase; classtype:attempted-recon; sid:200004610; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"files.fm",nocase; http_uri; content:"/f/75h75hd7v",nocase; classtype:attempted-recon; sid:200004611; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/biyugbhiuhgy7o900-h9oh98h9-987.appspot.com/o/vnmbvuyt8-8y98yh0%3d890y8iuh9yyh%2f5rtyfghtfyu67-9876trfc%3d9ygv.htm?alt=media&amp\;token=dce6f041-19ff-4e8a-8012-1cfdac4cf369#bv@pplsi.com",nocase; classtype:attempted-recon; sid:200004612; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/dr-clin-c4f68.appspot.com/o/drweb.html?alt=media&amp\;token=09293ba9-0738-41ea-9cf3-67cb43af2b88&amp\;x=famacas-cfa0appspotappspotmacas-macas-vfwefsaxsppspotcfa0ps&amp\;prox=p2000isolation@aaa.kr",nocase; classtype:attempted-recon; sid:200004613; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/dr-clin-c4f68.appspot.com/o/drweb.html?alt=media&amp\;token=09293ba9-0738-41ea-9cf3-67cb43af2b88&amp\;x=famacas-cfa0appspotappspotmacas-macas-vfwefsaxsppspotcfa0ps&amp\;prox=yourname@yourcompany.com",nocase; classtype:attempted-recon; sid:200004614; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/goo2-ac630.appspot.com/o/goo%20(2).html?alt=media&amp\;token=2d1281a2-3364-420f-a3b5-c693b7bda1f2#a@b.com",nocase; classtype:attempted-recon; sid:200004615; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/macryti-109.appspot.com/o/kp-oe0%2fbtt-hash.html?alt=media&amp\;token=02abe8bd-5141-4b5a-a7d4-08120e5f43dd#choiteng@motenghaiplc.com",nocase; classtype:attempted-recon; sid:200004616; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/ntachi-e1dbe.appspot.com/o/hgigieiciejceinhviejrie95489349%20(19).html?alt=media&amp\;token=5901e369-e71e-416b-9688-b21c62e31587#m.couvee@colasit.nl",nocase; classtype:attempted-recon; sid:200004617; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/odrv-3c4a4.appspot.com/o/index1.html?alt=media&amp\;token=11958c2a-34a6-4ed1-a1b5-081ec066cb95&amp\;data=zxzhbi5ncmvzagftqg1py2hlbglulmnvbq==",nocase; classtype:attempted-recon; sid:200004618; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/outlook-4c0f2.appspot.com/o/books%2fwebmail.htm?alt=media&amp\;token=216401d2-aba7-42f4-8fd5-9b672cade830#abuse@optusnet.com.au",nocase; classtype:attempted-recon; sid:200004619; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/outlook-4c0f2.appspot.com/o/books%2fwebmail.htm?alt=media&amp\;token=216401d2-aba7-42f4-8fd5-9b672cade830#tiekimas@tidlo.lt",nocase; classtype:attempted-recon; sid:200004620; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/rei-rezuio-rexire-565.appspot.com/o/%40%40%40indexv-vb-vau-ry-8%252fbv-yu-er-8f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%20-%20copy.html?alt=media&amp\;token=da92acdd-870d-4049-b9ac-f0d373777f06#info@legalshield.com",nocase; classtype:attempted-recon; sid:200004621; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/rei-rezuio-rexire-565.appspot.com/o/%40%40%40indexv-vb-vau-ry-8%252fbv-yu-er-8f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%20-%20copy.html?alt=media&amp\;token=da92acdd-870d-4049-b9ac-f0d373777f06#support@legalshieldcorp.com",nocase; classtype:attempted-recon; sid:200004622; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/rned-a824v.appspot.com/o/gen%252findex2oli.html?alt=media&amp\;token=828c2259-c86f-442e-91a0-8d43a1fe7d8b#abuse@optusnet.com.au",nocase; classtype:attempted-recon; sid:200004623; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/tei-neriou-reuix-678.appspot.com/o/%40%40%40indexv-vb-veu-ry-8%25433%2569.html?alt=media&amp\;token=6b0a9c43-8711-491b-9f40-50ad280ffb32#ggradnigo@prepaidlegal.com",nocase; classtype:attempted-recon; sid:200004624; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flavena.co.rs",nocase; http_uri; content:"/mc.html",nocase; classtype:attempted-recon; sid:200004625; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flow.page",nocase; http_uri; content:"/btinternetwebmail",nocase; classtype:attempted-recon; sid:200004626; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flow.page",nocase; http_uri; content:"/bttelecoommunication",nocase; classtype:attempted-recon; sid:200004627; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flow.page",nocase; http_uri; content:"/hdhdhdeue",nocase; classtype:attempted-recon; sid:200004628; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flow.page",nocase; http_uri; content:"/hjbsvjhfb",nocase; classtype:attempted-recon; sid:200004629; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flow.page",nocase; http_uri; content:"/jhgcfghj",nocase; classtype:attempted-recon; sid:200004630; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flow.page",nocase; http_uri; content:"/mnkpo",nocase; classtype:attempted-recon; sid:200004631; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flow.page",nocase; http_uri; content:"/nicszdbaiodi",nocase; classtype:attempted-recon; sid:200004632; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flowcode.com",nocase; http_uri; content:"/p/vf7vfv9ky?fc=0",nocase; classtype:attempted-recon; sid:200004633; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flowcode.com",nocase; http_uri; content:"/page/btinternetwebmail",nocase; classtype:attempted-recon; sid:200004634; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flowcode.com",nocase; http_uri; content:"/page/btisojtuf",nocase; classtype:attempted-recon; sid:200004635; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flowcode.com",nocase; http_uri; content:"/page/bttelecommunicaation",nocase; classtype:attempted-recon; sid:200004636; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flowcode.com",nocase; http_uri; content:"/page/bttelecoommunication",nocase; classtype:attempted-recon; sid:200004637; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flowcode.com",nocase; http_uri; content:"/page/hjbsvjhfb",nocase; classtype:attempted-recon; sid:200004638; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flowcode.com",nocase; http_uri; content:"/page/mnkpo",nocase; classtype:attempted-recon; sid:200004639; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/1mqqu8exzgpptqpl8",nocase; classtype:attempted-recon; sid:200004640; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/3cyoxmwxqkbfpt2v5",nocase; classtype:attempted-recon; sid:200004641; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/8epxhwdapiab7mfw7",nocase; classtype:attempted-recon; sid:200004642; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/9bwawhpz5vi7ilpe6",nocase; classtype:attempted-recon; sid:200004643; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/akohiguxjs9wlpu28?sllqm",nocase; classtype:attempted-recon; sid:200004644; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/b7lqaal42juffiw1a",nocase; classtype:attempted-recon; sid:200004645; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/bfz2l7i3wvrp5heb9",nocase; classtype:attempted-recon; sid:200004646; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/dncj4btc56n1n71n8",nocase; classtype:attempted-recon; sid:200004647; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/edtu6r7rqxqyegcf6",nocase; classtype:attempted-recon; sid:200004648; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/egj66jkgwkcd3aat8",nocase; classtype:attempted-recon; sid:200004649; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/eozlrnnf7jh84xdp8",nocase; classtype:attempted-recon; sid:200004650; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/fzlons3fgnjdqdd19?omgbfzrazhlppbtx",nocase; classtype:attempted-recon; sid:200004651; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/goerpntl5tfeumdz6",nocase; classtype:attempted-recon; sid:200004652; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/gr4b9sxradtcj7or7",nocase; classtype:attempted-recon; sid:200004653; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/guptjarp2xatzbvo8",nocase; classtype:attempted-recon; sid:200004654; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/iai7pzm4pxyb145i9",nocase; classtype:attempted-recon; sid:200004655; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/jnkkauxwwbfhtuqz9?hkgotygikyoujp",nocase; classtype:attempted-recon; sid:200004656; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/jzxtb9auexgjcewfa",nocase; classtype:attempted-recon; sid:200004657; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/kehch96avaku7oey7?akowgmooutpwa",nocase; classtype:attempted-recon; sid:200004658; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/nvljeb1quzaovd8u5",nocase; classtype:attempted-recon; sid:200004659; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/puadbxscibgw5ma79?xfccuwmmhgwrwztd",nocase; classtype:attempted-recon; sid:200004660; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/qhwastfqxg1yehi77",nocase; classtype:attempted-recon; sid:200004661; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/qzopkn9aj2gzaw2g6",nocase; classtype:attempted-recon; sid:200004662; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/ruaxzqjjzghi8rar9",nocase; classtype:attempted-recon; sid:200004663; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/rwpcmhm8vtfa7f4m8",nocase; classtype:attempted-recon; sid:200004664; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/sj21ehdebhkcpvfv6",nocase; classtype:attempted-recon; sid:200004665; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/smufgmyhduckbq6ka?fjxhgyroek",nocase; classtype:attempted-recon; sid:200004666; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/uqzzznxv4cfhu3yr9",nocase; classtype:attempted-recon; sid:200004667; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/v5xtnywt5s6zvpp27",nocase; classtype:attempted-recon; sid:200004668; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/v7k2chwbcca59vz27",nocase; classtype:attempted-recon; sid:200004669; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/w6uh9p66tdq6l1m66",nocase; classtype:attempted-recon; sid:200004670; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/x3aasffazsrl8pcr9",nocase; classtype:attempted-recon; sid:200004671; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/x8hybjggubfftabw8",nocase; classtype:attempted-recon; sid:200004672; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/xxccjhuzjtg4pr3y8",nocase; classtype:attempted-recon; sid:200004673; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/xxjqmu6luzkpnalg6",nocase; classtype:attempted-recon; sid:200004674; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/yfxkceytox2zuyvb6",nocase; classtype:attempted-recon; sid:200004675; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.office.com",nocase; http_uri; content:"/pages/responsepage.aspx?id=60hhzfbtoe-qdzpnyrluyo-ivxb0mexgqufvg5tcyifunzg5uknzne1irjzvt1y3slewrepwnflmvs4u",nocase; classtype:attempted-recon; sid:200004676; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.office.com",nocase; http_uri; content:"/pages/responsepage.aspx?id=dqsikwdsw0yxejajblztrqaaaaaaaaaaaao__tdasqlurfrqmjzxneyxn0g3vexutfvzq0mztu9fms4u",nocase; classtype:attempted-recon; sid:200004677; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.office.com",nocase; http_uri; content:"/pages/responsepage.aspx?id=dqsikwdsw0yxejajblztrqaaaaaaaaaaaao__thg5xvuodnbwtvytzhwwdnctknvovo4tldctexmvi4u",nocase; classtype:attempted-recon; sid:200004678; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.office.com",nocase; http_uri; content:"/pages/responsepage.aspx?id=jrbxvx3x9keewcq72hm6fnkqekonandcsjd9av060h5urepumvvgmks2te41rfewmlletulvufnuqy4u",nocase; classtype:attempted-recon; sid:200004679; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fra1.digitaloceanspaces.com",nocase; http_uri; content:"/gmaingt/server.html",nocase; classtype:attempted-recon; sid:200004680; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"frdezeredaresafin.blogspot.com",nocase; http_uri; content:"/?m&#61\;0",nocase; classtype:attempted-recon; sid:200004681; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fredsamasont.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004682; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go.skimresources.com",nocase; http_uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fewn4zq5fegh6bf3qpasy44v&amp\;persistence=1&amp\;checksum=3d7975c121a1d514f1b3a9facb177a78f25e1326da6497ae9cf35e33ba436119",nocase; classtype:attempted-recon; sid:200004683; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go.skimresources.com",nocase; http_uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fewn4zx501vbg1xj6vr2hk10&amp\;persistence=1&amp\;checksum=fc555be29c86e6e13177069b7632770b2cb9f30b36d229624f37be1cb2475704",nocase; classtype:attempted-recon; sid:200004684; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go.skimresources.com",nocase; http_uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fexfpq10qje7acrftnz6v4zb&amp\;persistence=1&amp\;checksum=5916a09fb5c03e4187a58ae7221dbc20e8568b5840df4b6f3eb57227975bd2ce",nocase; classtype:attempted-recon; sid:200004685; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go.skimresources.com",nocase; http_uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fey1pewqgha9bqebgbvwe95n&amp\;persistence=1&amp\;checksum=3fefba73b68799e5152bf7031ce8a7b1a300456243ee123a27f6efca31d9f055",nocase; classtype:attempted-recon; sid:200004686; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go.skimresources.com",nocase; http_uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fez46yyrvh6f0bbehn8h419h&amp\;persistence=1&amp\;checksum=069f46345ac935567ad562a3d64a332066064c97f8feae803d555f9cc820c561",nocase; classtype:attempted-recon; sid:200004687; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go.skimresources.com",nocase; http_uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fezncfbjbj86yneatjn0qvt4&amp\;persistence=1&amp\;checksum=8142350e161acc6cb246be1d05d596973a1d3ac50af1f3594ee9ea462c87a4ef",nocase; classtype:attempted-recon; sid:200004688; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go.skimresources.com",nocase; http_uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01ff06m6n2q43m6zcaqrh8xpm2&amp\;persistence=1&amp\;checksum=26e140f8abae23dd0c8dd547390a4deb9fc54b1acf3539d8aa44fb19e04902ef",nocase; classtype:attempted-recon; sid:200004689; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go.skimresources.com",nocase; http_uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01ff0qxy635yfpkrdaxav47j5k&amp\;persistence=1&amp\;checksum=cb2e0f7328d6ffea0e15a24046095a0bb98d27d4488e822bea4b181763f2eb0b",nocase; classtype:attempted-recon; sid:200004690; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"golfloslagos.com",nocase; http_uri; content:"/wp-includes/js/thickbox/connexion/connexion/app/cdn/?fmfcgzgljlrvjdlwthjpssjfsnvbwgbbfmfcgzgljltdnhmxflbfwpzhjxchnhhqfmfcgzgkzqqhdhckrlvrtkvlbxfdwlclfmfcgzgkzqqhdhckrlvrtkvlbxfdwlclfmfcgzgkzqqhdhckrlvrtkvlbxfdwlcl",nocase; classtype:attempted-recon; sid:200004691; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"google.com",nocase; http_uri; content:"/url?q=http%3a%2f%2fbit.do%2ffr6ci&sa=d&sntz=1&usg=afqjcne7joz-iz-adrzkrxcihj8t9fs9qw",nocase; classtype:attempted-recon; sid:200004692; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"google.com",nocase; http_uri; content:"/url?q=http%3a%2f%2fbit.do%2ffsgjq&amp\;sa=d&amp\;sntz=1&amp\;usg=afqjcngvqc30z-4hiaizv03gpwblwu3vnw",nocase; classtype:attempted-recon; sid:200004693; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"google.com",nocase; http_uri; content:"/url?q=http://srv-auth.web.app/upd/index.html%23%5b%5b-email-%5d%5d&amp\;source=gmail&amp\;ust=1607952068298000&amp\;usg=afqjcnet34jepejaewvja8unv7ycds1vjg",nocase; classtype:attempted-recon; sid:200004694; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"google.com",nocase; http_uri; content:"/url?q=https://393512dfd8544c98be9a40f2f67df8bd.svc.dynamics.com/t/r/a7uua5shyiplufx4zj7f6u2clgtguiagoxngfoio4am?clientid%3d70000%23%5bemail%5d%2b00-70000&amp\;source=gmail&amp\;ust=1636719774661000&amp\;usg=aovvaw2fsk8htfwhsfqapvbu674n",nocase; classtype:attempted-recon; sid:200004695; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"google.com",nocase; http_uri; content:"/url?q=https://passionfruit4576261.brizy.site/&amp\;source=gmail&amp\;ust=1608664764243000&amp\;usg=afqjcnghljnr1tyn8j4c1ijid09ra9ehdq",nocase; classtype:attempted-recon; sid:200004696; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"google.com",nocase; http_uri; content:"/url?q=https://us4-usndr.com/ru/mail_link_tracker?hash%3d6k5ar5ciusdx1q1tdgm8atcrexmonyy3xdfiogu7zr6gb6gtthpqk7fm8tz4gzkjftg9oouu31eqdro67dtgwnn5x1p3ziiieq8rykja%26url%3dahr0chm6ly90lm1ll2fhegnvbw11bml0eq~~%26uid%3dndmwndy3nw~~%26ucs%3dd93ed45d47070739243d9b678dd03e93&amp\;source=gmail&amp\;ust=1607288611770000&amp\;usg=afqjcngo5kdwx08p-bg6mzdtluzdjhtzxw",nocase; classtype:attempted-recon; sid:200004697; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"googleweblight.com",nocase; http_uri; content:"/fp?u=https://tinyurl.com/32xz989f&grqid=zbk35vud&s=1&hl=id-id",nocase; classtype:attempted-recon; sid:200004698; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"googleweblight.com",nocase; http_uri; content:"/i?u=a894ec7f.46t33454t4.pages.dev?user=masoli@legalshieldassociate.com",nocase; classtype:attempted-recon; sid:200004699; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"googleweblight.com",nocase; http_uri; content:"/i?u=b4e921f0.sso-mailsrvr-4344e5teed.pages.dev?user=abuse@gmail.com",nocase; classtype:attempted-recon; sid:200004700; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gormanusa-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/tspencer_gormanusa_com/_layouts/15/wopiframe.aspx?guestaccesstoken=wgfwcmmssvdsofa7ljviwaj85tleclug2xbvoqwlmp0%3d&amp\;docid=1_12424441d8c29412bb868684e5cb74e47&amp\;wdformid=%7b992e319a%2dbe72%2d460b%2db6b4%2d2d3fcf789fc5%7d&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200004701; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gradcracker.com",nocase; http_uri; content:"/out/408?jobid=29207&u=princed.de?id=8400239909",nocase; classtype:attempted-recon; sid:200004702; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hafslundno.blogspot.com",nocase; http_uri; content:"/2021/12/hafslund.html",nocase; classtype:attempted-recon; sid:200004703; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/1kzic",nocase; classtype:attempted-recon; sid:200004704; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/4ds15",nocase; classtype:attempted-recon; sid:200004705; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/6qnhc",nocase; classtype:attempted-recon; sid:200004706; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/dghpp",nocase; classtype:attempted-recon; sid:200004707; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/f1itl",nocase; classtype:attempted-recon; sid:200004708; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/fmjiu",nocase; classtype:attempted-recon; sid:200004709; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/g9yl5",nocase; classtype:attempted-recon; sid:200004710; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/i51rh",nocase; classtype:attempted-recon; sid:200004711; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/lmiyt",nocase; classtype:attempted-recon; sid:200004712; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/m8ikv",nocase; classtype:attempted-recon; sid:200004713; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/o0ugq",nocase; classtype:attempted-recon; sid:200004714; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/ta0lq",nocase; classtype:attempted-recon; sid:200004715; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/ue2ho",nocase; classtype:attempted-recon; sid:200004716; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/urq2m",nocase; classtype:attempted-recon; sid:200004717; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/vfywl",nocase; classtype:attempted-recon; sid:200004718; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/w27iz",nocase; classtype:attempted-recon; sid:200004719; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/xegru",nocase; classtype:attempted-recon; sid:200004720; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/zlbow",nocase; classtype:attempted-recon; sid:200004721; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hangovertest1.blogspot.com",nocase; http_uri; content:"/2021/12/window.html",nocase; classtype:attempted-recon; sid:200004722; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"heaterintwintersz.ams3.digitaloceanspaces.com",nocase; http_uri; content:"/yuhgbfvdfvbtytrvdfbgt.html",nocase; classtype:attempted-recon; sid:200004723; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hm.ru",nocase; http_uri; content:"/mz4yho",nocase; classtype:attempted-recon; sid:200004724; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"homeentertainmentexpo.com",nocase; http_uri; content:"/zeland.html",nocase; classtype:attempted-recon; sid:200004725; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"house18.info",nocase; http_uri; content:"/themes/engines/ira.xml",nocase; classtype:attempted-recon; sid:200004726; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hpnepgnmwrgdrrsdshzrvyirlx-dot-gl44393333333.rj.r.appspot.com",nocase; http_uri; content:"/''''''''''''''''''''''''''''''''/",nocase; classtype:attempted-recon; sid:200004727; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"href.li",nocase; http_uri; content:"/?https://trimurl.co/0wsx7z",nocase; classtype:attempted-recon; sid:200004728; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"href.li",nocase; http_uri; content:"/?https://www.rkat2.2r-p.xyz/",nocase; classtype:attempted-recon; sid:200004729; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"href.li",nocase; http_uri; content:"/?https://ykm.de/f4b990c239777330",nocase; classtype:attempted-recon; sid:200004730; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"href.li?https:",nocase; http_uri; content:"//ykm.de/f4b990c239777330",nocase; classtype:attempted-recon; sid:200004731; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ht.ly",nocase; http_uri; content:"/hgav30ruohf",nocase; classtype:attempted-recon; sid:200004732; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ht.ly",nocase; http_uri; content:"/shoh30rwmdj?10/13/2021",nocase; classtype:attempted-recon; sid:200004733; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"i-m.mx",nocase; http_uri; content:"/ebuse/servic",nocase; classtype:attempted-recon; sid:200004734; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"i-m.mx",nocase; http_uri; content:"/webaccountupdate/stockholmsuniversitet/",nocase; classtype:attempted-recon; sid:200004735; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ifyufyujk.quip.com",nocase; http_uri; content:"/mdkea5ckpozm/click-here-to-start",nocase; classtype:attempted-recon; sid:200004736; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"igsasso-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/pginet_groupe-igs_fr/_layouts/15/wopiframe.aspx?guestaccesstoken=o1ljzjnq70g8yg6w%2fce3ec9zu3%2bg6ck6ibkmhwt3wl0%3d&amp\;docid=1_1c2a91e87cc7a4ffb85611d8ebf31f653&amp\;wdformid=%7bcdf56303%2d9250%2d4cf1%2d8370%2db3f9a84cd714%7d&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200004737; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"im-creator.com",nocase; http_uri; content:"/free/4t6u/bt",nocase; classtype:attempted-recon; sid:200004738; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"im-creator.com",nocase; http_uri; content:"/free/kennymoore12/btinternet",nocase; classtype:attempted-recon; sid:200004739; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"im-creator.com",nocase; http_uri; content:"/free/kfouo/btcommmms",nocase; classtype:attempted-recon; sid:200004740; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"im-creator.com",nocase; http_uri; content:"/free/msw0rd/att_word",nocase; classtype:attempted-recon; sid:200004741; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"im-creator.com",nocase; http_uri; content:"/viewer/vbid-fa0f29d5-fpsjmms8",nocase; classtype:attempted-recon; sid:200004742; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"imagematch300.com",nocase; http_uri; content:"/survey/27415/source=39-4621",nocase; classtype:attempted-recon; sid:200004743; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"imcreator.com",nocase; http_uri; content:"/viewer/vbid-fa0f29d5-fpsjmms8",nocase; classtype:attempted-recon; sid:200004744; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"improvproject.com",nocase; http_uri; content:"/appmanager/renouvellement-automatique-obligatoire/ovh/managerweb-ovhdepartmenttechniqueovh/web.index.html5400configuration_hosting_database/web-ovh/vh/?user-agent=mozilla/5.0+(windows+nt+10.0\;+win64\;+x64)+applewebkit/537.36+(khtml,+like+gecko)+chrome/86.0.4240.75+safari/537.36",nocase; classtype:attempted-recon; sid:200004745; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"imxprs.com",nocase; http_uri; content:"/free/emailupdatee/owaweb",nocase; classtype:attempted-recon; sid:200004746; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"imxprs.com",nocase; http_uri; content:"/free/outlookwebaccessupgrade/outlookwebaccessupgrade",nocase; classtype:attempted-recon; sid:200004747; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"imxprs.com",nocase; http_uri; content:"/free/webmaiil/accounttportal",nocase; classtype:attempted-recon; sid:200004748; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"insurance2019.moneynet.com.tw",nocase; http_uri; content:"/wp-admin/maint/?hash=a2fyaw5hywxtzwlkyxjpymvpcm9aag90bwfpbc5jb20=",nocase; classtype:attempted-recon; sid:200004749; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"is.gd",nocase; http_uri; content:"/areawebmps",nocase; classtype:attempted-recon; sid:200004750; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"is.gd",nocase; http_uri; content:"/clnhxv",nocase; classtype:attempted-recon; sid:200004751; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"is.gd",nocase; http_uri; content:"/t1xeia",nocase; classtype:attempted-recon; sid:200004752; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"j.mp",nocase; http_uri; content:"/34vpnqn?muriitya",nocase; classtype:attempted-recon; sid:200004753; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"j.mp",nocase; http_uri; content:"/3arx6oo",nocase; classtype:attempted-recon; sid:200004754; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"j.mp",nocase; http_uri; content:"/3gydg8x?/supporrecovery",nocase; classtype:attempted-recon; sid:200004755; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"j.mp",nocase; http_uri; content:"/3i22f5g?jnlope",nocase; classtype:attempted-recon; sid:200004756; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"j.mp",nocase; http_uri; content:"/3kkkf0n",nocase; classtype:attempted-recon; sid:200004757; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jobtima.com",nocase; http_uri; content:"/wp-content/themes/swww04/?key=azhoi,email={email}",nocase; classtype:attempted-recon; sid:200004758; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jtbtigers.com",nocase; http_uri; content:"/65g2g",nocase; classtype:attempted-recon; sid:200004759; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"k12inc-my.sharepoint.com",nocase; http_uri; content:"/personal/jdonahue_k12_com/_layouts/15/wopiframe.aspx?guestaccesstoken=jxndynkzmynao0nofzmhz4t%2fk%2br%2fg7qir2agrjo42ha%3d&docid=1_12252b23331654ef4bf8ef978a8eb83ee&wdformid=%7b2711d93c%2d7591%2d4baa%2db377%2dcf40ba8c7343%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200004760; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kutt.it",nocase; http_uri; content:"/c07czi",nocase; classtype:attempted-recon; sid:200004761; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kutt.it",nocase; http_uri; content:"/l3leph",nocase; classtype:attempted-recon; sid:200004762; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l.wl.co",nocase; http_uri; content:"/l?u=https://claimthirdpaymnet.page.link/mvfa?trackingid=4rcleqvo&signature=newsletter",nocase; classtype:attempted-recon; sid:200004763; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l.wl.co",nocase; http_uri; content:"/l?u=https://claimthirdpaymnet.page.link/mvfa?trackingid=xx6dnmzz&signature=newsletter",nocase; classtype:attempted-recon; sid:200004764; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l.wl.co",nocase; http_uri; content:"/l?u=https://is.gd/f0iqhg?trackingid=kzg8g3od&signature=newsletter",nocase; classtype:attempted-recon; sid:200004765; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l.wl.co",nocase; http_uri; content:"/l?u=https://is.gd/vohpj6?trackingid=rt6fxwgl&signature=newsletter",nocase; classtype:attempted-recon; sid:200004766; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l.wl.co",nocase; http_uri; content:"/l?u=https://parg.co/bewg?trackingid=egqfrhlp&signature=newsletter",nocase; classtype:attempted-recon; sid:200004767; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l.wl.co",nocase; http_uri; content:"/l?u=https://submit.irs.completeyourdata.info/?claim",nocase; classtype:attempted-recon; sid:200004768; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l.wl.co",nocase; http_uri; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=cvhzehjl&signature=newsletter",nocase; classtype:attempted-recon; sid:200004769; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l.wl.co",nocase; http_uri; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=nwb0pxlg&signature=newsletter",nocase; classtype:attempted-recon; sid:200004770; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l.wl.co",nocase; http_uri; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=wqdypvka&signature=newsletter",nocase; classtype:attempted-recon; sid:200004771; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lifeiswhatyoumakeofit.com",nocase; http_uri; content:"/match_login/match.com/match/login1876.html",nocase; classtype:attempted-recon; sid:200004772; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lihi1.cc",nocase; http_uri; content:"/fqg9x",nocase; classtype:attempted-recon; sid:200004773; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lihi1.cc",nocase; http_uri; content:"/uh2xv",nocase; classtype:attempted-recon; sid:200004774; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkedin.com",nocase; http_uri; content:"/slink?code=ek5cbk8g",nocase; classtype:attempted-recon; sid:200004775; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkprotect.cudasvc.com",nocase; http_uri; content:"/url?a=https://u25098085.ct.sendgrid.net/ls/click?upn=4o0yybebwwobmwye6nfxf74k9v8ctniui1j2zge2nz95e9lyg4bkzyeqhmb7dtwcz7ioun-2bn1j8mpzi-2fpiiskt0bhpz08nwukegu0uqqki2h1s5yghctgcifqu-2bw1xclixrd_0qvnbxqwscekttpgl5skkts6yu-2batmdqkyh3bke4v1frfd55qka72zddyevzyat2nxv1k3yz6k8mwivrnsgvysy0wagfn8g5lfrsekexaptnpwfu0cediip-2bx7vwnyo9s20tqt2-2bj-2bvkbnfrh9uuad9j9stqo-2bcbol-2fjxsacxht5mztqgwx1c5d6x4fkpu32hmnetd1eimxhhfmzkxiukogw4aalovfcjsym0u8gjpy-3d&amp\;c=e,1,2vluk9dfc0eb8l7-rios2j4nvvlmg8fu0rs0_haoaqpf_7ary6vt_oiimum26g-03mgzmsvdmzlfwohfhlogn3z77jluyi415qw9iw3dptggs_9sfqsq4a,,&amp\;typo=1",nocase; classtype:attempted-recon; sid:200004776; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkr.bio",nocase; http_uri; content:"/2oj172",nocase; classtype:attempted-recon; sid:200004777; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkr.bio",nocase; http_uri; content:"/5254ov",nocase; classtype:attempted-recon; sid:200004778; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkr.bio",nocase; http_uri; content:"/9o5vz8",nocase; classtype:attempted-recon; sid:200004779; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkr.bio",nocase; http_uri; content:"/attservice365",nocase; classtype:attempted-recon; sid:200004780; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkr.bio",nocase; http_uri; content:"/bt.home",nocase; classtype:attempted-recon; sid:200004781; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkr.bio",nocase; http_uri; content:"/btinternet",nocase; classtype:attempted-recon; sid:200004782; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkr.bio",nocase; http_uri; content:"/w1vl9o",nocase; classtype:attempted-recon; sid:200004783; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/attmailserver",nocase; classtype:attempted-recon; sid:200004784; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/attonlineservice",nocase; classtype:attempted-recon; sid:200004785; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/attverificationpro",nocase; classtype:attempted-recon; sid:200004786; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/btinternettt",nocase; classtype:attempted-recon; sid:200004787; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/d.emery1",nocase; classtype:attempted-recon; sid:200004788; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/dannygeez",nocase; classtype:attempted-recon; sid:200004789; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/feetesuqshailhkaia",nocase; classtype:attempted-recon; sid:200004790; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/ftggtgrtt",nocase; classtype:attempted-recon; sid:200004791; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/keedkudi",nocase; classtype:attempted-recon; sid:200004792; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/mobicomgb",nocase; classtype:attempted-recon; sid:200004793; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/nbvkl",nocase; classtype:attempted-recon; sid:200004794; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/plkjh",nocase; classtype:attempted-recon; sid:200004795; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/pubgxmetrodus",nocase; classtype:attempted-recon; sid:200004796; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/savermail.yahoo",nocase; classtype:attempted-recon; sid:200004797; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/service.orange",nocase; classtype:attempted-recon; sid:200004798; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/teccalicious",nocase; classtype:attempted-recon; sid:200004799; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/yah00nccx",nocase; classtype:attempted-recon; sid:200004800; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"livenmitac-my.sharepoint.com",nocase; http_uri; content:"/personal/czarina-cabalza_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=bcxwl3a7ttskgw2polh3cucg2dfe77pbj2gkmixkizs%3d&docid=1_1b87bddf46e1144efadb39c587acdadae&wdformid=%7b5b4e96cf%2d1bcd%2d468f%2da845%2d09b4d8027bc2%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200004801; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"livenmitac-my.sharepoint.com",nocase; http_uri; content:"/personal/czarina-cabalza_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=bcxwl3a7ttskgw2polh3cucg2dfe77pbj2gkmixkizs=&amp\;docid=1_1b87bddf46e1144efadb39c587acdadae&amp\;wdformid={5b4e96cf-1bcd-468f-a845-09b4d8027bc2}&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200004802; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"livenmitac-my.sharepoint.com",nocase; http_uri; content:"/personal/czarina-cabalza_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=fnyckzjagh3z%2bl1cadcdqxot6rfyhmeonulx7ksc7pq%3d&docid=1_15129478f60da40db8395b5675832ef56&wdformid=%7b000c8ab1%2dcbc8%2d44e3%2dac19%2d0015f01b771e%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200004803; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"livenmitac-my.sharepoint.com",nocase; http_uri; content:"/personal/hannah-daly_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=ia5uzzon3iviku4f3pxemyhhabfwkpdjirpftfear%2fk%3d&docid=1_169208e425ed84fea9fd294a6886d67e9&wdformid=%7b06255f86%2d4bf9%2d4ee8%2dbd7e%2dfef81913a79b%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200004804; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"livenmitac-my.sharepoint.com",nocase; http_uri; content:"/personal/hannah-daly_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=ia5uzzon3iviku4f3pxemyhhabfwkpdjirpftfear/k=&amp\;docid=1_169208e425ed84fea9fd294a6886d67e9&amp\;wdformid={06255f86-4bf9-4ee8-bd7e-fef81913a79b}&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200004805; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnkd.in",nocase; http_uri; content:"/d8ruzprc",nocase; classtype:attempted-recon; sid:200004806; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnkd.in",nocase; http_uri; content:"/di6hueus",nocase; classtype:attempted-recon; sid:200004807; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnkd.in",nocase; http_uri; content:"/dn4fff29",nocase; classtype:attempted-recon; sid:200004808; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnkd.in",nocase; http_uri; content:"/edxjbzfy",nocase; classtype:attempted-recon; sid:200004809; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnkd.in",nocase; http_uri; content:"/emruebe2",nocase; classtype:attempted-recon; sid:200004810; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnkd.in",nocase; http_uri; content:"/eqjcnf2u",nocase; classtype:attempted-recon; sid:200004811; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnkd.in",nocase; http_uri; content:"/gib6fpsz",nocase; classtype:attempted-recon; sid:200004812; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"login.xfinity.meculinkvolt.com",nocase; http_uri; content:"/home/?6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d",nocase; classtype:attempted-recon; sid:200004813; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"magyarpoosta.blogspot.com",nocase; http_uri; content:"/2021/02/blog-post.html",nocase; classtype:attempted-recon; sid:200004814; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.hfcfit.com",nocase; http_uri; content:"/forms/forms/form1.html",nocase; classtype:attempted-recon; sid:200004815; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/179.32.144.1585349/sucursalpersonas.transaccionesbancolombia.com/mua",nocase; classtype:attempted-recon; sid:200004816; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/179.32.144.1585349/sucursalpersonas.transaccionesbancolombia.com/mua/",nocase; classtype:attempted-recon; sid:200004817; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/181.143.31.2028037/sucursalpersonas.transaccionesbancolombia.com/mua",nocase; classtype:attempted-recon; sid:200004818; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/181.143.31.2028037/sucursalpersonas.transaccionesbancolombia.com/mua/",nocase; classtype:attempted-recon; sid:200004819; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/186.154.25.1064023/sucursalpersonas.transaccionesbancolombia.com/mua",nocase; classtype:attempted-recon; sid:200004820; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/186.154.25.1064023/sucursalpersonas.transaccionesbancolombia.com/mua/",nocase; classtype:attempted-recon; sid:200004821; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/190.27.90.2077221/sucursalpersonas.transaccionesbancolombia.com/mua/index.html",nocase; classtype:attempted-recon; sid:200004822; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/190.61.55.2105806/sucursalpersonas.transaccionesbancolombia.com/mua/index.html",nocase; classtype:attempted-recon; sid:200004823; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/191.110.122.835718/sucursalpersonas.transaccionesbancolombia.com/mua",nocase; classtype:attempted-recon; sid:200004824; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/191.110.122.835718/sucursalpersonas.transaccionesbancolombia.com/mua/",nocase; classtype:attempted-recon; sid:200004825; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/191.95.152.1287758/sucursalpersonas.transaccionesbancolombia.com/mua/index.html",nocase; classtype:attempted-recon; sid:200004826; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/201.233.42.1501206/sucursalpersonas.transaccionesbancolombia.com/mua/index.html",nocase; classtype:attempted-recon; sid:200004827; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/1gne6",nocase; classtype:attempted-recon; sid:200004828; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/6w9qj",nocase; classtype:attempted-recon; sid:200004829; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/77srn",nocase; classtype:attempted-recon; sid:200004830; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/g50gq",nocase; classtype:attempted-recon; sid:200004831; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/hfldu",nocase; classtype:attempted-recon; sid:200004832; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/ibyyn",nocase; classtype:attempted-recon; sid:200004833; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/ij3t9",nocase; classtype:attempted-recon; sid:200004834; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/jlrbo",nocase; classtype:attempted-recon; sid:200004835; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/qpwha",nocase; classtype:attempted-recon; sid:200004836; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/reu8w",nocase; classtype:attempted-recon; sid:200004837; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/sb6ww",nocase; classtype:attempted-recon; sid:200004838; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"meet.google.com",nocase; http_uri; content:"/linkredirect?authuser=0&amp\;dest=https%3a%2f%2flinktr.ee%2fpaypai.serviceid?idtrack=kzsykctt",nocase; classtype:attempted-recon; sid:200004839; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mi.jetblue.com",nocase; http_uri; content:"/p/cp/0ccc3066dc2bcd17/c?mi_u=87923176&mi_origin=&url=http://email.stickercanada.com/t?entity_type=2&entity_id=32534&email_pref_id=34785928&sent_id=1600423397&service_id=22668&redirect_url=https:/relievehotmailonly.cloudns.cl/imagineme/ionos.php",nocase; classtype:attempted-recon; sid:200004840; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"milanno342.blogspot.com",nocase; http_uri; content:"/2020/11/fiyatlar.html",nocase; classtype:attempted-recon; sid:200004841; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"monstercarp.rn86.ru",nocase; http_uri; content:"/dvtygtgvrv.html?ggcdraewqaszxfdxcgchjbjnhbgvfcdrxtcyvbuninhbygtfcrx",nocase; classtype:attempted-recon; sid:200004842; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my.forms.app",nocase; http_uri; content:"/form/60deff002ca34f5aa4985ab3",nocase; classtype:attempted-recon; sid:200004843; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my.forms.app",nocase; http_uri; content:"/form/6112452ca3f6e60d511bad0d",nocase; classtype:attempted-recon; sid:200004844; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my.forms.app",nocase; http_uri; content:"/leboncoin-service/confirmationpaiement-1",nocase; classtype:attempted-recon; sid:200004845; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"myparc.sharepoint.com",nocase; http_uri; content:"/:x:/r/_layouts/15/wopiframe.aspx?guestaccesstoken=xvdowzk%2bkm4wndrziofnpfcj8fb8rkrsqt%2bkybvollg%3d&docid=1_16fb1a2a3e2f9468aa7cebc35874c9da0&wdformid=%7b95111770-0103-492b-8c70-e9625f96b49a%7d&action=formsubmit&cid=4d02a372-8b83-4120-84b5-1d9a2a3492dd",nocase; classtype:attempted-recon; sid:200004846; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"netorg6600800-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/ginger_gingerfountain_com/_layouts/15/wopiframe.aspx?guestaccesstoken=gpys8ex7ys1urrzbfeasvlexkodtrovmmcpn%2brsnebs%3d&amp\;docid=1_1882b07b5eb5643d2bdaa63426324ef0e&amp\;wdformid=%7b9bd54af1%2dee16%2d4e07%2d8d62%2d6e9b76e47512%7d&amp\;action=formsubmit&amp\;cid=9adf3e74-8cc1-4e36-b545-c9165fcafde7",nocase; classtype:attempted-recon; sid:200004847; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"netorgft2223515-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/leon_leongavartin_com/_layouts/15/wopiframe.aspx?guestaccesstoken=rpanwaz3gooz0d20j9wu7zzskog8p5egpbt4oc5j5bq%3d&docid=1_137b486a2059c4fc7b670d2ddb8f27254&wdformid=%7b07fe213f%2d4079%2d45b9%2db73f%2dfa9809248dd7%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200004848; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nexoinmobiliario.pe",nocase; http_uri; content:"/bancos/interbank",nocase; classtype:attempted-recon; sid:200004849; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nihmt.com",nocase; http_uri; content:"/examination/admitpanel/filemanager/5365678587",nocase; classtype:attempted-recon; sid:200004850; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"norwayposten.blogspot.com",nocase; http_uri; content:"/2021/02/blog-post.html",nocase; classtype:attempted-recon; sid:200004851; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"objectstorage.us-phoenix-1.oraclecloud.com",nocase; http_uri; content:"/n/axjt4zimmriy/b/cherishppps-20210930-1214/o/spaceblack.html",nocase; classtype:attempted-recon; sid:200004852; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oiazeiuiazolme.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004853; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"online.visual-paradigm.com",nocase; http_uri; content:"/app/forms/view/zalxyved/a9adea36-d163-4d46-a3de-0e990d86e78e",nocase; classtype:attempted-recon; sid:200004854; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"onlinecasinospark.com",nocase; http_uri; content:"/ions/index.php?email=redacted@abuse.ionos.com",nocase; classtype:attempted-recon; sid:200004855; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oraclemart.com",nocase; http_uri; content:"/ondedrive/onedrive/rolex/index.php",nocase; classtype:attempted-recon; sid:200004856; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com",nocase; http_uri; content:"/''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''",nocase; classtype:attempted-recon; sid:200004857; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswapsupport.co",nocase; http_uri; content:"/walletconnect/",nocase; classtype:attempted-recon; sid:200004858; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paozeia.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004859; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paypal-inc-userupdatenuber7925570844.blogspot.com",nocase; http_uri; content:"/2021/02/blog-post.html",nocase; classtype:attempted-recon; sid:200004860; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pilgrimapp.com",nocase; http_uri; content:"/wp-mails/",nocase; classtype:attempted-recon; sid:200004861; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"plytecfi-my.sharepoint.com",nocase; http_uri; content:"/personal/pasi_puumalainen_plytec_fi/_layouts/15/wopiframe.aspx?sourcedoc={8f0414f2-e7a8-46f4-a2bb-d38353ed20d6}&amp\;action=default&amp\;originalpath=ahr0chm6ly9wbhl0zwnmas1tes5zagfyzxbvaw50lmnvbs86bzovzy9wzxjzb25hbc9wyxnpx3b1dw1hbgfpbmvux3bsexrly19mas9fdklvqkktbzvfukdvcnzuzzfqdelowui1vgg5bxf2ltjlvl9mohvka09sb2pnp3j0aw1lpxvysjgtvnb2mtbn",nocase; classtype:attempted-recon; sid:200004862; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pplastmart.com",nocase; http_uri; content:"/att/citi",nocase; classtype:attempted-recon; sid:200004863; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ppt.cc",nocase; http_uri; content:"/fia8mx",nocase; classtype:attempted-recon; sid:200004864; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ppt.cc",nocase; http_uri; content:"/fva4wx",nocase; classtype:attempted-recon; sid:200004865; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ppt.cc",nocase; http_uri; content:"/fvakzx",nocase; classtype:attempted-recon; sid:200004866; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ppt.cc",nocase; http_uri; content:"/fvllvx",nocase; classtype:attempted-recon; sid:200004867; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"proprofs.com",nocase; http_uri; content:"/survey/t/?title=bt-broadband-and-private-policy-support_20",nocase; classtype:attempted-recon; sid:200004868; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pub5.bravenet.com",nocase; http_uri; content:"/emailfwd/show.php?usernum=350311855&amp\;formid=3879",nocase; classtype:attempted-recon; sid:200004869; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pxlme.me",nocase; http_uri; content:"/pfbgzhkd",nocase; classtype:attempted-recon; sid:200004870; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pxlme.me",nocase; http_uri; content:"/vn79myoi",nocase; classtype:attempted-recon; sid:200004871; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qualitasc-my.sharepoint.com",nocase; http_uri; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d%2f&action=formsubmit",nocase; classtype:attempted-recon; sid:200004872; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qualitasc-my.sharepoint.com",nocase; http_uri; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d%3e%2f&action=formsubmit",nocase; classtype:attempted-recon; sid:200004873; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qualitasc-my.sharepoint.com",nocase; http_uri; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200004874; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"quip.com",nocase; http_uri; content:"/jeh2aebbsh97",nocase; classtype:attempted-recon; sid:200004875; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"quip.com",nocase; http_uri; content:"/qv7malu8n7cz/you-have-some-messages-pending",nocase; classtype:attempted-recon; sid:200004876; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"r3g34.fra1.digitaloceanspaces.com",nocase; http_uri; content:"/77ll23ween.html",nocase; classtype:attempted-recon; sid:200004877; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rabofree.blogspot.com",nocase; http_uri; content:"/2020?m=1",nocase; classtype:attempted-recon; sid:200004878; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reamaam.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004879; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rebrand.ly",nocase; http_uri; content:"/j7107dr",nocase; classtype:attempted-recon; sid:200004880; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rebrand.ly",nocase; http_uri; content:"/z83ig2n?rb.routing.mode=proxy&amp\;rb.routing.signature=123%20836",nocase; classtype:attempted-recon; sid:200004881; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"redatofadesafe.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004882; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"redirect.viglink.com",nocase; http_uri; content:"/?key=bbb516d91daee20498798694a42dd559&u=https://lrs.financial/eesuri6?l5oyrhkwq",nocase; classtype:attempted-recon; sid:200004883; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reikreitel.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004884; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"release-held-messageshee.fra1.digitaloceanspaces.com",nocase; http_uri; content:"/v01iebe3vicvgirviexv4sbdve1r03f.html",nocase; classtype:attempted-recon; sid:200004885; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"renew.trusted-travelers-online.com",nocase; http_uri; content:"/renew-global-entry",nocase; classtype:attempted-recon; sid:200004886; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reurl.cc",nocase; http_uri; content:"/xeknoz?confirmation",nocase; classtype:attempted-recon; sid:200004887; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reurl.cc",nocase; http_uri; content:"/xgmxr1",nocase; classtype:attempted-recon; sid:200004888; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rezunz.quip.com",nocase; http_uri; content:"/2d0jazx1eky5/click-here-to-verify-your-email",nocase; classtype:attempted-recon; sid:200004889; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"riderctposten.blogspot.com",nocase; http_uri; content:"/2021/02/blog-post.html",nocase; classtype:attempted-recon; sid:200004890; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"roygijvhluozwnflsypmewrstt-dot-gl44393333333.rj.r.appspot.com",nocase; http_uri; content:"/''''''''''''''''''''''''''''''''",nocase; classtype:attempted-recon; sid:200004891; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ruralaccounting.com.au",nocase; http_uri; content:"/ruralaccoun/alibaba.com/portal.php?email=june3354@naver.com",nocase; classtype:attempted-recon; sid:200004892; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s.id",nocase; http_uri; content:"/-rb9g",nocase; classtype:attempted-recon; sid:200004893; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s.id",nocase; http_uri; content:"/crsqh",nocase; classtype:attempted-recon; sid:200004894; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s.id",nocase; http_uri; content:"/ytk-r",nocase; classtype:attempted-recon; sid:200004895; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s3-us-west-2.amazonaws.com",nocase; http_uri; content:"/bvqs45qsd4azdqzz/a.html",nocase; classtype:attempted-recon; sid:200004896; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s3.amazonaws.com",nocase; http_uri; content:"/progressivebank-uat/index.html",nocase; classtype:attempted-recon; sid:200004897; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s973454980238668645789827366497203975890547864598033674329.fra1.digitaloceanspaces.com",nocase; http_uri; content:"/realtrue.html",nocase; classtype:attempted-recon; sid:200004898; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sanclemente.cl",nocase; http_uri; content:"/carli_lamell.html",nocase; classtype:attempted-recon; sid:200004899; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sandert12.blogspot.com",nocase; http_uri; content:"/p/la-banque-postale.html",nocase; classtype:attempted-recon; sid:200004900; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sateegourmet.com",nocase; http_uri; content:"/sbot",nocase; classtype:attempted-recon; sid:200004901; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sefonta.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004902; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"seonewsservic.blogspot.com",nocase; http_uri; content:"/p/postenno_9.html",nocase; classtype:attempted-recon; sid:200004903; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sgp1.digitaloceanspaces.com",nocase; http_uri; content:"/6gwvve65243s9/eer442.html",nocase; classtype:attempted-recon; sid:200004904; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"share.hsforms.com",nocase; http_uri; content:"/1fni_ent2sao6wqv0vzdn7g8nl9d",nocase; classtype:attempted-recon; sid:200004905; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shared-document.com",nocase; http_uri; content:"/basic.php?k=d63621ef3dc01735479befc13f97ec7fdb68991d",nocase; classtype:attempted-recon; sid:200004906; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shorturl.at",nocase; http_uri; content:"/nqgu1",nocase; classtype:attempted-recon; sid:200004907; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"silitrade-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/jh_silitrade_com/_layouts/15/wopiframe.aspx?guestaccesstoken=8vzaur%2f5gb%2fwmmsfdszlpfueeb0ml%2fzkiljmp9hfa0o%3d&amp\;docid=1_14a3d3f238b844155b59bb08023697365&amp\;wdformid=%7b3395edb6%2d941b%2d49a6%2dbd04%2dc039ca27bb2b%7d&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200004908; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"simp.ly",nocase; http_uri; content:"/p/3cd35d",nocase; classtype:attempted-recon; sid:200004909; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"simp.ly",nocase; http_uri; content:"/p/h45c89",nocase; classtype:attempted-recon; sid:200004910; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"simp.ly",nocase; http_uri; content:"/publish/xhrdvc",nocase; classtype:attempted-recon; sid:200004911; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/a/sy4norton.com/setup/home",nocase; classtype:attempted-recon; sid:200004912; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/newservices.website/orange-mobiles/home",nocase; classtype:attempted-recon; sid:200004913; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/site/e9d24c72/23524457",nocase; classtype:attempted-recon; sid:200004914; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/site/habbotuttogratis",nocase; classtype:attempted-recon; sid:200004915; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/site/habbotuttogratis/assignments",nocase; classtype:attempted-recon; sid:200004916; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/site/libretyreserve",nocase; classtype:attempted-recon; sid:200004917; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/site/libretyreserve/",nocase; classtype:attempted-recon; sid:200004918; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/site/protectedinmprovmnt44/",nocase; classtype:attempted-recon; sid:200004919; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/site/safetycheck427064200647221/",nocase; classtype:attempted-recon; sid:200004920; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/site/verifycheckpointpaqes/",nocase; classtype:attempted-recon; sid:200004921; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/08ie-securepage-facebook",nocase; classtype:attempted-recon; sid:200004922; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/0iey-securepage-facebook",nocase; classtype:attempted-recon; sid:200004923; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/2-orangebank-salva/accueil",nocase; classtype:attempted-recon; sid:200004924; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/3-orangebank-vetch/accueil",nocase; classtype:attempted-recon; sid:200004925; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/4-orangebank-toto/accueil",nocase; classtype:attempted-recon; sid:200004926; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/65h7t65ygtdw5f4/bt",nocase; classtype:attempted-recon; sid:200004927; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/aattt/home",nocase; classtype:attempted-recon; sid:200004928; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/abuse-privacy/",nocase; classtype:attempted-recon; sid:200004929; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/access-office-docxpdf-call-net/home",nocase; classtype:attempted-recon; sid:200004930; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/airplanecost/accueil",nocase; classtype:attempted-recon; sid:200004931; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/alert-app-pages/",nocase; classtype:attempted-recon; sid:200004932; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/app-mobile-uuid/recovery",nocase; classtype:attempted-recon; sid:200004933; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/appsconfirms",nocase; classtype:attempted-recon; sid:200004934; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/asdfghjklhgfdsdfgh/home",nocase; classtype:attempted-recon; sid:200004935; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/att-managements/home",nocase; classtype:attempted-recon; sid:200004936; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/attemail56/home?authuser=3",nocase; classtype:attempted-recon; sid:200004937; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/attfeatures/home",nocase; classtype:attempted-recon; sid:200004938; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/attyahooohroffice231/home",nocase; classtype:attempted-recon; sid:200004939; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/audio-call-net/home",nocase; classtype:attempted-recon; sid:200004940; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/audio-mp-vm/home",nocase; classtype:attempted-recon; sid:200004941; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/authentification-orangebank-eu/accueil",nocase; classtype:attempted-recon; sid:200004942; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/awspage",nocase; classtype:attempted-recon; sid:200004943; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/banquepostalebanqueetassurance/accueil",nocase; classtype:attempted-recon; sid:200004944; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/bdbhdhbdhbd/home?authuser=2",nocase; classtype:attempted-recon; sid:200004945; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/benachrichtigung-sparkasse/accueil",nocase; classtype:attempted-recon; sid:200004946; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/bt-cloud-voice-review-voice/bt-voice-cloud",nocase; classtype:attempted-recon; sid:200004947; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/bt-clould-preview000112/voice010101010bt-cloud?authuser=8",nocase; classtype:attempted-recon; sid:200004948; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/bt-interne/home",nocase; classtype:attempted-recon; sid:200004949; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/bt-mail-690/home",nocase; classtype:attempted-recon; sid:200004950; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/bt-pdf-receipt-payment/www-bt-pdf?authuser=8",nocase; classtype:attempted-recon; sid:200004951; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/bt-voice1010010/bt-voicemesaage10120201002?authuser=8",nocase; classtype:attempted-recon; sid:200004952; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/bt-web-com32/home",nocase; classtype:attempted-recon; sid:200004953; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btbtbtbtbtbtcomm/home",nocase; classtype:attempted-recon; sid:200004954; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btbusinessx/bt",nocase; classtype:attempted-recon; sid:200004955; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btcloudpaymentinvoice202000/httpsbtcloudvm-voice-new?authuser=1",nocase; classtype:attempted-recon; sid:200004956; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btcoms/bt",nocase; classtype:attempted-recon; sid:200004957; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btconnectbusiness/btconnect",nocase; classtype:attempted-recon; sid:200004958; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btconnectmailserver/home",nocase; classtype:attempted-recon; sid:200004959; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btconnectted/home",nocase; classtype:attempted-recon; sid:200004960; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btconnnect/home",nocase; classtype:attempted-recon; sid:200004961; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btinternetco/home",nocase; classtype:attempted-recon; sid:200004962; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btmv-voice-notice011/btvoicemessage?authuser=8",nocase; classtype:attempted-recon; sid:200004963; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btnvm-urgentnotice/btvmnew-note?authuser=1",nocase; classtype:attempted-recon; sid:200004964; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btsbusinessbill/",nocase; classtype:attempted-recon; sid:200004965; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btserver22/home",nocase; classtype:attempted-recon; sid:200004966; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/bttbusinesssss/home",nocase; classtype:attempted-recon; sid:200004967; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btvoivemessage/bt-home",nocase; classtype:attempted-recon; sid:200004968; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/capitaloneloginus/home",nocase; classtype:attempted-recon; sid:200004969; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/chabillacoat/accueil",nocase; classtype:attempted-recon; sid:200004970; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/clickheretoverifyyouracount/home",nocase; classtype:attempted-recon; sid:200004971; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/clickpagenewlogin2021",nocase; classtype:attempted-recon; sid:200004972; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/coinsbuysellswapcryptocurrency/?fbclid=iwar2isl9xfxxgcxtftml2hmcl_dglhshlkfkpdotycyqu-qjqqfdqm9whtfm",nocase; classtype:attempted-recon; sid:200004973; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/comfimobiekdofl/accueil",nocase; classtype:attempted-recon; sid:200004974; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/community-pages-app/",nocase; classtype:attempted-recon; sid:200004975; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/confirmation-orangabank/accueil",nocase; classtype:attempted-recon; sid:200004976; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/connectolo/accueil",nocase; classtype:attempted-recon; sid:200004977; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/continue6363gd/home",nocase; classtype:attempted-recon; sid:200004978; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ctz03",nocase; classtype:attempted-recon; sid:200004979; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/currentlyserver/home",nocase; classtype:attempted-recon; sid:200004980; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/dfffrreeer/home?authuser=3",nocase; classtype:attempted-recon; sid:200004981; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/dffvderr/home",nocase; classtype:attempted-recon; sid:200004982; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/dfghjhckuyf/home",nocase; classtype:attempted-recon; sid:200004983; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/dfghjhl/home",nocase; classtype:attempted-recon; sid:200004984; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/dkdfkazii-ofoqisjaz1wk/accueil",nocase; classtype:attempted-recon; sid:200004985; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/dkekkeole/home",nocase; classtype:attempted-recon; sid:200004986; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/dumes/accueil",nocase; classtype:attempted-recon; sid:200004987; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/dvrbtrethy5642qwrfvd/bt",nocase; classtype:attempted-recon; sid:200004988; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/espace-orange-vocal/accueil",nocase; classtype:attempted-recon; sid:200004989; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/espace-vocalorange-ref0325/accueil",nocase; classtype:attempted-recon; sid:200004990; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/espacemessagerieorangesms/accueil",nocase; classtype:attempted-recon; sid:200004991; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/etyajdnxnskoeprlwyaxbdhfkrituy/btconnect",nocase; classtype:attempted-recon; sid:200004992; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ewyy65/home",nocase; classtype:attempted-recon; sid:200004993; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ewyy65/home?authuser=3",nocase; classtype:attempted-recon; sid:200004994; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/feelblessed/bt-business",nocase; classtype:attempted-recon; sid:200004995; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/fhgfbythfrsv/bt",nocase; classtype:attempted-recon; sid:200004996; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/fhgfjhfj/home",nocase; classtype:attempted-recon; sid:200004997; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/form-recovery/",nocase; classtype:attempted-recon; sid:200004998; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/form-recovery/details",nocase; classtype:attempted-recon; sid:200004999; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/gdhbfcxzx",nocase; classtype:attempted-recon; sid:200005000; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/hbxchx",nocase; classtype:attempted-recon; sid:200005001; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/hccwc/home",nocase; classtype:attempted-recon; sid:200005002; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/home-bt-updates/bt-com",nocase; classtype:attempted-recon; sid:200005003; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/home-pages-recovery/details",nocase; classtype:attempted-recon; sid:200005004; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/htvvss/home?authuser=3",nocase; classtype:attempted-recon; sid:200005005; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/identificaton-10777502102022/",nocase; classtype:attempted-recon; sid:200005006; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ii-securepage-facebook",nocase; classtype:attempted-recon; sid:200005007; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/invoice-payment-pdf/home",nocase; classtype:attempted-recon; sid:200005008; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/invoicehomepdf/home",nocase; classtype:attempted-recon; sid:200005009; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/invoicescan365pdf/home",nocase; classtype:attempted-recon; sid:200005010; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/jcnvvn/home",nocase; classtype:attempted-recon; sid:200005011; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/jmjmnhvdc/home",nocase; classtype:attempted-recon; sid:200005012; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/labred-authentification-source/accueil",nocase; classtype:attempted-recon; sid:200005013; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/leafadd/accueil",nocase; classtype:attempted-recon; sid:200005014; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/log-inpagenew",nocase; classtype:attempted-recon; sid:200005015; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/mcwdbvefjberjrwgnwriviwr/home",nocase; classtype:attempted-recon; sid:200005016; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/messor/accueil",nocase; classtype:attempted-recon; sid:200005017; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/mobile-apps-pages/",nocase; classtype:attempted-recon; sid:200005018; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/mobile-redirect-system",nocase; classtype:attempted-recon; sid:200005019; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/mv-voicepage/home?authuser=8",nocase; classtype:attempted-recon; sid:200005020; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/mycoinwallet/",nocase; classtype:attempted-recon; sid:200005021; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/necrologieinfosfroravocal/accueil",nocase; classtype:attempted-recon; sid:200005022; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/newbtmissedcall/home",nocase; classtype:attempted-recon; sid:200005023; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/newuploadpage",nocase; classtype:attempted-recon; sid:200005024; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/newvoicemail/home?authuser=1",nocase; classtype:attempted-recon; sid:200005025; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/nextprojectpage",nocase; classtype:attempted-recon; sid:200005026; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/nextprojectpage2022",nocase; classtype:attempted-recon; sid:200005027; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/noticeplaypagenew2021",nocase; classtype:attempted-recon; sid:200005028; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/noticepublicpagenew2021",nocase; classtype:attempted-recon; sid:200005029; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/notifcationnoticesystempage",nocase; classtype:attempted-recon; sid:200005030; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/nouveau-sms-message-vocal/accueil",nocase; classtype:attempted-recon; sid:200005031; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ob-seccurite/accueil",nocase; classtype:attempted-recon; sid:200005032; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ob-securite/accueil",nocase; classtype:attempted-recon; sid:200005033; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ob-securites/accueil",nocase; classtype:attempted-recon; sid:200005034; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ob-service/accueil",nocase; classtype:attempted-recon; sid:200005035; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/offiice-voice-com/home",nocase; classtype:attempted-recon; sid:200005036; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/onlinefifthercheckaccout/home",nocase; classtype:attempted-recon; sid:200005037; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orange-b-securite/accueil",nocase; classtype:attempted-recon; sid:200005038; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orange-forfaits-et-mobiles",nocase; classtype:attempted-recon; sid:200005039; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangeb-190/accueil",nocase; classtype:attempted-recon; sid:200005040; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangeb171/accueil",nocase; classtype:attempted-recon; sid:200005041; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangeb221/accueil",nocase; classtype:attempted-recon; sid:200005042; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangeba/accueil",nocase; classtype:attempted-recon; sid:200005043; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangeban/accueil",nocase; classtype:attempted-recon; sid:200005044; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangebank-r/accueil",nocase; classtype:attempted-recon; sid:200005045; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangebank-sc/accueil",nocase; classtype:attempted-recon; sid:200005046; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangebank-secure-secure/accueil",nocase; classtype:attempted-recon; sid:200005047; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangebanksecurite/accueil",nocase; classtype:attempted-recon; sid:200005048; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangebannk/accueil",nocase; classtype:attempted-recon; sid:200005049; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangeibank/accueil",nocase; classtype:attempted-recon; sid:200005050; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangeinfosvocalnews/accueil",nocase; classtype:attempted-recon; sid:200005051; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangemyconnect/accueil",nocase; classtype:attempted-recon; sid:200005052; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/oranggebank/accueil",nocase; classtype:attempted-recon; sid:200005053; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangiebank/accueil",nocase; classtype:attempted-recon; sid:200005054; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/pagenewlogin2022",nocase; classtype:attempted-recon; sid:200005055; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/pages-identificaton-1000050210/",nocase; classtype:attempted-recon; sid:200005056; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/pass-press/accueil",nocase; classtype:attempted-recon; sid:200005057; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/paypal-customer-services/",nocase; classtype:attempted-recon; sid:200005058; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/paypal-loginn/",nocase; classtype:attempted-recon; sid:200005059; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/pfherjwlsnmcyelwudy/home?authuser=3",nocase; classtype:attempted-recon; sid:200005060; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/pleasecheckpoint2021",nocase; classtype:attempted-recon; sid:200005061; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/postacerticodplusaccaccueil/accueil",nocase; classtype:attempted-recon; sid:200005062; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/protonmailservice/home",nocase; classtype:attempted-recon; sid:200005063; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/quickteamservice/yahoo-com",nocase; classtype:attempted-recon; sid:200005064; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/reactivationhelp2021/",nocase; classtype:attempted-recon; sid:200005065; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/redirect-acctpages-uuid/details",nocase; classtype:attempted-recon; sid:200005066; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/redirectme-to/",nocase; classtype:attempted-recon; sid:200005067; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/retttt/home",nocase; classtype:attempted-recon; sid:200005068; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/reviewappspagerviicee/",nocase; classtype:attempted-recon; sid:200005069; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/reviewappspagerviiceee",nocase; classtype:attempted-recon; sid:200005070; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/rg9eur94uwe9d/bt",nocase; classtype:attempted-recon; sid:200005071; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/richcoff/bt-business",nocase; classtype:attempted-recon; sid:200005072; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/rimekahsdjg/summary_page",nocase; classtype:attempted-recon; sid:200005073; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/salimkaso/",nocase; classtype:attempted-recon; sid:200005074; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/sbcglobalm/home?authuser=1",nocase; classtype:attempted-recon; sid:200005075; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securbtcomms/bt",nocase; classtype:attempted-recon; sid:200005076; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/secure-bt-homevoice01010120/home?authuser=8",nocase; classtype:attempted-recon; sid:200005077; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/secure-ob-/accueil",nocase; classtype:attempted-recon; sid:200005078; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/secure-ob/accueil",nocase; classtype:attempted-recon; sid:200005079; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securebtcomms/bt",nocase; classtype:attempted-recon; sid:200005080; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securebtcommss/bt",nocase; classtype:attempted-recon; sid:200005081; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securebusinessbtsecurbt/bt",nocase; classtype:attempted-recon; sid:200005082; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securiplus0101/accueil",nocase; classtype:attempted-recon; sid:200005083; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securite-ob-service/accueil",nocase; classtype:attempted-recon; sid:200005084; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securite-obank/accueil",nocase; classtype:attempted-recon; sid:200005085; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securitee-ob/accueil",nocase; classtype:attempted-recon; sid:200005086; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securites-ob/accueil",nocase; classtype:attempted-recon; sid:200005087; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securmybusinessbtsecurbt/bt",nocase; classtype:attempted-recon; sid:200005088; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securree/home?authuser=1",nocase; classtype:attempted-recon; sid:200005089; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securritee-ob/accueil",nocase; classtype:attempted-recon; sid:200005090; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/serv-ob/accueil",nocase; classtype:attempted-recon; sid:200005091; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/serv-obank/accueil",nocase; classtype:attempted-recon; sid:200005092; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/serveur-communication-box/accueil",nocase; classtype:attempted-recon; sid:200005093; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/service-orangebank-fr/accueil",nocase; classtype:attempted-recon; sid:200005094; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/service-orangebank-securi/accueil",nocase; classtype:attempted-recon; sid:200005095; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/service-securite-ob/accueil",nocase; classtype:attempted-recon; sid:200005096; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/servicenewlogin",nocase; classtype:attempted-recon; sid:200005097; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/shgeudh/home",nocase; classtype:attempted-recon; sid:200005098; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ski03/strona-g%c5%82%c3%b3wna",nocase; classtype:attempted-recon; sid:200005099; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/soeyankandi5/bt-business",nocase; classtype:attempted-recon; sid:200005100; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/szdgsdhgd",nocase; classtype:attempted-recon; sid:200005101; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/thenewstartpage2021",nocase; classtype:attempted-recon; sid:200005102; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/update-allreadypage",nocase; classtype:attempted-recon; sid:200005103; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/updatesecure",nocase; classtype:attempted-recon; sid:200005104; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/updatingnewpage",nocase; classtype:attempted-recon; sid:200005105; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/upgrade-bt/home",nocase; classtype:attempted-recon; sid:200005106; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/utututttu/home",nocase; classtype:attempted-recon; sid:200005107; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/v-ob/accueil",nocase; classtype:attempted-recon; sid:200005108; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/venmo-loginusa/",nocase; classtype:attempted-recon; sid:200005109; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/vfbjf/btconnect",nocase; classtype:attempted-recon; sid:200005110; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/view-your-billonline/home",nocase; classtype:attempted-recon; sid:200005111; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/viewyourbilll/home",nocase; classtype:attempted-recon; sid:200005112; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/viewyournewbill/bt-business-btconnect",nocase; classtype:attempted-recon; sid:200005113; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/vjsdhdfidjasi/btconnect",nocase; classtype:attempted-recon; sid:200005114; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/webespaceclient-ref8/accueil",nocase; classtype:attempted-recon; sid:200005115; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/webmailcooom/home",nocase; classtype:attempted-recon; sid:200005116; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/xcccjcdhasks/btconnect",nocase; classtype:attempted-recon; sid:200005117; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/xmicrosoftoficew/home",nocase; classtype:attempted-recon; sid:200005118; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/xsvgcxsgvdhg/home?authuser=4",nocase; classtype:attempted-recon; sid:200005119; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/xvhfefef/bt-business",nocase; classtype:attempted-recon; sid:200005120; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/yah000/home",nocase; classtype:attempted-recon; sid:200005121; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/yahooend/yahoo",nocase; classtype:attempted-recon; sid:200005122; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/yahoomailingdesk/yahoo-com",nocase; classtype:attempted-recon; sid:200005123; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/yahooscott/yahoo",nocase; classtype:attempted-recon; sid:200005124; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/yourbillnotification/home",nocase; classtype:attempted-recon; sid:200005125; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/yt89ougjio/bt",nocase; classtype:attempted-recon; sid:200005126; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ztt5zazu/home",nocase; classtype:attempted-recon; sid:200005127; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"skart.co.in",nocase; http_uri; content:"/admin/webmail.cpanel.net/user/cp.user.sign_in/auth/cpanel_mailbox/index.htm",nocase; classtype:attempted-recon; sid:200005128; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"solatresont.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200005129; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soufatanse.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200005130; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soufsont.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200005131; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sprw.io",nocase; http_uri; content:"/stt-c625a3f2c2",nocase; classtype:attempted-recon; sid:200005132; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"steinercoza-my.sharepoint.com",nocase; http_uri; content:"/:b:/g/personal/mandyb_steiner_co_za/exxq1passetnrojoe83fzboboxufoggwb7uvmyfqbionla?e=4:su8jhq&amp\;at=9",nocase; classtype:attempted-recon; sid:200005133; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stolizaparketa.ru",nocase; http_uri; content:"/wp-content/themes/twentyfifteen/css/read/chinavali/index.php?email=jsmith@imaphost.com",nocase; classtype:attempted-recon; sid:200005134; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/1lordman1man3/oscman2.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200005135; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/acc03lzzl4m3izm03iauserpowa.appspot.com/index.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200005136; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/algebraic-pact-316913.appspot.com/index.html#jbell@legalshield.com",nocase; classtype:attempted-recon; sid:200005137; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/anaagc040gdyacgd0dyuser.appspot.com/index.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200005138; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/ciat3tdtttd53c3e5userp.appspot.com/index.html#jr@legalshield.com",nocase; classtype:attempted-recon; sid:200005139; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/ciat3tdtttd53c3e5userp.appspot.com/index.html#paul@legalshield.com",nocase; classtype:attempted-recon; sid:200005140; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/clientid4dunptjlryzrift3nrlomi160gqntzgznajujcnbszq8w/index.htm",nocase; classtype:attempted-recon; sid:200005141; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/dhngw6p6rwrwnuv6vnuse.appspot.com/index.html#brianvillacarlos@legalshieldcorp.com",nocase; classtype:attempted-recon; sid:200005142; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/g58t3e588ddgmdeddauth.appspot.com/index.html#jim-shelvy@legalshield.com",nocase; classtype:attempted-recon; sid:200005143; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/gu1r0utjruhjkukrxhauser.appspot.com/index.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200005144; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/indettn/pdflmanco.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200005145; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/indettn/zdewaman.html#example@example.com",nocase; classtype:attempted-recon; sid:200005146; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/kkkqkl633qn6kq3lqssiiddnenen.appspot.com/index.html#jbell@legalshield.com",nocase; classtype:attempted-recon; sid:200005147; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/kkkqkl633qn6kq3lqssiiddnenen.appspot.com/index.html#t.voit@legalshield.com",nocase; classtype:attempted-recon; sid:200005148; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/logon_id63757945b-32c6-49b0-83e6-1d93765276e7/",nocase; classtype:attempted-recon; sid:200005149; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/logon_id63757945b-32c6-49b0-83e6-1d93765276e7/index.html#martin.manasek@ruk.cuni.cz",nocase; classtype:attempted-recon; sid:200005150; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/maintainancecomponeta.appspot.com/index.html#a@b.com",nocase; classtype:attempted-recon; sid:200005151; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/maintainancecomponeta.appspot.com/kayindex.html#eimaste@stinpriza.org",nocase; classtype:attempted-recon; sid:200005152; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/maintainancecomponeta.appspot.com/myowngeneral.html#eimaste@stinpriza.org",nocase; classtype:attempted-recon; sid:200005153; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/maintainancecomponeta.appspot.com/newmineindex.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200005154; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/owuddqd9dqqdddq9qd0caerq.appspot.com/index.html#stevewilliamson@legalshield.com",nocase; classtype:attempted-recon; sid:200005155; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/projerroro0h5j5ro0jrrj.appspot.com/index.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200005156; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/q90qqqar22r229r292euser.appspot.com/index.html",nocase; classtype:attempted-recon; sid:200005157; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/q90qqqar22r229r292euser.appspot.com/index.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200005158; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/rrdar99rt9qraraq99euser.appspot.com/index.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200005159; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/s0pts0apttxpp00atarrauth.appspot.com/index.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200005160; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/staging.maintainancecomponeta.appspot.com/fcocnew.html",nocase; classtype:attempted-recon; sid:200005161; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/staging.maintainancecomponeta.appspot.com/nvhdjgtpl8txagtoccpyscuekxctc7j3kpg5bbugwqv0kemeas313lqehufuifcl6el9vtvomhrfbjbpxbg6qrnsg5sz3dyaiqor%2c%2520ffx6khej2lavfftroaizcq99hjdn3f4hs6gdeg2qodfyhobl8zonx6lez2dafyafc6spylufytfvuzn1jsioh4u6xpsbsqxqgh.html#icann@tecnocratica.net",nocase; classtype:attempted-recon; sid:200005162; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/staging.maintainancecomponeta.appspot.com/sydlasgendomain.html#winnie@soupro.com",nocase; classtype:attempted-recon; sid:200005163; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/user517497679326978.appspot.com/index.html",nocase; classtype:attempted-recon; sid:200005164; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/uth0uax3t3uh30ttna0nnuser.appspot.com/index.html#jbell@legalshield.com",nocase; classtype:attempted-recon; sid:200005165; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/yyw77ywnn68weyew6euserq.appspot.com/index.html#rosalefua@legalshield.com",nocase; classtype:attempted-recon; sid:200005166; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/03a6c481bbd83f8/df225c198d58561#un/68425_md/2/16247/3955/23/19171",nocase; classtype:attempted-recon; sid:200005167; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/1827435283/1827435283.html",nocase; classtype:attempted-recon; sid:200005168; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/abjsfatitvyrobprkawlycsckcwrvnntndjwbgoqjiswdbkhhlyxnbv/cli123.html",nocase; classtype:attempted-recon; sid:200005169; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/abuabomvnediarrfgxamrtqcoehnpskugrmafutqnhugsbzossviqfv/cli123.html",nocase; classtype:attempted-recon; sid:200005170; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/acwuwxxomzzlrrfuyssheahvokqfunqvlbjnjrbyfsmbbmdppwimvbd/cli123.html",nocase; classtype:attempted-recon; sid:200005171; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bbss-urltest-public/docomo_20210726_01.html",nocase; classtype:attempted-recon; sid:200005172; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bbss-urltest-public/docomo_20210910_01.html",nocase; classtype:attempted-recon; sid:200005173; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bbss-urltest-public/docomo_20210910_02.html",nocase; classtype:attempted-recon; sid:200005174; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bionat/xdaysonde1.html",nocase; classtype:attempted-recon; sid:200005175; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bionat/xdragon1.html",nocase; classtype:attempted-recon; sid:200005176; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bionat/xgmx1.html",nocase; classtype:attempted-recon; sid:200005177; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bionat/xiphoneswiss1.html",nocase; classtype:attempted-recon; sid:200005178; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bionat/xketode1.html",nocase; classtype:attempted-recon; sid:200005179; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bionat/xlena1.html",nocase; classtype:attempted-recon; sid:200005180; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bionat/xps5de1.html",nocase; classtype:attempted-recon; sid:200005181; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bionat/xspar1.html",nocase; classtype:attempted-recon; sid:200005182; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/buckettt01/redirect%20newslettersreply.shop.html#rd/u8888idsyy65301cvmt1247244psw23077wujo1715",nocase; classtype:attempted-recon; sid:200005183; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/document-check/sign.html",nocase; classtype:attempted-recon; sid:200005184; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/inboxino/brand.html#cl/13669_md/1/788/1401/22/1025434",nocase; classtype:attempted-recon; sid:200005185; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/inboxino/brand.html#cl/13695_md/1/788/1401/109/376564",nocase; classtype:attempted-recon; sid:200005186; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/inboxino/brand.html#un/13664_md/1/455/1401/112/814109",nocase; classtype:attempted-recon; sid:200005187; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/inboxino/brand.html#un/13695_md/1/788/1401/25/339407",nocase; classtype:attempted-recon; sid:200005188; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/sstoragert/linkqs.html#cl/19939_md/1/4441/3808/112/984664",nocase; classtype:attempted-recon; sid:200005189; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/sstoragert/linkqs.html#un/19995_md/1/4542/3682/112/984664",nocase; classtype:attempted-recon; sid:200005190; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/ylffhg/redireck.html",nocase; classtype:attempted-recon; sid:200005191; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"suivi-coupon-recharge.blogspot.com",nocase; http_uri; content:"/p/authentifier-transcash.html",nocase; classtype:attempted-recon; sid:200005192; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sunnylandingpages.com",nocase; http_uri; content:"/usroutput/themeset1_2021-12-21-23-15-13/",nocase; classtype:attempted-recon; sid:200005193; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"superpark-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/adrian_ramos_superpark_com_hk/_layouts/15/wopiframe.aspx?guestaccesstoken=vofjngnui%2fslbameorlq62qlg8mcdnpo1dizu6i%2bc1m%3d&amp\;docid=1_124bbb2f682ca4c7daba6cec6ee34dfb9&amp\;wdformid=%7ba85c8abe%2d68be%2d43dd%2d91f3%2db397386186be%7d&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200005194; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"surveyheart.com",nocase; http_uri; content:"/form/608bca7586919c70a2066ef7",nocase; classtype:attempted-recon; sid:200005195; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"surveylegend.com",nocase; http_uri; content:"/s/2vze",nocase; classtype:attempted-recon; sid:200005196; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"svkmmumbai-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/pranjali_chandurkar_nmims_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=668cyp4s%2fwcmx8rj223bvjfwdvtryffzfpyarbrueha%3d&amp\;docid=1_1916b69db182644fead12e874cad930c4&amp\;wdformid=%7bcd4093b9%2ddfae%2d49f1%2dadde%2df32fbe93b271%7d&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200005197; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"swisscoat.com.cn",nocase; http_uri; content:"/index.html",nocase; classtype:attempted-recon; sid:200005198; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"synapse-project.com",nocase; http_uri; content:"/about-us/netflix/9001ca429212011f4a4fda6c778cc318/account",nocase; classtype:attempted-recon; sid:200005199; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"synapse-project.com",nocase; http_uri; content:"/about-us/netflix/9001ca429212011f4a4fda6c778cc318/account/",nocase; classtype:attempted-recon; sid:200005200; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"synmultiwallet.com",nocase; http_uri; content:"/public/dapp",nocase; classtype:attempted-recon; sid:200005201; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/6b3rxfp90m",nocase; classtype:attempted-recon; sid:200005202; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/8mptsau4zq?amp=1",nocase; classtype:attempted-recon; sid:200005203; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/9ooxxstzmb?amp=1?trackingid=ftiikjly&signature=newsletter",nocase; classtype:attempted-recon; sid:200005204; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/9ooxxstzmb?trackingid=lxr1lc3e&signature=newsletter",nocase; classtype:attempted-recon; sid:200005205; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/ef7oipwfto",nocase; classtype:attempted-recon; sid:200005206; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/fy2lasfqae?trackingid=agbl0dxn&signature=newsletter",nocase; classtype:attempted-recon; sid:200005207; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/fy2lasfqae?trackingid=dhrt9pxv&signature=newsletter",nocase; classtype:attempted-recon; sid:200005208; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/fy2lasfqae?trackingid=mhrdlxok&signature=newsletter",nocase; classtype:attempted-recon; sid:200005209; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/fy2lasfqae?trackingid=s5kqcb1o&signature=newsletter",nocase; classtype:attempted-recon; sid:200005210; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/ge6k1ctsmd?trackingid=3pc2vgmn&signature=newsletter",nocase; classtype:attempted-recon; sid:200005211; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/ge6k1ctsmd?trackingid=n13hzxpy&signature=newsletter",nocase; classtype:attempted-recon; sid:200005212; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/ge6k1ctsmd?trackingid=ocfgjhka&signature=newsletter",nocase; classtype:attempted-recon; sid:200005213; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/ge6k1ctsmd?trackingid=ohj6ctus&signature=newsletter",nocase; classtype:attempted-recon; sid:200005214; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/lkcd0mnequ",nocase; classtype:attempted-recon; sid:200005215; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/timonfvymu?trackingid=67yzc2bv&signature=newsletter",nocase; classtype:attempted-recon; sid:200005216; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/timonfvymu?trackingid=cybyidfp&signature=newsletter",nocase; classtype:attempted-recon; sid:200005217; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/zrd6j5rq4u?amp=1",nocase; classtype:attempted-recon; sid:200005218; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/zwuq6zjpdj",nocase; classtype:attempted-recon; sid:200005219; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tasteentertainment.com",nocase; http_uri; content:"/helton.law/outlook.office.com/",nocase; classtype:attempted-recon; sid:200005220; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tecsuport.com.br",nocase; http_uri; content:"/files/system32/procesosdeseguridadhb/170.51.165.16679791/agregar/telefono/contacto/logonoperacionservlet.html",nocase; classtype:attempted-recon; sid:200005221; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"telenorkandklimsupoort.blogspot.com",nocase; http_uri; content:"/2021/03/blog-post_48.html",nocase; classtype:attempted-recon; sid:200005222; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thedigirocket.com",nocase; http_uri; content:"/wp-content/plugins/form.htm",nocase; classtype:attempted-recon; sid:200005223; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thelibrarysamui.com",nocase; http_uri; content:"/wp-content/uploads/2021/11/1/1and1/index.php",nocase; classtype:attempted-recon; sid:200005224; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"themcsoft.com",nocase; http_uri; content:"/wp-track/parceverification9887id=291250485",nocase; classtype:attempted-recon; sid:200005225; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tiny.one",nocase; http_uri; content:"/ing587388",nocase; classtype:attempted-recon; sid:200005226; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tiny.one",nocase; http_uri; content:"/ing67454",nocase; classtype:attempted-recon; sid:200005227; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tiny.one",nocase; http_uri; content:"/reuswnzc",nocase; classtype:attempted-recon; sid:200005228; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/48rzxpne",nocase; classtype:attempted-recon; sid:200005229; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/4wcw6fcu",nocase; classtype:attempted-recon; sid:200005230; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/btinternet56",nocase; classtype:attempted-recon; sid:200005231; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/evyu688y",nocase; classtype:attempted-recon; sid:200005232; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/nycgovtgrant",nocase; classtype:attempted-recon; sid:200005233; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/uha4nvtf",nocase; classtype:attempted-recon; sid:200005234; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/y8mcrhhp",nocase; classtype:attempted-recon; sid:200005235; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/yxb48kqj",nocase; classtype:attempted-recon; sid:200005236; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/yxry9vf5",nocase; classtype:attempted-recon; sid:200005237; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/yyvm8qr5",nocase; classtype:attempted-recon; sid:200005238; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"topearnersafrica.com",nocase; http_uri; content:"/truist.com/",nocase; classtype:attempted-recon; sid:200005239; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tr.cloudmagic.com",nocase; http_uri; content:"/h/v6/link-track/1.0/1612678003989072-e5f6d8cc-499b-ea4f-85f1-8b23ad935661/1612677988/2f5895837f8d3f0a667c6b92ad41f652/8af273ac431e289838c8bf7c490185f3/3fe2530ffaa60580b73b9eec6af02f4d?redirect_uri=http://amazon.com",nocase; classtype:attempted-recon; sid:200005240; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tr.cloudmagic.com",nocase; http_uri; content:"/h/v6/link-track/1.0/1614590779401122-8e06125c-4b23-d643-3068-601cab9bec04/1614590763/2f5895837f8d3f0a667c6b92ad41f652/31367888a66bf6f98973a200c83075bb/3fe2530ffaa60580b73b9eec6af02f4d?redirect_uri=http://amazon.com",nocase; classtype:attempted-recon; sid:200005241; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"track.adform.net",nocase; http_uri; content:"/c/?bn=35405429\;cpdir=https://tmmny.csb.app/.wewrewew.ahr0chm6ly9pbnzlc3rpbmdpbmdvzc5vcmcvqvbjmjq3.yw1izxiuzml0dg9uqhnwyxjrlmnvlm56",nocase; classtype:attempted-recon; sid:200005242; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"transcash-fr-v.blogspot.com",nocase; http_uri; content:"/?m=1",nocase; classtype:attempted-recon; sid:200005243; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tribratanewsbondowoso.com",nocase; http_uri; content:"/webapp/tribratanews/public/js/hughesnet.com/index.php",nocase; classtype:attempted-recon; sid:200005244; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"u.to",nocase; http_uri; content:"/lsjpgw?verification-online-service",nocase; classtype:attempted-recon; sid:200005245; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"u.to",nocase; http_uri; content:"/unrpgg",nocase; classtype:attempted-recon; sid:200005246; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"u.to",nocase; http_uri; content:"/wsddga",nocase; classtype:attempted-recon; sid:200005247; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ucbonline.com",nocase; http_uri; content:"/pbi_pbi1151/login/remote/071108407/6",nocase; classtype:attempted-recon; sid:200005248; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"umconnectumt-my.sharepoint.com",nocase; http_uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=e%2f5p4lmr7oxtbuuzst9ihpacebtz%2bhbogl5i950bhau%3d&docid=1_151b39d9e7dd54cfba500875349d3beb6&wdformid=%7bda6fcad9%2d9684%2d43af%2db959%2de2fa774eaba6%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200005249; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"umconnectumt-my.sharepoint.com",nocase; http_uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=h2b5qkvlooc%2bfvhpo6qkbxdfdzwzpa7doqhaikfrj08%3d&docid=1_1cab74931edec4bf39e6f4768e7830a02&wdformid=%7b6a702647%2db560%2d40c5%2d8890%2d109ec5ad9bc5%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200005250; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"umconnectumt-my.sharepoint.com",nocase; http_uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=inau9tsjk5bvaoypx%2fgfkvgo0iz4rq47kvts4tkb8yq%3d&docid=1_19c7a48ea3a0448c78765a480857920f0&wdformid=%7bd8f70a7d%2d4204%2d4a87%2da88e%2dbad6b0e4129e%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200005251; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"umconnectumt-my.sharepoint.com",nocase; http_uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=inau9tsjk5bvaoypx/gfkvgo0iz4rq47kvts4tkb8yq=&amp\;docid=1_19c7a48ea3a0448c78765a480857920f0&amp\;wdformid={d8f70a7d-4204-4a87-a88e-bad6b0e4129e}&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200005252; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"umconnectumt-my.sharepoint.com",nocase; http_uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=uh9hjveaooebgqolme%2f5qft71pw2stg2ojiiqxebzce%3d&docid=1_11e28ca5d86c6416f926736ea3e8ad885&wdformid=%7b70256f91%2df178%2d4e5f%2d847a%2df748294a79c9%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200005253; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"umeacademy.com",nocase; http_uri; content:"/wine",nocase; classtype:attempted-recon; sid:200005254; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniga.ac.id",nocase; http_uri; content:"/wptracking/tracking2/tracking/tracking.php",nocase; classtype:attempted-recon; sid:200005255; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"url.gratis",nocase; http_uri; content:"/0lxgmv",nocase; classtype:attempted-recon; sid:200005256; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"users.tpg.com.au",nocase; http_uri; content:"/kcornwall/email-verification/notice/account_login/login.html#accounting@utu.fi",nocase; classtype:attempted-recon; sid:200005257; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"v.ht",nocase; http_uri; content:"/1pxak",nocase; classtype:attempted-recon; sid:200005258; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"v.ht",nocase; http_uri; content:"/yogs",nocase; classtype:attempted-recon; sid:200005259; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vaiddzed.cc",nocase; http_uri; content:"/rd/c56498tvifh29711728hupj8172asy17489blob7311",nocase; classtype:attempted-recon; sid:200005260; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"velvet.by",nocase; http_uri; content:"/drupal-7.56/scripts/bp",nocase; classtype:attempted-recon; sid:200005261; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"velvet.by",nocase; http_uri; content:"/drupal-7.56/scripts/bp/",nocase; classtype:attempted-recon; sid:200005262; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"veredesafs.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200005263; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vetrfedsonte.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200005264; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"viamobte.blogspot.com",nocase; http_uri; content:"/2021/03/blog-post.html",nocase; classtype:attempted-recon; sid:200005265; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"view.genial.ly",nocase; http_uri; content:"/61e168ca67f4550de805d006/interactive-content-secured-document",nocase; classtype:attempted-recon; sid:200005266; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"view.genial.ly",nocase; http_uri; content:"/61e168ca67f4550de805d006/interactive-content-untitled-genially",nocase; classtype:attempted-recon; sid:200005267; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vivaterouna.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200005268; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?cc_key=&amp\;post=%7brandom_number_5%7d_1&amp\;to=http://18.118.206.123/index.php?key=%7brandom_letternumberuplow_5%7d,email=%7bemail%7d",nocase; classtype:attempted-recon; sid:200005269; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=1qg10",nocase; classtype:attempted-recon; sid:200005270; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=3efeh",nocase; classtype:attempted-recon; sid:200005271; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=cylqz",nocase; classtype:attempted-recon; sid:200005272; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=dmyfj",nocase; classtype:attempted-recon; sid:200005273; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=dvexh",nocase; classtype:attempted-recon; sid:200005274; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=fhqja",nocase; classtype:attempted-recon; sid:200005275; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=g9dzz",nocase; classtype:attempted-recon; sid:200005276; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=qq74g",nocase; classtype:attempted-recon; sid:200005277; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=v0de0,email=kflove23@icloud.com&post=11981_1&cc_key",nocase; classtype:attempted-recon; sid:200005278; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=zzbtj",nocase; classtype:attempted-recon; sid:200005279; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=ccugr",nocase; classtype:attempted-recon; sid:200005280; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=mb1wu",nocase; classtype:attempted-recon; sid:200005281; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=meixj",nocase; classtype:attempted-recon; sid:200005282; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=toboe",nocase; classtype:attempted-recon; sid:200005283; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=tyzud",nocase; classtype:attempted-recon; sid:200005284; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=u7tfm,email=resurgita@icloud.com&post=35252_1&cc_key",nocase; classtype:attempted-recon; sid:200005285; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=v5t6m,email=robertgoby@icloud.com&post=24927_1&cc_key",nocase; classtype:attempted-recon; sid:200005286; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=vgy1e",nocase; classtype:attempted-recon; sid:200005287; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=znbui",nocase; classtype:attempted-recon; sid:200005288; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2fhumanity06.com%2fwp-content%2fthemes%2fapi.html",nocase; classtype:attempted-recon; sid:200005289; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2frois-zkxzx.run.goorm.io/safe-browser/",nocase; classtype:attempted-recon; sid:200005290; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2fwww.allovisite.com%2fwp-content%2fplugins%2fapi.html",nocase; classtype:attempted-recon; sid:200005291; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2fwww.allovisite.com%2fwp-content%2fplugins%2fapi.html&post=693378694_2&cc_key",nocase; classtype:attempted-recon; sid:200005292; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https%3a%2f%2fmsq-health.com%2fimages%2fonehealth%2fsound%2faudio&post=696668869_2&cc_key=/odmibxru/tsiqjhleqcj",nocase; classtype:attempted-recon; sid:200005293; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https%3a%2f%2fsapphireinternationalschool.com%2falbum%2fimages%2fsound%2faudio&post=690576696_17&cc_key=/lhgesiqipz/ksbqekez2fa",nocase; classtype:attempted-recon; sid:200005294; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://api.safebrowser-antidrop.com/ai.html?key=ppsyk",nocase; classtype:attempted-recon; sid:200005295; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://arroketainsificansion.com/r/cairdiembos",nocase; classtype:attempted-recon; sid:200005296; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://drmustafaalagamy.com/css/rajahutandil2",nocase; classtype:attempted-recon; sid:200005297; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://laprospergroup.com/wp-admin/assets/?key=8oyrd,email={email}",nocase; classtype:attempted-recon; sid:200005298; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://rendelparis.com/wp-admin/assets?key=isvbt,email={email}",nocase; classtype:attempted-recon; sid:200005299; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://sahara-distribution.com/wp-admin/dir",nocase; classtype:attempted-recon; sid:200005300; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://www.marmum.ae/css/?key=ibxa",nocase; classtype:attempted-recon; sid:200005301; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://www.marmum.ae/css/?key=ksor",nocase; classtype:attempted-recon; sid:200005302; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://www.marmum.ae/css/?key=lzqm",nocase; classtype:attempted-recon; sid:200005303; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://www.marmum.ae/css/?key=yihv",nocase; classtype:attempted-recon; sid:200005304; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://www.newlifenursery.com/assets/rdt.html?key=lwhi1",nocase; classtype:attempted-recon; sid:200005305; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallieget.com",nocase; http_uri; content:"/8jdu/sb6/index.php?_",nocase; classtype:attempted-recon; sid:200005306; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallieget.com",nocase; http_uri; content:"/8jdu/sb6/index.php?_&amp\;_",nocase; classtype:attempted-recon; sid:200005307; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallieget.com",nocase; http_uri; content:"/8jdu/sb6/index.php?_&amp\;_&amp\;_",nocase; classtype:attempted-recon; sid:200005308; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"warriorplus.com",nocase; http_uri; content:"/o2/a/f5s4y/0",nocase; classtype:attempted-recon; sid:200005309; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webmail.serviceunit.co.uk",nocase; http_uri; content:"/upgrade/",nocase; classtype:attempted-recon; sid:200005310; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webuyworkshopequipment.com",nocase; http_uri; content:"/wp-content/themes/sketch/js/sf_trash/c45b222914e3c78d",nocase; classtype:attempted-recon; sid:200005311; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webuyworkshopequipment.com",nocase; http_uri; content:"/wp-content/themes/sketch/js/sf_trash/c45b222914e3c78d/",nocase; classtype:attempted-recon; sid:200005312; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"whitmansasphalt.com",nocase; http_uri; content:"/secure/wells",nocase; classtype:attempted-recon; sid:200005313; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"whitmansasphalt.com",nocase; http_uri; content:"/secure/wells/",nocase; classtype:attempted-recon; sid:200005314; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"withkoji.com",nocase; http_uri; content:"/@bt_home",nocase; classtype:attempted-recon; sid:200005315; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"withkoji.com",nocase; http_uri; content:"/@bt_internet",nocase; classtype:attempted-recon; sid:200005316; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"withkoji.com",nocase; http_uri; content:"/@bt_service_alert.",nocase; classtype:attempted-recon; sid:200005317; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"withkoji.com",nocase; http_uri; content:"/@bt_teem",nocase; classtype:attempted-recon; sid:200005318; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"withkoji.com",nocase; http_uri; content:"/@bt_update",nocase; classtype:attempted-recon; sid:200005319; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"withkoji.com",nocase; http_uri; content:"/@bt_upgrade",nocase; classtype:attempted-recon; sid:200005320; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"withkoji.com",nocase; http_uri; content:"/@btinternet",nocase; classtype:attempted-recon; sid:200005321; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wvk12-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/pklewis_k12_wv_us/_layouts/15/wopiframe.aspx?guestaccesstoken=tqintdtuii%2bam%2fbqmtnjkenggs2dptoi8hs2jqftjkq%3d&docid=1_1446052cffa4c4871bd24bb98fe86ed6d&wdformid=%7bdf30d25d%2d0b59%2d47e5%2d956e%2dc601397ea4d7%7d&action=formsubmit&cid=57cdb8ab-426b-4eff-a51f-903ee3684f96",nocase; classtype:attempted-recon; sid:200005322; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wvk12-my.sharepoint.com",nocase; http_uri; content:"/personal/pklewis_k12_wv_us/_layouts/15/wopiframe.aspx?guestaccesstoken=tqintdtuii%2bam%2fbqmtnjkenggs2dptoi8hs2jqftjkq%3d&docid=1_1446052cffa4c4871bd24bb98fe86ed6d&wdformid=%7bdf30d25d%2d0b59%2d47e5%2d956e%2dc601397ea4d7%7d&action=formsubmit&cid=57cdb8ab-426b-4eff-a51f-903ee3684f96",nocase; classtype:attempted-recon; sid:200005323; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xip.li",nocase; http_uri; content:"/oih3b8",nocase; classtype:attempted-recon; sid:200005324; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"znbint.com",nocase; http_uri; content:"/fire/dhl/load.php?0=aw5mb0btzxrhbg9naxmuy29t&amp\;guce_referrer=ahr0chm6ly9sb2dpbi55ywhvby5jb20v&amp\;guce_referrer_sig=aqaaaba99nmgr9inqoyu5mi3asjqfyjcpatd_a8modgjxpnxynmo8n5zxdi8ezv7gfypzosc_rpmz0hyfdck0olmxnmb6tpfznd5enc",nocase; classtype:attempted-recon; sid:200005325; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zpr.io",nocase; http_uri; content:"/kms8u47zlxwk",nocase; classtype:attempted-recon; sid:200005326; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zpr.io",nocase; http_uri; content:"/mxvzwlcdizyq",nocase; classtype:attempted-recon; sid:200005327; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zpr.io",nocase; http_uri; content:"/nckeqquhrpuf",nocase; classtype:attempted-recon; sid:200005328; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa186.web.app",nocase; classtype:attempted-recon; sid:200000917; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa187.web.app",nocase; classtype:attempted-recon; sid:200000918; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa188.web.app",nocase; classtype:attempted-recon; sid:200000919; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa189.web.app",nocase; classtype:attempted-recon; sid:200000920; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa19.web.app",nocase; classtype:attempted-recon; sid:200000921; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa191.web.app",nocase; classtype:attempted-recon; sid:200000922; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa193.web.app",nocase; classtype:attempted-recon; sid:200000923; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa194.web.app",nocase; classtype:attempted-recon; sid:200000924; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa195.web.app",nocase; classtype:attempted-recon; sid:200000925; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa198.web.app",nocase; classtype:attempted-recon; sid:200000926; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa20.web.app",nocase; classtype:attempted-recon; sid:200000927; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa201.web.app",nocase; classtype:attempted-recon; sid:200000928; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa202.web.app",nocase; classtype:attempted-recon; sid:200000929; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa204.web.app",nocase; classtype:attempted-recon; sid:200000930; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa205.web.app",nocase; classtype:attempted-recon; sid:200000931; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa206.web.app",nocase; classtype:attempted-recon; sid:200000932; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa208.web.app",nocase; classtype:attempted-recon; sid:200000933; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa209.web.app",nocase; classtype:attempted-recon; sid:200000934; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa21.web.app",nocase; classtype:attempted-recon; sid:200000935; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa211.web.app",nocase; classtype:attempted-recon; sid:200000936; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa212.web.app",nocase; classtype:attempted-recon; sid:200000937; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa213.web.app",nocase; classtype:attempted-recon; sid:200000938; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa214.web.app",nocase; classtype:attempted-recon; sid:200000939; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa215.web.app",nocase; classtype:attempted-recon; sid:200000940; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa216.web.app",nocase; classtype:attempted-recon; sid:200000941; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa217.web.app",nocase; classtype:attempted-recon; sid:200000942; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa218.web.app",nocase; classtype:attempted-recon; sid:200000943; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa219.web.app",nocase; classtype:attempted-recon; sid:200000944; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa220.web.app",nocase; classtype:attempted-recon; sid:200000945; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa221.web.app",nocase; classtype:attempted-recon; sid:200000946; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa222.web.app",nocase; classtype:attempted-recon; sid:200000947; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa223.web.app",nocase; classtype:attempted-recon; sid:200000948; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa225.web.app",nocase; classtype:attempted-recon; sid:200000949; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa226.web.app",nocase; classtype:attempted-recon; sid:200000950; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa227.web.app",nocase; classtype:attempted-recon; sid:200000951; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa228.web.app",nocase; classtype:attempted-recon; sid:200000952; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa229.web.app",nocase; classtype:attempted-recon; sid:200000953; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa230.web.app",nocase; classtype:attempted-recon; sid:200000954; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa231.web.app",nocase; classtype:attempted-recon; sid:200000955; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa232.web.app",nocase; classtype:attempted-recon; sid:200000956; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa233.web.app",nocase; classtype:attempted-recon; sid:200000957; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa234.web.app",nocase; classtype:attempted-recon; sid:200000958; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa235.web.app",nocase; classtype:attempted-recon; sid:200000959; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa237.web.app",nocase; classtype:attempted-recon; sid:200000960; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa239.web.app",nocase; classtype:attempted-recon; sid:200000961; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa240.web.app",nocase; classtype:attempted-recon; sid:200000962; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa241.web.app",nocase; classtype:attempted-recon; sid:200000963; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa242.web.app",nocase; classtype:attempted-recon; sid:200000964; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa244.web.app",nocase; classtype:attempted-recon; sid:200000965; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa245.web.app",nocase; classtype:attempted-recon; sid:200000966; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa246.web.app",nocase; classtype:attempted-recon; sid:200000967; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa247.web.app",nocase; classtype:attempted-recon; sid:200000968; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa248.web.app",nocase; classtype:attempted-recon; sid:200000969; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa249.web.app",nocase; classtype:attempted-recon; sid:200000970; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa25.web.app",nocase; classtype:attempted-recon; sid:200000971; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa251.web.app",nocase; classtype:attempted-recon; sid:200000972; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa252.web.app",nocase; classtype:attempted-recon; sid:200000973; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa253.web.app",nocase; classtype:attempted-recon; sid:200000974; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa256.web.app",nocase; classtype:attempted-recon; sid:200000975; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa257.web.app",nocase; classtype:attempted-recon; sid:200000976; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa258.web.app",nocase; classtype:attempted-recon; sid:200000977; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa260.web.app",nocase; classtype:attempted-recon; sid:200000978; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa263.web.app",nocase; classtype:attempted-recon; sid:200000979; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa264.web.app",nocase; classtype:attempted-recon; sid:200000980; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa265.web.app",nocase; classtype:attempted-recon; sid:200000981; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa266.web.app",nocase; classtype:attempted-recon; sid:200000982; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa267.web.app",nocase; classtype:attempted-recon; sid:200000983; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa269.web.app",nocase; classtype:attempted-recon; sid:200000984; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa270.web.app",nocase; classtype:attempted-recon; sid:200000985; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa273.web.app",nocase; classtype:attempted-recon; sid:200000986; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa274.web.app",nocase; classtype:attempted-recon; sid:200000987; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa276.web.app",nocase; classtype:attempted-recon; sid:200000988; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa278.web.app",nocase; classtype:attempted-recon; sid:200000989; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa279.web.app",nocase; classtype:attempted-recon; sid:200000990; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa280.web.app",nocase; classtype:attempted-recon; sid:200000991; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa281.web.app",nocase; classtype:attempted-recon; sid:200000992; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa282.web.app",nocase; classtype:attempted-recon; sid:200000993; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa283.web.app",nocase; classtype:attempted-recon; sid:200000994; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa284.web.app",nocase; classtype:attempted-recon; sid:200000995; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa285.web.app",nocase; classtype:attempted-recon; sid:200000996; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa287.web.app",nocase; classtype:attempted-recon; sid:200000997; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa29.web.app",nocase; classtype:attempted-recon; sid:200000998; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa290.web.app",nocase; classtype:attempted-recon; sid:200000999; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa292.web.app",nocase; classtype:attempted-recon; sid:200001000; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa293.web.app",nocase; classtype:attempted-recon; sid:200001001; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa294.web.app",nocase; classtype:attempted-recon; sid:200001002; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa295.web.app",nocase; classtype:attempted-recon; sid:200001003; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa296.web.app",nocase; classtype:attempted-recon; sid:200001004; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa297.web.app",nocase; classtype:attempted-recon; sid:200001005; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa299.web.app",nocase; classtype:attempted-recon; sid:200001006; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa300.web.app",nocase; classtype:attempted-recon; sid:200001007; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa301.web.app",nocase; classtype:attempted-recon; sid:200001008; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa302.web.app",nocase; classtype:attempted-recon; sid:200001009; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa303.web.app",nocase; classtype:attempted-recon; sid:200001010; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa304.web.app",nocase; classtype:attempted-recon; sid:200001011; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa305.web.app",nocase; classtype:attempted-recon; sid:200001012; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa307.web.app",nocase; classtype:attempted-recon; sid:200001013; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa308.web.app",nocase; classtype:attempted-recon; sid:200001014; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa310.web.app",nocase; classtype:attempted-recon; sid:200001015; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa311.web.app",nocase; classtype:attempted-recon; sid:200001016; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa312.web.app",nocase; classtype:attempted-recon; sid:200001017; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa313.web.app",nocase; classtype:attempted-recon; sid:200001018; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa315.web.app",nocase; classtype:attempted-recon; sid:200001019; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa318.web.app",nocase; classtype:attempted-recon; sid:200001020; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa319.web.app",nocase; classtype:attempted-recon; sid:200001021; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa32.web.app",nocase; classtype:attempted-recon; sid:200001022; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa320.web.app",nocase; classtype:attempted-recon; sid:200001023; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa321.web.app",nocase; classtype:attempted-recon; sid:200001024; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa322.web.app",nocase; classtype:attempted-recon; sid:200001025; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa323.web.app",nocase; classtype:attempted-recon; sid:200001026; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa325.web.app",nocase; classtype:attempted-recon; sid:200001027; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa326.web.app",nocase; classtype:attempted-recon; sid:200001028; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa327.web.app",nocase; classtype:attempted-recon; sid:200001029; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa328.web.app",nocase; classtype:attempted-recon; sid:200001030; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa329.web.app",nocase; classtype:attempted-recon; sid:200001031; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa330.web.app",nocase; classtype:attempted-recon; sid:200001032; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa331.web.app",nocase; classtype:attempted-recon; sid:200001033; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa332.web.app",nocase; classtype:attempted-recon; sid:200001034; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa333.web.app",nocase; classtype:attempted-recon; sid:200001035; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa334.web.app",nocase; classtype:attempted-recon; sid:200001036; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa335.web.app",nocase; classtype:attempted-recon; sid:200001037; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa336.web.app",nocase; classtype:attempted-recon; sid:200001038; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa337.web.app",nocase; classtype:attempted-recon; sid:200001039; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa338.web.app",nocase; classtype:attempted-recon; sid:200001040; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa339.web.app",nocase; classtype:attempted-recon; sid:200001041; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa340.web.app",nocase; classtype:attempted-recon; sid:200001042; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa341.web.app",nocase; classtype:attempted-recon; sid:200001043; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa342.web.app",nocase; classtype:attempted-recon; sid:200001044; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa343.web.app",nocase; classtype:attempted-recon; sid:200001045; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa344.web.app",nocase; classtype:attempted-recon; sid:200001046; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa346.web.app",nocase; classtype:attempted-recon; sid:200001047; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa347.web.app",nocase; classtype:attempted-recon; sid:200001048; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa348.web.app",nocase; classtype:attempted-recon; sid:200001049; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa350.web.app",nocase; classtype:attempted-recon; sid:200001050; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa351.web.app",nocase; classtype:attempted-recon; sid:200001051; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa352.web.app",nocase; classtype:attempted-recon; sid:200001052; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa353.web.app",nocase; classtype:attempted-recon; sid:200001053; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa354.web.app",nocase; classtype:attempted-recon; sid:200001054; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa355.web.app",nocase; classtype:attempted-recon; sid:200001055; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa356.web.app",nocase; classtype:attempted-recon; sid:200001056; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa357.web.app",nocase; classtype:attempted-recon; sid:200001057; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa358.web.app",nocase; classtype:attempted-recon; sid:200001058; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa359.web.app",nocase; classtype:attempted-recon; sid:200001059; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa36.web.app",nocase; classtype:attempted-recon; sid:200001060; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa360.web.app",nocase; classtype:attempted-recon; sid:200001061; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa361.web.app",nocase; classtype:attempted-recon; sid:200001062; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa363.web.app",nocase; classtype:attempted-recon; sid:200001063; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa364.web.app",nocase; classtype:attempted-recon; sid:200001064; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa365.web.app",nocase; classtype:attempted-recon; sid:200001065; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa367.web.app",nocase; classtype:attempted-recon; sid:200001066; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa368.web.app",nocase; classtype:attempted-recon; sid:200001067; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa369.web.app",nocase; classtype:attempted-recon; sid:200001068; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa37.web.app",nocase; classtype:attempted-recon; sid:200001069; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa370.web.app",nocase; classtype:attempted-recon; sid:200001070; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa371.web.app",nocase; classtype:attempted-recon; sid:200001071; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa372.web.app",nocase; classtype:attempted-recon; sid:200001072; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa374.web.app",nocase; classtype:attempted-recon; sid:200001073; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa375.web.app",nocase; classtype:attempted-recon; sid:200001074; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa376.web.app",nocase; classtype:attempted-recon; sid:200001075; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa377.web.app",nocase; classtype:attempted-recon; sid:200001076; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa378.web.app",nocase; classtype:attempted-recon; sid:200001077; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa379.web.app",nocase; classtype:attempted-recon; sid:200001078; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa38.web.app",nocase; classtype:attempted-recon; sid:200001079; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa380.web.app",nocase; classtype:attempted-recon; sid:200001080; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa381.web.app",nocase; classtype:attempted-recon; sid:200001081; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa382.web.app",nocase; classtype:attempted-recon; sid:200001082; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa383.web.app",nocase; classtype:attempted-recon; sid:200001083; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa384.web.app",nocase; classtype:attempted-recon; sid:200001084; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa385.web.app",nocase; classtype:attempted-recon; sid:200001085; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa386.web.app",nocase; classtype:attempted-recon; sid:200001086; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa387.web.app",nocase; classtype:attempted-recon; sid:200001087; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa390.web.app",nocase; classtype:attempted-recon; sid:200001088; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa392.web.app",nocase; classtype:attempted-recon; sid:200001089; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa393.web.app",nocase; classtype:attempted-recon; sid:200001090; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa394.web.app",nocase; classtype:attempted-recon; sid:200001091; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa395.web.app",nocase; classtype:attempted-recon; sid:200001092; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa396.web.app",nocase; classtype:attempted-recon; sid:200001093; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa397.web.app",nocase; classtype:attempted-recon; sid:200001094; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa398.web.app",nocase; classtype:attempted-recon; sid:200001095; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa40.web.app",nocase; classtype:attempted-recon; sid:200001096; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa400.web.app",nocase; classtype:attempted-recon; sid:200001097; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa401.web.app",nocase; classtype:attempted-recon; sid:200001098; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa403.web.app",nocase; classtype:attempted-recon; sid:200001099; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa405.web.app",nocase; classtype:attempted-recon; sid:200001100; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa407.web.app",nocase; classtype:attempted-recon; sid:200001101; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa408.web.app",nocase; classtype:attempted-recon; sid:200001102; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa409.web.app",nocase; classtype:attempted-recon; sid:200001103; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa41.web.app",nocase; classtype:attempted-recon; sid:200001104; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa410.web.app",nocase; classtype:attempted-recon; sid:200001105; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa411.web.app",nocase; classtype:attempted-recon; sid:200001106; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa412.web.app",nocase; classtype:attempted-recon; sid:200001107; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa413.web.app",nocase; classtype:attempted-recon; sid:200001108; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa414.web.app",nocase; classtype:attempted-recon; sid:200001109; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa415.web.app",nocase; classtype:attempted-recon; sid:200001110; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa417.web.app",nocase; classtype:attempted-recon; sid:200001111; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa418.web.app",nocase; classtype:attempted-recon; sid:200001112; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa419.web.app",nocase; classtype:attempted-recon; sid:200001113; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa42.web.app",nocase; classtype:attempted-recon; sid:200001114; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa420.web.app",nocase; classtype:attempted-recon; sid:200001115; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa421.web.app",nocase; classtype:attempted-recon; sid:200001116; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa422.web.app",nocase; classtype:attempted-recon; sid:200001117; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa423.web.app",nocase; classtype:attempted-recon; sid:200001118; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa424.web.app",nocase; classtype:attempted-recon; sid:200001119; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa425.web.app",nocase; classtype:attempted-recon; sid:200001120; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa426.web.app",nocase; classtype:attempted-recon; sid:200001121; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa427.web.app",nocase; classtype:attempted-recon; sid:200001122; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa429.web.app",nocase; classtype:attempted-recon; sid:200001123; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa43.web.app",nocase; classtype:attempted-recon; sid:200001124; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa430.web.app",nocase; classtype:attempted-recon; sid:200001125; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa431.web.app",nocase; classtype:attempted-recon; sid:200001126; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa433.web.app",nocase; classtype:attempted-recon; sid:200001127; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa434.web.app",nocase; classtype:attempted-recon; sid:200001128; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa435.web.app",nocase; classtype:attempted-recon; sid:200001129; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa436.web.app",nocase; classtype:attempted-recon; sid:200001130; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa437.web.app",nocase; classtype:attempted-recon; sid:200001131; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa438.web.app",nocase; classtype:attempted-recon; sid:200001132; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa439.web.app",nocase; classtype:attempted-recon; sid:200001133; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa44.web.app",nocase; classtype:attempted-recon; sid:200001134; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa440.web.app",nocase; classtype:attempted-recon; sid:200001135; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa442.web.app",nocase; classtype:attempted-recon; sid:200001136; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa443.web.app",nocase; classtype:attempted-recon; sid:200001137; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa444.web.app",nocase; classtype:attempted-recon; sid:200001138; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa445.web.app",nocase; classtype:attempted-recon; sid:200001139; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa446.web.app",nocase; classtype:attempted-recon; sid:200001140; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa447.web.app",nocase; classtype:attempted-recon; sid:200001141; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa449.web.app",nocase; classtype:attempted-recon; sid:200001142; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa450.web.app",nocase; classtype:attempted-recon; sid:200001143; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa451.web.app",nocase; classtype:attempted-recon; sid:200001144; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa452.web.app",nocase; classtype:attempted-recon; sid:200001145; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa453.web.app",nocase; classtype:attempted-recon; sid:200001146; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa455.web.app",nocase; classtype:attempted-recon; sid:200001147; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa456.web.app",nocase; classtype:attempted-recon; sid:200001148; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa459.web.app",nocase; classtype:attempted-recon; sid:200001149; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa46.web.app",nocase; classtype:attempted-recon; sid:200001150; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa460.web.app",nocase; classtype:attempted-recon; sid:200001151; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa462.web.app",nocase; classtype:attempted-recon; sid:200001152; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa463.web.app",nocase; classtype:attempted-recon; sid:200001153; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa464.web.app",nocase; classtype:attempted-recon; sid:200001154; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa465.web.app",nocase; classtype:attempted-recon; sid:200001155; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa466.web.app",nocase; classtype:attempted-recon; sid:200001156; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa469.web.app",nocase; classtype:attempted-recon; sid:200001157; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa47.web.app",nocase; classtype:attempted-recon; sid:200001158; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa470.web.app",nocase; classtype:attempted-recon; sid:200001159; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa471.web.app",nocase; classtype:attempted-recon; sid:200001160; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa472.web.app",nocase; classtype:attempted-recon; sid:200001161; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa473.web.app",nocase; classtype:attempted-recon; sid:200001162; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa474.web.app",nocase; classtype:attempted-recon; sid:200001163; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa475.web.app",nocase; classtype:attempted-recon; sid:200001164; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa476.web.app",nocase; classtype:attempted-recon; sid:200001165; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa477.web.app",nocase; classtype:attempted-recon; sid:200001166; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa479.web.app",nocase; classtype:attempted-recon; sid:200001167; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa480.web.app",nocase; classtype:attempted-recon; sid:200001168; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa481.web.app",nocase; classtype:attempted-recon; sid:200001169; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa483.web.app",nocase; classtype:attempted-recon; sid:200001170; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa484.web.app",nocase; classtype:attempted-recon; sid:200001171; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa485.web.app",nocase; classtype:attempted-recon; sid:200001172; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa486.web.app",nocase; classtype:attempted-recon; sid:200001173; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa487.web.app",nocase; classtype:attempted-recon; sid:200001174; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa49.web.app",nocase; classtype:attempted-recon; sid:200001175; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa490.web.app",nocase; classtype:attempted-recon; sid:200001176; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa491.web.app",nocase; classtype:attempted-recon; sid:200001177; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa492.web.app",nocase; classtype:attempted-recon; sid:200001178; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa493.web.app",nocase; classtype:attempted-recon; sid:200001179; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa494.web.app",nocase; classtype:attempted-recon; sid:200001180; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa495.web.app",nocase; classtype:attempted-recon; sid:200001181; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa496.web.app",nocase; classtype:attempted-recon; sid:200001182; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa497.web.app",nocase; classtype:attempted-recon; sid:200001183; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa498.web.app",nocase; classtype:attempted-recon; sid:200001184; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa50.web.app",nocase; classtype:attempted-recon; sid:200001185; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa500.web.app",nocase; classtype:attempted-recon; sid:200001186; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa502.web.app",nocase; classtype:attempted-recon; sid:200001187; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa506.web.app",nocase; classtype:attempted-recon; sid:200001188; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa507.web.app",nocase; classtype:attempted-recon; sid:200001189; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa508.web.app",nocase; classtype:attempted-recon; sid:200001190; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa509.web.app",nocase; classtype:attempted-recon; sid:200001191; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa51.web.app",nocase; classtype:attempted-recon; sid:200001192; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa511.web.app",nocase; classtype:attempted-recon; sid:200001193; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa514.web.app",nocase; classtype:attempted-recon; sid:200001194; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa515.web.app",nocase; classtype:attempted-recon; sid:200001195; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa516.web.app",nocase; classtype:attempted-recon; sid:200001196; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa517.web.app",nocase; classtype:attempted-recon; sid:200001197; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa518.web.app",nocase; classtype:attempted-recon; sid:200001198; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa519.web.app",nocase; classtype:attempted-recon; sid:200001199; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa52.web.app",nocase; classtype:attempted-recon; sid:200001200; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa520.web.app",nocase; classtype:attempted-recon; sid:200001201; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa522.web.app",nocase; classtype:attempted-recon; sid:200001202; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa523.web.app",nocase; classtype:attempted-recon; sid:200001203; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa525.web.app",nocase; classtype:attempted-recon; sid:200001204; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa526.web.app",nocase; classtype:attempted-recon; sid:200001205; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa527.web.app",nocase; classtype:attempted-recon; sid:200001206; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa528.web.app",nocase; classtype:attempted-recon; sid:200001207; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa529.web.app",nocase; classtype:attempted-recon; sid:200001208; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa53.web.app",nocase; classtype:attempted-recon; sid:200001209; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa530.web.app",nocase; classtype:attempted-recon; sid:200001210; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa531.web.app",nocase; classtype:attempted-recon; sid:200001211; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa532.web.app",nocase; classtype:attempted-recon; sid:200001212; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa533.web.app",nocase; classtype:attempted-recon; sid:200001213; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa536.web.app",nocase; classtype:attempted-recon; sid:200001214; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa537.web.app",nocase; classtype:attempted-recon; sid:200001215; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa538.web.app",nocase; classtype:attempted-recon; sid:200001216; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa539.web.app",nocase; classtype:attempted-recon; sid:200001217; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa54.web.app",nocase; classtype:attempted-recon; sid:200001218; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa541.web.app",nocase; classtype:attempted-recon; sid:200001219; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa542.web.app",nocase; classtype:attempted-recon; sid:200001220; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa543.web.app",nocase; classtype:attempted-recon; sid:200001221; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa545.web.app",nocase; classtype:attempted-recon; sid:200001222; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa546.web.app",nocase; classtype:attempted-recon; sid:200001223; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa547.web.app",nocase; classtype:attempted-recon; sid:200001224; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa549.web.app",nocase; classtype:attempted-recon; sid:200001225; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa550.web.app",nocase; classtype:attempted-recon; sid:200001226; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa551.web.app",nocase; classtype:attempted-recon; sid:200001227; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa553.web.app",nocase; classtype:attempted-recon; sid:200001228; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa555.web.app",nocase; classtype:attempted-recon; sid:200001229; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa556.web.app",nocase; classtype:attempted-recon; sid:200001230; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa557.web.app",nocase; classtype:attempted-recon; sid:200001231; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa558.web.app",nocase; classtype:attempted-recon; sid:200001232; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa559.web.app",nocase; classtype:attempted-recon; sid:200001233; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa56.web.app",nocase; classtype:attempted-recon; sid:200001234; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa560.web.app",nocase; classtype:attempted-recon; sid:200001235; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa561.web.app",nocase; classtype:attempted-recon; sid:200001236; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa562.web.app",nocase; classtype:attempted-recon; sid:200001237; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa564.web.app",nocase; classtype:attempted-recon; sid:200001238; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa566.web.app",nocase; classtype:attempted-recon; sid:200001239; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa567.web.app",nocase; classtype:attempted-recon; sid:200001240; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa568.web.app",nocase; classtype:attempted-recon; sid:200001241; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa569.web.app",nocase; classtype:attempted-recon; sid:200001242; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa57.web.app",nocase; classtype:attempted-recon; sid:200001243; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa570.web.app",nocase; classtype:attempted-recon; sid:200001244; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa571.web.app",nocase; classtype:attempted-recon; sid:200001245; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa572.web.app",nocase; classtype:attempted-recon; sid:200001246; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa574.web.app",nocase; classtype:attempted-recon; sid:200001247; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa575.web.app",nocase; classtype:attempted-recon; sid:200001248; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa576.web.app",nocase; classtype:attempted-recon; sid:200001249; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa577.web.app",nocase; classtype:attempted-recon; sid:200001250; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa578.web.app",nocase; classtype:attempted-recon; sid:200001251; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa579.web.app",nocase; classtype:attempted-recon; sid:200001252; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa581.web.app",nocase; classtype:attempted-recon; sid:200001253; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa582.web.app",nocase; classtype:attempted-recon; sid:200001254; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa583.web.app",nocase; classtype:attempted-recon; sid:200001255; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa586.web.app",nocase; classtype:attempted-recon; sid:200001256; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa587.web.app",nocase; classtype:attempted-recon; sid:200001257; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa588.web.app",nocase; classtype:attempted-recon; sid:200001258; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa589.web.app",nocase; classtype:attempted-recon; sid:200001259; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa59.web.app",nocase; classtype:attempted-recon; sid:200001260; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa592.web.app",nocase; classtype:attempted-recon; sid:200001261; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa593.web.app",nocase; classtype:attempted-recon; sid:200001262; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa597.web.app",nocase; classtype:attempted-recon; sid:200001263; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa598.web.app",nocase; classtype:attempted-recon; sid:200001264; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa60.web.app",nocase; classtype:attempted-recon; sid:200001265; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa600.web.app",nocase; classtype:attempted-recon; sid:200001266; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa601.web.app",nocase; classtype:attempted-recon; sid:200001267; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa602.web.app",nocase; classtype:attempted-recon; sid:200001268; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa603.web.app",nocase; classtype:attempted-recon; sid:200001269; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa604.web.app",nocase; classtype:attempted-recon; sid:200001270; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa605.web.app",nocase; classtype:attempted-recon; sid:200001271; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa607.web.app",nocase; classtype:attempted-recon; sid:200001272; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa608.web.app",nocase; classtype:attempted-recon; sid:200001273; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa609.web.app",nocase; classtype:attempted-recon; sid:200001274; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa610.web.app",nocase; classtype:attempted-recon; sid:200001275; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa612.web.app",nocase; classtype:attempted-recon; sid:200001276; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa613.web.app",nocase; classtype:attempted-recon; sid:200001277; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa614.web.app",nocase; classtype:attempted-recon; sid:200001278; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa618.web.app",nocase; classtype:attempted-recon; sid:200001279; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa619.web.app",nocase; classtype:attempted-recon; sid:200001280; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa62.web.app",nocase; classtype:attempted-recon; sid:200001281; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa620.web.app",nocase; classtype:attempted-recon; sid:200001282; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa621.web.app",nocase; classtype:attempted-recon; sid:200001283; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa623.web.app",nocase; classtype:attempted-recon; sid:200001284; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa624.web.app",nocase; classtype:attempted-recon; sid:200001285; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa625.web.app",nocase; classtype:attempted-recon; sid:200001286; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa626.web.app",nocase; classtype:attempted-recon; sid:200001287; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa627.web.app",nocase; classtype:attempted-recon; sid:200001288; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa628.web.app",nocase; classtype:attempted-recon; sid:200001289; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa629.web.app",nocase; classtype:attempted-recon; sid:200001290; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa63.web.app",nocase; classtype:attempted-recon; sid:200001291; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa630.web.app",nocase; classtype:attempted-recon; sid:200001292; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa631.web.app",nocase; classtype:attempted-recon; sid:200001293; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa632.web.app",nocase; classtype:attempted-recon; sid:200001294; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa633.web.app",nocase; classtype:attempted-recon; sid:200001295; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa634.web.app",nocase; classtype:attempted-recon; sid:200001296; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa635.web.app",nocase; classtype:attempted-recon; sid:200001297; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa636.web.app",nocase; classtype:attempted-recon; sid:200001298; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa637.web.app",nocase; classtype:attempted-recon; sid:200001299; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa638.web.app",nocase; classtype:attempted-recon; sid:200001300; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa639.web.app",nocase; classtype:attempted-recon; sid:200001301; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa64.web.app",nocase; classtype:attempted-recon; sid:200001302; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa640.web.app",nocase; classtype:attempted-recon; sid:200001303; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa642.web.app",nocase; classtype:attempted-recon; sid:200001304; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa643.web.app",nocase; classtype:attempted-recon; sid:200001305; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa644.web.app",nocase; classtype:attempted-recon; sid:200001306; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa645.web.app",nocase; classtype:attempted-recon; sid:200001307; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa646.web.app",nocase; classtype:attempted-recon; sid:200001308; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa647.web.app",nocase; classtype:attempted-recon; sid:200001309; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa648.web.app",nocase; classtype:attempted-recon; sid:200001310; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa649.web.app",nocase; classtype:attempted-recon; sid:200001311; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa65.web.app",nocase; classtype:attempted-recon; sid:200001312; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa650.web.app",nocase; classtype:attempted-recon; sid:200001313; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa651.web.app",nocase; classtype:attempted-recon; sid:200001314; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa652.web.app",nocase; classtype:attempted-recon; sid:200001315; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa653.web.app",nocase; classtype:attempted-recon; sid:200001316; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa654.web.app",nocase; classtype:attempted-recon; sid:200001317; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa655.web.app",nocase; classtype:attempted-recon; sid:200001318; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa660.web.app",nocase; classtype:attempted-recon; sid:200001319; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa661.web.app",nocase; classtype:attempted-recon; sid:200001320; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa662.web.app",nocase; classtype:attempted-recon; sid:200001321; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa663.web.app",nocase; classtype:attempted-recon; sid:200001322; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa664.web.app",nocase; classtype:attempted-recon; sid:200001323; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa665.web.app",nocase; classtype:attempted-recon; sid:200001324; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa666.web.app",nocase; classtype:attempted-recon; sid:200001325; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa667.web.app",nocase; classtype:attempted-recon; sid:200001326; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa668.web.app",nocase; classtype:attempted-recon; sid:200001327; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa669.web.app",nocase; classtype:attempted-recon; sid:200001328; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa671.web.app",nocase; classtype:attempted-recon; sid:200001329; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa672.web.app",nocase; classtype:attempted-recon; sid:200001330; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa673.web.app",nocase; classtype:attempted-recon; sid:200001331; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa675.web.app",nocase; classtype:attempted-recon; sid:200001332; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa677.web.app",nocase; classtype:attempted-recon; sid:200001333; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa678.web.app",nocase; classtype:attempted-recon; sid:200001334; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa679.web.app",nocase; classtype:attempted-recon; sid:200001335; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa68.web.app",nocase; classtype:attempted-recon; sid:200001336; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa680.web.app",nocase; classtype:attempted-recon; sid:200001337; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa681.web.app",nocase; classtype:attempted-recon; sid:200001338; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa682.web.app",nocase; classtype:attempted-recon; sid:200001339; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa684.web.app",nocase; classtype:attempted-recon; sid:200001340; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa685.web.app",nocase; classtype:attempted-recon; sid:200001341; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa689.web.app",nocase; classtype:attempted-recon; sid:200001342; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa69.web.app",nocase; classtype:attempted-recon; sid:200001343; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa690.web.app",nocase; classtype:attempted-recon; sid:200001344; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa691.web.app",nocase; classtype:attempted-recon; sid:200001345; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa692.web.app",nocase; classtype:attempted-recon; sid:200001346; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa693.web.app",nocase; classtype:attempted-recon; sid:200001347; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa694.web.app",nocase; classtype:attempted-recon; sid:200001348; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa696.web.app",nocase; classtype:attempted-recon; sid:200001349; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa697.web.app",nocase; classtype:attempted-recon; sid:200001350; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa698.web.app",nocase; classtype:attempted-recon; sid:200001351; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa699.web.app",nocase; classtype:attempted-recon; sid:200001352; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa70.web.app",nocase; classtype:attempted-recon; sid:200001353; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa700.web.app",nocase; classtype:attempted-recon; sid:200001354; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa701.web.app",nocase; classtype:attempted-recon; sid:200001355; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa702.web.app",nocase; classtype:attempted-recon; sid:200001356; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa703.web.app",nocase; classtype:attempted-recon; sid:200001357; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa704.web.app",nocase; classtype:attempted-recon; sid:200001358; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa706.web.app",nocase; classtype:attempted-recon; sid:200001359; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa708.web.app",nocase; classtype:attempted-recon; sid:200001360; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa709.web.app",nocase; classtype:attempted-recon; sid:200001361; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa71.web.app",nocase; classtype:attempted-recon; sid:200001362; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa711.web.app",nocase; classtype:attempted-recon; sid:200001363; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa713.web.app",nocase; classtype:attempted-recon; sid:200001364; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa714.web.app",nocase; classtype:attempted-recon; sid:200001365; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa715.web.app",nocase; classtype:attempted-recon; sid:200001366; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa716.web.app",nocase; classtype:attempted-recon; sid:200001367; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa717.web.app",nocase; classtype:attempted-recon; sid:200001368; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa718.web.app",nocase; classtype:attempted-recon; sid:200001369; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa719.web.app",nocase; classtype:attempted-recon; sid:200001370; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa72.web.app",nocase; classtype:attempted-recon; sid:200001371; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa721.web.app",nocase; classtype:attempted-recon; sid:200001372; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa722.web.app",nocase; classtype:attempted-recon; sid:200001373; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa724.web.app",nocase; classtype:attempted-recon; sid:200001374; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa725.web.app",nocase; classtype:attempted-recon; sid:200001375; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa726.web.app",nocase; classtype:attempted-recon; sid:200001376; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa727.web.app",nocase; classtype:attempted-recon; sid:200001377; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa729.web.app",nocase; classtype:attempted-recon; sid:200001378; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa730.web.app",nocase; classtype:attempted-recon; sid:200001379; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa731.web.app",nocase; classtype:attempted-recon; sid:200001380; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa732.web.app",nocase; classtype:attempted-recon; sid:200001381; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa733.web.app",nocase; classtype:attempted-recon; sid:200001382; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa734.web.app",nocase; classtype:attempted-recon; sid:200001383; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa735.web.app",nocase; classtype:attempted-recon; sid:200001384; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa736.web.app",nocase; classtype:attempted-recon; sid:200001385; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa737.web.app",nocase; classtype:attempted-recon; sid:200001386; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa738.web.app",nocase; classtype:attempted-recon; sid:200001387; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa739.web.app",nocase; classtype:attempted-recon; sid:200001388; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa74.web.app",nocase; classtype:attempted-recon; sid:200001389; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa740.web.app",nocase; classtype:attempted-recon; sid:200001390; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa742.web.app",nocase; classtype:attempted-recon; sid:200001391; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa743.web.app",nocase; classtype:attempted-recon; sid:200001392; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa744.web.app",nocase; classtype:attempted-recon; sid:200001393; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa746.web.app",nocase; classtype:attempted-recon; sid:200001394; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa749.web.app",nocase; classtype:attempted-recon; sid:200001395; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa75.web.app",nocase; classtype:attempted-recon; sid:200001396; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa750.web.app",nocase; classtype:attempted-recon; sid:200001397; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa752.web.app",nocase; classtype:attempted-recon; sid:200001398; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa753.web.app",nocase; classtype:attempted-recon; sid:200001399; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa754.web.app",nocase; classtype:attempted-recon; sid:200001400; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa755.web.app",nocase; classtype:attempted-recon; sid:200001401; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa757.web.app",nocase; classtype:attempted-recon; sid:200001402; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa758.web.app",nocase; classtype:attempted-recon; sid:200001403; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa759.web.app",nocase; classtype:attempted-recon; sid:200001404; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa761.web.app",nocase; classtype:attempted-recon; sid:200001405; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa762.web.app",nocase; classtype:attempted-recon; sid:200001406; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa764.web.app",nocase; classtype:attempted-recon; sid:200001407; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa765.web.app",nocase; classtype:attempted-recon; sid:200001408; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa766.web.app",nocase; classtype:attempted-recon; sid:200001409; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa767.web.app",nocase; classtype:attempted-recon; sid:200001410; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa768.web.app",nocase; classtype:attempted-recon; sid:200001411; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa769.web.app",nocase; classtype:attempted-recon; sid:200001412; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa77.web.app",nocase; classtype:attempted-recon; sid:200001413; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa770.web.app",nocase; classtype:attempted-recon; sid:200001414; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa771.web.app",nocase; classtype:attempted-recon; sid:200001415; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa772.web.app",nocase; classtype:attempted-recon; sid:200001416; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa773.web.app",nocase; classtype:attempted-recon; sid:200001417; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa774.web.app",nocase; classtype:attempted-recon; sid:200001418; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa775.web.app",nocase; classtype:attempted-recon; sid:200001419; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa776.web.app",nocase; classtype:attempted-recon; sid:200001420; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa777.web.app",nocase; classtype:attempted-recon; sid:200001421; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa778.web.app",nocase; classtype:attempted-recon; sid:200001422; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa779.web.app",nocase; classtype:attempted-recon; sid:200001423; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa78.web.app",nocase; classtype:attempted-recon; sid:200001424; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa780.web.app",nocase; classtype:attempted-recon; sid:200001425; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa782.web.app",nocase; classtype:attempted-recon; sid:200001426; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa783.web.app",nocase; classtype:attempted-recon; sid:200001427; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa784.web.app",nocase; classtype:attempted-recon; sid:200001428; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa785.web.app",nocase; classtype:attempted-recon; sid:200001429; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa786.web.app",nocase; classtype:attempted-recon; sid:200001430; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa788.web.app",nocase; classtype:attempted-recon; sid:200001431; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa789.web.app",nocase; classtype:attempted-recon; sid:200001432; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa79.web.app",nocase; classtype:attempted-recon; sid:200001433; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa790.web.app",nocase; classtype:attempted-recon; sid:200001434; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa793.web.app",nocase; classtype:attempted-recon; sid:200001435; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa794.web.app",nocase; classtype:attempted-recon; sid:200001436; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa796.web.app",nocase; classtype:attempted-recon; sid:200001437; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa797.web.app",nocase; classtype:attempted-recon; sid:200001438; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa798.web.app",nocase; classtype:attempted-recon; sid:200001439; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa799.web.app",nocase; classtype:attempted-recon; sid:200001440; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa80.web.app",nocase; classtype:attempted-recon; sid:200001441; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa800.web.app",nocase; classtype:attempted-recon; sid:200001442; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa801.web.app",nocase; classtype:attempted-recon; sid:200001443; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa802.web.app",nocase; classtype:attempted-recon; sid:200001444; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa804.web.app",nocase; classtype:attempted-recon; sid:200001445; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa806.web.app",nocase; classtype:attempted-recon; sid:200001446; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa807.web.app",nocase; classtype:attempted-recon; sid:200001447; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa808.web.app",nocase; classtype:attempted-recon; sid:200001448; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa809.web.app",nocase; classtype:attempted-recon; sid:200001449; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa81.web.app",nocase; classtype:attempted-recon; sid:200001450; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa810.web.app",nocase; classtype:attempted-recon; sid:200001451; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa813.web.app",nocase; classtype:attempted-recon; sid:200001452; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa814.web.app",nocase; classtype:attempted-recon; sid:200001453; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa815.web.app",nocase; classtype:attempted-recon; sid:200001454; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa816.web.app",nocase; classtype:attempted-recon; sid:200001455; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa817.web.app",nocase; classtype:attempted-recon; sid:200001456; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa818.web.app",nocase; classtype:attempted-recon; sid:200001457; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa819.web.app",nocase; classtype:attempted-recon; sid:200001458; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa82.web.app",nocase; classtype:attempted-recon; sid:200001459; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa820.web.app",nocase; classtype:attempted-recon; sid:200001460; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa821.web.app",nocase; classtype:attempted-recon; sid:200001461; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa822.web.app",nocase; classtype:attempted-recon; sid:200001462; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa823.web.app",nocase; classtype:attempted-recon; sid:200001463; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa824.web.app",nocase; classtype:attempted-recon; sid:200001464; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa826.web.app",nocase; classtype:attempted-recon; sid:200001465; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa827.web.app",nocase; classtype:attempted-recon; sid:200001466; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa828.web.app",nocase; classtype:attempted-recon; sid:200001467; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa829.web.app",nocase; classtype:attempted-recon; sid:200001468; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa83.web.app",nocase; classtype:attempted-recon; sid:200001469; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa830.web.app",nocase; classtype:attempted-recon; sid:200001470; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa831.web.app",nocase; classtype:attempted-recon; sid:200001471; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa832.web.app",nocase; classtype:attempted-recon; sid:200001472; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa833.web.app",nocase; classtype:attempted-recon; sid:200001473; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa834.web.app",nocase; classtype:attempted-recon; sid:200001474; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa835.web.app",nocase; classtype:attempted-recon; sid:200001475; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa837.web.app",nocase; classtype:attempted-recon; sid:200001476; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa839.web.app",nocase; classtype:attempted-recon; sid:200001477; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa84.web.app",nocase; classtype:attempted-recon; sid:200001478; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa840.web.app",nocase; classtype:attempted-recon; sid:200001479; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa841.web.app",nocase; classtype:attempted-recon; sid:200001480; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa842.web.app",nocase; classtype:attempted-recon; sid:200001481; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa843.web.app",nocase; classtype:attempted-recon; sid:200001482; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa844.web.app",nocase; classtype:attempted-recon; sid:200001483; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa846.web.app",nocase; classtype:attempted-recon; sid:200001484; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa85.web.app",nocase; classtype:attempted-recon; sid:200001485; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa851.web.app",nocase; classtype:attempted-recon; sid:200001486; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa852.web.app",nocase; classtype:attempted-recon; sid:200001487; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa853.web.app",nocase; classtype:attempted-recon; sid:200001488; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa855.web.app",nocase; classtype:attempted-recon; sid:200001489; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa856.web.app",nocase; classtype:attempted-recon; sid:200001490; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa857.web.app",nocase; classtype:attempted-recon; sid:200001491; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa858.web.app",nocase; classtype:attempted-recon; sid:200001492; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa86.web.app",nocase; classtype:attempted-recon; sid:200001493; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa860.web.app",nocase; classtype:attempted-recon; sid:200001494; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa861.web.app",nocase; classtype:attempted-recon; sid:200001495; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa862.web.app",nocase; classtype:attempted-recon; sid:200001496; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa863.web.app",nocase; classtype:attempted-recon; sid:200001497; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa864.web.app",nocase; classtype:attempted-recon; sid:200001498; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa866.web.app",nocase; classtype:attempted-recon; sid:200001499; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa867.web.app",nocase; classtype:attempted-recon; sid:200001500; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa868.web.app",nocase; classtype:attempted-recon; sid:200001501; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa869.web.app",nocase; classtype:attempted-recon; sid:200001502; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa87.web.app",nocase; classtype:attempted-recon; sid:200001503; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa870.web.app",nocase; classtype:attempted-recon; sid:200001504; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa871.web.app",nocase; classtype:attempted-recon; sid:200001505; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa872.web.app",nocase; classtype:attempted-recon; sid:200001506; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa873.web.app",nocase; classtype:attempted-recon; sid:200001507; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa874.web.app",nocase; classtype:attempted-recon; sid:200001508; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa877.web.app",nocase; classtype:attempted-recon; sid:200001509; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa878.web.app",nocase; classtype:attempted-recon; sid:200001510; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa879.web.app",nocase; classtype:attempted-recon; sid:200001511; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa88.web.app",nocase; classtype:attempted-recon; sid:200001512; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa880.web.app",nocase; classtype:attempted-recon; sid:200001513; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa881.web.app",nocase; classtype:attempted-recon; sid:200001514; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa882.web.app",nocase; classtype:attempted-recon; sid:200001515; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa884.web.app",nocase; classtype:attempted-recon; sid:200001516; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa886.web.app",nocase; classtype:attempted-recon; sid:200001517; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa888.web.app",nocase; classtype:attempted-recon; sid:200001518; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa889.web.app",nocase; classtype:attempted-recon; sid:200001519; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa89.web.app",nocase; classtype:attempted-recon; sid:200001520; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa890.web.app",nocase; classtype:attempted-recon; sid:200001521; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa891.web.app",nocase; classtype:attempted-recon; sid:200001522; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa892.web.app",nocase; classtype:attempted-recon; sid:200001523; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa894.web.app",nocase; classtype:attempted-recon; sid:200001524; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa895.web.app",nocase; classtype:attempted-recon; sid:200001525; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa896.web.app",nocase; classtype:attempted-recon; sid:200001526; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa897.web.app",nocase; classtype:attempted-recon; sid:200001527; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa898.web.app",nocase; classtype:attempted-recon; sid:200001528; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa899.web.app",nocase; classtype:attempted-recon; sid:200001529; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa90.web.app",nocase; classtype:attempted-recon; sid:200001530; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa900.web.app",nocase; classtype:attempted-recon; sid:200001531; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa901.web.app",nocase; classtype:attempted-recon; sid:200001532; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa902.web.app",nocase; classtype:attempted-recon; sid:200001533; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa903.web.app",nocase; classtype:attempted-recon; sid:200001534; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa904.web.app",nocase; classtype:attempted-recon; sid:200001535; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa906.web.app",nocase; classtype:attempted-recon; sid:200001536; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa907.web.app",nocase; classtype:attempted-recon; sid:200001537; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa908.web.app",nocase; classtype:attempted-recon; sid:200001538; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa909.web.app",nocase; classtype:attempted-recon; sid:200001539; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa91.web.app",nocase; classtype:attempted-recon; sid:200001540; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa910.web.app",nocase; classtype:attempted-recon; sid:200001541; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa912.web.app",nocase; classtype:attempted-recon; sid:200001542; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa913.web.app",nocase; classtype:attempted-recon; sid:200001543; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa917.web.app",nocase; classtype:attempted-recon; sid:200001544; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa918.web.app",nocase; classtype:attempted-recon; sid:200001545; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa92.web.app",nocase; classtype:attempted-recon; sid:200001546; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa920.web.app",nocase; classtype:attempted-recon; sid:200001547; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa921.web.app",nocase; classtype:attempted-recon; sid:200001548; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa922.web.app",nocase; classtype:attempted-recon; sid:200001549; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa923.web.app",nocase; classtype:attempted-recon; sid:200001550; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa924.web.app",nocase; classtype:attempted-recon; sid:200001551; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa926.web.app",nocase; classtype:attempted-recon; sid:200001552; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa927.web.app",nocase; classtype:attempted-recon; sid:200001553; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa929.web.app",nocase; classtype:attempted-recon; sid:200001554; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa930.web.app",nocase; classtype:attempted-recon; sid:200001555; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa932.web.app",nocase; classtype:attempted-recon; sid:200001556; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa935.web.app",nocase; classtype:attempted-recon; sid:200001557; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa937.web.app",nocase; classtype:attempted-recon; sid:200001558; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa938.web.app",nocase; classtype:attempted-recon; sid:200001559; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa940.web.app",nocase; classtype:attempted-recon; sid:200001560; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa941.web.app",nocase; classtype:attempted-recon; sid:200001561; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa942.web.app",nocase; classtype:attempted-recon; sid:200001562; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa943.web.app",nocase; classtype:attempted-recon; sid:200001563; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa944.web.app",nocase; classtype:attempted-recon; sid:200001564; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa945.web.app",nocase; classtype:attempted-recon; sid:200001565; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa946.web.app",nocase; classtype:attempted-recon; sid:200001566; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa947.web.app",nocase; classtype:attempted-recon; sid:200001567; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa949.web.app",nocase; classtype:attempted-recon; sid:200001568; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa95.web.app",nocase; classtype:attempted-recon; sid:200001569; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa950.web.app",nocase; classtype:attempted-recon; sid:200001570; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa952.web.app",nocase; classtype:attempted-recon; sid:200001571; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa953.web.app",nocase; classtype:attempted-recon; sid:200001572; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa954.web.app",nocase; classtype:attempted-recon; sid:200001573; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa955.web.app",nocase; classtype:attempted-recon; sid:200001574; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa958.web.app",nocase; classtype:attempted-recon; sid:200001575; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa959.web.app",nocase; classtype:attempted-recon; sid:200001576; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa96.web.app",nocase; classtype:attempted-recon; sid:200001577; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa961.web.app",nocase; classtype:attempted-recon; sid:200001578; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa962.web.app",nocase; classtype:attempted-recon; sid:200001579; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa963.web.app",nocase; classtype:attempted-recon; sid:200001580; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa964.web.app",nocase; classtype:attempted-recon; sid:200001581; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa966.web.app",nocase; classtype:attempted-recon; sid:200001582; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa967.web.app",nocase; classtype:attempted-recon; sid:200001583; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa97.web.app",nocase; classtype:attempted-recon; sid:200001584; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa970.web.app",nocase; classtype:attempted-recon; sid:200001585; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa973.web.app",nocase; classtype:attempted-recon; sid:200001586; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa974.web.app",nocase; classtype:attempted-recon; sid:200001587; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa975.web.app",nocase; classtype:attempted-recon; sid:200001588; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa976.web.app",nocase; classtype:attempted-recon; sid:200001589; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa977.web.app",nocase; classtype:attempted-recon; sid:200001590; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa979.web.app",nocase; classtype:attempted-recon; sid:200001591; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa98.web.app",nocase; classtype:attempted-recon; sid:200001592; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa980.web.app",nocase; classtype:attempted-recon; sid:200001593; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa982.web.app",nocase; classtype:attempted-recon; sid:200001594; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa984.web.app",nocase; classtype:attempted-recon; sid:200001595; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa985.web.app",nocase; classtype:attempted-recon; sid:200001596; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa986.web.app",nocase; classtype:attempted-recon; sid:200001597; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa987.web.app",nocase; classtype:attempted-recon; sid:200001598; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa988.web.app",nocase; classtype:attempted-recon; sid:200001599; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa989.web.app",nocase; classtype:attempted-recon; sid:200001600; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa99.web.app",nocase; classtype:attempted-recon; sid:200001601; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa990.web.app",nocase; classtype:attempted-recon; sid:200001602; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa991.web.app",nocase; classtype:attempted-recon; sid:200001603; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa993.web.app",nocase; classtype:attempted-recon; sid:200001604; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa995.web.app",nocase; classtype:attempted-recon; sid:200001605; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa996.web.app",nocase; classtype:attempted-recon; sid:200001606; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"domainserverlawa999.web.app",nocase; classtype:attempted-recon; sid:200001607; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"donaidrsilcio.com",nocase; classtype:attempted-recon; sid:200001608; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"doooog.cn",nocase; classtype:attempted-recon; sid:200001609; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dopeydog.co.nz",nocase; classtype:attempted-recon; sid:200001610; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dorouscom.com",nocase; classtype:attempted-recon; sid:200001611; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"douuodwoman.com",nocase; classtype:attempted-recon; sid:200001612; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dowaba-s2dhl.blogspot.com",nocase; classtype:attempted-recon; sid:200001613; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"doz.tode.cz",nocase; classtype:attempted-recon; sid:200001614; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dpasdasfasfasfas.pages.dev",nocase; classtype:attempted-recon; sid:200001615; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dpd-pl.566868.space",nocase; classtype:attempted-recon; sid:200001616; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dpd-redelivery-uk.com",nocase; classtype:attempted-recon; sid:200001617; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dpmasdaskj.pages.dev",nocase; classtype:attempted-recon; sid:200001618; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dr-joannepeeler.com",nocase; classtype:attempted-recon; sid:200001619; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dr3aq.byethost32.com",nocase; classtype:attempted-recon; sid:200001620; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dreamhacker.pro",nocase; classtype:attempted-recon; sid:200001621; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dreamotion-jp.com",nocase; classtype:attempted-recon; sid:200001622; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drivingschoolglasgow.co.uk",nocase; classtype:attempted-recon; sid:200001623; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drmarciovaleriano.com.br",nocase; classtype:attempted-recon; sid:200001624; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dsgcbeonline.com",nocase; classtype:attempted-recon; sid:200001625; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dskedirekt.web.app",nocase; classtype:attempted-recon; sid:200001626; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dsp2codemdp.t.justns.ru",nocase; classtype:attempted-recon; sid:200001627; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dtpprtmwbtudyquwgytcqcthzc-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200001628; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dtrpsystasfasgas.pages.dev",nocase; classtype:attempted-recon; sid:200001629; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dukhovnist.in.ua",nocase; classtype:attempted-recon; sid:200001630; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"durecorpperu.com",nocase; classtype:attempted-recon; sid:200001631; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dwrat.andalous.org",nocase; classtype:attempted-recon; sid:200001632; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dwvwq.cwfc.workers.dev",nocase; classtype:attempted-recon; sid:200001633; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dydex.org",nocase; classtype:attempted-recon; sid:200001634; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dyn.co",nocase; classtype:attempted-recon; sid:200001635; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"dynastyclinic.ae",nocase; classtype:attempted-recon; sid:200001636; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"e-cassare.org",nocase; classtype:attempted-recon; sid:200001637; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"e4ff557e.sso-secure-mail04wtwdw4.pages.dev",nocase; classtype:attempted-recon; sid:200001638; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"e4ra.byethost8.com",nocase; classtype:attempted-recon; sid:200001639; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"e63q45f9h5fr.clickfunnels.com",nocase; classtype:attempted-recon; sid:200001640; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eagleeyeapparel.com",nocase; classtype:attempted-recon; sid:200001641; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"earth01.info",nocase; classtype:attempted-recon; sid:200001642; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"easywalletfix.net",nocase; classtype:attempted-recon; sid:200001643; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"easywalletsfix.com",nocase; classtype:attempted-recon; sid:200001644; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eba0200d0c.nxcli.net",nocase; classtype:attempted-recon; sid:200001645; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ebay-de.ad49103.xyz",nocase; classtype:attempted-recon; sid:200001646; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ebay.com.dashboard-seller.center",nocase; classtype:attempted-recon; sid:200001647; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eberhardtedwige.wixsite.com",nocase; classtype:attempted-recon; sid:200001648; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ebuddynews.com",nocase; classtype:attempted-recon; sid:200001649; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ec.snadc-oecddo.com",nocase; classtype:attempted-recon; sid:200001650; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ecogreenjanitorial.com",nocase; classtype:attempted-recon; sid:200001651; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ecomcrew.staging.wpengine.com",nocase; classtype:attempted-recon; sid:200001652; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ecosteelsolution.ro",nocase; classtype:attempted-recon; sid:200001653; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"edje.com",nocase; classtype:attempted-recon; sid:200001654; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"edukickmexico.com",nocase; classtype:attempted-recon; sid:200001655; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ee-sms.co.uk",nocase; classtype:attempted-recon; sid:200001656; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ee.scicemecod.com",nocase; classtype:attempted-recon; sid:200001657; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"efarms.com.ng",nocase; classtype:attempted-recon; sid:200001658; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eharmonyservice.com",nocase; classtype:attempted-recon; sid:200001659; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ekabel.hu",nocase; classtype:attempted-recon; sid:200001660; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ekbofexjlnsdsfaqxbcfpnfift-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200001661; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ekobebe.cn",nocase; classtype:attempted-recon; sid:200001662; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"electrocoolhvacr.com",nocase; classtype:attempted-recon; sid:200001663; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"electronicanehuen.com",nocase; classtype:attempted-recon; sid:200001664; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"elektroonline.pl",nocase; classtype:attempted-recon; sid:200001665; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ellatinodigital.com",nocase; classtype:attempted-recon; sid:200001666; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"elomo.ro",nocase; classtype:attempted-recon; sid:200001667; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eluniversallatinworld.com",nocase; classtype:attempted-recon; sid:200001668; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"email302.com",nocase; classtype:attempted-recon; sid:200001669; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"emailsettings.webflow.io",nocase; classtype:attempted-recon; sid:200001670; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"emailwebaccess.co.uk",nocase; classtype:attempted-recon; sid:200001671; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"embarquefloripa.com.br",nocase; classtype:attempted-recon; sid:200001672; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"emlink.me",nocase; classtype:attempted-recon; sid:200001673; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"emojis.bons.bar",nocase; classtype:attempted-recon; sid:200001674; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"emojis.dels.bar",nocase; classtype:attempted-recon; sid:200001675; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"emsi-lobo.firebaseapp.com",nocase; classtype:attempted-recon; sid:200001676; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"en-template-solicito-16414253314897.onepage.website",nocase; classtype:attempted-recon; sid:200001677; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"enbolivia.com",nocase; classtype:attempted-recon; sid:200001678; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"encryptdrive.booogle.net",nocase; classtype:attempted-recon; sid:200001679; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"engcamp.org",nocase; classtype:attempted-recon; sid:200001680; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"enoman.fqzsdgtg.cn",nocase; classtype:attempted-recon; sid:200001681; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"erinaflorist.com",nocase; classtype:attempted-recon; sid:200001682; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ershamshad.github.io",nocase; classtype:attempted-recon; sid:200001683; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"escortinraipur.com",nocase; classtype:attempted-recon; sid:200001684; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eseax.ws",nocase; classtype:attempted-recon; sid:200001685; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"esfdesentakip.com",nocase; classtype:attempted-recon; sid:200001686; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eshetkari.com",nocase; classtype:attempted-recon; sid:200001687; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"esi-texas.com",nocase; classtype:attempted-recon; sid:200001688; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"esinnovativeinteriors.com",nocase; classtype:attempted-recon; sid:200001689; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"establecimientoscolonia-uy.com",nocase; classtype:attempted-recon; sid:200001690; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"estorneaqui.blogspot.com",nocase; classtype:attempted-recon; sid:200001691; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"etc-co-jp.f2ss.co",nocase; classtype:attempted-recon; sid:200001692; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"etc-co-jp.f3ss.co",nocase; classtype:attempted-recon; sid:200001693; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"etc-meisfrq.xyz",nocase; classtype:attempted-recon; sid:200001694; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"etc-uhfjk.monster",nocase; classtype:attempted-recon; sid:200001695; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"etc.jp.anzhanfrp.cn",nocase; classtype:attempted-recon; sid:200001696; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"etc.kcjis.com",nocase; classtype:attempted-recon; sid:200001697; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"etc.oxqk.cn",nocase; classtype:attempted-recon; sid:200001698; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"etc.synwy.cn",nocase; classtype:attempted-recon; sid:200001699; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eth-coinwallet.net",nocase; classtype:attempted-recon; sid:200001700; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eth.coinscout.cc",nocase; classtype:attempted-recon; sid:200001701; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ethnictrendz.com",nocase; classtype:attempted-recon; sid:200001702; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ets.jwr.pa-fakfak.go.id",nocase; classtype:attempted-recon; sid:200001703; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eucriomeumundo.com",nocase; classtype:attempted-recon; sid:200001704; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eugnerally-wixsite-com.filesusr.com",nocase; classtype:attempted-recon; sid:200001705; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eusa-lombo.firebaseapp.com",nocase; classtype:attempted-recon; sid:200001706; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"evashoes.com.ua",nocase; classtype:attempted-recon; sid:200001707; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"even-besar-banget.duckdns.org",nocase; classtype:attempted-recon; sid:200001708; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"even-ff-gratisterbaru2022.duckdns.org",nocase; classtype:attempted-recon; sid:200001709; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"event-ff-bundle-baru.duckdns.org",nocase; classtype:attempted-recon; sid:200001710; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"event-freefire728.duckdns.org",nocase; classtype:attempted-recon; sid:200001711; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"event-freeskkinmlbb.duckdns.org",nocase; classtype:attempted-recon; sid:200001712; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"event-garenafreefire263.duckdns.org",nocase; classtype:attempted-recon; sid:200001713; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eventclaimsff0.duckdns.org",nocase; classtype:attempted-recon; sid:200001714; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eventspinfreefire2022.duckdns.org",nocase; classtype:attempted-recon; sid:200001715; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"everestmotors.com.np",nocase; classtype:attempted-recon; sid:200001716; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"evo-revolutioncups.com",nocase; classtype:attempted-recon; sid:200001717; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"evolbithman.web.app",nocase; classtype:attempted-recon; sid:200001718; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"excel-cloud-document-2021.square.site",nocase; classtype:attempted-recon; sid:200001719; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"excelhana.com",nocase; classtype:attempted-recon; sid:200001720; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exchange-pancakeswaps.com",nocase; classtype:attempted-recon; sid:200001721; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exchangedictionary.com",nocase; classtype:attempted-recon; sid:200001722; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exodlus.net",nocase; classtype:attempted-recon; sid:200001723; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exodus-2022.com",nocase; classtype:attempted-recon; sid:200001724; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exodus.com-wallet-signin.com",nocase; classtype:attempted-recon; sid:200001725; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exodus.com-web-wallet-online.com",nocase; classtype:attempted-recon; sid:200001726; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exodus.com.tccaponline.com",nocase; classtype:attempted-recon; sid:200001727; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exoduspool.io",nocase; classtype:attempted-recon; sid:200001728; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exondus-lokin.com",nocase; classtype:attempted-recon; sid:200001729; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exploretrace.xyz",nocase; classtype:attempted-recon; sid:200001730; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"expocid.mx",nocase; classtype:attempted-recon; sid:200001731; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"extracash-interlbankonline.com",nocase; classtype:attempted-recon; sid:200001732; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"extracloud.com.au",nocase; classtype:attempted-recon; sid:200001733; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ezblox.site",nocase; classtype:attempted-recon; sid:200001734; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ezssausage.com",nocase; classtype:attempted-recon; sid:200001735; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"f2f.co.jp",nocase; classtype:attempted-recon; sid:200001736; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"f6fr7.codesandbox.io",nocase; classtype:attempted-recon; sid:200001737; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"f9w1lned0ruqblxi6jahwotak.filesusr.com",nocase; classtype:attempted-recon; sid:200001738; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"faccebook.azurewebsites.net",nocase; classtype:attempted-recon; sid:200001739; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook--videos----app----today.blogspot.com",nocase; classtype:attempted-recon; sid:200001740; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook-0.se.ke",nocase; classtype:attempted-recon; sid:200001741; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook-accts.pages-recovery.workers.dev",nocase; classtype:attempted-recon; sid:200001742; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook-login.tbit.vn",nocase; classtype:attempted-recon; sid:200001743; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook.com-4tfgonrlym.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200001744; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook.com-j706zmy49r.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200001745; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook.com-qze9zt75vm.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200001746; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook.com-r51znzih8i.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200001747; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook.com-zxsrf038k.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200001748; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook.eventspinff.wtf",nocase; classtype:attempted-recon; sid:200001749; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook.kingstopup.com",nocase; classtype:attempted-recon; sid:200001750; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook.whcserverbox.com",nocase; classtype:attempted-recon; sid:200001751; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebook8facebook.blogspot.com",nocase; classtype:attempted-recon; sid:200001752; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebookk.azurewebsites.net",nocase; classtype:attempted-recon; sid:200001753; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebookphisher.herokuapp.com",nocase; classtype:attempted-recon; sid:200001754; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"facebooks.azurewebsites.net",nocase; classtype:attempted-recon; sid:200001755; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"faic.in",nocase; classtype:attempted-recon; sid:200001756; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"faizankhan0408.github.io",nocase; classtype:attempted-recon; sid:200001757; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"falling-scene-3ac3.updatelogaccountprogramedrfwerwrdhskk.workers.dev#winnie@soupro.com",nocase; classtype:attempted-recon; sid:200001758; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fancy-rain-22bf.vakagew948.workers.dev",nocase; classtype:attempted-recon; sid:200001759; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fantech.co.il",nocase; classtype:attempted-recon; sid:200001760; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fanxtv.info",nocase; classtype:attempted-recon; sid:200001761; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fassilneit.ultimatefreehost.in",nocase; classtype:attempted-recon; sid:200001762; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fassilnet.ultimatefreehost.in",nocase; classtype:attempted-recon; sid:200001763; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fassilnet5.ultimatefreehost.in",nocase; classtype:attempted-recon; sid:200001764; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fax.gruppobiesse.it",nocase; classtype:attempted-recon; sid:200001765; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fb-case-id-28031803-fcdc-48af.web.app",nocase; classtype:attempted-recon; sid:200001766; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fb-pages.proteksion-help.workers.dev",nocase; classtype:attempted-recon; sid:200001767; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fb.10004682.review",nocase; classtype:attempted-recon; sid:200001768; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fb.expressturkeyi.com",nocase; classtype:attempted-recon; sid:200001769; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fb7927.bget.ru",nocase; classtype:attempted-recon; sid:200001770; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fdasd.2e4jept.cn",nocase; classtype:attempted-recon; sid:200001771; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fdhgf.xyz",nocase; classtype:attempted-recon; sid:200001772; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"federalaccesscredit.com",nocase; classtype:attempted-recon; sid:200001773; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fedner.net",nocase; classtype:attempted-recon; sid:200001774; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fer-brooks.top",nocase; classtype:attempted-recon; sid:200001775; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"feriadempleos.com",nocase; classtype:attempted-recon; sid:200001776; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ferienhof-gempel.de",nocase; classtype:attempted-recon; sid:200001777; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ff-anivesary225.duckdns.org",nocase; classtype:attempted-recon; sid:200001778; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ff-member-ganena.com",nocase; classtype:attempted-recon; sid:200001779; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ff-membership-garena.com",nocase; classtype:attempted-recon; sid:200001780; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ff-membershipz-garena.ga",nocase; classtype:attempted-recon; sid:200001781; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ff.members.garera.vn",nocase; classtype:attempted-recon; sid:200001782; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ffim-event-2022.duckdns.org",nocase; classtype:attempted-recon; sid:200001783; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fghjr74rhudfguhtfguji.blogspot.com",nocase; classtype:attempted-recon; sid:200001784; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fi.uy",nocase; classtype:attempted-recon; sid:200001785; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fiber10.iaasdns.com",nocase; classtype:attempted-recon; sid:200001786; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fidelitybank-mn.net",nocase; classtype:attempted-recon; sid:200001787; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fighting40s.com",nocase; classtype:attempted-recon; sid:200001788; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fikir.id",nocase; classtype:attempted-recon; sid:200001789; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fileundelete.net",nocase; classtype:attempted-recon; sid:200001790; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"filtrosmil.com.br",nocase; classtype:attempted-recon; sid:200001791; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"finalfantasyguide.co.uk",nocase; classtype:attempted-recon; sid:200001792; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"finiiishingedgex.tk",nocase; classtype:attempted-recon; sid:200001793; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fir-9s-0s.web.app",nocase; classtype:attempted-recon; sid:200001794; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firstsourcesbus.com",nocase; classtype:attempted-recon; sid:200001795; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fixi.rest",nocase; classtype:attempted-recon; sid:200001796; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fixingtodaymailuserupdates.pages.dev",nocase; classtype:attempted-recon; sid:200001797; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fixwalletissues.com",nocase; classtype:attempted-recon; sid:200001798; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flcancer39-px.rtrk.com",nocase; classtype:attempted-recon; sid:200001799; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flowerfactoryonline.com",nocase; classtype:attempted-recon; sid:200001800; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fluksrv.mycpanel.rs",nocase; classtype:attempted-recon; sid:200001801; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fmwebapp.azurewebsites.net",nocase; classtype:attempted-recon; sid:200001802; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"foliar.pl",nocase; classtype:attempted-recon; sid:200001803; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"foma-ura-lote.firebaseapp.com",nocase; classtype:attempted-recon; sid:200001804; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"foor1.com",nocase; classtype:attempted-recon; sid:200001805; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"for-pakage-delevry.tragaroleary.com",nocase; classtype:attempted-recon; sid:200001806; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"foresta-mod.firebaseapp.com",nocase; classtype:attempted-recon; sid:200001807; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forhimself9999.co.vu",nocase; classtype:attempted-recon; sid:200001808; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"formbuddy.com",nocase; classtype:attempted-recon; sid:200001809; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.formium.io",nocase; classtype:attempted-recon; sid:200001810; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"formtools.com",nocase; classtype:attempted-recon; sid:200001811; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forum-dofus.com.co",nocase; classtype:attempted-recon; sid:200001812; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fpalpha.myportfolio.com",nocase; classtype:attempted-recon; sid:200001813; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fpmaam.org",nocase; classtype:attempted-recon; sid:200001814; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fr-europe564598-com.filesusr.com",nocase; classtype:attempted-recon; sid:200001815; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"frankfurtertsparkasse.web.app",nocase; classtype:attempted-recon; sid:200001816; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"free-covid-19-stimulus-bonus.nethouse.ru",nocase; classtype:attempted-recon; sid:200001817; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"free-firecoderedem.blogspot.com",nocase; classtype:attempted-recon; sid:200001818; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"free-mail4.yolasite.com",nocase; classtype:attempted-recon; sid:200001819; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"freefire.pontorecargajogo.com",nocase; classtype:attempted-recon; sid:200001820; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"freefiredot-comerhadiah.duckdns.org",nocase; classtype:attempted-recon; sid:200001821; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"freefireevent-codashop2022.duckdns.org",nocase; classtype:attempted-recon; sid:200001822; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"freeitemff-allreward.duckdns.org",nocase; classtype:attempted-recon; sid:200001823; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"freeliker.net",nocase; classtype:attempted-recon; sid:200001824; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"freereward-ff.duckdns.org",nocase; classtype:attempted-recon; sid:200001825; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"frefire-membership-garena.sukienfreefire2021.top",nocase; classtype:attempted-recon; sid:200001826; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"freg-nine.pt",nocase; classtype:attempted-recon; sid:200001827; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"friendsofnechockey.com",nocase; classtype:attempted-recon; sid:200001828; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fromtheofficial.pricesrakutenlogin.top",nocase; classtype:attempted-recon; sid:200001829; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftx-ca.com",nocase; classtype:attempted-recon; sid:200001830; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftx-exchangex.com",nocase; classtype:attempted-recon; sid:200001831; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftx-me.com",nocase; classtype:attempted-recon; sid:200001832; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftx-register-pro.world",nocase; classtype:attempted-recon; sid:200001833; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftx-register.biz",nocase; classtype:attempted-recon; sid:200001834; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftx-register.website",nocase; classtype:attempted-recon; sid:200001835; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftx-signup.click",nocase; classtype:attempted-recon; sid:200001836; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftx.com.vn",nocase; classtype:attempted-recon; sid:200001837; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftx.cool",nocase; classtype:attempted-recon; sid:200001838; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ftxbonus.site",nocase; classtype:attempted-recon; sid:200001839; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"funiswap.exchange",nocase; classtype:attempted-recon; sid:200001840; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"furgonetka-1.pl",nocase; classtype:attempted-recon; sid:200001841; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fusionrestobar.cl",nocase; classtype:attempted-recon; sid:200001842; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"futurebits.in",nocase; classtype:attempted-recon; sid:200001843; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fwztmgr.cn",nocase; classtype:attempted-recon; sid:200001844; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fxhalifax.com",nocase; classtype:attempted-recon; sid:200001845; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fxxmpavktyihgyqitmuaimubui-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200001846; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"g-mtcc.com",nocase; classtype:attempted-recon; sid:200001847; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"g.greatsubstance.com.my",nocase; classtype:attempted-recon; sid:200001848; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ga.teesmith.shop",nocase; classtype:attempted-recon; sid:200001849; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gabrielamims.com",nocase; classtype:attempted-recon; sid:200001850; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gagaclinic.com",nocase; classtype:attempted-recon; sid:200001851; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gakrvwufrvhxjaabezdbltlhff-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200001852; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gallciaonllne.webcindario.com",nocase; classtype:attempted-recon; sid:200001853; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"garena-xacminhtaikhoan.com",nocase; classtype:attempted-recon; sid:200001854; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gasunige.mfs.gg",nocase; classtype:attempted-recon; sid:200001855; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gbunggrup-pmrsatu13.duckdns.org",nocase; classtype:attempted-recon; sid:200001856; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gedfdfsd.eu",nocase; classtype:attempted-recon; sid:200001857; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"geg.li",nocase; classtype:attempted-recon; sid:200001858; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"generali-italia-ag.hrweb.it",nocase; classtype:attempted-recon; sid:200001859; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"genie-alba.firebaseapp.com",nocase; classtype:attempted-recon; sid:200001860; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"getapps.vip",nocase; classtype:attempted-recon; sid:200001861; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"getimpacteipay.com",nocase; classtype:attempted-recon; sid:200001862; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"getitapprovedacceptourterms2021.pages.dev",nocase; classtype:attempted-recon; sid:200001863; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"getlikesfree.com",nocase; classtype:attempted-recon; sid:200001864; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gfxx.creatorlink.net",nocase; classtype:attempted-recon; sid:200001865; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ghorana.com",nocase; classtype:attempted-recon; sid:200001866; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gif-discorde.com",nocase; classtype:attempted-recon; sid:200001867; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"giris-papara.net",nocase; classtype:attempted-recon; sid:200001868; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"girleatsworld.org",nocase; classtype:attempted-recon; sid:200001869; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200001870; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"glogo.org",nocase; classtype:attempted-recon; sid:200001871; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"glsword.com",nocase; classtype:attempted-recon; sid:200001872; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gmailposteingangi.de",nocase; classtype:attempted-recon; sid:200001873; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gmgroupllc.co",nocase; classtype:attempted-recon; sid:200001874; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gmxmailme.yolasite.com",nocase; classtype:attempted-recon; sid:200001875; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go.simplify.co.nz",nocase; classtype:attempted-recon; sid:200001876; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go24link.com",nocase; classtype:attempted-recon; sid:200001877; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"goldenlasgidi10.web.app",nocase; classtype:attempted-recon; sid:200001878; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"golkondaresorts.com",nocase; classtype:attempted-recon; sid:200001879; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"goo-gl.me",nocase; classtype:attempted-recon; sid:200001880; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"good12345.tripod.com",nocase; classtype:attempted-recon; sid:200001881; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gorol-cost.web.app",nocase; classtype:attempted-recon; sid:200001882; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gorol-investor.web.app",nocase; classtype:attempted-recon; sid:200001883; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gosafes.com",nocase; classtype:attempted-recon; sid:200001884; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gosteveshawtraining.com",nocase; classtype:attempted-recon; sid:200001885; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gov.pl-covid.pl",nocase; classtype:attempted-recon; sid:200001886; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gramarcales.com.br",nocase; classtype:attempted-recon; sid:200001887; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"greekinfra.com",nocase; classtype:attempted-recon; sid:200001888; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"greenclasses.in",nocase; classtype:attempted-recon; sid:200001889; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grosshandel-mevida.de",nocase; classtype:attempted-recon; sid:200001890; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"group-wa-1.duckdns.org",nocase; classtype:attempted-recon; sid:200001891; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"groworldinternational.com",nocase; classtype:attempted-recon; sid:200001892; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grp02.member.mycld-rakuten.info",nocase; classtype:attempted-recon; sid:200001893; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grubnatajadeh12.duckdns.org",nocase; classtype:attempted-recon; sid:200001894; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grubterbarukk037.duckdns.org",nocase; classtype:attempted-recon; sid:200001895; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grubviralterbaru65c.duckdns.org",nocase; classtype:attempted-recon; sid:200001896; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gruo-wa-okep-dewasa-2022.duckdns.org",nocase; classtype:attempted-recon; sid:200001897; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grup-bokep-terbaru555.duckdns.org",nocase; classtype:attempted-recon; sid:200001898; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grup-whatsapp121.duckdns.org",nocase; classtype:attempted-recon; sid:200001899; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grup-whatsappbokep1.duckdns.org",nocase; classtype:attempted-recon; sid:200001900; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grup-whatsappbokep2.duckdns.org",nocase; classtype:attempted-recon; sid:200001901; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grup2022ssx.duckdns.org",nocase; classtype:attempted-recon; sid:200001902; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grupofsp.com.br",nocase; classtype:attempted-recon; sid:200001903; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gruposanpio.com",nocase; classtype:attempted-recon; sid:200001904; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grupwhatsaap-viral-2022.duckdns.org",nocase; classtype:attempted-recon; sid:200001905; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"grupwhatsappnobar-2022.duckdns.org",nocase; classtype:attempted-recon; sid:200001906; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gscommunityspirit.greenschool.org",nocase; classtype:attempted-recon; sid:200001907; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gstsolutions.online",nocase; classtype:attempted-recon; sid:200001908; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gtw420.com",nocase; classtype:attempted-recon; sid:200001909; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gunatanahku.perkimtan.sumbarprov.go.id",nocase; classtype:attempted-recon; sid:200001910; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gurukanth.com",nocase; classtype:attempted-recon; sid:200001911; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gwenet.org",nocase; classtype:attempted-recon; sid:200001912; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"habbocreditosparati.blogspot.com",nocase; classtype:attempted-recon; sid:200001913; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"haftteam.ir",nocase; classtype:attempted-recon; sid:200001914; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hahdaeupdate.es.tl",nocase; classtype:attempted-recon; sid:200001915; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"halaisabudhabi.com",nocase; classtype:attempted-recon; sid:200001916; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"halifax-securelink.com",nocase; classtype:attempted-recon; sid:200001917; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"halisdurum.com",nocase; classtype:attempted-recon; sid:200001918; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"haliuk-secure-device.com",nocase; classtype:attempted-recon; sid:200001919; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"handakai.github.io",nocase; classtype:attempted-recon; sid:200001920; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hangovertest1.blogspot.com",nocase; classtype:attempted-recon; sid:200001921; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hans-ledlite.com",nocase; classtype:attempted-recon; sid:200001922; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"happycabbagechicago.us",nocase; classtype:attempted-recon; sid:200001923; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"haroldhazard1-wixsite-com.filesusr.com",nocase; classtype:attempted-recon; sid:200001924; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hasseanhannitybeenwaterboarded.com",nocase; classtype:attempted-recon; sid:200001925; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"haunlimited.org",nocase; classtype:attempted-recon; sid:200001926; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hcnprdvz.azureedge.net",nocase; classtype:attempted-recon; sid:200001927; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hdmediahub.club",nocase; classtype:attempted-recon; sid:200001928; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"heinthu1.github.io",nocase; classtype:attempted-recon; sid:200001929; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hellenic-postbank.com",nocase; classtype:attempted-recon; sid:200001930; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"help-account-bxsfe.ondigitalocean.app",nocase; classtype:attempted-recon; sid:200001931; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"help-identity-recoveri-support-center.web.id",nocase; classtype:attempted-recon; sid:200001932; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"help-notice-center-identity-6532.web.id",nocase; classtype:attempted-recon; sid:200001933; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"help.insecur.saftyalert.workers.dev",nocase; classtype:attempted-recon; sid:200001934; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"help.validation-page.workers.dev",nocase; classtype:attempted-recon; sid:200001935; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"helpingcentere.com",nocase; classtype:attempted-recon; sid:200001936; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"henan.vxim58i.cn",nocase; classtype:attempted-recon; sid:200001937; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hermes.parcel-tracker.com",nocase; classtype:attempted-recon; sid:200001938; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hetershaven.net",nocase; classtype:attempted-recon; sid:200001939; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"heuristic-gagarin.45-88-108-231.plesk.page",nocase; classtype:attempted-recon; sid:200001940; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hgda.db0u4hs.cn",nocase; classtype:attempted-recon; sid:200001941; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hgdaa.lfoxcct.cn",nocase; classtype:attempted-recon; sid:200001942; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hghgda.erjl0hx.cn",nocase; classtype:attempted-recon; sid:200001943; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hhdd.mzhemfi.cn",nocase; classtype:attempted-recon; sid:200001944; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hi.switchy.io",nocase; classtype:attempted-recon; sid:200001945; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hidzzs.com",nocase; classtype:attempted-recon; sid:200001946; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hifly01721.top",nocase; classtype:attempted-recon; sid:200001947; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hifly06356.top",nocase; classtype:attempted-recon; sid:200001948; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hifly31916.top",nocase; classtype:attempted-recon; sid:200001949; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hifly32053.top",nocase; classtype:attempted-recon; sid:200001950; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hifly38926.top",nocase; classtype:attempted-recon; sid:200001951; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hifly39091.top",nocase; classtype:attempted-recon; sid:200001952; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hifly61215.top",nocase; classtype:attempted-recon; sid:200001953; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hifly71191.top",nocase; classtype:attempted-recon; sid:200001954; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"himalayansherpa.com.au",nocase; classtype:attempted-recon; sid:200001955; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"himbauane.blogspot.com",nocase; classtype:attempted-recon; sid:200001956; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hitman71hd-wixsite-com.filesusr.com",nocase; classtype:attempted-recon; sid:200001957; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hockian.com",nocase; classtype:attempted-recon; sid:200001958; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"holobeam.000webhostapp.com",nocase; classtype:attempted-recon; sid:200001959; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"home.ei1ns.de",nocase; classtype:attempted-recon; sid:200001960; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"home.myfairpoint.net",nocase; classtype:attempted-recon; sid:200001961; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"homepichilinea2.webcindario.com",nocase; classtype:attempted-recon; sid:200001962; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"homesinlogin.com",nocase; classtype:attempted-recon; sid:200001963; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hostnix.net",nocase; classtype:attempted-recon; sid:200001964; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hostpoint.ch.17a902ef.tcorner.fr",nocase; classtype:attempted-recon; sid:200001965; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hotbrooks.com",nocase; classtype:attempted-recon; sid:200001966; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hotel-pontos.gr",nocase; classtype:attempted-recon; sid:200001967; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hoteltigerplus.com",nocase; classtype:attempted-recon; sid:200001968; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hounbvc-c7661.web.app",nocase; classtype:attempted-recon; sid:200001969; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"houseofscotland.com.au",nocase; classtype:attempted-recon; sid:200001970; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hpnepgnmwrgdrrsdshzrvyirlx-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200001971; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hpplotters.in",nocase; classtype:attempted-recon; sid:200001972; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hs-giveaways.ca",nocase; classtype:attempted-recon; sid:200001973; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ht-cargo.com.vn",nocase; classtype:attempted-recon; sid:200001974; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"htlgroup.com.my",nocase; classtype:attempted-recon; sid:200001975; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"httpcom-0d4tol437.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200001976; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"httpeugnerally-wixsite-com.filesusr.com",nocase; classtype:attempted-recon; sid:200001977; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"https-scert-con04.xyz",nocase; classtype:attempted-recon; sid:200001978; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"https-scert-srv02.xyz",nocase; classtype:attempted-recon; sid:200001979; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"https-scert-srv06.xyz",nocase; classtype:attempted-recon; sid:200001980; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"https-scert-srv08.xyz",nocase; classtype:attempted-recon; sid:200001981; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"httpsfaceb00k.com-r51znzih8l.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200001982; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"httpsfacebo0k.com-r51znzlh8i.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200001983; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"httpsfacebook.com-r51znzih8i.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200001984; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"httpsfacebook.com-r51znzlh8i.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200001985; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"httpsmarketplace.facebook.com-wd5sulr0f5.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200001986; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hubcare.co.in",nocase; classtype:attempted-recon; sid:200001987; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hulu-com-activate.sitey.me",nocase; classtype:attempted-recon; sid:200001988; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hulu-hulu-com-activate.sitey.me",nocase; classtype:attempted-recon; sid:200001989; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hulu.sitey.me",nocase; classtype:attempted-recon; sid:200001990; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"humc.in",nocase; classtype:attempted-recon; sid:200001991; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hutoknepper.de",nocase; classtype:attempted-recon; sid:200001992; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"huxleyfran.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200001993; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"huynguyen2k.github.io",nocase; classtype:attempted-recon; sid:200001994; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hypegames.shop",nocase; classtype:attempted-recon; sid:200001995; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"i-ask332.dga.jp",nocase; classtype:attempted-recon; sid:200001996; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"i.violationspage.validationspege.workers.dev",nocase; classtype:attempted-recon; sid:200001997; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ialvkqkadlmcdltczoqpwoociz-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200001998; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ibpm.ru",nocase; classtype:attempted-recon; sid:200001999; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"icloud-map-live.com",nocase; classtype:attempted-recon; sid:200002000; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"icy.martulangbelulalng.workers.dev",nocase; classtype:attempted-recon; sid:200002001; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"idappswallets.com",nocase; classtype:attempted-recon; sid:200002002; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"identifiez-vous-avec-votre-compte.yolasite.com",nocase; classtype:attempted-recon; sid:200002003; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"identifiez-vous598.yolasite.com",nocase; classtype:attempted-recon; sid:200002004; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"identify.run-us-west2.goorm.io",nocase; classtype:attempted-recon; sid:200002005; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"idhuman-verification.run-us-west2.goorm.io",nocase; classtype:attempted-recon; sid:200002006; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"idnpokerweb.com",nocase; classtype:attempted-recon; sid:200002007; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ieqdlhv.cn",nocase; classtype:attempted-recon; sid:200002008; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"iframejld.avent-media.fr",nocase; classtype:attempted-recon; sid:200002009; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ighk.umjlrs7uci2751.workers.dev",nocase; classtype:attempted-recon; sid:200002010; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"iipvit.by",nocase; classtype:attempted-recon; sid:200002011; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ijcda.bukkats.cn",nocase; classtype:attempted-recon; sid:200002012; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ijhca.0gb0h7z.cn",nocase; classtype:attempted-recon; sid:200002013; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ijjd.h8nmtcc.cn",nocase; classtype:attempted-recon; sid:200002014; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ijmna.p2y00vd.cn",nocase; classtype:attempted-recon; sid:200002015; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ijmnc.x7o1tut.cn",nocase; classtype:attempted-recon; sid:200002016; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ijnssa.w005zmk.cn",nocase; classtype:attempted-recon; sid:200002017; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ijsa.x3585z7.cn",nocase; classtype:attempted-recon; sid:200002018; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ikcda.a2g5xvs.cn",nocase; classtype:attempted-recon; sid:200002019; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ikcsa.ajiqvjf.cn",nocase; classtype:attempted-recon; sid:200002020; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ikdff.jmo904i.cn",nocase; classtype:attempted-recon; sid:200002021; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ikja.lbanwqp.cn",nocase; classtype:attempted-recon; sid:200002022; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ikjcd.p1z98hl.cn",nocase; classtype:attempted-recon; sid:200002023; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ikjd.uk0xnp8.cn",nocase; classtype:attempted-recon; sid:200002024; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ikjgd.rg6bzk7.cn",nocase; classtype:attempted-recon; sid:200002025; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ikmcd.u4jdbxm.cn",nocase; classtype:attempted-recon; sid:200002026; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ikmxaa.qcqxlrq.cn",nocase; classtype:attempted-recon; sid:200002027; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ilooksrare.com",nocase; classtype:attempted-recon; sid:200002028; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"iloveyourglasses.com",nocase; classtype:attempted-recon; sid:200002029; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ilpconnect.org",nocase; classtype:attempted-recon; sid:200002030; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"image-pict-ig.duckdns.org",nocase; classtype:attempted-recon; sid:200002031; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"imersao.impulseingles.com.br",nocase; classtype:attempted-recon; sid:200002032; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"imf0rm4t10nc3nt3r-1d3nt1tys.000webhostapp.com",nocase; classtype:attempted-recon; sid:200002033; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"imobiliaria-cardinali-com-br.blogspot.com",nocase; classtype:attempted-recon; sid:200002034; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"impostazionebper.000webhostapp.com",nocase; classtype:attempted-recon; sid:200002035; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"in.deraya.org",nocase; classtype:attempted-recon; sid:200002036; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"indo-viral2022.duckdns.org",nocase; classtype:attempted-recon; sid:200002037; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"info.lionnets.com",nocase; classtype:attempted-recon; sid:200002038; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"infohypesquad.com",nocase; classtype:attempted-recon; sid:200002039; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"infopichinchaweb.webcindario.com",nocase; classtype:attempted-recon; sid:200002040; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"information.safeamazoncardweb.cyou",nocase; classtype:attempted-recon; sid:200002041; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"informations.recovery.confiryourpage.workers.dev",nocase; classtype:attempted-recon; sid:200002042; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"infos00001.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200002043; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"infosecplace.com",nocase; classtype:attempted-recon; sid:200002044; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"infosprologinmatrisemomols.yolasite.com",nocase; classtype:attempted-recon; sid:200002045; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ing.ingdirect-app.com",nocase; classtype:attempted-recon; sid:200002046; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ingaveiculos.creatorlink.net",nocase; classtype:attempted-recon; sid:200002047; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ingresadatosbono210.com",nocase; classtype:attempted-recon; sid:200002048; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"inicia-bancalnterbank.com",nocase; classtype:attempted-recon; sid:200002049; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"inna.cedymll.cn",nocase; classtype:attempted-recon; sid:200002050; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"innca.ol90k56.cn",nocase; classtype:attempted-recon; sid:200002051; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"innovasjon.as",nocase; classtype:attempted-recon; sid:200002052; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"inps-ep.com",nocase; classtype:attempted-recon; sid:200002053; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"instahelppbaddge.ml",nocase; classtype:attempted-recon; sid:200002054; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"intellidata-analytica.com",nocase; classtype:attempted-recon; sid:200002055; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"interbankempresas.pe-il.ru",nocase; classtype:attempted-recon; sid:200002056; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"interbankhomeweb.fullcircleteam.com",nocase; classtype:attempted-recon; sid:200002057; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"intern.unibas-com.ch",nocase; classtype:attempted-recon; sid:200002058; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"international-formulier.91-218-65-223.plesk.page",nocase; classtype:attempted-recon; sid:200002059; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"internetbanking-caixa-gov.xyz",nocase; classtype:attempted-recon; sid:200002060; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"internetbankinghelp.com",nocase; classtype:attempted-recon; sid:200002061; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"internetservicetech.com",nocase; classtype:attempted-recon; sid:200002062; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"intesalife.ie",nocase; classtype:attempted-recon; sid:200002063; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"intexargentina.com.ar",nocase; classtype:attempted-recon; sid:200002064; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"inthewildproductions.com",nocase; classtype:attempted-recon; sid:200002065; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"intoli.ru",nocase; classtype:attempted-recon; sid:200002066; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"intrafloraplants.com",nocase; classtype:attempted-recon; sid:200002067; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"intranet.sztpe.info",nocase; classtype:attempted-recon; sid:200002068; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"investpl.work",nocase; classtype:attempted-recon; sid:200002069; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"iplogger.info",nocase; classtype:attempted-recon; sid:200002070; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"iqwea.soxr0u1.cn",nocase; classtype:attempted-recon; sid:200002071; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ironmantech.shop",nocase; classtype:attempted-recon; sid:200002072; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"irs-gov-supportcenters.com",nocase; classtype:attempted-recon; sid:200002073; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"irs.gov-coronavirus-pandemic-tax-refund-submission.com",nocase; classtype:attempted-recon; sid:200002074; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ise.com.ar",nocase; classtype:attempted-recon; sid:200002075; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"isfirsatibul.com",nocase; classtype:attempted-recon; sid:200002076; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ismamorlin.my-place.us",nocase; classtype:attempted-recon; sid:200002077; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"isntagranmeta.pagedemo.co",nocase; classtype:attempted-recon; sid:200002078; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"istudyalumni.com",nocase; classtype:attempted-recon; sid:200002079; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"it-europe564598-com.filesusr.com",nocase; classtype:attempted-recon; sid:200002080; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"it.melnikhotels.com",nocase; classtype:attempted-recon; sid:200002081; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"itcentralsupport.net",nocase; classtype:attempted-recon; sid:200002082; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"its.tikkycloud.com",nocase; classtype:attempted-recon; sid:200002083; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"itsmdshahin.github.io",nocase; classtype:attempted-recon; sid:200002084; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"iuhkj.r4f4vmtlso.workers.dev",nocase; classtype:attempted-recon; sid:200002085; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"iuhs.tyopfhn.cn",nocase; classtype:attempted-recon; sid:200002086; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"iujdas.yfwxlc9.cn",nocase; classtype:attempted-recon; sid:200002087; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"iuyydd.ebeg6uk.cn",nocase; classtype:attempted-recon; sid:200002088; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"j9w77d0.cn",nocase; classtype:attempted-recon; sid:200002089; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jacco.co.jp-service-tranid-0001-00001m.jtlctj.cn",nocase; classtype:attempted-recon; sid:200002090; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jacco.co.jp-service-tranid-0001-00001m.jxbehx.cn",nocase; classtype:attempted-recon; sid:200002091; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jacco.co.jp-service-tranid-0001-00001m.qyb59bk.cn",nocase; classtype:attempted-recon; sid:200002092; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jacco.co.jp-service-tranid-0001-00001m.v8vxqi.cn",nocase; classtype:attempted-recon; sid:200002093; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jacco.co.jp-service-tranid-0001-00001m.v9iasv.cn",nocase; classtype:attempted-recon; sid:200002094; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jacco.co.jp-service-tranid-0001-00001m.vjsj3y.cn",nocase; classtype:attempted-recon; sid:200002095; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jacobliston.com",nocase; classtype:attempted-recon; sid:200002096; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jadaart.org",nocase; classtype:attempted-recon; sid:200002097; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jagex-rewards.com",nocase; classtype:attempted-recon; sid:200002098; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jam-023d.gitlab.io",nocase; classtype:attempted-recon; sid:200002099; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"james8.aidaform.com",nocase; classtype:attempted-recon; sid:200002100; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"javarockingland.com",nocase; classtype:attempted-recon; sid:200002101; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jax.bz",nocase; classtype:attempted-recon; sid:200002102; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jbwbzta.alfens8.cc",nocase; classtype:attempted-recon; sid:200002103; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jeanbaileyrobor.com",nocase; classtype:attempted-recon; sid:200002104; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jendelajogja.com",nocase; classtype:attempted-recon; sid:200002105; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jerinja.github.io",nocase; classtype:attempted-recon; sid:200002106; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jetser-electrical-supply.business.site",nocase; classtype:attempted-recon; sid:200002107; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jett.gator.site",nocase; classtype:attempted-recon; sid:200002108; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jflkp.csb.app",nocase; classtype:attempted-recon; sid:200002109; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jfovukvysqnglcjghfxncklqih-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200002110; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jhda.wfdyk9p.cn",nocase; classtype:attempted-recon; sid:200002111; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jhdd.fjcslad.cn",nocase; classtype:attempted-recon; sid:200002112; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jhff.93oe0u9.cn",nocase; classtype:attempted-recon; sid:200002113; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jhnd.0drhnjk.cn",nocase; classtype:attempted-recon; sid:200002114; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jiwanramchemical.com",nocase; classtype:attempted-recon; sid:200002115; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jjhcd.27ke98i.cn",nocase; classtype:attempted-recon; sid:200002116; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jk99j.sbs",nocase; classtype:attempted-recon; sid:200002117; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jlogine.com",nocase; classtype:attempted-recon; sid:200002118; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jmcna.jiwayjc.cn",nocase; classtype:attempted-recon; sid:200002119; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jmfykd.cyou",nocase; classtype:attempted-recon; sid:200002120; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jncba.diiqsmm.cn",nocase; classtype:attempted-recon; sid:200002121; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jnlope.tangguakrapekpuik.link",nocase; classtype:attempted-recon; sid:200002122; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jnnc.grnxkoj.cn",nocase; classtype:attempted-recon; sid:200002123; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"job-type.com",nocase; classtype:attempted-recon; sid:200002124; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jobs.job.com.bd",nocase; classtype:attempted-recon; sid:200002125; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"joecamera.net",nocase; classtype:attempted-recon; sid:200002126; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"john-ashley.de",nocase; classtype:attempted-recon; sid:200002127; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"join-group-1.duckdns.org",nocase; classtype:attempted-recon; sid:200002128; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"join-gruo-waku282.duckdns.org",nocase; classtype:attempted-recon; sid:200002129; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"joinedprice.com",nocase; classtype:attempted-recon; sid:200002130; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"joingrupku183.duckdns.org",nocase; classtype:attempted-recon; sid:200002131; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"joingrupp-bkep156.duckdns.org",nocase; classtype:attempted-recon; sid:200002132; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"joingrupterbaru-0.duckdns.org",nocase; classtype:attempted-recon; sid:200002133; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"joinlinkviral729.duckdns.org",nocase; classtype:attempted-recon; sid:200002134; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"joinssgropshot18.duckdns.org",nocase; classtype:attempted-recon; sid:200002135; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"joinssgropssney6.duckdns.org",nocase; classtype:attempted-recon; sid:200002136; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jow-japan.or.jp",nocase; classtype:attempted-recon; sid:200002137; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"joyeriajireh.com.mx",nocase; classtype:attempted-recon; sid:200002138; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jp-auid.com",nocase; classtype:attempted-recon; sid:200002139; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jp.mercari.omany.buzz",nocase; classtype:attempted-recon; sid:200002140; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jptechdocsign.net",nocase; classtype:attempted-recon; sid:200002141; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jrhayley.plus.com",nocase; classtype:attempted-recon; sid:200002142; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"juandfar.github.io",nocase; classtype:attempted-recon; sid:200002143; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jurisgeneral.com",nocase; classtype:attempted-recon; sid:200002144; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jurlebedev.ru",nocase; classtype:attempted-recon; sid:200002145; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"juscook.com",nocase; classtype:attempted-recon; sid:200002146; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"justgot.gonevis.com",nocase; classtype:attempted-recon; sid:200002147; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"justsayingbro.com",nocase; classtype:attempted-recon; sid:200002148; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jvk.zultifarza.workers.dev",nocase; classtype:attempted-recon; sid:200002149; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jyeue43rm95p.clickfunnels.com",nocase; classtype:attempted-recon; sid:200002150; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jz2bab.webwave.dev",nocase; classtype:attempted-recon; sid:200002151; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"k3ja6d.webwave.dev",nocase; classtype:attempted-recon; sid:200002152; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kaamwalibais.co.in",nocase; classtype:attempted-recon; sid:200002153; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kachinas.be",nocase; classtype:attempted-recon; sid:200002154; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kamdhenurealities.com",nocase; classtype:attempted-recon; sid:200002155; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kargonova.com",nocase; classtype:attempted-recon; sid:200002156; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kartaltepespor.com",nocase; classtype:attempted-recon; sid:200002157; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kasba.in",nocase; classtype:attempted-recon; sid:200002158; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"katanaroninchains.com",nocase; classtype:attempted-recon; sid:200002159; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kbstitchdesigns.com",nocase; classtype:attempted-recon; sid:200002160; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kcas.ygvlrlo.cn",nocase; classtype:attempted-recon; sid:200002161; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kdhdf34j6dfh.dealerwebsite.com",nocase; classtype:attempted-recon; sid:200002162; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kdlscaffolding.co.uk",nocase; classtype:attempted-recon; sid:200002163; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kecc.com",nocase; classtype:attempted-recon; sid:200002164; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kecmanijada.com",nocase; classtype:attempted-recon; sid:200002165; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kedai-gamers.com",nocase; classtype:attempted-recon; sid:200002166; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"keep-passw0rd-supp0rt20211129-0106.supp0rtaaqkadq2zgnizte3ltbly2etnge5yi05ntm3lty2yjcwyzywzdjhmwa.workers.dev",nocase; classtype:attempted-recon; sid:200002167; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"keepactive-8k98-l9k8-98j8-98j78u-d3d3-fr3d34d-2.pages.dev",nocase; classtype:attempted-recon; sid:200002168; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"keepboxactive-msoe3e3-osd2rrf432-d342f4-3f34e32edetferef.pages.dev",nocase; classtype:attempted-recon; sid:200002169; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kenanhusovic.com",nocase; classtype:attempted-recon; sid:200002170; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kevinsmovingservice.com",nocase; classtype:attempted-recon; sid:200002171; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kex81.sbs",nocase; classtype:attempted-recon; sid:200002172; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"key-drcp.com",nocase; classtype:attempted-recon; sid:200002173; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kghm-invest.web.app",nocase; classtype:attempted-recon; sid:200002174; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ki89.pckmlc0cus5667.workers.dev",nocase; classtype:attempted-recon; sid:200002175; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kienthucykhoa.org",nocase; classtype:attempted-recon; sid:200002176; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kimaki.001www.com",nocase; classtype:attempted-recon; sid:200002177; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kingfaisalprize.org",nocase; classtype:attempted-recon; sid:200002178; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kingmhd95p.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200002179; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kissapps.io",nocase; classtype:attempted-recon; sid:200002180; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kit.mishkanhakavana.com",nocase; classtype:attempted-recon; sid:200002181; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kjhdda.tetfeec.cn",nocase; classtype:attempted-recon; sid:200002182; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"klaim-item-mlbb-terbaru8.duckdns.org",nocase; classtype:attempted-recon; sid:200002183; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kleinsigns.net",nocase; classtype:attempted-recon; sid:200002184; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"klockorochsmycken.se",nocase; classtype:attempted-recon; sid:200002185; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"knocktheskool.in",nocase; classtype:attempted-recon; sid:200002186; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"koerich-c-empresarial.com",nocase; classtype:attempted-recon; sid:200002187; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"koji.to",nocase; classtype:attempted-recon; sid:200002188; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kone-ali123-mon-site-web-cheetah-5.cheetah.builderall.com",nocase; classtype:attempted-recon; sid:200002189; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"konfirmasi-identitas-2022.webnode.page",nocase; classtype:attempted-recon; sid:200002190; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"konnect2kamadhenu.com",nocase; classtype:attempted-recon; sid:200002191; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"koteng.odoo.com",nocase; classtype:attempted-recon; sid:200002192; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kr-bithumb.web.app",nocase; classtype:attempted-recon; sid:200002193; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"krupije.com",nocase; classtype:attempted-recon; sid:200002194; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"krx887.com",nocase; classtype:attempted-recon; sid:200002195; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ksschool.org.in",nocase; classtype:attempted-recon; sid:200002196; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kuchkuchnights.com",nocase; classtype:attempted-recon; sid:200002197; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kurortnoye.com.ua",nocase; classtype:attempted-recon; sid:200002198; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ky79.com",nocase; classtype:attempted-recon; sid:200002199; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l-abe.com",nocase; classtype:attempted-recon; sid:200002200; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l-q.in",nocase; classtype:attempted-recon; sid:200002201; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lambdaweb.info",nocase; classtype:attempted-recon; sid:200002202; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"laposada.roncesvalles.es",nocase; classtype:attempted-recon; sid:200002203; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"laposte-france.web.app",nocase; classtype:attempted-recon; sid:200002204; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lapotosinaexpress.com",nocase; classtype:attempted-recon; sid:200002205; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"larindbr.creatorlink.net",nocase; classtype:attempted-recon; sid:200002206; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"larvalab.to",nocase; classtype:attempted-recon; sid:200002207; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lasyaja.github.io",nocase; classtype:attempted-recon; sid:200002208; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"latelevitation.com",nocase; classtype:attempted-recon; sid:200002209; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"latest-recharge-reorder.co.uk",nocase; classtype:attempted-recon; sid:200002210; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"latestnews.pricesrakutenlogin.xyz",nocase; classtype:attempted-recon; sid:200002211; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"latinotravel.cz",nocase; classtype:attempted-recon; sid:200002212; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lazada889.com",nocase; classtype:attempted-recon; sid:200002213; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lbce.lecservilbc.com",nocase; classtype:attempted-recon; sid:200002214; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ldsplanettt.yolasite.com",nocase; classtype:attempted-recon; sid:200002215; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"le-diablotin-rouen.com",nocase; classtype:attempted-recon; sid:200002216; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"leadershipmail.org",nocase; classtype:attempted-recon; sid:200002217; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"learningimpactmodel.com",nocase; classtype:attempted-recon; sid:200002218; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"leboncoiinlbc.000webhostapp.com",nocase; classtype:attempted-recon; sid:200002219; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"leboncoin.delivery01588.icu",nocase; classtype:attempted-recon; sid:200002220; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lefaf77683.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200002221; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lemeiesta.com",nocase; classtype:attempted-recon; sid:200002222; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lenagruessdich.net",nocase; classtype:attempted-recon; sid:200002223; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"leroycu.ca",nocase; classtype:attempted-recon; sid:200002224; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"letoptuswebmail-9b69f0.ingress-comporellon.easywp.com",nocase; classtype:attempted-recon; sid:200002225; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lettertracing4kids.com",nocase; classtype:attempted-recon; sid:200002226; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lexnotes.com.ng",nocase; classtype:attempted-recon; sid:200002227; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lg-onecom-io.web.app",nocase; classtype:attempted-recon; sid:200002228; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"liberasrl.it",nocase; classtype:attempted-recon; sid:200002229; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lihi3.cc",nocase; classtype:attempted-recon; sid:200002230; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkgrupkakak-disini.duckdns.org",nocase; classtype:attempted-recon; sid:200002231; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"liongear.com",nocase; classtype:attempted-recon; sid:200002232; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lirc.cep.edu.vn",nocase; classtype:attempted-recon; sid:200002233; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"little-frost-1a15.chrisc11004842.workers.dev",nocase; classtype:attempted-recon; sid:200002234; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"little-rain-39c4.newdhlacceslogins.workers.dev",nocase; classtype:attempted-recon; sid:200002235; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"little-wood-23ca.abssupdatedlogin.workers.dev",nocase; classtype:attempted-recon; sid:200002236; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"litty.shop",nocase; classtype:attempted-recon; sid:200002237; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"liusanchuan.github.io",nocase; classtype:attempted-recon; sid:200002238; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"live-site.hopto.me",nocase; classtype:attempted-recon; sid:200002239; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"live.rawfednews.com",nocase; classtype:attempted-recon; sid:200002240; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"livechat-ronin.com",nocase; classtype:attempted-recon; sid:200002241; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"livecryptolab.com",nocase; classtype:attempted-recon; sid:200002242; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"livelifelimitless.com.au",nocase; classtype:attempted-recon; sid:200002243; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ljkds.hvkmjdq.cn",nocase; classtype:attempted-recon; sid:200002244; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lkjds.nlmwjta.cn",nocase; classtype:attempted-recon; sid:200002245; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lloydbank-accountbreach.com",nocase; classtype:attempted-recon; sid:200002246; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lloydbank-secure-customers.com",nocase; classtype:attempted-recon; sid:200002247; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lloydbank-support-team.com",nocase; classtype:attempted-recon; sid:200002248; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lloydbanking-securelogin.com",nocase; classtype:attempted-recon; sid:200002249; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lloydsbank.deregister-payee-secure-auth.com",nocase; classtype:attempted-recon; sid:200002250; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lloydsbank.secure-online-deregister.com",nocase; classtype:attempted-recon; sid:200002251; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lloydsbank.secure-personal-device-login.com",nocase; classtype:attempted-recon; sid:200002252; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lloyduk-newdevice-registered-online.com",nocase; classtype:attempted-recon; sid:200002253; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"llsckhuhskcamuqwbonsrhwpvk-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200002254; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lmbanang.pgryuangbtusngka.link",nocase; classtype:attempted-recon; sid:200002255; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnkd.dev",nocase; classtype:attempted-recon; sid:200002256; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnterbancape-lbk.com",nocase; classtype:attempted-recon; sid:200002257; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnterbank.pe.starneonsignsug.com",nocase; classtype:attempted-recon; sid:200002258; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"local-postoffice-deliver.com",nocase; classtype:attempted-recon; sid:200002259; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"localwithg.com",nocase; classtype:attempted-recon; sid:200002260; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lockpichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200002261; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"loengregkuetngferu.live",nocase; classtype:attempted-recon; sid:200002262; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lofon-add.firebaseapp.com",nocase; classtype:attempted-recon; sid:200002263; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"loftywallet.com",nocase; classtype:attempted-recon; sid:200002264; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"logfuliz.web.app",nocase; classtype:attempted-recon; sid:200002265; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"login-a5x1ir9bkd0dfo9nrbe2akijf3ux35u2gard0djpitipusxxc8.website.yandexcloud.net",nocase; classtype:attempted-recon; sid:200002266; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"login-facebook18.webnode.page",nocase; classtype:attempted-recon; sid:200002267; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"login-live.com-s02.net",nocase; classtype:attempted-recon; sid:200002268; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"login-np6hh1hdf6csg7hcskopd44b7e7z4clqa8lput68g5abukevka.website.yandexcloud.net",nocase; classtype:attempted-recon; sid:200002269; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"login-postfinance.com",nocase; classtype:attempted-recon; sid:200002270; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"login-singaporee.apply-now-online-digital.com",nocase; classtype:attempted-recon; sid:200002271; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"login.dbs.webdbslistinonline.com",nocase; classtype:attempted-recon; sid:200002272; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"login.privategold.uytrtyuhij987.gowithapex.com",nocase; classtype:attempted-recon; sid:200002273; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"logindhlaccess.dhlupdatelogin.workers.dev",nocase; classtype:attempted-recon; sid:200002274; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"loginnewatt.weebly.com",nocase; classtype:attempted-recon; sid:200002275; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"logverify-df12e-verify-1230-eu.web.app",nocase; classtype:attempted-recon; sid:200002276; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"loinesports.com",nocase; classtype:attempted-recon; sid:200002277; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lomadesarrollos.mx",nocase; classtype:attempted-recon; sid:200002278; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lombard11.eu",nocase; classtype:attempted-recon; sid:200002279; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lot-lp-x.web.app",nocase; classtype:attempted-recon; sid:200002280; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"love.gos-box.com",nocase; classtype:attempted-recon; sid:200002281; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lp.vp4.me",nocase; classtype:attempted-recon; sid:200002282; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lrs.financial",nocase; classtype:attempted-recon; sid:200002283; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lrs.foundation",nocase; classtype:attempted-recon; sid:200002284; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lrs.fund",nocase; classtype:attempted-recon; sid:200002285; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ltdv1signinui.website.yandexcloud.net",nocase; classtype:attempted-recon; sid:200002286; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lucid-lichterman.45-81-232-17.plesk.page",nocase; classtype:attempted-recon; sid:200002287; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"luciolee17.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200002288; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lucky-glitter-f89f.jimmysitt.workers.dev",nocase; classtype:attempted-recon; sid:200002289; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lucy-walker.com",nocase; classtype:attempted-recon; sid:200002290; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lukysepinfreefire2022.duckdns.org",nocase; classtype:attempted-recon; sid:200002291; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lunugrcpujwcfnajuctkojawrh-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200002292; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lydab.com",nocase; classtype:attempted-recon; sid:200002293; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"m.help.insecurpage.workers.dev",nocase; classtype:attempted-recon; sid:200002294; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"m.maseocoad.top",nocase; classtype:attempted-recon; sid:200002295; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"m.mauofcg.com",nocase; classtype:attempted-recon; sid:200002296; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"m.protc.safty-pege.workers.dev",nocase; classtype:attempted-recon; sid:200002297; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"m.recovery.safetyacount.workers.dev",nocase; classtype:attempted-recon; sid:200002298; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"m.recovery.saftypageupdate.workers.dev",nocase; classtype:attempted-recon; sid:200002299; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"m.salsomascard.top",nocase; classtype:attempted-recon; sid:200002300; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"m42club.com",nocase; classtype:attempted-recon; sid:200002301; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"machineryzoneservice.com",nocase; classtype:attempted-recon; sid:200002302; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"macjakarta.com",nocase; classtype:attempted-recon; sid:200002303; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"macst.cc",nocase; classtype:attempted-recon; sid:200002304; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"madens.com.pl",nocase; classtype:attempted-recon; sid:200002305; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"madrhinoconsulting.com",nocase; classtype:attempted-recon; sid:200002306; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maestro.my.prod.dfg152.ru",nocase; classtype:attempted-recon; sid:200002307; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"magyar-posta.ddns.net",nocase; classtype:attempted-recon; sid:200002308; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"magyar-posta.sytes.net",nocase; classtype:attempted-recon; sid:200002309; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mahikapur.in",nocase; classtype:attempted-recon; sid:200002310; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mahud.globizsapp.com",nocase; classtype:attempted-recon; sid:200002311; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail-account-verify-f4723.web.app",nocase; classtype:attempted-recon; sid:200002312; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail-gmxaktualisierung.yolasite.com",nocase; classtype:attempted-recon; sid:200002313; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail-ovhcloud.web.app",nocase; classtype:attempted-recon; sid:200002314; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail-ssocloud-srvr67yhguh.pages.dev",nocase; classtype:attempted-recon; sid:200002315; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.atlanticeconcrete.com",nocase; classtype:attempted-recon; sid:200002316; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.enrollmoreclientsbootcamp.com",nocase; classtype:attempted-recon; sid:200002317; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.ims-fe.com",nocase; classtype:attempted-recon; sid:200002318; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.kenanhusovic.com",nocase; classtype:attempted-recon; sid:200002319; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.kuttabalfatih.com",nocase; classtype:attempted-recon; sid:200002320; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.santepluspharma.com",nocase; classtype:attempted-recon; sid:200002321; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.sweetshopspecialtycoffee.com.au",nocase; classtype:attempted-recon; sid:200002322; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.updateinfo-billingo2.com",nocase; classtype:attempted-recon; sid:200002323; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.wellsfargous.duckdns.org",nocase; classtype:attempted-recon; sid:200002324; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.wheel1factory.net",nocase; classtype:attempted-recon; sid:200002325; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.zenstream.com",nocase; classtype:attempted-recon; sid:200002326; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck1.web.app",nocase; classtype:attempted-recon; sid:200002327; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck10.web.app",nocase; classtype:attempted-recon; sid:200002328; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck11.web.app",nocase; classtype:attempted-recon; sid:200002329; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck12.web.app",nocase; classtype:attempted-recon; sid:200002330; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck13.web.app",nocase; classtype:attempted-recon; sid:200002331; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck14.web.app",nocase; classtype:attempted-recon; sid:200002332; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck15.web.app",nocase; classtype:attempted-recon; sid:200002333; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck16.web.app",nocase; classtype:attempted-recon; sid:200002334; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck17.web.app",nocase; classtype:attempted-recon; sid:200002335; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck18.web.app",nocase; classtype:attempted-recon; sid:200002336; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck19.web.app",nocase; classtype:attempted-recon; sid:200002337; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck2.web.app",nocase; classtype:attempted-recon; sid:200002338; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck20.web.app",nocase; classtype:attempted-recon; sid:200002339; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck4.web.app",nocase; classtype:attempted-recon; sid:200002340; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck5.web.app",nocase; classtype:attempted-recon; sid:200002341; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck6.web.app",nocase; classtype:attempted-recon; sid:200002342; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck7.web.app",nocase; classtype:attempted-recon; sid:200002343; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck8.web.app",nocase; classtype:attempted-recon; sid:200002344; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maildomaiincheck9.web.app",nocase; classtype:attempted-recon; sid:200002345; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailgmxaktualiisieren.yolasite.com",nocase; classtype:attempted-recon; sid:200002346; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailplusrolerequestedprivatemailupdates.pages.dev",nocase; classtype:attempted-recon; sid:200002347; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailserver7656566.blob.core.windows.net",nocase; classtype:attempted-recon; sid:200002348; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee10.web.app",nocase; classtype:attempted-recon; sid:200002349; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee11.web.app",nocase; classtype:attempted-recon; sid:200002350; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee12.web.app",nocase; classtype:attempted-recon; sid:200002351; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee14.web.app",nocase; classtype:attempted-recon; sid:200002352; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee16.web.app",nocase; classtype:attempted-recon; sid:200002353; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee17.web.app",nocase; classtype:attempted-recon; sid:200002354; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee19.web.app",nocase; classtype:attempted-recon; sid:200002355; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee20.web.app",nocase; classtype:attempted-recon; sid:200002356; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee21.web.app",nocase; classtype:attempted-recon; sid:200002357; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee22.web.app",nocase; classtype:attempted-recon; sid:200002358; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee24.web.app",nocase; classtype:attempted-recon; sid:200002359; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee26.web.app",nocase; classtype:attempted-recon; sid:200002360; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee27.web.app",nocase; classtype:attempted-recon; sid:200002361; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee28.web.app",nocase; classtype:attempted-recon; sid:200002362; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee29.web.app",nocase; classtype:attempted-recon; sid:200002363; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee34.web.app",nocase; classtype:attempted-recon; sid:200002364; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee35.web.app",nocase; classtype:attempted-recon; sid:200002365; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee40.web.app",nocase; classtype:attempted-recon; sid:200002366; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee6.web.app",nocase; classtype:attempted-recon; sid:200002367; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee7.web.app",nocase; classtype:attempted-recon; sid:200002368; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mailupdattee8.web.app",nocase; classtype:attempted-recon; sid:200002369; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mainbugerrorfixing.com",nocase; classtype:attempted-recon; sid:200002370; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mainmobilerectify.live",nocase; classtype:attempted-recon; sid:200002371; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mainsbscrestore.com",nocase; classtype:attempted-recon; sid:200002372; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maintoken.org",nocase; classtype:attempted-recon; sid:200002373; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"makcts-go.ru",nocase; classtype:attempted-recon; sid:200002374; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"make-anon-keep-past.rvsla.workers.dev",nocase; classtype:attempted-recon; sid:200002375; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mala-riba.com",nocase; classtype:attempted-recon; sid:200002376; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"malaprontaargentina.com.br",nocase; classtype:attempted-recon; sid:200002377; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"malehaenterprises.com",nocase; classtype:attempted-recon; sid:200002378; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"malukutenggarakab.go.id",nocase; classtype:attempted-recon; sid:200002379; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mamasitasont.blogspot.com",nocase; classtype:attempted-recon; sid:200002380; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mandirilivinlinksystem.brizy.site",nocase; classtype:attempted-recon; sid:200002381; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mandirilivinlinksystem3.brizy.site",nocase; classtype:attempted-recon; sid:200002382; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"manualsync.com",nocase; classtype:attempted-recon; sid:200002383; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maotun.xyz",nocase; classtype:attempted-recon; sid:200002384; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mapsa.com.pe",nocase; classtype:attempted-recon; sid:200002385; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marifilmines.ca",nocase; classtype:attempted-recon; sid:200002386; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marinthe.poingaitongamlm.link",nocase; classtype:attempted-recon; sid:200002387; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace-axieinfinity.io",nocase; classtype:attempted-recon; sid:200002388; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace-axlelnfiniity.com",nocase; classtype:attempted-recon; sid:200002389; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-1b6x8r3ep.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002390; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-29ta3qbv.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002391; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-hzup1bae.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002392; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-izkbuxmx.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002393; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-kq1oh2ae.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002394; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-milt5ssm.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002395; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-qze9zt75vm.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002396; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-sauuvazpjo.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002397; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-tyeuieb7.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002398; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-wd5sulr0f5.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002399; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplace.facebook.com-z1au8cxghl.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200002400; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"marketplaceaxieinfiniity.com",nocase; classtype:attempted-recon; sid:200002401; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"masdas0932.co.vu",nocase; classtype:attempted-recon; sid:200002402; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"masum.lawyer",nocase; classtype:attempted-recon; sid:200002403; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"match.lookatmynewphotos.com",nocase; classtype:attempted-recon; sid:200002404; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"matchoklahoma.com",nocase; classtype:attempted-recon; sid:200002405; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"matelamsiska.com",nocase; classtype:attempted-recon; sid:200002406; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"matiruys.co.vu",nocase; classtype:attempted-recon; sid:200002407; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maxclinic.ru",nocase; classtype:attempted-recon; sid:200002408; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"maxis-winner-2020.webs.com",nocase; classtype:attempted-recon; sid:200002409; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mayormoveis.com",nocase; classtype:attempted-recon; sid:200002410; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mboutique.cfd",nocase; classtype:attempted-recon; sid:200002411; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mccarthyelectrical.com",nocase; classtype:attempted-recon; sid:200002412; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mcconcep.cluster005.ovh.net",nocase; classtype:attempted-recon; sid:200002413; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mchganistore.solofolio.net",nocase; classtype:attempted-recon; sid:200002414; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mdex.li",nocase; classtype:attempted-recon; sid:200002415; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mdurucan.com",nocase; classtype:attempted-recon; sid:200002416; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"medelinahealth.com",nocase; classtype:attempted-recon; sid:200002417; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"medeniyetakademisi.org",nocase; classtype:attempted-recon; sid:200002418; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mediasystembusiness.xyz",nocase; classtype:attempted-recon; sid:200002419; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mednungtanpoudan-acvwe3.ga",nocase; classtype:attempted-recon; sid:200002420; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"medo.world",nocase; classtype:attempted-recon; sid:200002421; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"medtamr.com",nocase; classtype:attempted-recon; sid:200002422; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"meeting-23900123090123.bitbucket.io",nocase; classtype:attempted-recon; sid:200002423; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"memestock.xyz",nocase; classtype:attempted-recon; sid:200002424; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mercani.pomyt.info",nocase; classtype:attempted-recon; sid:200002425; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mercariz.xyz",nocase; classtype:attempted-recon; sid:200002426; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"meremanovegabana.website2.me",nocase; classtype:attempted-recon; sid:200002427; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mbudeu.cn",nocase; classtype:attempted-recon; sid:200002428; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mednljn.cn",nocase; classtype:attempted-recon; sid:200002429; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mgeukpx.cn",nocase; classtype:attempted-recon; sid:200002430; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mglsffs.cn",nocase; classtype:attempted-recon; sid:200002431; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mglxyul.cn",nocase; classtype:attempted-recon; sid:200002432; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mhgqdtv.cn",nocase; classtype:attempted-recon; sid:200002433; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mjrsrfo.cn",nocase; classtype:attempted-recon; sid:200002434; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mktbbr.cn",nocase; classtype:attempted-recon; sid:200002435; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mkxbqnu.cn",nocase; classtype:attempted-recon; sid:200002436; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mlyffa.cn",nocase; classtype:attempted-recon; sid:200002437; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mmsfzys.cn",nocase; classtype:attempted-recon; sid:200002438; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mnfjwy.cn",nocase; classtype:attempted-recon; sid:200002439; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mnheijt.cn",nocase; classtype:attempted-recon; sid:200002440; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.msnygk.cn",nocase; classtype:attempted-recon; sid:200002441; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mtlrnzu.cn",nocase; classtype:attempted-recon; sid:200002442; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mukkwvc.cn",nocase; classtype:attempted-recon; sid:200002443; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mericarir.mxsoecl.cn",nocase; classtype:attempted-recon; sid:200002444; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"meriocori-logining.2y3uio.pyqbas.cn",nocase; classtype:attempted-recon; sid:200002445; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mestertignseekjet4.blogspot.com",nocase; classtype:attempted-recon; sid:200002446; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mestertignseekjet5.blogspot.com",nocase; classtype:attempted-recon; sid:200002447; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mestertignseekjet6.blogspot.com",nocase; classtype:attempted-recon; sid:200002448; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mestredaobra.com",nocase; classtype:attempted-recon; sid:200002449; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"meta-support-centers.ml",nocase; classtype:attempted-recon; sid:200002450; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metalurgicagiom.com.br",nocase; classtype:attempted-recon; sid:200002451; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamasc.club",nocase; classtype:attempted-recon; sid:200002452; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask-connect.com",nocase; classtype:attempted-recon; sid:200002453; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask-connect.org",nocase; classtype:attempted-recon; sid:200002454; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask-extension.com.hsurge.com",nocase; classtype:attempted-recon; sid:200002455; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask-wallets-protection.web.app",nocase; classtype:attempted-recon; sid:200002456; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask-wallets.yahoosites.com",nocase; classtype:attempted-recon; sid:200002457; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask.cam",nocase; classtype:attempted-recon; sid:200002458; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask.io-php.com",nocase; classtype:attempted-recon; sid:200002459; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask.kiwi",nocase; classtype:attempted-recon; sid:200002460; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask.loan",nocase; classtype:attempted-recon; sid:200002461; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask.protocol-process.me",nocase; classtype:attempted-recon; sid:200002462; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask.security-information.cc",nocase; classtype:attempted-recon; sid:200002463; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask.social",nocase; classtype:attempted-recon; sid:200002464; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamask.wallets-reauth.net",nocase; classtype:attempted-recon; sid:200002465; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamaskdownloadandroid.xyz",nocase; classtype:attempted-recon; sid:200002466; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamaskextension.xyz",nocase; classtype:attempted-recon; sid:200002467; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metamassklogins-us.tumblr.com",nocase; classtype:attempted-recon; sid:200002468; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"metaversepadapp.com",nocase; classtype:attempted-recon; sid:200002469; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"meusabor.com.br",nocase; classtype:attempted-recon; sid:200002470; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mfacebook.blogspot.com.cy",nocase; classtype:attempted-recon; sid:200002471; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mfacebook.blogspot.lt",nocase; classtype:attempted-recon; sid:200002472; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mfacebook.blogspot.rs",nocase; classtype:attempted-recon; sid:200002473; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mgpskartarpur.com",nocase; classtype:attempted-recon; sid:200002474; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mgrandroyale.com",nocase; classtype:attempted-recon; sid:200002475; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mibancocrece.com.co",nocase; classtype:attempted-recon; sid:200002476; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"micacd.elshov.com",nocase; classtype:attempted-recon; sid:200002477; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"michiyado.com",nocase; classtype:attempted-recon; sid:200002478; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"microcav.square.site",nocase; classtype:attempted-recon; sid:200002479; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"microsoftonline.pages.dev",nocase; classtype:attempted-recon; sid:200002480; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"microsoftwebserver.mfs.gg",nocase; classtype:attempted-recon; sid:200002481; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"micuenta01.github.io",nocase; classtype:attempted-recon; sid:200002482; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"midasbuy1st.com",nocase; classtype:attempted-recon; sid:200002483; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"midsposc2.com",nocase; classtype:attempted-recon; sid:200002484; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mijnics-actualisatie.185-236-231-64.plesk.page",nocase; classtype:attempted-recon; sid:200002485; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mikayelxhovakimyan.com",nocase; classtype:attempted-recon; sid:200002486; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"milanobet301.com",nocase; classtype:attempted-recon; sid:200002487; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"militarybikers.org",nocase; classtype:attempted-recon; sid:200002488; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mingming20160152.github.io",nocase; classtype:attempted-recon; sid:200002489; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"miozpro.com",nocase; classtype:attempted-recon; sid:200002490; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"miracdoviz.com",nocase; classtype:attempted-recon; sid:200002491; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"miss-paym02.com",nocase; classtype:attempted-recon; sid:200002492; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"missionshashank.org",nocase; classtype:attempted-recon; sid:200002493; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjayme9jdg9izxixmjeydgg.filesusr.com",nocase; classtype:attempted-recon; sid:200002494; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjayme9jdg9izxiymjnyza.filesusr.com",nocase; classtype:attempted-recon; sid:200002495; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymu1heta1dgg.filesusr.com",nocase; classtype:attempted-recon; sid:200002496; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymu1hetezmtj0aa.filesusr.com",nocase; classtype:attempted-recon; sid:200002497; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymu1hetgym3jk.filesusr.com",nocase; classtype:attempted-recon; sid:200002498; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymu1hetizmtl0aa.filesusr.com",nocase; classtype:attempted-recon; sid:200002499; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymu1hetqymhro.filesusr.com",nocase; classtype:attempted-recon; sid:200002500; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymu1hetu3dgg.filesusr.com",nocase; classtype:attempted-recon; sid:200002501; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymu1hetuymhro.filesusr.com",nocase; classtype:attempted-recon; sid:200002502; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymu5vdmvtymvymji5dgg.filesusr.com",nocase; classtype:attempted-recon; sid:200002503; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymu5vdmvtymvymtexdgg.filesusr.com",nocase; classtype:attempted-recon; sid:200002504; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymuf1z3vzdde4mtf0aa.filesusr.com",nocase; classtype:attempted-recon; sid:200002505; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymufwcmlsmde5dgg.filesusr.com",nocase; classtype:attempted-recon; sid:200002506; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymup1bhk0mtf0aa.filesusr.com",nocase; classtype:attempted-recon; sid:200002507; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymup1bhk1mtr0aa.filesusr.com",nocase; classtype:attempted-recon; sid:200002508; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymup1bhkzmtn0aa.filesusr.com",nocase; classtype:attempted-recon; sid:200002509; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymup1bmu0mtf0aa.filesusr.com",nocase; classtype:attempted-recon; sid:200002510; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymup1bmuymzfzda.filesusr.com",nocase; classtype:attempted-recon; sid:200002511; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymuphbnvhcnkxmzv0aa.filesusr.com",nocase; classtype:attempted-recon; sid:200002512; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymurly2vtymvymjiyn3ro.filesusr.com",nocase; classtype:attempted-recon; sid:200002513; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mjaymvnlchrlbwjlcjizmxn0.filesusr.com",nocase; classtype:attempted-recon; sid:200002514; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mk2.ge",nocase; classtype:attempted-recon; sid:200002515; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mkjiool.weebly.com",nocase; classtype:attempted-recon; sid:200002516; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mnbxa.73kfer9.cn",nocase; classtype:attempted-recon; sid:200002517; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mnbxcas.zm7wwar.cn",nocase; classtype:attempted-recon; sid:200002518; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mncxx.qbeepor.cn",nocase; classtype:attempted-recon; sid:200002519; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mnnbx.r1rpj09.cn",nocase; classtype:attempted-recon; sid:200002520; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mnncxa.fwffsyt.cn",nocase; classtype:attempted-recon; sid:200002521; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mobiile.systemredirect-pages.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link",nocase; classtype:attempted-recon; sid:200002522; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mobile-orange-forever.yolasite.com",nocase; classtype:attempted-recon; sid:200002523; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mobile-portail.live",nocase; classtype:attempted-recon; sid:200002524; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mobile.hedgesportst.me",nocase; classtype:attempted-recon; sid:200002525; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"moccasinyellowbetatest.josekkk.repl.co",nocase; classtype:attempted-recon; sid:200002526; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"modest-hertz.45-81-232-15.plesk.page",nocase; classtype:attempted-recon; sid:200002527; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"moiksys.com",nocase; classtype:attempted-recon; sid:200002528; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mon-token.com",nocase; classtype:attempted-recon; sid:200002529; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mon.espace.lcl.fr.certosini.info",nocase; classtype:attempted-recon; sid:200002530; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"monbudri.xyz",nocase; classtype:attempted-recon; sid:200002531; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mondrive.xyz",nocase; classtype:attempted-recon; sid:200002532; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"monedri.xyz",nocase; classtype:attempted-recon; sid:200002533; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"monirshouvo.github.io",nocase; classtype:attempted-recon; sid:200002534; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"monomobileservice.yolasite.com",nocase; classtype:attempted-recon; sid:200002535; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"monprofilclient.web.app",nocase; classtype:attempted-recon; sid:200002536; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"monstercarp.rn86.ru",nocase; classtype:attempted-recon; sid:200002537; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"montenegrolandscape.com",nocase; classtype:attempted-recon; sid:200002538; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"montrealidiomas.com.br",nocase; classtype:attempted-recon; sid:200002539; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"monyeward.com",nocase; classtype:attempted-recon; sid:200002540; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"morcario.xyz",nocase; classtype:attempted-recon; sid:200002541; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"morfybox.com",nocase; classtype:attempted-recon; sid:200002542; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"movil.particulares-secure.com",nocase; classtype:attempted-recon; sid:200002543; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mqzlsim.mindlogicinfotech.com",nocase; classtype:attempted-recon; sid:200002544; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mrpitchman.com",nocase; classtype:attempted-recon; sid:200002545; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"msc-doelsach.at",nocase; classtype:attempted-recon; sid:200002546; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mscc1s.ultimatefreehost.in",nocase; classtype:attempted-recon; sid:200002547; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"msnserviceverifivation.wordpress.com",nocase; classtype:attempted-recon; sid:200002548; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"msofficemessagescenter-1.mfs.gg",nocase; classtype:attempted-recon; sid:200002549; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mtngifts2021.blogspot.com",nocase; classtype:attempted-recon; sid:200002550; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mtron.in",nocase; classtype:attempted-recon; sid:200002551; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mtsn1kotabekasi.sch.id",nocase; classtype:attempted-recon; sid:200002552; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"muddy-credit-ea7b.0fflce-mlcr0sfot-online-supposrts3jp-tokcloud.workers.dev",nocase; classtype:attempted-recon; sid:200002553; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mudraloans.biz",nocase; classtype:attempted-recon; sid:200002554; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mufg.jp.yjfszs.com",nocase; classtype:attempted-recon; sid:200002555; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"muriiityua.krywanbobaanja.link",nocase; classtype:attempted-recon; sid:200002556; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mxrr.com",nocase; classtype:attempted-recon; sid:200002557; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my-bithumb.web.app",nocase; classtype:attempted-recon; sid:200002558; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my-gmail.ir",nocase; classtype:attempted-recon; sid:200002559; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my-site219.yolasite.com",nocase; classtype:attempted-recon; sid:200002560; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my.jcpwb.com",nocase; classtype:attempted-recon; sid:200002561; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my.nhs-get-pass.com",nocase; classtype:attempted-recon; sid:200002562; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my.paydi.login-index-home.x4typfc.cn",nocase; classtype:attempted-recon; sid:200002563; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my02billing-login.com",nocase; classtype:attempted-recon; sid:200002564; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mybeii.live",nocase; classtype:attempted-recon; sid:200002565; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mycoerver.es",nocase; classtype:attempted-recon; sid:200002566; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mygoogleaccount.stantrade.xyz",nocase; classtype:attempted-recon; sid:200002567; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"myjcb.cyyptoi.cn",nocase; classtype:attempted-recon; sid:200002568; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"myjcb.thxpj.cn",nocase; classtype:attempted-recon; sid:200002569; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mymbg-aa2e2.web.app",nocase; classtype:attempted-recon; sid:200002570; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mymeta-securearea.plesk07.zap-webspace.com",nocase; classtype:attempted-recon; sid:200002571; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mymweb-owner.at.ua",nocase; classtype:attempted-recon; sid:200002572; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mypo-delivery.com",nocase; classtype:attempted-recon; sid:200002573; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mypsm.psm.edu.mm",nocase; classtype:attempted-recon; sid:200002574; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"myshedbuilder.com",nocase; classtype:attempted-recon; sid:200002575; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mytheamsauthecent.wapgem.com",nocase; classtype:attempted-recon; sid:200002576; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"myupdates-mynetflix.com",nocase; classtype:attempted-recon; sid:200002577; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mywalletsvalidation.com",nocase; classtype:attempted-recon; sid:200002578; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mzqualitycleaning.com",nocase; classtype:attempted-recon; sid:200002579; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"n-naoko-0319.github.io",nocase; classtype:attempted-recon; sid:200002580; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"n.salsomascard.top",nocase; classtype:attempted-recon; sid:200002581; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"n26.sa-france.fr",nocase; classtype:attempted-recon; sid:200002582; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"n7orton.com",nocase; classtype:attempted-recon; sid:200002583; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nab-access-breach.com",nocase; classtype:attempted-recon; sid:200002584; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nab-alert.mobi",nocase; classtype:attempted-recon; sid:200002585; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nab-www.303.si",nocase; classtype:attempted-recon; sid:200002586; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"naderkhani.ir",nocase; classtype:attempted-recon; sid:200002587; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"najboljeuslugezavas.betterservicesforyou.com",nocase; classtype:attempted-recon; sid:200002588; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nalandaias.com",nocase; classtype:attempted-recon; sid:200002589; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nanjing.itud167.cn",nocase; classtype:attempted-recon; sid:200002590; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"napgamelienquan.net",nocase; classtype:attempted-recon; sid:200002591; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"naranja-users.auth0.com",nocase; classtype:attempted-recon; sid:200002592; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"native-possession-josh-asks.trycloudflare.com",nocase; classtype:attempted-recon; sid:200002593; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nattionaliy.000webhostapp.com",nocase; classtype:attempted-recon; sid:200002594; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"natu-mx.com",nocase; classtype:attempted-recon; sid:200002595; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"naturalrocksand.com",nocase; classtype:attempted-recon; sid:200002596; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"natwest.nwolb-login-auth.com",nocase; classtype:attempted-recon; sid:200002597; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"natwest.secure-auth-personal-device.com",nocase; classtype:attempted-recon; sid:200002598; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"natwest.secured-online-verify.com",nocase; classtype:attempted-recon; sid:200002599; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"natwest.secured-personal-verify.com",nocase; classtype:attempted-recon; sid:200002600; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nayablabs.com",nocase; classtype:attempted-recon; sid:200002601; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nayameehomes.com",nocase; classtype:attempted-recon; sid:200002602; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbcc.0bit08a.cn",nocase; classtype:attempted-recon; sid:200002603; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbcd.xiu58rl.cn",nocase; classtype:attempted-recon; sid:200002604; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbcvs.gd65y69.cn",nocase; classtype:attempted-recon; sid:200002605; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbcxa.lctlfdq.cn",nocase; classtype:attempted-recon; sid:200002606; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbcxas.551awvr.cn",nocase; classtype:attempted-recon; sid:200002607; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbhjxa.hblhi96.cn",nocase; classtype:attempted-recon; sid:200002608; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbnonres.com",nocase; classtype:attempted-recon; sid:200002609; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbxaa.b1b6nac.cn",nocase; classtype:attempted-recon; sid:200002610; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbxas.uabzfbm.cn",nocase; classtype:attempted-recon; sid:200002611; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbxasd.rm625b.cn",nocase; classtype:attempted-recon; sid:200002612; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbxha.74zdws.cn",nocase; classtype:attempted-recon; sid:200002613; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nbxza.giodzij.cn",nocase; classtype:attempted-recon; sid:200002614; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ncgroup.club",nocase; classtype:attempted-recon; sid:200002615; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"necessitymag.com",nocase; classtype:attempted-recon; sid:200002616; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nedbankqa.flowblocks.com",nocase; classtype:attempted-recon; sid:200002617; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nedriw.xyz",nocase; classtype:attempted-recon; sid:200002618; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"negociebra.com.br",nocase; classtype:attempted-recon; sid:200002619; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"neptuneinnovations.com",nocase; classtype:attempted-recon; sid:200002620; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"netciti.id",nocase; classtype:attempted-recon; sid:200002621; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"netflix-techarmy.me",nocase; classtype:attempted-recon; sid:200002622; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"netflixus-uwm-916726-sbi-917827.kamaliakhaddar.pk",nocase; classtype:attempted-recon; sid:200002623; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"networksol-f35e7.web.app",nocase; classtype:attempted-recon; sid:200002624; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"neversencommun.fr",nocase; classtype:attempted-recon; sid:200002625; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"newlifenursery.com",nocase; classtype:attempted-recon; sid:200002626; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"newrydramafestival.co.uk",nocase; classtype:attempted-recon; sid:200002627; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"newsletter.pagueonlinebra.com.br",nocase; classtype:attempted-recon; sid:200002628; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"newsodisha.in",nocase; classtype:attempted-recon; sid:200002629; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nextgensoftbd.com",nocase; classtype:attempted-recon; sid:200002630; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nftsmainnet.com",nocase; classtype:attempted-recon; sid:200002631; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhattinsteel.com",nocase; classtype:attempted-recon; sid:200002632; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhbcd.40ggify.cn",nocase; classtype:attempted-recon; sid:200002633; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhbcd.xitgfmh.cn",nocase; classtype:attempted-recon; sid:200002634; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhbcda.g4g5mgc.cn",nocase; classtype:attempted-recon; sid:200002635; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhbd.yl7g7qz.cn",nocase; classtype:attempted-recon; sid:200002636; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhbdd.ncoavvx.cn",nocase; classtype:attempted-recon; sid:200002637; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhfactor.com",nocase; classtype:attempted-recon; sid:200002638; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhgcs.ugvvluf.cn",nocase; classtype:attempted-recon; sid:200002639; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhhvd.zb06w77.cn",nocase; classtype:attempted-recon; sid:200002640; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhri.net",nocase; classtype:attempted-recon; sid:200002641; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nhs.my-vaccine-status.com",nocase; classtype:attempted-recon; sid:200002642; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"niagarapower.com",nocase; classtype:attempted-recon; sid:200002643; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nic-home.com",nocase; classtype:attempted-recon; sid:200002644; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nizotchauffage.bilty.be",nocase; classtype:attempted-recon; sid:200002645; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nodesconnection.com",nocase; classtype:attempted-recon; sid:200002646; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"northlane.esy.es",nocase; classtype:attempted-recon; sid:200002647; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"notife.help.institutepages.workers.dev",nocase; classtype:attempted-recon; sid:200002648; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"notification-fb.secure-pages.workers.dev",nocase; classtype:attempted-recon; sid:200002649; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"notificationmember.mystrikingly.com",nocase; classtype:attempted-recon; sid:200002650; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nour-ala-nour.com",nocase; classtype:attempted-recon; sid:200002651; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"novolimitenu.azurewebsites.net",nocase; classtype:attempted-recon; sid:200002652; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nserviceserviceat.mystrikingly.com",nocase; classtype:attempted-recon; sid:200002653; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nslg8.codesandbox.io",nocase; classtype:attempted-recon; sid:200002654; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nt.embluemail.com",nocase; classtype:attempted-recon; sid:200002655; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nueva-acropolis.cl",nocase; classtype:attempted-recon; sid:200002656; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nutroquin.com",nocase; classtype:attempted-recon; sid:200002657; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nw-securedfailure.com",nocase; classtype:attempted-recon; sid:200002658; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ny989.com",nocase; classtype:attempted-recon; sid:200002659; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nyhet.cc",nocase; classtype:attempted-recon; sid:200002660; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"o.scicemecod.com",nocase; classtype:attempted-recon; sid:200002661; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"o2-failure-billing-update.com",nocase; classtype:attempted-recon; sid:200002662; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"o2-updatebillingvia.com",nocase; classtype:attempted-recon; sid:200002663; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"o2billingauth-update.com",nocase; classtype:attempted-recon; sid:200002664; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"o2phone-billingupdate.com",nocase; classtype:attempted-recon; sid:200002665; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oanmce.hjwxkugs.cn",nocase; classtype:attempted-recon; sid:200002666; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ocareportesweb.webcindario.com",nocase; classtype:attempted-recon; sid:200002667; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ocaxvefific.webcindario.com",nocase; classtype:attempted-recon; sid:200002668; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oceantires.com",nocase; classtype:attempted-recon; sid:200002669; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ocioturismogalicia.com",nocase; classtype:attempted-recon; sid:200002670; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oco.or.tz",nocase; classtype:attempted-recon; sid:200002671; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oddplug.cfd",nocase; classtype:attempted-recon; sid:200002672; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"odiasamaj.net",nocase; classtype:attempted-recon; sid:200002673; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"offic365.online",nocase; classtype:attempted-recon; sid:200002674; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"offic4046217.sitebuilder.name.tools",nocase; classtype:attempted-recon; sid:200002675; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"officeee.bubbleapps.io",nocase; classtype:attempted-recon; sid:200002676; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"officialevent.way.live",nocase; classtype:attempted-recon; sid:200002677; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"officialliker.co",nocase; classtype:attempted-recon; sid:200002678; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ogrodywlochy.pl",nocase; classtype:attempted-recon; sid:200002679; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oiasasca.asiocsacszc.xyz",nocase; classtype:attempted-recon; sid:200002680; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oiasd.herorny.cn",nocase; classtype:attempted-recon; sid:200002681; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oicm.oobqrxh.cn",nocase; classtype:attempted-recon; sid:200002682; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oidda.5s2iamp.cn",nocase; classtype:attempted-recon; sid:200002683; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oijcd.qvjcddv.cn",nocase; classtype:attempted-recon; sid:200002684; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oikca.smwceku.cn",nocase; classtype:attempted-recon; sid:200002685; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oikcas.6b914ty.cn",nocase; classtype:attempted-recon; sid:200002686; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oikcd.uf27ce8.cn",nocase; classtype:attempted-recon; sid:200002687; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oikcxa.zvvx01z.cn",nocase; classtype:attempted-recon; sid:200002688; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oivac.com",nocase; classtype:attempted-recon; sid:200002689; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"okcs.qj8yua.cn",nocase; classtype:attempted-recon; sid:200002690; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"okds.bbtlcve.cn",nocase; classtype:attempted-recon; sid:200002691; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"okep-viral-terbaru-terhist-2022.duckdns.org",nocase; classtype:attempted-recon; sid:200002692; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"okmca.8xcrn6w.cn",nocase; classtype:attempted-recon; sid:200002693; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"okmca.bxkfham.cn",nocase; classtype:attempted-recon; sid:200002694; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"okmca.uwudagu.cn",nocase; classtype:attempted-recon; sid:200002695; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"okmxa.lfgpror.cn",nocase; classtype:attempted-recon; sid:200002696; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"okpwtu.webwave.dev",nocase; classtype:attempted-recon; sid:200002697; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ol-run1.online",nocase; classtype:attempted-recon; sid:200002698; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"olidooo.waca.tw",nocase; classtype:attempted-recon; sid:200002699; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"olk.us7apye.cn",nocase; classtype:attempted-recon; sid:200002700; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"olmnxa.wc2ikux.cn",nocase; classtype:attempted-recon; sid:200002701; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"omesqiwines.de",nocase; classtype:attempted-recon; sid:200002702; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oncopharma-ae.com",nocase; classtype:attempted-recon; sid:200002703; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"onecreator.info",nocase; classtype:attempted-recon; sid:200002704; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"onedrive.zhaoge.workers.dev",nocase; classtype:attempted-recon; sid:200002705; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"onee-a0488.web.app",nocase; classtype:attempted-recon; sid:200002706; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oneisallandone.web.app",nocase; classtype:attempted-recon; sid:200002707; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oneone-19cd8.web.app",nocase; classtype:attempted-recon; sid:200002708; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oneone-a38ef.web.app",nocase; classtype:attempted-recon; sid:200002709; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"online-sistem.com",nocase; classtype:attempted-recon; sid:200002710; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"onlineasesor01.hostfree.pw",nocase; classtype:attempted-recon; sid:200002711; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"onlinebanking.unrecognised-new-payee.com",nocase; classtype:attempted-recon; sid:200002712; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"onlineffn2.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200002713; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"onlineislemlersayfasivkfgirisicom.tk",nocase; classtype:attempted-recon; sid:200002714; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"onlinsfuco.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200002715; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"onlysportplus.com",nocase; classtype:attempted-recon; sid:200002716; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ooxvocalor.yolasite.com",nocase; classtype:attempted-recon; sid:200002717; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"opansea.live",nocase; classtype:attempted-recon; sid:200002718; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"open24.ie-tsb.email",nocase; classtype:attempted-recon; sid:200002719; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"operationroofingllc3.com",nocase; classtype:attempted-recon; sid:200002720; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"opticabattilana.com.ar",nocase; classtype:attempted-recon; sid:200002721; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ora-n.yolasite.com",nocase; classtype:attempted-recon; sid:200002722; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orabu.it",nocase; classtype:attempted-recon; sid:200002723; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orange-dcr.fr",nocase; classtype:attempted-recon; sid:200002724; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orange-security.cloud.coreoz.com",nocase; classtype:attempted-recon; sid:200002725; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orange.iobeya.com",nocase; classtype:attempted-recon; sid:200002726; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orange.sphinxonline.net",nocase; classtype:attempted-recon; sid:200002727; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orange2k22.wixsite.com",nocase; classtype:attempted-recon; sid:200002728; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orangeb191.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200002729; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orangess.contactin.bio",nocase; classtype:attempted-recon; sid:200002730; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"org-nr.yolasite.com",nocase; classtype:attempted-recon; sid:200002731; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"orlen.digital",nocase; classtype:attempted-recon; sid:200002732; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ormantencs112.odoo.com",nocase; classtype:attempted-recon; sid:200002733; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"osis.world",nocase; classtype:attempted-recon; sid:200002734; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"otomoto-h229.net",nocase; classtype:attempted-recon; sid:200002735; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"otomoto3452.com",nocase; classtype:attempted-recon; sid:200002736; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"otwmaxx.com",nocase; classtype:attempted-recon; sid:200002737; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oudczfbniitcqdsrmaapdztwqo-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200002738; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ourgarden.us",nocase; classtype:attempted-recon; sid:200002739; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"outlook1541489.webcindario.com",nocase; classtype:attempted-recon; sid:200002740; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"outlookcom119.yolasite.com",nocase; classtype:attempted-recon; sid:200002741; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ouverturecompte.lbp-eer.fr",nocase; classtype:attempted-recon; sid:200002742; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200002743; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"p1c.servleboncoinser.com",nocase; classtype:attempted-recon; sid:200002744; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"package2021.blogspot.ba",nocase; classtype:attempted-recon; sid:200002745; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"package2021.blogspot.bg",nocase; classtype:attempted-recon; sid:200002746; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"package2021.blogspot.com",nocase; classtype:attempted-recon; sid:200002747; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"page-restrict-case22456548.help",nocase; classtype:attempted-recon; sid:200002748; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pages-1008009999700022199021.com",nocase; classtype:attempted-recon; sid:200002749; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pages-alert-facebook.ezyro.com",nocase; classtype:attempted-recon; sid:200002750; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pages-community-standart-2022.co",nocase; classtype:attempted-recon; sid:200002751; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pages-marvelous-project.webflow.io",nocase; classtype:attempted-recon; sid:200002752; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pages-support-office-2021.gq",nocase; classtype:attempted-recon; sid:200002753; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pages-support-office-2021.tk",nocase; classtype:attempted-recon; sid:200002754; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pages.secure-accts.workers.dev",nocase; classtype:attempted-recon; sid:200002755; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pagesdetectscopyrightpostingactivitiesreported.co.vu",nocase; classtype:attempted-recon; sid:200002756; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pagos.sinpemovil.cr",nocase; classtype:attempted-recon; sid:200002757; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paidpapers.net",nocase; classtype:attempted-recon; sid:200002758; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paleyeer.com",nocase; classtype:attempted-recon; sid:200002759; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"palmm.ps",nocase; classtype:attempted-recon; sid:200002760; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancaakesvap.com",nocase; classtype:attempted-recon; sid:200002761; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancake-sawp.com",nocase; classtype:attempted-recon; sid:200002762; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancake7wop.com",nocase; classtype:attempted-recon; sid:200002763; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakesawpes.com",nocase; classtype:attempted-recon; sid:200002764; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakesfinances.info",nocase; classtype:attempted-recon; sid:200002765; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakesvvap-finance.org",nocase; classtype:attempted-recon; sid:200002766; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswap.finance.tradechange.in",nocase; classtype:attempted-recon; sid:200002767; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswap.men",nocase; classtype:attempted-recon; sid:200002768; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswap.multi-wallet.info",nocase; classtype:attempted-recon; sid:200002769; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswap.salsasourcing.com",nocase; classtype:attempted-recon; sid:200002770; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswapes.company",nocase; classtype:attempted-recon; sid:200002771; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswapexcgn.com",nocase; classtype:attempted-recon; sid:200002772; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswapexch.com",nocase; classtype:attempted-recon; sid:200002773; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswapexchage.com",nocase; classtype:attempted-recon; sid:200002774; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswapexchg.com",nocase; classtype:attempted-recon; sid:200002775; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswappshop.blogspot.com",nocase; classtype:attempted-recon; sid:200002776; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancaku-swap.com",nocase; classtype:attempted-recon; sid:200002777; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancalteswap.finance",nocase; classtype:attempted-recon; sid:200002778; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"panccakesswap.org",nocase; classtype:attempted-recon; sid:200002779; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"panckaceswap.finance",nocase; classtype:attempted-recon; sid:200002780; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pandaskin.ru.com",nocase; classtype:attempted-recon; sid:200002781; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"panelweb-4cae2.web.app",nocase; classtype:attempted-recon; sid:200002782; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pankaceeswap.com",nocase; classtype:attempted-recon; sid:200002783; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pankaceswapes.finance",nocase; classtype:attempted-recon; sid:200002784; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pankakeswap.ledgity.com",nocase; classtype:attempted-recon; sid:200002785; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pannelpub-benin.com",nocase; classtype:attempted-recon; sid:200002786; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pantazisezopiiuurmail1.web.app",nocase; classtype:attempted-recon; sid:200002787; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"parcel-support018.com",nocase; classtype:attempted-recon; sid:200002788; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pardot.assemblecommunities.com",nocase; classtype:attempted-recon; sid:200002789; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pasarbta.info",nocase; classtype:attempted-recon; sid:200002790; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"passionfruit4576261.brizy.site",nocase; classtype:attempted-recon; sid:200002791; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pateltutorials.com",nocase; classtype:attempted-recon; sid:200002792; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"path.faithbible.institute",nocase; classtype:attempted-recon; sid:200002793; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pathospitals.com",nocase; classtype:attempted-recon; sid:200002794; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"patient-cell-40f5.updatedlogmylogin.workers.dev",nocase; classtype:attempted-recon; sid:200002795; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"patwise.co.in",nocase; classtype:attempted-recon; sid:200002796; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paws.org.au",nocase; classtype:attempted-recon; sid:200002797; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paxfulacct.com",nocase; classtype:attempted-recon; sid:200002798; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paxfulmenu.com",nocase; classtype:attempted-recon; sid:200002799; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pay-sera.web.app",nocase; classtype:attempted-recon; sid:200002800; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pay16-olx.pl",nocase; classtype:attempted-recon; sid:200002801; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paymentnotificationnow.blogspot.com",nocase; classtype:attempted-recon; sid:200002802; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paypal-online-2deposits-paymentaccept.tk",nocase; classtype:attempted-recon; sid:200002803; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paypal-opladen.be",nocase; classtype:attempted-recon; sid:200002804; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paypalforex.co.ke",nocase; classtype:attempted-recon; sid:200002805; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pbemail.youxiangdashui.com",nocase; classtype:attempted-recon; sid:200002806; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pdf-cloud-document.weeblysite.com",nocase; classtype:attempted-recon; sid:200002807; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pdf-sharefile-doc.weeblysite.com",nocase; classtype:attempted-recon; sid:200002808; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pdflogincnvwo.app.link",nocase; classtype:attempted-recon; sid:200002809; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pdfsecured.mystrikingly.com",nocase; classtype:attempted-recon; sid:200002810; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"peaceful-black.193-70-50-31.plesk.page",nocase; classtype:attempted-recon; sid:200002811; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pedih.001www.com",nocase; classtype:attempted-recon; sid:200002812; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pembatalanakundinonaktifkan.weebly.com",nocase; classtype:attempted-recon; sid:200002813; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pencakecwap.com",nocase; classtype:attempted-recon; sid:200002814; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pensive-payne-505e1a.netlify.app",nocase; classtype:attempted-recon; sid:200002815; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"perfectliker.net",nocase; classtype:attempted-recon; sid:200002816; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"peringatanakunfb2k214.webnode.com",nocase; classtype:attempted-recon; sid:200002817; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"phantom-walletweb.app",nocase; classtype:attempted-recon; sid:200002818; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"phantomaa.com",nocase; classtype:attempted-recon; sid:200002819; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"phishingloginmicrosoftonlinecom.zerotrustcorp.workers.dev",nocase; classtype:attempted-recon; sid:200002820; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"phlexx.com",nocase; classtype:attempted-recon; sid:200002821; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"phreshphoto.com",nocase; classtype:attempted-recon; sid:200002822; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pichincha-datos1.webcindario.com",nocase; classtype:attempted-recon; sid:200002823; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pichincha-datos2.webcindario.com",nocase; classtype:attempted-recon; sid:200002824; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pichincha-datos3.webcindario.com",nocase; classtype:attempted-recon; sid:200002825; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pichincha-datos5.webcindario.com",nocase; classtype:attempted-recon; sid:200002826; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pichinchabank.webcindario.com",nocase; classtype:attempted-recon; sid:200002827; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pichinchacomfi.webcindario.com",nocase; classtype:attempted-recon; sid:200002828; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pichinchaecori.webcindario.com",nocase; classtype:attempted-recon; sid:200002829; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pichinchauser.webcindario.com",nocase; classtype:attempted-recon; sid:200002830; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pichinchverify.webcindario.com",nocase; classtype:attempted-recon; sid:200002831; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"picnic.industries",nocase; classtype:attempted-recon; sid:200002832; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pics.lookatmynewphotos.com",nocase; classtype:attempted-recon; sid:200002833; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"piermontbridge.com",nocase; classtype:attempted-recon; sid:200002834; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"piffvancouver.com",nocase; classtype:attempted-recon; sid:200002835; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pikaresailing.com",nocase; classtype:attempted-recon; sid:200002836; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pikay13.github.io",nocase; classtype:attempted-recon; sid:200002837; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pilmezorda.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200002838; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pinchinchaverify.webcindario.com",nocase; classtype:attempted-recon; sid:200002839; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pirana.co.rs",nocase; classtype:attempted-recon; sid:200002840; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pkobp.pl.justns.ru",nocase; classtype:attempted-recon; sid:200002841; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pl-wiadomosciswiatowe.pl",nocase; classtype:attempted-recon; sid:200002842; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pla1060604.nichost.ru",nocase; classtype:attempted-recon; sid:200002843; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"plan-o2-monthlypayments.com",nocase; classtype:attempted-recon; sid:200002844; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"planetaamor.org",nocase; classtype:attempted-recon; sid:200002845; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"plasticaindia.com",nocase; classtype:attempted-recon; sid:200002846; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"platinumserviceac.com",nocase; classtype:attempted-recon; sid:200002847; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"playgirlgold.com",nocase; classtype:attempted-recon; sid:200002848; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ploferta.com",nocase; classtype:attempted-recon; sid:200002849; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"plugmailextraexpiredoldpolicynotificationscenter.pages.dev",nocase; classtype:attempted-recon; sid:200002850; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"po-service-page.com",nocase; classtype:attempted-recon; sid:200002851; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"poc-rewards-program-c2dfc.web.app",nocase; classtype:attempted-recon; sid:200002852; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"podpiska-darom.ru",nocase; classtype:attempted-recon; sid:200002853; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pokajca.web.app",nocase; classtype:attempted-recon; sid:200002854; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pokcda.lnizi9c.cn",nocase; classtype:attempted-recon; sid:200002855; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"poklsa.slodddz.cn",nocase; classtype:attempted-recon; sid:200002856; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polcas.et0bgyf.cn",nocase; classtype:attempted-recon; sid:200002857; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polcd.op59bk5.cn",nocase; classtype:attempted-recon; sid:200002858; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polcda.qcgjwj7.cn",nocase; classtype:attempted-recon; sid:200002859; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"poldf.gejzesp.cn",nocase; classtype:attempted-recon; sid:200002860; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polds.gmj6f2.cn",nocase; classtype:attempted-recon; sid:200002861; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"poliambulatorioadriatico.it",nocase; classtype:attempted-recon; sid:200002862; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"poligrafiapias.com",nocase; classtype:attempted-recon; sid:200002863; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polkadot-france.fr",nocase; classtype:attempted-recon; sid:200002864; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polkastarter.app",nocase; classtype:attempted-recon; sid:200002865; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polsd.pa0cpof.cn",nocase; classtype:attempted-recon; sid:200002866; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polska-informacyjna.pl",nocase; classtype:attempted-recon; sid:200002867; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polxa.uh8dg67.cn",nocase; classtype:attempted-recon; sid:200002868; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polygon-pro.com",nocase; classtype:attempted-recon; sid:200002869; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polygon-secure.com",nocase; classtype:attempted-recon; sid:200002870; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"polygon-technologyes.blogspot.com",nocase; classtype:attempted-recon; sid:200002871; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pomnxaa.181gh1c.cn",nocase; classtype:attempted-recon; sid:200002872; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"post-ch-de.34224.info",nocase; classtype:attempted-recon; sid:200002873; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"post-ch-de.65241.org",nocase; classtype:attempted-recon; sid:200002874; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"post-ch.de",nocase; classtype:attempted-recon; sid:200002875; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"post-track.ch",nocase; classtype:attempted-recon; sid:200002876; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"posta-romana.cameleon-digital.ro",nocase; classtype:attempted-recon; sid:200002877; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"postaledsp2.conexion.fr.savealifemw.org",nocase; classtype:attempted-recon; sid:200002878; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"postalfees-uk.com",nocase; classtype:attempted-recon; sid:200002879; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"postalukservice.com",nocase; classtype:attempted-recon; sid:200002880; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"postch9192.cargo.site",nocase; classtype:attempted-recon; sid:200002881; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"postechsuivre.ileanamlaw.com",nocase; classtype:attempted-recon; sid:200002882; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"postnl.post-tracking-delivery.etelinfra.com",nocase; classtype:attempted-recon; sid:200002883; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"poww.6hkjmb.cn",nocase; classtype:attempted-recon; sid:200002884; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ppnnttcc.ppcnthsc.me",nocase; classtype:attempted-recon; sid:200002885; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"precisionimpex.com",nocase; classtype:attempted-recon; sid:200002886; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"preg.dspearhead.com",nocase; classtype:attempted-recon; sid:200002887; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"preg.marketingvici.com",nocase; classtype:attempted-recon; sid:200002888; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"prepaid-leboncoin.fr",nocase; classtype:attempted-recon; sid:200002889; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"preppingconfidence.com",nocase; classtype:attempted-recon; sid:200002890; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"prernaindustries.com",nocase; classtype:attempted-recon; sid:200002891; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"priceless-goldstine.35-185-184-61.plesk.page",nocase; classtype:attempted-recon; sid:200002892; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"priceless-mccarthy-8674db.netlify.app",nocase; classtype:attempted-recon; sid:200002893; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"primarypagesmetasecure.co.vu",nocase; classtype:attempted-recon; sid:200002894; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"primeassi5.sslblindado.com",nocase; classtype:attempted-recon; sid:200002895; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"primecentral.jihanjiaopo6.shop",nocase; classtype:attempted-recon; sid:200002896; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"primecentral.jixinggaozhao2.shop",nocase; classtype:attempted-recon; sid:200002897; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"primecentral.qiourn.shop",nocase; classtype:attempted-recon; sid:200002898; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"primeone.org",nocase; classtype:attempted-recon; sid:200002899; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"printtoner.com.mx",nocase; classtype:attempted-recon; sid:200002900; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"prism.net.in",nocase; classtype:attempted-recon; sid:200002901; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"privacy-update-page-prtections-association-recovry-secu.web.id",nocase; classtype:attempted-recon; sid:200002902; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"privacy-update-secu-recovry-page-protection-4565544.web.id",nocase; classtype:attempted-recon; sid:200002903; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"privacy-update-secu-recovry-page-protection-comunity-45.web.id",nocase; classtype:attempted-recon; sid:200002904; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"priyankasandokar1606.github.io",nocase; classtype:attempted-recon; sid:200002905; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pro.icloudremovaltool.com",nocase; classtype:attempted-recon; sid:200002906; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pro.systemine.xyz",nocase; classtype:attempted-recon; sid:200002907; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"procservautomatizacion.com",nocase; classtype:attempted-recon; sid:200002908; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.anon-rest-keep-reset.sales18130.workers.dev",nocase; classtype:attempted-recon; sid:200002909; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.anon-step-keep-object.sales18130.workers.dev",nocase; classtype:attempted-recon; sid:200002910; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.calm-limit-671e.ralph2481.workers.dev",nocase; classtype:attempted-recon; sid:200002911; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.dry-snow-ddc20ffice.deuceice2.workers.dev",nocase; classtype:attempted-recon; sid:200002912; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.keep-paper-account.sales18130.workers.dev",nocase; classtype:attempted-recon; sid:200002913; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.lively-salad-1c42.updatelogaccountprogramedrfwerwrdhsmc.workers.dev",nocase; classtype:attempted-recon; sid:200002914; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.passtruth-truth-5df4.pass-morn-reset-todaybringsjoy.workers.dev",nocase; classtype:attempted-recon; sid:200002915; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.steep-poetry-1ba3.updatelogaccountprogramedrfwerwrdhscsw.workers.dev",nocase; classtype:attempted-recon; sid:200002916; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.try-murpheos-keep.sales18130.workers.dev",nocase; classtype:attempted-recon; sid:200002917; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"production.twilight-darkness-9e4b.updatelogaccountprogramedrfwerwrdhscsw.workers.dev",nocase; classtype:attempted-recon; sid:200002918; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"project1-df3e9.web.app",nocase; classtype:attempted-recon; sid:200002919; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"projectlovewell.com",nocase; classtype:attempted-recon; sid:200002920; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"promashoppe.com",nocase; classtype:attempted-recon; sid:200002921; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"promehedinti.ro",nocase; classtype:attempted-recon; sid:200002922; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"promerica-sv.webcindario.com",nocase; classtype:attempted-recon; sid:200002923; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"promericalinea01.webcindario.com",nocase; classtype:attempted-recon; sid:200002924; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"promo.mycorporate-rewards.net",nocase; classtype:attempted-recon; sid:200002925; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"prosmate.com",nocase; classtype:attempted-recon; sid:200002926; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"prosxsiuser.myfreesites.net",nocase; classtype:attempted-recon; sid:200002927; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"prosys.poweredbygravit-e.co.uk",nocase; classtype:attempted-recon; sid:200002928; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"protect-4d56vca.surge.sh",nocase; classtype:attempted-recon; sid:200002929; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"provodi.com",nocase; classtype:attempted-recon; sid:200002930; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"proximus-account.azurewebsites.net",nocase; classtype:attempted-recon; sid:200002931; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ptxx.cc",nocase; classtype:attempted-recon; sid:200002932; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pubgmobilevn.mobi",nocase; classtype:attempted-recon; sid:200002933; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"publish-p43452-e180057.adobeaemcloud.com",nocase; classtype:attempted-recon; sid:200002934; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"puffing.com.pk",nocase; classtype:attempted-recon; sid:200002935; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pulihkan-accountt20001.webnode.page",nocase; classtype:attempted-recon; sid:200002936; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"puroxymembrane.com",nocase; classtype:attempted-recon; sid:200002937; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pvr0k.csb.app",nocase; classtype:attempted-recon; sid:200002938; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pydttuxozmzjmjqxayxfxhycfr-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200002939; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qbocd.csb.app",nocase; classtype:attempted-recon; sid:200002940; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qevwisdfztymporlndsckabdil-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200002941; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qf3nt.codesandbox.io",nocase; classtype:attempted-recon; sid:200002942; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qfw.tosex35238.workers.dev",nocase; classtype:attempted-recon; sid:200002943; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qhj39hfxqftr.clickfunnels.com",nocase; classtype:attempted-recon; sid:200002944; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qhmqhgnfqbcoxkwamsioilhdmv-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200002945; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qsh74pekkv5e8.clickfunnels.com",nocase; classtype:attempted-recon; sid:200002946; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qssa.x5yrlr.cn",nocase; classtype:attempted-recon; sid:200002947; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"quinaroja.com",nocase; classtype:attempted-recon; sid:200002948; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"quirky-jones.172-245-159-112.plesk.page",nocase; classtype:attempted-recon; sid:200002949; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"quotex-qx.com",nocase; classtype:attempted-recon; sid:200002950; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qwas.nfi71vw.cn",nocase; classtype:attempted-recon; sid:200002951; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qwea.wvhee0w.cn",nocase; classtype:attempted-recon; sid:200002952; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qweas.hi5g95r.cn",nocase; classtype:attempted-recon; sid:200002953; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qweas.p6rhddj.cn",nocase; classtype:attempted-recon; sid:200002954; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qweas.zwfaclq.cn",nocase; classtype:attempted-recon; sid:200002955; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"r3c31v30n3-1d3nt1ty.000webhostapp.com",nocase; classtype:attempted-recon; sid:200002956; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rabellartz.de",nocase; classtype:attempted-recon; sid:200002957; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rabofree.blogspot.com",nocase; classtype:attempted-recon; sid:200002958; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rabofree.blogspot.li",nocase; classtype:attempted-recon; sid:200002959; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rackenfordlabs.com",nocase; classtype:attempted-recon; sid:200002960; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"racuten.nuef.info",nocase; classtype:attempted-recon; sid:200002961; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"radhikamd.github.io",nocase; classtype:attempted-recon; sid:200002962; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rafbbmx.ga",nocase; classtype:attempted-recon; sid:200002963; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rafbbmx.ml",nocase; classtype:attempted-recon; sid:200002964; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"raipurrussianescorts.com",nocase; classtype:attempted-recon; sid:200002965; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rakoten-card.buogfbizkugf.gq",nocase; classtype:attempted-recon; sid:200002966; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rakoten-card.bycsaxwdqunhh.gq",nocase; classtype:attempted-recon; sid:200002967; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rakoten-card.motpefhnpvyz.gq",nocase; classtype:attempted-recon; sid:200002968; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rakoten.potex.info",nocase; classtype:attempted-recon; sid:200002969; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"raktuen.laobanlocker.com",nocase; classtype:attempted-recon; sid:200002970; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rakuitan-card.info",nocase; classtype:attempted-recon; sid:200002971; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rakuten.awjoadc.cn",nocase; classtype:attempted-recon; sid:200002972; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rakuten.card.nuosreaoms.com",nocase; classtype:attempted-recon; sid:200002973; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rakuten.co.jp.rakutenajp.xyz",nocase; classtype:attempted-recon; sid:200002974; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ramgarhiamatrimonial.ca",nocase; classtype:attempted-recon; sid:200002975; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rareelements.io",nocase; classtype:attempted-recon; sid:200002976; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ratewatch.net",nocase; classtype:attempted-recon; sid:200002977; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"raycargo.com",nocase; classtype:attempted-recon; sid:200002978; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"raydiom.io",nocase; classtype:attempted-recon; sid:200002979; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rbcmontgomery.com",nocase; classtype:attempted-recon; sid:200002980; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rd8um.app.link",nocase; classtype:attempted-recon; sid:200002981; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rdirtfuo6t.vov.ru",nocase; classtype:attempted-recon; sid:200002982; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"re-direct-me.com",nocase; classtype:attempted-recon; sid:200002983; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"re-redirection-acc-id923872635122.blogspot.com",nocase; classtype:attempted-recon; sid:200002984; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"real-anon-keep-passing-word.rvsla.workers.dev",nocase; classtype:attempted-recon; sid:200002985; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"realestate-page-10843446024.expresspestcontrol.co.nz",nocase; classtype:attempted-recon; sid:200002986; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"realindiatravel.com",nocase; classtype:attempted-recon; sid:200002987; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"recibeya.tufacilmoneyonline.online",nocase; classtype:attempted-recon; sid:200002988; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reconfirmpost287846656.us",nocase; classtype:attempted-recon; sid:200002989; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"recover-pages-media-problems-secur-782.web.id",nocase; classtype:attempted-recon; sid:200002990; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"recover-pages-secur-media-problems-397.web.id",nocase; classtype:attempted-recon; sid:200002991; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"recovery-chain.com",nocase; classtype:attempted-recon; sid:200002992; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"recovery-fb.secure-acct.workers.dev",nocase; classtype:attempted-recon; sid:200002993; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"red-limit-db0e.chseonlinelogins.workers.dev",nocase; classtype:attempted-recon; sid:200002994; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"redbysfrgroupebox.myfreesites.net",nocase; classtype:attempted-recon; sid:200002995; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"redeem-microsoft-code.sitey.me",nocase; classtype:attempted-recon; sid:200002996; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rediractionid547012016089540218057.blogspot.com",nocase; classtype:attempted-recon; sid:200002997; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"redpichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200002998; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reg-3da7f.web.app",nocase; classtype:attempted-recon; sid:200002999; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reg.chaindaohang.com",nocase; classtype:attempted-recon; sid:200003000; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"regisdrive.xyz",nocase; classtype:attempted-recon; sid:200003001; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"register-my-device.com",nocase; classtype:attempted-recon; sid:200003002; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"registerdrive.xyz",nocase; classtype:attempted-recon; sid:200003003; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reglic.in",nocase; classtype:attempted-recon; sid:200003004; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"regularsweeps.xyz",nocase; classtype:attempted-recon; sid:200003005; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reignbike.com",nocase; classtype:attempted-recon; sid:200003006; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reikisadhna.com",nocase; classtype:attempted-recon; sid:200003007; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rekoution.bcszxcd.shop",nocase; classtype:attempted-recon; sid:200003008; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"relevant.systems",nocase; classtype:attempted-recon; sid:200003009; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"remittance369297292749.goshly.com",nocase; classtype:attempted-recon; sid:200003010; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"renovkonstruksi.com",nocase; classtype:attempted-recon; sid:200003011; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"repl-mess.myfreesites.net",nocase; classtype:attempted-recon; sid:200003012; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"restore.exodusapp.ru",nocase; classtype:attempted-recon; sid:200003013; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"restorewallet-activation.net",nocase; classtype:attempted-recon; sid:200003014; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"retiro-extracash.com",nocase; classtype:attempted-recon; sid:200003015; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"retiro.cl",nocase; classtype:attempted-recon; sid:200003016; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"retraiteenaction.ca",nocase; classtype:attempted-recon; sid:200003017; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"retrospectiveplanningenforcementwestsussex.co.uk",nocase; classtype:attempted-recon; sid:200003018; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"retrouve-particulier-mailaccord.globaltvnepal.com",nocase; classtype:attempted-recon; sid:200003019; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rev.sfr.net.gghost.ru",nocase; classtype:attempted-recon; sid:200003020; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"review-mynew-device.com",nocase; classtype:attempted-recon; sid:200003021; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reviewbook.org",nocase; classtype:attempted-recon; sid:200003022; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"revistametro.com.ar",nocase; classtype:attempted-recon; sid:200003023; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reximane.cf",nocase; classtype:attempted-recon; sid:200003024; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"riptide-operation.ru.com",nocase; classtype:attempted-recon; sid:200003025; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"riveroflife.org.in",nocase; classtype:attempted-recon; sid:200003026; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rizarichempire.com",nocase; classtype:attempted-recon; sid:200003027; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rizkyinterior.com",nocase; classtype:attempted-recon; sid:200003028; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rkanet.com",nocase; classtype:attempted-recon; sid:200003029; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rkt-co.f1ss.co",nocase; classtype:attempted-recon; sid:200003030; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rlink.vn",nocase; classtype:attempted-recon; sid:200003031; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rmsfcc.com",nocase; classtype:attempted-recon; sid:200003032; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rnercarl-security.co.ip.rnamso.shop",nocase; classtype:attempted-recon; sid:200003033; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rnercarl.co.jp.merinosimo.shop",nocase; classtype:attempted-recon; sid:200003034; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"roadgo.co.uk",nocase; classtype:attempted-recon; sid:200003035; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"robloxrun.000webhostapp.com",nocase; classtype:attempted-recon; sid:200003036; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"roccobonheur1-my-cheetah-website-copy.cheetah.builderall.com",nocase; classtype:attempted-recon; sid:200003037; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"roisnoob.github.io",nocase; classtype:attempted-recon; sid:200003038; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rokulinktechnology.com",nocase; classtype:attempted-recon; sid:200003039; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rolinadd.surveysparrow.com",nocase; classtype:attempted-recon; sid:200003040; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rondalowa.blogspot.com",nocase; classtype:attempted-recon; sid:200003041; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rondelbarrilito.com",nocase; classtype:attempted-recon; sid:200003042; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ronin-help.com",nocase; classtype:attempted-recon; sid:200003043; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"roninwallet-connect.com",nocase; classtype:attempted-recon; sid:200003044; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"roninwallet.cm",nocase; classtype:attempted-recon; sid:200003045; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rotimi.pandaform.com",nocase; classtype:attempted-recon; sid:200003046; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"roundcube-2c46f.web.app",nocase; classtype:attempted-recon; sid:200003047; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"roundcube-production-cf.tx1.mailhostbox.com",nocase; classtype:attempted-recon; sid:200003048; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"routeksa.com",nocase; classtype:attempted-recon; sid:200003049; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"royalwindsorpub.com",nocase; classtype:attempted-recon; sid:200003050; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"roygijvhluozwnflsypmewrstt-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200003051; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rplg.co",nocase; classtype:attempted-recon; sid:200003052; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rrakutenn.co.jp.azii.cn",nocase; classtype:attempted-recon; sid:200003053; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rrakutenn.co.jp.nanofresh.cn",nocase; classtype:attempted-recon; sid:200003054; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rsujkblokqlyqfonpzgztejdji-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200003055; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"runescape-info.com",nocase; classtype:attempted-recon; sid:200003056; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"runescapebonds.com",nocase; classtype:attempted-recon; sid:200003057; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"runescapeevents.com",nocase; classtype:attempted-recon; sid:200003058; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ruth.martulangbelulalng.workers.dev",nocase; classtype:attempted-recon; sid:200003059; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rymproducciones.com",nocase; classtype:attempted-recon; sid:200003060; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s-sarfati.co.il",nocase; classtype:attempted-recon; sid:200003061; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s.macecri.com",nocase; classtype:attempted-recon; sid:200003062; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s5vzr.app.link",nocase; classtype:attempted-recon; sid:200003063; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s787v.cn",nocase; classtype:attempted-recon; sid:200003064; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sa.macecri.com",nocase; classtype:attempted-recon; sid:200003065; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sadervoyages.intnet.mu",nocase; classtype:attempted-recon; sid:200003066; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"safty.summarycheck.workers.dev",nocase; classtype:attempted-recon; sid:200003067; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"saintbarkleyshoes.com",nocase; classtype:attempted-recon; sid:200003068; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"saitadobrasil.com.br",nocase; classtype:attempted-recon; sid:200003069; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"saldospc.com",nocase; classtype:attempted-recon; sid:200003070; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"saliksnas.lojaintegrada.com.br",nocase; classtype:attempted-recon; sid:200003071; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"salmanfarsi01.github.io",nocase; classtype:attempted-recon; sid:200003072; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"saludypension.com",nocase; classtype:attempted-recon; sid:200003073; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"samarahonda.com",nocase; classtype:attempted-recon; sid:200003074; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"samihalyaman.com",nocase; classtype:attempted-recon; sid:200003075; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"samvoktor.com",nocase; classtype:attempted-recon; sid:200003076; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sanasunty.site",nocase; classtype:attempted-recon; sid:200003077; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sandeeppk03.github.io",nocase; classtype:attempted-recon; sid:200003078; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sandhu.codebucketitsolutions.com",nocase; classtype:attempted-recon; sid:200003079; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sanjilkumar.com",nocase; classtype:attempted-recon; sid:200003080; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sankyo-rz.com",nocase; classtype:attempted-recon; sid:200003081; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sanru.cd",nocase; classtype:attempted-recon; sid:200003082; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"santander.secured-auth-login.com",nocase; classtype:attempted-recon; sid:200003083; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"santepluspharma.eclatmediasolution.website",nocase; classtype:attempted-recon; sid:200003084; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"santoshdangi.com.np",nocase; classtype:attempted-recon; sid:200003085; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"saritapariyar.com.np",nocase; classtype:attempted-recon; sid:200003086; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"satay-secur.reconfimations.pagedisabled.workers.dev",nocase; classtype:attempted-recon; sid:200003087; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"satemi.com.ve",nocase; classtype:attempted-recon; sid:200003088; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"satonteams.co.uk",nocase; classtype:attempted-recon; sid:200003089; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"savingsfordentalcare.com",nocase; classtype:attempted-recon; sid:200003090; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sbi.mx",nocase; classtype:attempted-recon; sid:200003091; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sbs-siebanlagen.de",nocase; classtype:attempted-recon; sid:200003092; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sc.macecri.com",nocase; classtype:attempted-recon; sid:200003093; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sc.scicemecod.com",nocase; classtype:attempted-recon; sid:200003094; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sca.scicemecod.com",nocase; classtype:attempted-recon; sid:200003095; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sdgvsdvsdvs.blogspot.com",nocase; classtype:attempted-recon; sid:200003096; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"se.scicemecod.com",nocase; classtype:attempted-recon; sid:200003097; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sebat-dhl.blogspot.com",nocase; classtype:attempted-recon; sid:200003098; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sebene27.github.io",nocase; classtype:attempted-recon; sid:200003099; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secur-standard-media-recover-pages-problems-159.web.id",nocase; classtype:attempted-recon; sid:200003100; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure-boncoincontrol.net",nocase; classtype:attempted-recon; sid:200003101; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure-halifax-device.com",nocase; classtype:attempted-recon; sid:200003102; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure-mynew-devices.com",nocase; classtype:attempted-recon; sid:200003103; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure-runescape.xgm.rnp.mybluehost.me",nocase; classtype:attempted-recon; sid:200003104; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure-zirox.s3.ap-southeast-2.amazonaws.com",nocase; classtype:attempted-recon; sid:200003105; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.legalmetric.com",nocase; classtype:attempted-recon; sid:200003106; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.oldschool.com-cl.ru",nocase; classtype:attempted-recon; sid:200003107; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.oldschool.com-cu.ru",nocase; classtype:attempted-recon; sid:200003108; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.oldschool.com-oz.ru",nocase; classtype:attempted-recon; sid:200003109; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.oldschool.com-rsu.ru",nocase; classtype:attempted-recon; sid:200003110; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-ak.ru",nocase; classtype:attempted-recon; sid:200003111; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-as.cz",nocase; classtype:attempted-recon; sid:200003112; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-az.ru",nocase; classtype:attempted-recon; sid:200003113; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-ca.ru",nocase; classtype:attempted-recon; sid:200003114; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-cl.ru",nocase; classtype:attempted-recon; sid:200003115; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-co.ru",nocase; classtype:attempted-recon; sid:200003116; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-cu.ru",nocase; classtype:attempted-recon; sid:200003117; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-cv.ru",nocase; classtype:attempted-recon; sid:200003118; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-or.ru",nocase; classtype:attempted-recon; sid:200003119; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-oz.ru",nocase; classtype:attempted-recon; sid:200003120; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-rse.ru",nocase; classtype:attempted-recon; sid:200003121; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-rsu.ru",nocase; classtype:attempted-recon; sid:200003122; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure.runescape.com-vs.ru",nocase; classtype:attempted-recon; sid:200003123; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure300.inmotionhosting.com",nocase; classtype:attempted-recon; sid:200003124; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure303.inmotionhosting.com",nocase; classtype:attempted-recon; sid:200003125; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secure55.webhostinghub.com",nocase; classtype:attempted-recon; sid:200003126; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"secureaccount.ntflxauth.co",nocase; classtype:attempted-recon; sid:200003127; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"securegateway-ovhcloud.csl-sl.de",nocase; classtype:attempted-recon; sid:200003128; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"securelloyd-help-app.com",nocase; classtype:attempted-recon; sid:200003129; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"securewalletprotocol.online",nocase; classtype:attempted-recon; sid:200003130; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"security-page-community-standards.blogspot.com",nocase; classtype:attempted-recon; sid:200003131; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"seguridad-oca.webcindario.com",nocase; classtype:attempted-recon; sid:200003132; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"seleccionperfil.xyz",nocase; classtype:attempted-recon; sid:200003133; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"selector26.gg",nocase; classtype:attempted-recon; sid:200003134; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"selector28.gg",nocase; classtype:attempted-recon; sid:200003135; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sem.my-drs.co.uk",nocase; classtype:attempted-recon; sid:200003136; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sen-manole.firebaseapp.com",nocase; classtype:attempted-recon; sid:200003137; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sendo-meso.firebaseapp.com",nocase; classtype:attempted-recon; sid:200003138; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sendung.eyecatch.ch",nocase; classtype:attempted-recon; sid:200003139; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sergebubnin.space",nocase; classtype:attempted-recon; sid:200003140; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sertyxese.myfreesites.net",nocase; classtype:attempted-recon; sid:200003141; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"server-networksolutions.web.app",nocase; classtype:attempted-recon; sid:200003142; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"server221.security.coinbase.com.gdone.co.ke",nocase; classtype:attempted-recon; sid:200003143; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck103.web.app",nocase; classtype:attempted-recon; sid:200003144; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck104.web.app",nocase; classtype:attempted-recon; sid:200003145; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck105.web.app",nocase; classtype:attempted-recon; sid:200003146; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck107.web.app",nocase; classtype:attempted-recon; sid:200003147; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck108.web.app",nocase; classtype:attempted-recon; sid:200003148; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck111.web.app",nocase; classtype:attempted-recon; sid:200003149; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck112.web.app",nocase; classtype:attempted-recon; sid:200003150; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck117.web.app",nocase; classtype:attempted-recon; sid:200003151; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck118.web.app",nocase; classtype:attempted-recon; sid:200003152; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck121.web.app",nocase; classtype:attempted-recon; sid:200003153; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck122.web.app",nocase; classtype:attempted-recon; sid:200003154; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck123.web.app",nocase; classtype:attempted-recon; sid:200003155; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck126.web.app",nocase; classtype:attempted-recon; sid:200003156; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck127.web.app",nocase; classtype:attempted-recon; sid:200003157; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck129.web.app",nocase; classtype:attempted-recon; sid:200003158; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck13.web.app",nocase; classtype:attempted-recon; sid:200003159; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck130.web.app",nocase; classtype:attempted-recon; sid:200003160; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck134.web.app",nocase; classtype:attempted-recon; sid:200003161; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck135.web.app",nocase; classtype:attempted-recon; sid:200003162; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck137.web.app",nocase; classtype:attempted-recon; sid:200003163; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck138.web.app",nocase; classtype:attempted-recon; sid:200003164; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck139.web.app",nocase; classtype:attempted-recon; sid:200003165; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck14.web.app",nocase; classtype:attempted-recon; sid:200003166; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck140.web.app",nocase; classtype:attempted-recon; sid:200003167; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck142.web.app",nocase; classtype:attempted-recon; sid:200003168; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck143.web.app",nocase; classtype:attempted-recon; sid:200003169; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck145.web.app",nocase; classtype:attempted-recon; sid:200003170; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck149.web.app",nocase; classtype:attempted-recon; sid:200003171; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck155.web.app",nocase; classtype:attempted-recon; sid:200003172; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck207.web.app",nocase; classtype:attempted-recon; sid:200003173; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck21.web.app",nocase; classtype:attempted-recon; sid:200003174; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck23.web.app",nocase; classtype:attempted-recon; sid:200003175; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck334.web.app",nocase; classtype:attempted-recon; sid:200003176; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck36.web.app",nocase; classtype:attempted-recon; sid:200003177; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck410.web.app",nocase; classtype:attempted-recon; sid:200003178; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck429.web.app",nocase; classtype:attempted-recon; sid:200003179; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck442.web.app",nocase; classtype:attempted-recon; sid:200003180; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck443.web.app",nocase; classtype:attempted-recon; sid:200003181; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck46.web.app",nocase; classtype:attempted-recon; sid:200003182; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck54.web.app",nocase; classtype:attempted-recon; sid:200003183; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck60.web.app",nocase; classtype:attempted-recon; sid:200003184; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck70.web.app",nocase; classtype:attempted-recon; sid:200003185; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck736.web.app",nocase; classtype:attempted-recon; sid:200003186; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck74.web.app",nocase; classtype:attempted-recon; sid:200003187; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck75.web.app",nocase; classtype:attempted-recon; sid:200003188; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck77.web.app",nocase; classtype:attempted-recon; sid:200003189; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck8.web.app",nocase; classtype:attempted-recon; sid:200003190; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck87.web.app",nocase; classtype:attempted-recon; sid:200003191; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servervalidationcheck995.web.app",nocase; classtype:attempted-recon; sid:200003192; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"service-lkdn2020.gacconstrutora.com.br",nocase; classtype:attempted-recon; sid:200003193; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"serviceinfo-securehost.duckdns.org",nocase; classtype:attempted-recon; sid:200003194; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servicepage.service-page.workers.dev",nocase; classtype:attempted-recon; sid:200003195; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servicepichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200003196; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"services.runescape.com-as.cz",nocase; classtype:attempted-recon; sid:200003197; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"services.runescape.com-rse.ru",nocase; classtype:attempted-recon; sid:200003198; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"services.runescape.com-rsu.ru",nocase; classtype:attempted-recon; sid:200003199; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servicesbancaire.com",nocase; classtype:attempted-recon; sid:200003200; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"serviciosbndigitales.com",nocase; classtype:attempted-recon; sid:200003201; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servics.validationsecuradm.workers.dev",nocase; classtype:attempted-recon; sid:200003202; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"servinform.quadientcloud.eu",nocase; classtype:attempted-recon; sid:200003203; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"setupmynorton.square.site",nocase; classtype:attempted-recon; sid:200003204; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"seul.unilurio.ac.mz",nocase; classtype:attempted-recon; sid:200003205; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sevoudryserviciobomail.dudaone.com",nocase; classtype:attempted-recon; sid:200003206; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sfc.com.vn",nocase; classtype:attempted-recon; sid:200003207; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sfex12sec.web.app",nocase; classtype:attempted-recon; sid:200003208; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sfirstrepublic.coms.cso.gov.tt",nocase; classtype:attempted-recon; sid:200003209; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sfr.provad.fr",nocase; classtype:attempted-recon; sid:200003210; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sfrpanel.lws.fr",nocase; classtype:attempted-recon; sid:200003211; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sgtbalde991-dot-still-dynamics-321006.ue.r.appspot.com",nocase; classtype:attempted-recon; sid:200003212; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shafischools.com",nocase; classtype:attempted-recon; sid:200003213; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shamajastore.co.ke",nocase; classtype:attempted-recon; sid:200003214; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shanky0.github.io",nocase; classtype:attempted-recon; sid:200003215; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shanza.epos.com.pk",nocase; classtype:attempted-recon; sid:200003216; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"share-eu1.hsforms.com",nocase; classtype:attempted-recon; sid:200003217; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"share.chamaileon.io",nocase; classtype:attempted-recon; sid:200003218; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shared-file.square.site",nocase; classtype:attempted-recon; sid:200003219; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sharedfax815201376.wordpress.com",nocase; classtype:attempted-recon; sid:200003220; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sharedtris.com",nocase; classtype:attempted-recon; sid:200003221; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sharelink.sn.am",nocase; classtype:attempted-recon; sid:200003222; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shayvardphoto.ir",nocase; classtype:attempted-recon; sid:200003223; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shinex.lk",nocase; classtype:attempted-recon; sid:200003224; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shippment2.temp.swtest.ru",nocase; classtype:attempted-recon; sid:200003225; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shirhokos-mhalskbsiaoutfew43535.duckdns.org",nocase; classtype:attempted-recon; sid:200003226; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shirtshanger.com",nocase; classtype:attempted-recon; sid:200003227; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shiye666.cn",nocase; classtype:attempted-recon; sid:200003228; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shop.cmfurnituremall.com",nocase; classtype:attempted-recon; sid:200003229; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shop.ewerest-stroi.ru",nocase; classtype:attempted-recon; sid:200003230; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shopeecoins.blogspot.com",nocase; classtype:attempted-recon; sid:200003231; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shrutidhall.com",nocase; classtype:attempted-recon; sid:200003232; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sidneyfcuorg.freshy.site",nocase; classtype:attempted-recon; sid:200003233; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sign-trk.empressmd.com",nocase; classtype:attempted-recon; sid:200003234; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"signin-gcq7uwojrw58brcckylebjuy39nk2ivt65ol39k6ut6ura94zk.website.yandexcloud.net",nocase; classtype:attempted-recon; sid:200003235; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"signin-payeer.com",nocase; classtype:attempted-recon; sid:200003236; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"silpovsatb-ua.online",nocase; classtype:attempted-recon; sid:200003237; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"silverberrygroup.com",nocase; classtype:attempted-recon; sid:200003238; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"simonecamposshop.com.br",nocase; classtype:attempted-recon; sid:200003239; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"simpkk.karanganyarkab.go.id",nocase; classtype:attempted-recon; sid:200003240; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sindarspen.org.br",nocase; classtype:attempted-recon; sid:200003241; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"siporados15585.blogspot.com",nocase; classtype:attempted-recon; sid:200003242; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sirak.se",nocase; classtype:attempted-recon; sid:200003243; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"site-4403463-3995-6112.mystrikingly.com",nocase; classtype:attempted-recon; sid:200003244; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"site9423623.92.webydo.com",nocase; classtype:attempted-recon; sid:200003245; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"site9423773.92.webydo.com",nocase; classtype:attempted-recon; sid:200003246; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"site9434107.92.webydo.com",nocase; classtype:attempted-recon; sid:200003247; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"site9548676.92.webydo.com",nocase; classtype:attempted-recon; sid:200003248; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"site9551459.92.webydo.com",nocase; classtype:attempted-recon; sid:200003249; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"site9552191.92.webydo.com",nocase; classtype:attempted-recon; sid:200003250; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"site9606042.92.webydo.com",nocase; classtype:attempted-recon; sid:200003251; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sitebrasil.azurewebsites.net",nocase; classtype:attempted-recon; sid:200003252; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sitebuilder152832.dynadot.com",nocase; classtype:attempted-recon; sid:200003253; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sitebuilder152935.dynadot.com",nocase; classtype:attempted-recon; sid:200003254; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sitemodify.com",nocase; classtype:attempted-recon; sid:200003255; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"situs-facebook-resmi21.webnode.com",nocase; classtype:attempted-recon; sid:200003256; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"situs-layanan-pemulihan4.webnode.com",nocase; classtype:attempted-recon; sid:200003257; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"situs-pemulihan-resmi0.webnode.com",nocase; classtype:attempted-recon; sid:200003258; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"six-group.xyz",nocase; classtype:attempted-recon; sid:200003259; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sk128.sbs",nocase; classtype:attempted-recon; sid:200003260; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sklepkody.pl",nocase; classtype:attempted-recon; sid:200003261; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"skradvanidance.business.site",nocase; classtype:attempted-recon; sid:200003262; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"skybttv.com",nocase; classtype:attempted-recon; sid:200003263; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"skygobank.com",nocase; classtype:attempted-recon; sid:200003264; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"skylerclarkmusic.com",nocase; classtype:attempted-recon; sid:200003265; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"skymavis-accountupdate.com",nocase; classtype:attempted-recon; sid:200003266; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"skymavisupport.com",nocase; classtype:attempted-recon; sid:200003267; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"slavamel.github.io",nocase; classtype:attempted-recon; sid:200003268; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sleepmaskz.com",nocase; classtype:attempted-recon; sid:200003269; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"slickparties.com",nocase; classtype:attempted-recon; sid:200003270; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"slmkufeckf.jon-jensen.workers.dev",nocase; classtype:attempted-recon; sid:200003271; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"slowlinebag.jp",nocase; classtype:attempted-recon; sid:200003272; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sm.scicemecod.com",nocase; classtype:attempted-recon; sid:200003273; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sm777.csb.app",nocase; classtype:attempted-recon; sid:200003274; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smartfixconnect.live",nocase; classtype:attempted-recon; sid:200003275; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smbc-accout.com",nocase; classtype:attempted-recon; sid:200003276; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smbc-veaiana.com",nocase; classtype:attempted-recon; sid:200003277; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smbcbc.com",nocase; classtype:attempted-recon; sid:200003278; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smbccjp.shop",nocase; classtype:attempted-recon; sid:200003279; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smbcr.mrtka.info",nocase; classtype:attempted-recon; sid:200003280; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smbcwodeqingguoshoujicojp.top",nocase; classtype:attempted-recon; sid:200003281; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smeo.org.mx",nocase; classtype:attempted-recon; sid:200003282; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smgolamalif.github.io",nocase; classtype:attempted-recon; sid:200003283; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smkkesehatanjember.sch.id",nocase; classtype:attempted-recon; sid:200003284; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smmsvocal.yolasite.com",nocase; classtype:attempted-recon; sid:200003285; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smpn2jeruklegi.sch.id",nocase; classtype:attempted-recon; sid:200003286; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sms-check.sc-q.top",nocase; classtype:attempted-recon; sid:200003287; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sms-infos.d2tt.co",nocase; classtype:attempted-recon; sid:200003288; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sms-shorter.com",nocase; classtype:attempted-recon; sid:200003289; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smsbc-info5.com",nocase; classtype:attempted-recon; sid:200003290; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smsenligne.myfreesites.net",nocase; classtype:attempted-recon; sid:200003291; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smsorangephonemail.myfreesites.net",nocase; classtype:attempted-recon; sid:200003292; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smsorangesmsmessage.myfreesites.net",nocase; classtype:attempted-recon; sid:200003293; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smss-mms.yolasite.com",nocase; classtype:attempted-recon; sid:200003294; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smsverificationmms.myfreesites.net",nocase; classtype:attempted-recon; sid:200003295; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smvbc-info.com",nocase; classtype:attempted-recon; sid:200003296; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"smwam.coms.cso.gov.tt",nocase; classtype:attempted-recon; sid:200003297; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"so.macecri.com",nocase; classtype:attempted-recon; sid:200003298; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soaringskiesrentals.com",nocase; classtype:attempted-recon; sid:200003299; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soci-molen.web.app",nocase; classtype:attempted-recon; sid:200003300; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"socialpinch.com",nocase; classtype:attempted-recon; sid:200003301; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sofe-firma.firebaseapp.com",nocase; classtype:attempted-recon; sid:200003302; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soft-cell-8148.updateloginprogram.workers.dev",nocase; classtype:attempted-recon; sid:200003303; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soft-grass-1edd.acc-update.workers.dev",nocase; classtype:attempted-recon; sid:200003304; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sognointerno.com",nocase; classtype:attempted-recon; sid:200003305; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"solicitarfirmaelectronica-sv.com",nocase; classtype:attempted-recon; sid:200003306; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"solyanayakomnata.ru",nocase; classtype:attempted-recon; sid:200003307; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sopac.org.py",nocase; classtype:attempted-recon; sid:200003308; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"souaxwaoh.myfreesites.net",nocase; classtype:attempted-recon; sid:200003309; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soude-masi.firebaseapp.com",nocase; classtype:attempted-recon; sid:200003310; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soufsont.blogspot.com",nocase; classtype:attempted-recon; sid:200003311; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soulocaredirect.webcindario.com",nocase; classtype:attempted-recon; sid:200003312; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soumya252000.github.io",nocase; classtype:attempted-recon; sid:200003313; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"souravtech.com",nocase; classtype:attempted-recon; sid:200003314; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"southamerica-east1-hardy-magpie-334101.cloudfunctions.net",nocase; classtype:attempted-recon; sid:200003315; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"southamerica-east1-manifest-design-330523.cloudfunctions.net",nocase; classtype:attempted-recon; sid:200003316; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"southamerica-east1-my-project-90086352.cloudfunctions.net",nocase; classtype:attempted-recon; sid:200003317; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"southamerica-east1-noted-minutia-330211.cloudfunctions.net",nocase; classtype:attempted-recon; sid:200003318; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sp477389.sitebeat.site",nocase; classtype:attempted-recon; sid:200003319; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sp701876.sitebeat.site",nocase; classtype:attempted-recon; sid:200003320; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spacemanagerent.webcindario.com",nocase; classtype:attempted-recon; sid:200003321; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spark.shaheenwrites.com",nocase; classtype:attempted-recon; sid:200003322; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sparkasse-vereinsbanken.xyz",nocase; classtype:attempted-recon; sid:200003323; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sparkasse.de.internet-filiale.co",nocase; classtype:attempted-recon; sid:200003324; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sparxinteriors.co.zw",nocase; classtype:attempted-recon; sid:200003325; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"specialnotice.pricesamazonlogincard.shop",nocase; classtype:attempted-recon; sid:200003326; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spectrumstorageaccess.yahoosites.com",nocase; classtype:attempted-recon; sid:200003327; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spentamultimedia.com",nocase; classtype:attempted-recon; sid:200003328; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spidertvapp.com",nocase; classtype:attempted-recon; sid:200003329; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spirit.gtwozone.com",nocase; classtype:attempted-recon; sid:200003330; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spk-entsperren.de",nocase; classtype:attempted-recon; sid:200003331; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spk-jahreswechsel.com",nocase; classtype:attempted-recon; sid:200003332; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spk-secure-de.com",nocase; classtype:attempted-recon; sid:200003333; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spkfod.coms.cso.gov.tt",nocase; classtype:attempted-recon; sid:200003334; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sport.protected-secur.workers.dev",nocase; classtype:attempted-recon; sid:200003335; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sportshoes.top",nocase; classtype:attempted-recon; sid:200003336; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sportybetpremium.wapka.co",nocase; classtype:attempted-recon; sid:200003337; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spring-pond-62c4.autocreative.workers.dev",nocase; classtype:attempted-recon; sid:200003338; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"spring-pond-62c4.autocreative.workers.dev#eimaste@stinpriza.org",nocase; classtype:attempted-recon; sid:200003339; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"squeeze-airwcmalznoun.com",nocase; classtype:attempted-recon; sid:200003340; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"squeeze-amieazoeon.co",nocase; classtype:attempted-recon; sid:200003341; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sr.scicemecod.com",nocase; classtype:attempted-recon; sid:200003342; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"srisritextiles.com",nocase; classtype:attempted-recon; sid:200003343; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"srvr-cloudmail-srvr5s5wd3.pages.dev",nocase; classtype:attempted-recon; sid:200003344; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ssdaz.sqqaepr.cn",nocase; classtype:attempted-recon; sid:200003345; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sse.scicemecod.com",nocase; classtype:attempted-recon; sid:200003346; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ssia.org.sg",nocase; classtype:attempted-recon; sid:200003347; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ssl.dsl.isl.mll.aqmst6.stockestan.ir",nocase; classtype:attempted-recon; sid:200003348; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sso-garena.com",nocase; classtype:attempted-recon; sid:200003349; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sswebmail-4w5twsr.web.app",nocase; classtype:attempted-recon; sid:200003350; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"staffportal.uoz.edu.krd",nocase; classtype:attempted-recon; sid:200003351; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stage.vannaryfowler.com",nocase; classtype:attempted-recon; sid:200003352; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"staging.eliteautomotive.com.au",nocase; classtype:attempted-recon; sid:200003353; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"standardcapbnk.com",nocase; classtype:attempted-recon; sid:200003354; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"standardupdatesupportandhelpcenter2021.ga",nocase; classtype:attempted-recon; sid:200003355; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"starforsure.com",nocase; classtype:attempted-recon; sid:200003356; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"starliker.net",nocase; classtype:attempted-recon; sid:200003357; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"starsoftheindustry.com",nocase; classtype:attempted-recon; sid:200003358; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"starttsboxfile.myfreesites.net",nocase; classtype:attempted-recon; sid:200003359; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"static-ak-fbcdn.atspace.com",nocase; classtype:attempted-recon; sid:200003360; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"static-dev.o2alerts.com",nocase; classtype:attempted-recon; sid:200003361; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"static-promote.weebly.com",nocase; classtype:attempted-recon; sid:200003362; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"status-dev.o2alerts.com",nocase; classtype:attempted-recon; sid:200003363; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stclarechurch.net",nocase; classtype:attempted-recon; sid:200003364; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"steamcommunites.com",nocase; classtype:attempted-recon; sid:200003365; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"steamcommunitj.com",nocase; classtype:attempted-recon; sid:200003366; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"steamcommunityk.com",nocase; classtype:attempted-recon; sid:200003367; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"steampoweredtrade.org",nocase; classtype:attempted-recon; sid:200003368; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"steampoweredtrades.org",nocase; classtype:attempted-recon; sid:200003369; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stevemadden-sverige.com",nocase; classtype:attempted-recon; sid:200003370; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stevemaddenbutik.com",nocase; classtype:attempted-recon; sid:200003371; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stevemaddenserbia.com",nocase; classtype:attempted-recon; sid:200003372; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stevemaddenshoe.net",nocase; classtype:attempted-recon; sid:200003373; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"steven-coldwellbth9965.web.app",nocase; classtype:attempted-recon; sid:200003374; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stevencrews.com",nocase; classtype:attempted-recon; sid:200003375; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stgrp.ru",nocase; classtype:attempted-recon; sid:200003376; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"still-star-c948.updatelogaccountprogramedrfwerwrdhsjy.workers.dev",nocase; classtype:attempted-recon; sid:200003377; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stimulus-claim.com",nocase; classtype:attempted-recon; sid:200003378; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stjohnmarol.com",nocase; classtype:attempted-recon; sid:200003379; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stjudes.in",nocase; classtype:attempted-recon; sid:200003380; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stolizaparketa.ru",nocase; classtype:attempted-recon; sid:200003381; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stollgroup.coms.cso.gov.tt",nocase; classtype:attempted-recon; sid:200003382; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stomkinscommercial.com.aus.cso.gov.tt",nocase; classtype:attempted-recon; sid:200003383; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.yandexcloud.net",nocase; classtype:attempted-recon; sid:200003384; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storenike365.top",nocase; classtype:attempted-recon; sid:200003385; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"studio-lol.com",nocase; classtype:attempted-recon; sid:200003386; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stylifehomedecors.com",nocase; classtype:attempted-recon; sid:200003387; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stz-fmba.ru",nocase; classtype:attempted-recon; sid:200003388; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"submit8099.page.link",nocase; classtype:attempted-recon; sid:200003389; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"successgroup.org",nocase; classtype:attempted-recon; sid:200003390; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sucses-gov.nomtiluy.top",nocase; classtype:attempted-recon; sid:200003391; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sucuvirtcolba.com",nocase; classtype:attempted-recon; sid:200003392; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"suelunn.com",nocase; classtype:attempted-recon; sid:200003393; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"suiviticket.co",nocase; classtype:attempted-recon; sid:200003394; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sukien-pubgmoblevng.ga",nocase; classtype:attempted-recon; sid:200003395; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sultan-raza.github.io",nocase; classtype:attempted-recon; sid:200003396; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sumpandtankcleaners.in",nocase; classtype:attempted-recon; sid:200003397; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sunbeltmembers.com",nocase; classtype:attempted-recon; sid:200003398; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sunge-ode.firebaseapp.com",nocase; classtype:attempted-recon; sid:200003399; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sunshineteam.in",nocase; classtype:attempted-recon; sid:200003400; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"super-dawn-3035.ddahluwalia.workers.dev",nocase; classtype:attempted-recon; sid:200003401; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"supermilhas.com",nocase; classtype:attempted-recon; sid:200003402; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"supotsstunes.servehttp.com",nocase; classtype:attempted-recon; sid:200003403; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"suppliers.bitshepherd.org",nocase; classtype:attempted-recon; sid:200003404; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"support-auwebaccessjpnaikpanggung.com",nocase; classtype:attempted-recon; sid:200003405; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"support-axiewallet.com",nocase; classtype:attempted-recon; sid:200003406; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"support-dapps.info",nocase; classtype:attempted-recon; sid:200003407; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"support-process-manager.com",nocase; classtype:attempted-recon; sid:200003408; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"support-verify-mydevices.com",nocase; classtype:attempted-recon; sid:200003409; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"support.atimazo.shop",nocase; classtype:attempted-recon; sid:200003410; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"supportpichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200003411; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"survey18-aws.surveycenter.com",nocase; classtype:attempted-recon; sid:200003412; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"survey18-aws.toluna.com",nocase; classtype:attempted-recon; sid:200003413; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"surveys.adytude.com",nocase; classtype:attempted-recon; sid:200003414; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"suspicious-williamson.193-70-50-31.plesk.page",nocase; classtype:attempted-recon; sid:200003415; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"suumc-one.com",nocase; classtype:attempted-recon; sid:200003416; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sv.scicemecod.com",nocase; classtype:attempted-recon; sid:200003417; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"svelte-kdy6dk.stackblitz.io",nocase; classtype:attempted-recon; sid:200003418; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"swanholm.net",nocase; classtype:attempted-recon; sid:200003419; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"swannatural.com",nocase; classtype:attempted-recon; sid:200003420; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"swap.elena.finance",nocase; classtype:attempted-recon; sid:200003421; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"swappauto.staging.lcsolutions.it",nocase; classtype:attempted-recon; sid:200003422; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"swedbank-apsauga.info",nocase; classtype:attempted-recon; sid:200003423; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"swisscom.myfreesites.net",nocase; classtype:attempted-recon; sid:200003424; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sxb1plvwcpnl489779.prod.sxb1.secureserver.net",nocase; classtype:attempted-recon; sid:200003425; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"synaxisreadymix.com",nocase; classtype:attempted-recon; sid:200003426; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"syncdappconnect.com",nocase; classtype:attempted-recon; sid:200003427; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"syncmultidapp.com",nocase; classtype:attempted-recon; sid:200003428; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"syr.us",nocase; classtype:attempted-recon; sid:200003429; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sysm5rn.cn",nocase; classtype:attempted-recon; sid:200003430; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"system-fassil-net-2-3242353453453--12344443.repl.co",nocase; classtype:attempted-recon; sid:200003431; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t0nline0de0login-001-site1.itempurl.com",nocase; classtype:attempted-recon; sid:200003432; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"taher-mohamed-ahmed-saad.github.io",nocase; classtype:attempted-recon; sid:200003433; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"take-free-2022.duckdns.org",nocase; classtype:attempted-recon; sid:200003434; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"taoistw345ie.co",nocase; classtype:attempted-recon; sid:200003435; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tarik-fitness.com",nocase; classtype:attempted-recon; sid:200003436; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"taxcare.page.link",nocase; classtype:attempted-recon; sid:200003437; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"taxopus.com",nocase; classtype:attempted-recon; sid:200003438; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tb915hdh89.mfs.gg",nocase; classtype:attempted-recon; sid:200003439; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tby.eb-sites.com",nocase; classtype:attempted-recon; sid:200003440; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tcaconnect.ac-page.com",nocase; classtype:attempted-recon; sid:200003441; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"teamgameswild.com",nocase; classtype:attempted-recon; sid:200003442; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"teamgoogle125590.psee.ly",nocase; classtype:attempted-recon; sid:200003443; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"teamomni4life.com",nocase; classtype:attempted-recon; sid:200003444; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tebapit.com",nocase; classtype:attempted-recon; sid:200003445; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tecmachine.com.br",nocase; classtype:attempted-recon; sid:200003446; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tecnominproductos.com",nocase; classtype:attempted-recon; sid:200003447; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"teekitstorage.blob.core.windows.net",nocase; classtype:attempted-recon; sid:200003448; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tejalashikaindiagrocery.com",nocase; classtype:attempted-recon; sid:200003449; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"telecredutobcp.com",nocase; classtype:attempted-recon; sid:200003450; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"telegramsecurityhelp.ru",nocase; classtype:attempted-recon; sid:200003451; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tellmeliu.github.io",nocase; classtype:attempted-recon; sid:200003452; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"templat65sldh.myfreesites.net",nocase; classtype:attempted-recon; sid:200003453; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"temporary-url.com",nocase; classtype:attempted-recon; sid:200003454; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"terpelsicumple.com",nocase; classtype:attempted-recon; sid:200003455; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tesladrive-event.com",nocase; classtype:attempted-recon; sid:200003456; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"test.bayoucitybadges.org",nocase; classtype:attempted-recon; sid:200003457; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"test.bitflye87.com",nocase; classtype:attempted-recon; sid:200003458; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"test.dxbproductions.com",nocase; classtype:attempted-recon; sid:200003459; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"test.myshopclub.ru",nocase; classtype:attempted-recon; sid:200003460; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"test.webclient4.de",nocase; classtype:attempted-recon; sid:200003461; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"testing-domain.duckdns.org",nocase; classtype:attempted-recon; sid:200003462; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"texasfreedomrun.com",nocase; classtype:attempted-recon; sid:200003463; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tgpafasfsakkk.pages.dev",nocase; classtype:attempted-recon; sid:200003464; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"theaceofspaeder.com",nocase; classtype:attempted-recon; sid:200003465; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"theaudazity.com",nocase; classtype:attempted-recon; sid:200003466; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"theavon.co.zw",nocase; classtype:attempted-recon; sid:200003467; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thebeachleague.com",nocase; classtype:attempted-recon; sid:200003468; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thechillipicklecanteen.com",nocase; classtype:attempted-recon; sid:200003469; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thedecorindia.com",nocase; classtype:attempted-recon; sid:200003470; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thedom.kg",nocase; classtype:attempted-recon; sid:200003471; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"theironinnparlour.co.uk",nocase; classtype:attempted-recon; sid:200003472; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"theneontree.in",nocase; classtype:attempted-recon; sid:200003473; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thepointcj.com.br",nocase; classtype:attempted-recon; sid:200003474; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thespiritualtransformation.com",nocase; classtype:attempted-recon; sid:200003475; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thetimecenter.com",nocase; classtype:attempted-recon; sid:200003476; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thomasdentalcentre.com",nocase; classtype:attempted-recon; sid:200003477; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"three-retail-live.devicetradein.co.uk",nocase; classtype:attempted-recon; sid:200003478; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tianyuiyu.uihaish.xyz",nocase; classtype:attempted-recon; sid:200003479; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tieganford.ca",nocase; classtype:attempted-recon; sid:200003480; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tighi.creatorlink.net",nocase; classtype:attempted-recon; sid:200003481; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tight-samiuboc.co",nocase; classtype:attempted-recon; sid:200003482; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tikitaps.com",nocase; classtype:attempted-recon; sid:200003483; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tipografieonline.ro",nocase; classtype:attempted-recon; sid:200003484; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tirozhjewelry.com",nocase; classtype:attempted-recon; sid:200003485; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"titelinedrillingintl.yolasite.com",nocase; classtype:attempted-recon; sid:200003486; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tktrailerparts.com",nocase; classtype:attempted-recon; sid:200003487; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tlatx.com",nocase; classtype:attempted-recon; sid:200003488; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tlcbcp.com-segurospe.buzz",nocase; classtype:attempted-recon; sid:200003489; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"to-ken.biz",nocase; classtype:attempted-recon; sid:200003490; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"toanhoc247.edu.vn",nocase; classtype:attempted-recon; sid:200003491; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"toddler-town.com",nocase; classtype:attempted-recon; sid:200003492; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tongdaiviettelbienhoa.com",nocase; classtype:attempted-recon; sid:200003493; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tooljerejin.airsite.co",nocase; classtype:attempted-recon; sid:200003494; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"top10cheapairlinesreview.xyz",nocase; classtype:attempted-recon; sid:200003495; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"top10songsnews.com",nocase; classtype:attempted-recon; sid:200003496; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"topearnersafrica.com",nocase; classtype:attempted-recon; sid:200003497; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"topskills.ru",nocase; classtype:attempted-recon; sid:200003498; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"torccolborrachas.blogspot.com",nocase; classtype:attempted-recon; sid:200003499; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"torrinwine.com",nocase; classtype:attempted-recon; sid:200003500; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"touchidea.top",nocase; classtype:attempted-recon; sid:200003501; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tovowhuqeojweawmubmaqmqlv.hofferflow.icu",nocase; classtype:attempted-recon; sid:200003502; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tpayleboncoin.com",nocase; classtype:attempted-recon; sid:200003503; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"traders-joesxyz.com",nocase; classtype:attempted-recon; sid:200003504; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tradeswarehouse.com",nocase; classtype:attempted-recon; sid:200003505; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"trams.mot.go.th",nocase; classtype:attempted-recon; sid:200003506; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"transfertconfirmer-payalfrance.com",nocase; classtype:attempted-recon; sid:200003507; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"triangarena-membership.ga",nocase; classtype:attempted-recon; sid:200003508; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tribratanewsbondowoso.com",nocase; classtype:attempted-recon; sid:200003509; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tribunbalikpapan.com",nocase; classtype:attempted-recon; sid:200003510; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"truegrip.com",nocase; classtype:attempted-recon; sid:200003511; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"trustinpichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200003512; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"trustpress.gr",nocase; classtype:attempted-recon; sid:200003513; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"trustypichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200003514; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ts3cacd.rzjxbv.com",nocase; classtype:attempted-recon; sid:200003515; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"turntekcnc.com",nocase; classtype:attempted-recon; sid:200003516; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tx.vc",nocase; classtype:attempted-recon; sid:200003517; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"txwnmdsbqghviqxpglgzjrgbzv-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200003518; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"typedream.site",nocase; classtype:attempted-recon; sid:200003519; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"typesmartlyocr.com",nocase; classtype:attempted-recon; sid:200003520; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tyrecentre.ru",nocase; classtype:attempted-recon; sid:200003521; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"u08qv44zu5h.typeform.com",nocase; classtype:attempted-recon; sid:200003522; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"u1565723.plsk.regruhosting.ru",nocase; classtype:attempted-recon; sid:200003523; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"u18741649.ct.sendgrid.net",nocase; classtype:attempted-recon; sid:200003524; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"u827857uw6.ha004.t.justns.ru",nocase; classtype:attempted-recon; sid:200003525; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uabaiieo.com",nocase; classtype:attempted-recon; sid:200003526; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ualsemantic.dualsemantics.net",nocase; classtype:attempted-recon; sid:200003527; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ug7jv.sbs",nocase; classtype:attempted-recon; sid:200003528; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uglcsonfonia.org",nocase; classtype:attempted-recon; sid:200003529; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhasd.au6bu8m.cn",nocase; classtype:attempted-recon; sid:200003530; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhdss.xkrx0o.cn",nocase; classtype:attempted-recon; sid:200003531; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhfddsa.t0xpo42.cn",nocase; classtype:attempted-recon; sid:200003532; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhhd.rox847t.cn",nocase; classtype:attempted-recon; sid:200003533; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhhff.cnza7b8.cn",nocase; classtype:attempted-recon; sid:200003534; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhna.5m4zhvd.cn",nocase; classtype:attempted-recon; sid:200003535; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhnas.ib8b40d.cn",nocase; classtype:attempted-recon; sid:200003536; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhnca.yrk1du9.cn",nocase; classtype:attempted-recon; sid:200003537; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhncd.n26k1al.cn",nocase; classtype:attempted-recon; sid:200003538; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhncda.xmilwwp.cn",nocase; classtype:attempted-recon; sid:200003539; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhndd.9943s82.cn",nocase; classtype:attempted-recon; sid:200003540; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhns.mxyzy7i.cn",nocase; classtype:attempted-recon; sid:200003541; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhnsa.sdmpo0s.cn",nocase; classtype:attempted-recon; sid:200003542; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhnxa.d23xsru.cn",nocase; classtype:attempted-recon; sid:200003543; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhnxa.q83itv9.cn",nocase; classtype:attempted-recon; sid:200003544; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uhnxas.rvw56l.cn",nocase; classtype:attempted-recon; sid:200003545; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujcd.um2nlru.cn",nocase; classtype:attempted-recon; sid:200003546; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujdaa.fn3m4en.cn",nocase; classtype:attempted-recon; sid:200003547; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujds.5e8tn13.cn",nocase; classtype:attempted-recon; sid:200003548; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhca.oioqmsh.cn",nocase; classtype:attempted-recon; sid:200003549; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhca.xsevdat.cn",nocase; classtype:attempted-recon; sid:200003550; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhcd.8burgvo.cn",nocase; classtype:attempted-recon; sid:200003551; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhd.21k0qik.cn",nocase; classtype:attempted-recon; sid:200003552; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhd.c0c4m46.cn",nocase; classtype:attempted-recon; sid:200003553; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhd.j419kr0.cn",nocase; classtype:attempted-recon; sid:200003554; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhd.kdsiuuc.cn",nocase; classtype:attempted-recon; sid:200003555; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhd.zkshmxt.cn",nocase; classtype:attempted-recon; sid:200003556; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhdca.mdwclcb.cn",nocase; classtype:attempted-recon; sid:200003557; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhdd.cotf8p5.cn",nocase; classtype:attempted-recon; sid:200003558; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhf.m45h2q0.cn",nocase; classtype:attempted-recon; sid:200003559; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhff.nkxefqp.cn",nocase; classtype:attempted-recon; sid:200003560; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujhs.o2klowf.cn",nocase; classtype:attempted-recon; sid:200003561; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujnca.wxuqxb7.cn",nocase; classtype:attempted-recon; sid:200003562; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujnca.zgbo0g.cn",nocase; classtype:attempted-recon; sid:200003563; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujncd.kzi68ra.cn",nocase; classtype:attempted-recon; sid:200003564; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujncd.lw2djbm.cn",nocase; classtype:attempted-recon; sid:200003565; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ujnxas.vj135ih.cn",nocase; classtype:attempted-recon; sid:200003566; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ukcare.in",nocase; classtype:attempted-recon; sid:200003567; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"umbrellaclubla.com",nocase; classtype:attempted-recon; sid:200003568; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unam.myfreesites.net",nocase; classtype:attempted-recon; sid:200003569; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unbxa.byjmcpy.cn",nocase; classtype:attempted-recon; sid:200003570; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"undefinedtrack.xyz",nocase; classtype:attempted-recon; sid:200003571; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unga.c76sioq.cn",nocase; classtype:attempted-recon; sid:200003572; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniassessoria.com.br",nocase; classtype:attempted-recon; sid:200003573; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unicreditaustria.ucs.info",nocase; classtype:attempted-recon; sid:200003574; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unifacema.edu.br",nocase; classtype:attempted-recon; sid:200003575; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unifacvest.net",nocase; classtype:attempted-recon; sid:200003576; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unifiedsmartsync.live",nocase; classtype:attempted-recon; sid:200003577; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unionheightsresidental.com",nocase; classtype:attempted-recon; sid:200003578; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unisons.store",nocase; classtype:attempted-recon; sid:200003579; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unisonsouthayr.org.uk",nocase; classtype:attempted-recon; sid:200003580; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniswap.ch",nocase; classtype:attempted-recon; sid:200003581; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniswap.financial",nocase; classtype:attempted-recon; sid:200003582; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniswap.openwallet.dev",nocase; classtype:attempted-recon; sid:200003583; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniswap.pages.dev",nocase; classtype:attempted-recon; sid:200003584; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniswap.seal.finance",nocase; classtype:attempted-recon; sid:200003585; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniswap.token.im",nocase; classtype:attempted-recon; sid:200003586; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniswap.trading",nocase; classtype:attempted-recon; sid:200003587; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniswapfinancing.info",nocase; classtype:attempted-recon; sid:200003588; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniswaps.net",nocase; classtype:attempted-recon; sid:200003589; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unitedalliance-online.000webhostapp.com",nocase; classtype:attempted-recon; sid:200003590; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unitus.mk.ua",nocase; classtype:attempted-recon; sid:200003591; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"universidadsanjuan.ac",nocase; classtype:attempted-recon; sid:200003592; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unnca.bbh672u.cn",nocase; classtype:attempted-recon; sid:200003593; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unnxa.pqpchqo.cn",nocase; classtype:attempted-recon; sid:200003594; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unpocodearte.cl",nocase; classtype:attempted-recon; sid:200003595; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unregpayee-lb.com",nocase; classtype:attempted-recon; sid:200003596; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"unsub.listhandlr.com",nocase; classtype:attempted-recon; sid:200003597; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"updateinfo-billingo2.com",nocase; classtype:attempted-recon; sid:200003598; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"updatemy.software",nocase; classtype:attempted-recon; sid:200003599; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"updateseason.com",nocase; classtype:attempted-recon; sid:200003600; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"updatestory2022.co.vu",nocase; classtype:attempted-recon; sid:200003601; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"updatevoda-billing.com",nocase; classtype:attempted-recon; sid:200003602; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"upgrade-25gb-email.thecornerstudio.com.au",nocase; classtype:attempted-recon; sid:200003603; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"upgradedserver.online",nocase; classtype:attempted-recon; sid:200003604; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uploadpichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200003605; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uploads.codesandbox.io",nocase; classtype:attempted-recon; sid:200003606; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uppledpichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200003607; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"urbenorte.com",nocase; classtype:attempted-recon; sid:200003608; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"urgent-halifaxlogin.com",nocase; classtype:attempted-recon; sid:200003609; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"userboitevocalweb.flazio.com",nocase; classtype:attempted-recon; sid:200003610; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"userinformationstoreupdatesmail.pages.dev",nocase; classtype:attempted-recon; sid:200003611; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"usfn.net",nocase; classtype:attempted-recon; sid:200003612; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uspsexpressdeliveryline.com",nocase; classtype:attempted-recon; sid:200003613; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uswowgame.net",nocase; classtype:attempted-recon; sid:200003614; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uueer.7jgy5xe.cn",nocase; classtype:attempted-recon; sid:200003615; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uuid-validation.run-us-west2.goorm.io",nocase; classtype:attempted-recon; sid:200003616; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uukx0h0.cn",nocase; classtype:attempted-recon; sid:200003617; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uyhnxx.urpzkva.cn",nocase; classtype:attempted-recon; sid:200003618; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uyqw.dykowec.cn",nocase; classtype:attempted-recon; sid:200003619; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uz154.sbs",nocase; classtype:attempted-recon; sid:200003620; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"v.macecri.com",nocase; classtype:attempted-recon; sid:200003621; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"v3r1f1c4t10ns-1d3nt1tys.000webhostapp.com",nocase; classtype:attempted-recon; sid:200003622; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"v3r1f1c4t10ns-c3nt3rp4g3.000webhostapp.com",nocase; classtype:attempted-recon; sid:200003623; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vaccine-status-info.com",nocase; classtype:attempted-recon; sid:200003624; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vakif.albay-arnold.com",nocase; classtype:attempted-recon; sid:200003625; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"valax-wallet.com",nocase; classtype:attempted-recon; sid:200003626; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"valenciaoptometry.com",nocase; classtype:attempted-recon; sid:200003627; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"valenteplay.com.br",nocase; classtype:attempted-recon; sid:200003628; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"validacionpichincha.odoo.com",nocase; classtype:attempted-recon; sid:200003629; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"validate-chain.com",nocase; classtype:attempted-recon; sid:200003630; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"validate-solana.com",nocase; classtype:attempted-recon; sid:200003631; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"validator-fzkiy.run-us-west2.goorm.io",nocase; classtype:attempted-recon; sid:200003632; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vallion.motiffliterature.me",nocase; classtype:attempted-recon; sid:200003633; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vcz.gmoqkzu.cn",nocase; classtype:attempted-recon; sid:200003634; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"velvish.com",nocase; classtype:attempted-recon; sid:200003635; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ventas.lnterbarnk.pe.jifad.org",nocase; classtype:attempted-recon; sid:200003636; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"veri-pichincha.webcindario.com",nocase; classtype:attempted-recon; sid:200003637; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verification-trustwallet.4bl-eg.com",nocase; classtype:attempted-recon; sid:200003638; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verification.fb-page.workers.dev",nocase; classtype:attempted-recon; sid:200003639; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verificationmessage.blob.core.windows.net",nocase; classtype:attempted-recon; sid:200003640; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verifications-zones.com",nocase; classtype:attempted-recon; sid:200003641; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verififacebookid.wixsite.com",nocase; classtype:attempted-recon; sid:200003642; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verifiikasi-accounts.weebly.com",nocase; classtype:attempted-recon; sid:200003643; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verifikasi-akun-anda0011.weeblysite.com",nocase; classtype:attempted-recon; sid:200003644; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verifikasi-akun-facebook0022.weeblysite.com",nocase; classtype:attempted-recon; sid:200003645; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verifikasi-identitas47.weebly.com",nocase; classtype:attempted-recon; sid:200003646; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verifocaoffa.webcindario.com",nocase; classtype:attempted-recon; sid:200003647; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"verifymywallets.com",nocase; classtype:attempted-recon; sid:200003648; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vgiuhkjnm.b9u6vh5l7g1797.workers.dev",nocase; classtype:attempted-recon; sid:200003649; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"victorarath99.github.io",nocase; classtype:attempted-recon; sid:200003650; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"videobigo.com",nocase; classtype:attempted-recon; sid:200003651; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vietlime.vn",nocase; classtype:attempted-recon; sid:200003652; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vietschi.de",nocase; classtype:attempted-recon; sid:200003653; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"viettel-com-dot-c2c01-531c7.uc.r.appspot.com",nocase; classtype:attempted-recon; sid:200003654; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vigilant-murdock.45-81-232-15.plesk.page",nocase; classtype:attempted-recon; sid:200003655; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"viguohilkasdsd.izwe6g6lyc.workers.dev",nocase; classtype:attempted-recon; sid:200003656; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vilaanimalviana.pt",nocase; classtype:attempted-recon; sid:200003657; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vinbpcfatfnkjftetwwkucfqsi-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200003658; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vinivet.mk",nocase; classtype:attempted-recon; sid:200003659; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vipfbtools.com",nocase; classtype:attempted-recon; sid:200003660; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"viral-groub.duckdns.org",nocase; classtype:attempted-recon; sid:200003661; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"virginia-spi.com",nocase; classtype:attempted-recon; sid:200003662; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"virtual1dattss.com",nocase; classtype:attempted-recon; sid:200003663; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vis-stort.github.io",nocase; classtype:attempted-recon; sid:200003664; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vishaljangale01.github.io",nocase; classtype:attempted-recon; sid:200003665; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"visione.co.id",nocase; classtype:attempted-recon; sid:200003666; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"visionproperty.in",nocase; classtype:attempted-recon; sid:200003667; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk-money.xyz",nocase; classtype:attempted-recon; sid:200003668; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk-posters.ru",nocase; classtype:attempted-recon; sid:200003669; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk-vhods.co",nocase; classtype:attempted-recon; sid:200003670; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vkjbm.4nt4nb464e6113.workers.dev",nocase; classtype:attempted-recon; sid:200003671; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vodaupdatepayment.com",nocase; classtype:attempted-recon; sid:200003672; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"volvocarskc.us1.list-manage.com",nocase; classtype:attempted-recon; sid:200003673; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vps56290.servconfig.com",nocase; classtype:attempted-recon; sid:200003674; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vqed.5xcv81zrx0530.workers.dev",nocase; classtype:attempted-recon; sid:200003675; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vqwd.soboja1994.workers.dev",nocase; classtype:attempted-recon; sid:200003676; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vr-banking-app.de",nocase; classtype:attempted-recon; sid:200003677; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vr-neu.com",nocase; classtype:attempted-recon; sid:200003678; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vr-system89394.com",nocase; classtype:attempted-recon; sid:200003679; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vr-system98622.com",nocase; classtype:attempted-recon; sid:200003680; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vtekllc.com",nocase; classtype:attempted-recon; sid:200003681; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vtxmail2018.myfreesites.net",nocase; classtype:attempted-recon; sid:200003682; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vugik.mecil33784.workers.dev",nocase; classtype:attempted-recon; sid:200003683; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vv.macecri.com",nocase; classtype:attempted-recon; sid:200003684; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vvjde0h0ttttf9hay.com",nocase; classtype:attempted-recon; sid:200003685; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vvpaes-me-index.egvtpp.cn",nocase; classtype:attempted-recon; sid:200003686; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vws.co.in",nocase; classtype:attempted-recon; sid:200003687; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vxcas.a35570.cn",nocase; classtype:attempted-recon; sid:200003688; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vxdse.myfreesites.net",nocase; classtype:attempted-recon; sid:200003689; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"w2.deraya.org",nocase; classtype:attempted-recon; sid:200003690; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"w5aproject.s3.us-east.cloud-object-storage.appdomain.cloud",nocase; classtype:attempted-recon; sid:200003691; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wahed-koudsi2001.github.io",nocase; classtype:attempted-recon; sid:200003692; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walkers-dot-composite-store-326315.uk.r.appspot.com",nocase; classtype:attempted-recon; sid:200003693; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallcertifyonmesh.com",nocase; classtype:attempted-recon; sid:200003694; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walldesign.com.tr",nocase; classtype:attempted-recon; sid:200003695; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallet-connect012.web.app",nocase; classtype:attempted-recon; sid:200003696; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallet-reconnection.xyz",nocase; classtype:attempted-recon; sid:200003697; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallet-verified.com",nocase; classtype:attempted-recon; sid:200003698; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallet.silesiacoin.com",nocase; classtype:attempted-recon; sid:200003699; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallet22.000webhostapp.com",nocase; classtype:attempted-recon; sid:200003700; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletconnect-tool.net",nocase; classtype:attempted-recon; sid:200003701; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletconnect-tools.xyz",nocase; classtype:attempted-recon; sid:200003702; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletconnectonline.pages.dev",nocase; classtype:attempted-recon; sid:200003703; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletconnectors.com",nocase; classtype:attempted-recon; sid:200003704; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walleterrorsupport.com",nocase; classtype:attempted-recon; sid:200003705; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletokenvalidation.com",nocase; classtype:attempted-recon; sid:200003706; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletsconect.live",nocase; classtype:attempted-recon; sid:200003707; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletsconnex.com",nocase; classtype:attempted-recon; sid:200003708; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletsliveconnects.net",nocase; classtype:attempted-recon; sid:200003709; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletsreauth.org",nocase; classtype:attempted-recon; sid:200003710; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletsynclive.com",nocase; classtype:attempted-recon; sid:200003711; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletvalidation.me",nocase; classtype:attempted-recon; sid:200003712; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"walletvalidators.com",nocase; classtype:attempted-recon; sid:200003713; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallletsconnectts.com",nocase; classtype:attempted-recon; sid:200003714; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallsynchvalidatevd.com",nocase; classtype:attempted-recon; sid:200003715; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wana78420.myfreesites.net",nocase; classtype:attempted-recon; sid:200003716; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wap.bitffybtcer.club",nocase; classtype:attempted-recon; sid:200003717; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wap.bitffybtcer.xyz",nocase; classtype:attempted-recon; sid:200003718; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wap.bitflyer.plus",nocase; classtype:attempted-recon; sid:200003719; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wap.bitflyer.venus.kim",nocase; classtype:attempted-recon; sid:200003720; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wap.btcffybtcer.com",nocase; classtype:attempted-recon; sid:200003721; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"warbonus.ru",nocase; classtype:attempted-recon; sid:200003722; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"warningshadows.org",nocase; classtype:attempted-recon; sid:200003723; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"warsa.bandungkab.go.id",nocase; classtype:attempted-recon; sid:200003724; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wasites.000webhostapp.com",nocase; classtype:attempted-recon; sid:200003725; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"waterproofingengineer.com",nocase; classtype:attempted-recon; sid:200003726; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"we-exodus-wallet.yahoosites.com",nocase; classtype:attempted-recon; sid:200003727; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-armas.royale-freefire1garena-bonus.com",nocase; classtype:attempted-recon; sid:200003728; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-b4119.web.app",nocase; classtype:attempted-recon; sid:200003729; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-e1f6d.web.app",nocase; classtype:attempted-recon; sid:200003730; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-exoduss.com",nocase; classtype:attempted-recon; sid:200003731; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-f6612.web.app",nocase; classtype:attempted-recon; sid:200003732; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-ml01.web.app",nocase; classtype:attempted-recon; sid:200003733; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-my-app.com",nocase; classtype:attempted-recon; sid:200003734; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-online-cancel.com",nocase; classtype:attempted-recon; sid:200003735; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-verifi01.webcindario.com",nocase; classtype:attempted-recon; sid:200003736; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-verifi02.webcindario.com",nocase; classtype:attempted-recon; sid:200003737; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-verifi03.webcindario.com",nocase; classtype:attempted-recon; sid:200003738; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-verifi04.webcindario.com",nocase; classtype:attempted-recon; sid:200003739; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-verifi05.webcindario.com",nocase; classtype:attempted-recon; sid:200003740; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web-verifi06.webcindario.com",nocase; classtype:attempted-recon; sid:200003741; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web.bredbanque.trans.sylog.co",nocase; classtype:attempted-recon; sid:200003742; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"web.royale-freefire1garena-bonus.com",nocase; classtype:attempted-recon; sid:200003743; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webbbb.yolasite.com",nocase; classtype:attempted-recon; sid:200003744; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webbl.yolasite.com",nocase; classtype:attempted-recon; sid:200003745; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webdappsconnection.com",nocase; classtype:attempted-recon; sid:200003746; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webdatamltrainingdiag842.blob.core.windows.net",nocase; classtype:attempted-recon; sid:200003747; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webdesecure.clickfunnels.com",nocase; classtype:attempted-recon; sid:200003748; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webhost-verify.duckdns.org",nocase; classtype:attempted-recon; sid:200003749; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webip.yolasite.com",nocase; classtype:attempted-recon; sid:200003750; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webmail-2aaa0.web.app",nocase; classtype:attempted-recon; sid:200003751; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webmail-optusnet-com-au-sign1.weebly.com",nocase; classtype:attempted-recon; sid:200003752; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webmail-sso8uyg.web.app",nocase; classtype:attempted-recon; sid:200003753; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webmail.gourmer.co.in",nocase; classtype:attempted-recon; sid:200003754; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webmail.login.access.docs67.live",nocase; classtype:attempted-recon; sid:200003755; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webmailadmin0.myfreesites.net",nocase; classtype:attempted-recon; sid:200003756; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webmailstoragesrvr4567-supportdev.codeanyapp.com",nocase; classtype:attempted-recon; sid:200003757; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webpres.000webhostapp.com",nocase; classtype:attempted-recon; sid:200003758; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webregular.xyz",nocase; classtype:attempted-recon; sid:200003759; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webservice-verify.duckdns.org",nocase; classtype:attempted-recon; sid:200003760; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"websitefun.club",nocase; classtype:attempted-recon; sid:200003761; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webstories.eu",nocase; classtype:attempted-recon; sid:200003762; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webvalidity.com",nocase; classtype:attempted-recon; sid:200003763; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"well-42d74.web.app",nocase; classtype:attempted-recon; sid:200003764; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"weryfikacja-facebookowa-28.herokuapp.com",nocase; classtype:attempted-recon; sid:200003765; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"weteachbh.com",nocase; classtype:attempted-recon; sid:200003766; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"whare.100webspace.net",nocase; classtype:attempted-recon; sid:200003767; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"whatsapp-grub99zyc.duckdns.org",nocase; classtype:attempted-recon; sid:200003768; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wheelsofmercy.org",nocase; classtype:attempted-recon; sid:200003769; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"whitelist-network.com",nocase; classtype:attempted-recon; sid:200003770; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"widadkamillah.github.io",nocase; classtype:attempted-recon; sid:200003771; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wiki.oceanreeflifegame.com",nocase; classtype:attempted-recon; sid:200003772; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"windstream-net.firebaseapp.com",nocase; classtype:attempted-recon; sid:200003773; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"winville.biz",nocase; classtype:attempted-recon; sid:200003774; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wireconfirmation68c10a25442a3e13.blogspot.com",nocase; classtype:attempted-recon; sid:200003775; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wires-business-starter.webflow.io",nocase; classtype:attempted-recon; sid:200003776; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wirtschaft.baesweiler.de",nocase; classtype:attempted-recon; sid:200003777; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wizmi.service-now.com",nocase; classtype:attempted-recon; sid:200003778; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wkazisan.github.io",nocase; classtype:attempted-recon; sid:200003779; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"womancreatorofman.com",nocase; classtype:attempted-recon; sid:200003780; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"woofle.ru",nocase; classtype:attempted-recon; sid:200003781; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"workforcerelief.com",nocase; classtype:attempted-recon; sid:200003782; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"workprotocoles-com.webs.com",nocase; classtype:attempted-recon; sid:200003783; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wp-login.azurewebsites.net",nocase; classtype:attempted-recon; sid:200003784; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wpsoar.com",nocase; classtype:attempted-recon; sid:200003785; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wqass-index.chobqu.cn",nocase; classtype:attempted-recon; sid:200003786; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wqass-index.dccigq.cn",nocase; classtype:attempted-recon; sid:200003787; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wqass-index.gbswz.cn",nocase; classtype:attempted-recon; sid:200003788; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wqass-index.pygbw.cn",nocase; classtype:attempted-recon; sid:200003789; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wrww-roblox.com",nocase; classtype:attempted-recon; sid:200003790; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wsertyzx.gq",nocase; classtype:attempted-recon; sid:200003791; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wteeoq.pfinanceiro.com.de",nocase; classtype:attempted-recon; sid:200003792; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ww.lnterbank.pe.personas.aaseguros.mx",nocase; classtype:attempted-recon; sid:200003793; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ww.lnterbank.pe.personas.onlinesocket.in",nocase; classtype:attempted-recon; sid:200003794; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ww.lnterbank.pe.personas.t-class.org",nocase; classtype:attempted-recon; sid:200003795; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ww16.inpost-pl-3dsecure.clear-id.xyz",nocase; classtype:attempted-recon; sid:200003796; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wwedealershipon.000webhostapp.com",nocase; classtype:attempted-recon; sid:200003797; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www-cursosdigitalesmx-com.filesusr.com",nocase; classtype:attempted-recon; sid:200003798; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www-degelyehuda-org-il.filesusr.com",nocase; classtype:attempted-recon; sid:200003799; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www-europe564598-com.filesusr.com",nocase; classtype:attempted-recon; sid:200003800; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www-europessign-com.filesusr.com",nocase; classtype:attempted-recon; sid:200003801; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www-key-com.test.edgekey.net",nocase; classtype:attempted-recon; sid:200003802; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www-mufg-jp.handicraft.ltd",nocase; classtype:attempted-recon; sid:200003803; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www-mufg-jp.kaiqi.ink",nocase; classtype:attempted-recon; sid:200003804; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www.facebook.com-sauuvazpjo.isiolo.go.ke",nocase; classtype:attempted-recon; sid:200003805; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www2.rakutan.co.jploginffd9dfg7.carwork.cn",nocase; classtype:attempted-recon; sid:200003806; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www2.rakutan.co.jploginffd9dfg7h.iotbaas.cn",nocase; classtype:attempted-recon; sid:200003807; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www2.rakuten-card.co.jp.wzsrc.cn",nocase; classtype:attempted-recon; sid:200003808; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www2.rakutenn.co.jp.nanopark.cn",nocase; classtype:attempted-recon; sid:200003809; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www2.rakutenn.co.jp.zgyo.cn",nocase; classtype:attempted-recon; sid:200003810; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www3.lejournaldugrandparis.fr",nocase; classtype:attempted-recon; sid:200003811; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"www3.plenainclusion.org",nocase; classtype:attempted-recon; sid:200003812; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wxsohu.com",nocase; classtype:attempted-recon; sid:200003813; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"x.macecri.com",nocase; classtype:attempted-recon; sid:200003814; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"x.scicemecod.com",nocase; classtype:attempted-recon; sid:200003815; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xcas.xoh29oz.cn",nocase; classtype:attempted-recon; sid:200003816; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xcasd.7vo6bt.cn",nocase; classtype:attempted-recon; sid:200003817; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xcasd.b204uje.cn",nocase; classtype:attempted-recon; sid:200003818; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xcasd.tcbjnhq.cn",nocase; classtype:attempted-recon; sid:200003819; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xcasd.yikn2gd.cn",nocase; classtype:attempted-recon; sid:200003820; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xcryptocars.blogspot.com",nocase; classtype:attempted-recon; sid:200003821; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xcvdsd.page.link",nocase; classtype:attempted-recon; sid:200003822; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xhgs.epgegxj.cn",nocase; classtype:attempted-recon; sid:200003823; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xiajs.0dow0l.cn",nocase; classtype:attempted-recon; sid:200003824; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xid-human-validation.run-us-west2.goorm.io",nocase; classtype:attempted-recon; sid:200003825; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xj333.mjt.lu",nocase; classtype:attempted-recon; sid:200003826; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xj33s.mjt.lu",nocase; classtype:attempted-recon; sid:200003827; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xj33w.mjt.lu",nocase; classtype:attempted-recon; sid:200003828; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xj3pr.mjt.lu",nocase; classtype:attempted-recon; sid:200003829; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xj45g.mjt.lu",nocase; classtype:attempted-recon; sid:200003830; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xj45o.mjt.lu",nocase; classtype:attempted-recon; sid:200003831; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xj4og.mjt.lu",nocase; classtype:attempted-recon; sid:200003832; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xjm7s.mjt.lu",nocase; classtype:attempted-recon; sid:200003833; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xjmr7.mjt.lu",nocase; classtype:attempted-recon; sid:200003834; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xjpyyds.pem4yp3.cn",nocase; classtype:attempted-recon; sid:200003835; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xkljfg.ml",nocase; classtype:attempted-recon; sid:200003836; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xn--gmal-sya.com",nocase; classtype:attempted-recon; sid:200003837; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xn--ltappen-80a.se",nocase; classtype:attempted-recon; sid:200003838; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xn--metamsk-lwa.link",nocase; classtype:attempted-recon; sid:200003839; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xn--rpondeur-sfr2-bhb.yolasite.com",nocase; classtype:attempted-recon; sid:200003840; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xpubgfrozen.tk",nocase; classtype:attempted-recon; sid:200003841; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xqr3i.mjt.lu",nocase; classtype:attempted-recon; sid:200003842; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xqr3n.mjt.lu",nocase; classtype:attempted-recon; sid:200003843; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xqr3u.mjt.lu",nocase; classtype:attempted-recon; sid:200003844; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xrx6r.mjt.lu",nocase; classtype:attempted-recon; sid:200003845; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xrxh1.mjt.lu",nocase; classtype:attempted-recon; sid:200003846; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xrxh2.mjt.lu",nocase; classtype:attempted-recon; sid:200003847; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xrxhl.mjt.lu",nocase; classtype:attempted-recon; sid:200003848; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xsbrookshhjx.top",nocase; classtype:attempted-recon; sid:200003849; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xspin.cawnibos.com",nocase; classtype:attempted-recon; sid:200003850; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xtio.ch",nocase; classtype:attempted-recon; sid:200003851; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xtw42.mjt.lu",nocase; classtype:attempted-recon; sid:200003852; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xvideokoreanwifesister18.duckdns.org",nocase; classtype:attempted-recon; sid:200003853; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xx.macecri.com",nocase; classtype:attempted-recon; sid:200003854; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xxaas.tp00jv9.cn",nocase; classtype:attempted-recon; sid:200003855; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xxasd.sf29hrg.cn",nocase; classtype:attempted-recon; sid:200003856; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xxx-com-dot-c2c01-531c7.uc.r.appspot.com",nocase; classtype:attempted-recon; sid:200003857; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xzasd.uz64g3.cn",nocase; classtype:attempted-recon; sid:200003858; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@asdxa.p2x11pi.cn",nocase; classtype:attempted-recon; sid:200003859; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@bghgcd.psuxscm.cn",nocase; classtype:attempted-recon; sid:200003860; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@bhgxa.eo76sni.cn",nocase; classtype:attempted-recon; sid:200003861; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@cdas.nxzigco.cn",nocase; classtype:attempted-recon; sid:200003862; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@cxasd.easghbl.cn",nocase; classtype:attempted-recon; sid:200003863; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@hghgda.erjl0hx.cn",nocase; classtype:attempted-recon; sid:200003864; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@inna.cedymll.cn",nocase; classtype:attempted-recon; sid:200003865; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@jhdd.fjcslad.cn",nocase; classtype:attempted-recon; sid:200003866; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@kjhdda.tetfeec.cn",nocase; classtype:attempted-recon; sid:200003867; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@lkjds.nlmwjta.cn",nocase; classtype:attempted-recon; sid:200003868; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@nhbcda.g4g5mgc.cn",nocase; classtype:attempted-recon; sid:200003869; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@poklsa.slodddz.cn",nocase; classtype:attempted-recon; sid:200003870; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@qweas.p6rhddj.cn",nocase; classtype:attempted-recon; sid:200003871; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@ssdaz.sqqaepr.cn",nocase; classtype:attempted-recon; sid:200003872; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@uhncda.xmilwwp.cn",nocase; classtype:attempted-recon; sid:200003873; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@uhnxa.q83itv9.cn",nocase; classtype:attempted-recon; sid:200003874; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@ujdaa.fn3m4en.cn",nocase; classtype:attempted-recon; sid:200003875; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@ujds.5e8tn13.cn",nocase; classtype:attempted-recon; sid:200003876; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@ujhdca.mdwclcb.cn",nocase; classtype:attempted-recon; sid:200003877; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@uyhnxx.urpzkva.cn",nocase; classtype:attempted-recon; sid:200003878; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@zxas.2nd0g8.cn",nocase; classtype:attempted-recon; sid:200003879; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahoo%2eco%2ejp@zxass.jbkyj0o.cn",nocase; classtype:attempted-recon; sid:200003880; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yahuomall.square.site",nocase; classtype:attempted-recon; sid:200003881; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yairix.github.io",nocase; classtype:attempted-recon; sid:200003882; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yalena.me",nocase; classtype:attempted-recon; sid:200003883; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yandex-viral.duckdns.org",nocase; classtype:attempted-recon; sid:200003884; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yaqoobi.org",nocase; classtype:attempted-recon; sid:200003885; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yayanti.com",nocase; classtype:attempted-recon; sid:200003886; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ybdaa.oqsgm9r.cn",nocase; classtype:attempted-recon; sid:200003887; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ybggd.fjgjoux.cn",nocase; classtype:attempted-recon; sid:200003888; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yellow-surf-7b04.voiceovermade-today.workers.dev",nocase; classtype:attempted-recon; sid:200003889; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yerelyonetim.net",nocase; classtype:attempted-recon; sid:200003890; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ygbda.ffeufka.cn",nocase; classtype:attempted-recon; sid:200003891; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yhbca.pfs8ylv.cn",nocase; classtype:attempted-recon; sid:200003892; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yhbndd.ryyswjn.cn",nocase; classtype:attempted-recon; sid:200003893; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yhcd.gabprnx.cn",nocase; classtype:attempted-recon; sid:200003894; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yhddf.vtf23ic.cn",nocase; classtype:attempted-recon; sid:200003895; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yhdff.iw6fwu.cn",nocase; classtype:attempted-recon; sid:200003896; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yhnbd.5u3z9i2.cn",nocase; classtype:attempted-recon; sid:200003897; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yhncd.3ycuxr1.cn",nocase; classtype:attempted-recon; sid:200003898; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yiaswqjdtcyeqpvyqthijepeai-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200003899; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ykyevmqxaktnfgrtuufymkhnce-dot-gl44393333333.rj.r.appspot.com",nocase; classtype:attempted-recon; sid:200003900; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yma1ll0g0n.odoo.com",nocase; classtype:attempted-recon; sid:200003901; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ynbgdc.woprkzp.cn",nocase; classtype:attempted-recon; sid:200003902; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ynbxa.pvgulkz.cn",nocase; classtype:attempted-recon; sid:200003903; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yndda.m117s1s.cn",nocase; classtype:attempted-recon; sid:200003904; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yo7ka-anna.com",nocase; classtype:attempted-recon; sid:200003905; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yogeshwarwiremesh.com",nocase; classtype:attempted-recon; sid:200003906; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"youknowar.com",nocase; classtype:attempted-recon; sid:200003907; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"young-snow-7447.tcheviron5269.workers.dev",nocase; classtype:attempted-recon; sid:200003908; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"youreasygoing2022.co.vu",nocase; classtype:attempted-recon; sid:200003909; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yqlpeitost.duckdns.org",nocase; classtype:attempted-recon; sid:200003910; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ytdjhstej.tk",nocase; classtype:attempted-recon; sid:200003911; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yuhjjkss.web.app",nocase; classtype:attempted-recon; sid:200003912; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"yumpai.cn",nocase; classtype:attempted-recon; sid:200003913; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"z.macecri.com",nocase; classtype:attempted-recon; sid:200003914; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"z.scicemecod.com",nocase; classtype:attempted-recon; sid:200003915; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"z0massegurabclp1.shreeramwoodindustries.com",nocase; classtype:attempted-recon; sid:200003916; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"z2qje.codesandbox.io",nocase; classtype:attempted-recon; sid:200003917; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"z3voicrxxvs.typeform.com",nocase; classtype:attempted-recon; sid:200003918; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zacharytlasko.com",nocase; classtype:attempted-recon; sid:200003919; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zackselectronics.co.zw",nocase; classtype:attempted-recon; sid:200003920; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zaktualizacja-platnosci.netfxtv.co.pl",nocase; classtype:attempted-recon; sid:200003921; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zasd.yhxmd30.cn",nocase; classtype:attempted-recon; sid:200003922; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zb2-home.web.app",nocase; classtype:attempted-recon; sid:200003923; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zen-minsky-ef5931.netlify.app",nocase; classtype:attempted-recon; sid:200003924; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zenvinyl.com",nocase; classtype:attempted-recon; sid:200003925; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zepe.io",nocase; classtype:attempted-recon; sid:200003926; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zeroquiz.com",nocase; classtype:attempted-recon; sid:200003927; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zgyyds.mm5p1ch.cn",nocase; classtype:attempted-recon; sid:200003928; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zgyyds.nebl4zw.cn",nocase; classtype:attempted-recon; sid:200003929; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zhrmghgyyds.h0tlexl.cn",nocase; classtype:attempted-recon; sid:200003930; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zjzj6688.yihang.ren",nocase; classtype:attempted-recon; sid:200003931; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zmpcoaca.cyou",nocase; classtype:attempted-recon; sid:200003932; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zmpcoacu.cyou",nocase; classtype:attempted-recon; sid:200003933; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zmpcoado.cyou",nocase; classtype:attempted-recon; sid:200003934; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zoho-online.web.app",nocase; classtype:attempted-recon; sid:200003935; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zoho-validationserv.web.app",nocase; classtype:attempted-recon; sid:200003936; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zonmca.hxljatvw.cn",nocase; classtype:attempted-recon; sid:200003937; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zshrvvo.cn",nocase; classtype:attempted-recon; sid:200003938; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zxas.2nd0g8.cn",nocase; classtype:attempted-recon; sid:200003939; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zxas.hs0rgq8.cn",nocase; classtype:attempted-recon; sid:200003940; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zxass.jbkyj0o.cn",nocase; classtype:attempted-recon; sid:200003941; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zxcas.ywqfz8.cn",nocase; classtype:attempted-recon; sid:200003942; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zxcaspx.aghwlup.cn",nocase; classtype:attempted-recon; sid:200003943; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zxcnash.seufhsk.cn",nocase; classtype:attempted-recon; sid:200003944; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zxcod.01l241.cn",nocase; classtype:attempted-recon; sid:200003945; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zxcuashs.e0n0gh5.cn",nocase; classtype:attempted-recon; sid:200003946; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zxnahs.3cze6ri.cn",nocase; classtype:attempted-recon; sid:200003947; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zz.macecri.com",nocase; classtype:attempted-recon; sid:200003948; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"0333fa5.netsolhost.com",nocase; http_uri; content:"/comcast/xfinity.php?d1193169ba22c33594765d16035661b1=&amp\;email=a@a.c&amp\;.rand=login.xfinity.com.aspx",nocase; classtype:attempted-recon; sid:200003949; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"045a3c0.wcomhost.com",nocase; http_uri; content:"/ameli-assurance/remboursement/login/",nocase; classtype:attempted-recon; sid:200003950; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"045a3c0.wcomhost.com",nocase; http_uri; content:"/ameli-assurance/remboursement/login/iframe-page2.html",nocase; classtype:attempted-recon; sid:200003951; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"048d7b4.wcomhost.com",nocase; http_uri; content:"/ameli-assurance/remboursement/login",nocase; classtype:attempted-recon; sid:200003952; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"048d7b4.wcomhost.com",nocase; http_uri; content:"/ameli-assurance/remboursement/login/",nocase; classtype:attempted-recon; sid:200003953; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"0572f4b.wcomhost.com",nocase; http_uri; content:"/escaixa/es/espace/home/",nocase; classtype:attempted-recon; sid:200003954; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"108ideashop.com",nocase; http_uri; content:"/ads/c/",nocase; classtype:attempted-recon; sid:200003955; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"28ecne20f9u.securetnet.com",nocase; http_uri; content:"/bbva/592cf4/425bdbd3-91cf-4e9f-9498-7a06b3ad75ec/?test=1",nocase; classtype:attempted-recon; sid:200003956; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"3rdstreetmarket.com",nocase; http_uri; content:"/wp-content/themes/3rdst/8-login-form/",nocase; classtype:attempted-recon; sid:200003957; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"a-q-f.com",nocase; http_uri; content:"/openpc/directlogin.do",nocase; classtype:attempted-recon; sid:200003958; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"abre.ai",nocase; http_uri; content:"/dhhh?trackingid=gnevs68e&signature=newsletter",nocase; classtype:attempted-recon; sid:200003959; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"abre.ai",nocase; http_uri; content:"/dmjg",nocase; classtype:attempted-recon; sid:200003960; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"accounts.google.com",nocase; http_uri; content:"/servicelogin?passive=1209600&continue=https://sites.google.com/view/viewbill-bt-1/bt&followup=https://sites.google.com/view/viewbill-bt-1/bt",nocase; classtype:attempted-recon; sid:200003961; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"accounts.google.com",nocase; http_uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/1lordman1man3/oscman2.html&followup=https://storage.cloud.google.com/1lordman1man3/oscman2.html",nocase; classtype:attempted-recon; sid:200003962; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"accounts.google.com",nocase; http_uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/appspotv450i7r8h9vf9y6yt8uiuft58f7uf5yye36u0jtyf78uuyfyy/index.html&followup=https://storage.cloud.google.com/appspotv450i7r8h9vf9y6yt8uiuft58f7uf5yye36u0jtyf78uuyfyy/index.html",nocase; classtype:attempted-recon; sid:200003963; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"accounts.google.com",nocase; http_uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/employt44to49cclrlolcrl94lnlxo.appspot.com/index.html&followup=https://storage.cloud.google.com/employt44to49cclrlolcrl94lnlxo.appspot.com/index.html",nocase; classtype:attempted-recon; sid:200003964; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"accounts.google.com",nocase; http_uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/maintainancecomponeta.appspot.com/mineindex.html&followup=https://storage.cloud.google.com/maintainancecomponeta.appspot.com/mineindex.html",nocase; classtype:attempted-recon; sid:200003965; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"accounts.google.com",nocase; http_uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/officpcpspbcncuser.appspot.com/index.htm&followup=https://storage.cloud.google.com/officpcpspbcncuser.appspot.com/index.htm",nocase; classtype:attempted-recon; sid:200003966; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"accounts.google.com",nocase; http_uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/poopnoomprops-oo987700ok/newrbindex.html&followup=https://storage.cloud.google.com/poopnoomprops-oo987700ok/newrbindex.html",nocase; classtype:attempted-recon; sid:200003967; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"activartransferenciainternacional.com",nocase; http_uri; content:"/?page_id=758",nocase; classtype:attempted-recon; sid:200003968; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"admin.fifoundry.net",nocase; http_uri; content:"/en/bellcocreditunion/",nocase; classtype:attempted-recon; sid:200003969; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"aijcs.blogspot.com",nocase; http_uri; content:"/2005/03/colourful-life-of-aij.html",nocase; classtype:attempted-recon; sid:200003970; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alconexport.com",nocase; http_uri; content:"/ion",nocase; classtype:attempted-recon; sid:200003971; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alconexport.com",nocase; http_uri; content:"/ion/",nocase; classtype:attempted-recon; sid:200003972; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alfredtalkelogisticservices-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/venus_gardose_talke_com/_layouts/15/wopiframe.aspx?guestaccesstoken=8extkunxrkqozifs2sycqmk4ox0ntao7cizsavm5mjc=&amp\;docid=1_14abcf62971634e6b8387df30ef7d978b&amp\;wdformid={83a6cfc0-5689-4aa4-ab13-96952b8999ba}&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200003973; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"alinachopra.com",nocase; http_uri; content:"/blog/wp-content/themes/10/",nocase; classtype:attempted-recon; sid:200003974; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ambrosecourt.com",nocase; http_uri; content:"/our/ourtime/ourtime.html",nocase; classtype:attempted-recon; sid:200003975; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ams3.digitaloceanspaces.com",nocase; http_uri; content:"/faxwxagm72247832mhwuk7224783272247832/index.html?961961d961",nocase; classtype:attempted-recon; sid:200003976; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ams3.digitaloceanspaces.com",nocase; http_uri; content:"/njk/25_40_24_5e_40_26_40_26_28_29_23_23_5e_23_24_26_5e_25_26_40_5e_28_23_26.html",nocase; classtype:attempted-recon; sid:200003977; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"anekaslot.com",nocase; http_uri; content:"/jps/webmail_reset.htm",nocase; classtype:attempted-recon; sid:200003978; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"api-freewallet.com",nocase; http_uri; content:"/app/",nocase; classtype:attempted-recon; sid:200003979; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"api.addthis.com",nocase; http_uri; content:"/oexchange/0.8/wrap/opengraph?url=ahr0chm6ly93zxetnmrlodiud2vilmfwcc8znzg1mje5lze1lziwmjfjdw5plmn6nto1nibbttu6ntygqu13zwjtyxn0zxi5lze1lziwmjeznzg1mjfjdw5plmn6nto1nibbttu6ntygqu13zwjtyxn0zxiznzg1mje5lze1lziwmjfjdw5plmn6nto1nibbttu6ntygqu0znzg1mjf3zwjtyxn0zxi5lze1lziwmjfjdw5plmn6nto1nibbttm3oduymtu6ntygqu13zwjtyxn0zxiznzg1mjejd2vibwfzdgvyqgn1bmkuy3o=",nocase; classtype:attempted-recon; sid:200003980; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.box.com",nocase; http_uri; content:"/s/b9fu9axf9rcv7bhjp80fpcm8zna5wcwi",nocase; classtype:attempted-recon; sid:200003981; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.box.com",nocase; http_uri; content:"/s/x6agocx9zvj049azirk4aw3xrqdedqhl",nocase; classtype:attempted-recon; sid:200003982; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.box.com",nocase; http_uri; content:"/s/ymr0ltw3hmn8icxebz16gjhcyhqa49w4",nocase; classtype:attempted-recon; sid:200003983; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.pipefy.com",nocase; http_uri; content:"/public/form/mnzdivok",nocase; classtype:attempted-recon; sid:200003984; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.pipefy.com",nocase; http_uri; content:"/public/form/xlfe4rw2",nocase; classtype:attempted-recon; sid:200003985; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.simplenote.com",nocase; http_uri; content:"/p/cmxgsj",nocase; classtype:attempted-recon; sid:200003986; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"app.simplenote.com",nocase; http_uri; content:"/publish/xhrdvc",nocase; classtype:attempted-recon; sid:200003987; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"appurl.io",nocase; http_uri; content:"/6dfhh1yrol",nocase; classtype:attempted-recon; sid:200003988; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"appurl.io",nocase; http_uri; content:"/lsmho6dyl-",nocase; classtype:attempted-recon; sid:200003989; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"appurl.io",nocase; http_uri; content:"/wywajnlbtl",nocase; classtype:attempted-recon; sid:200003990; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"att-yahoo.meculinkvolt.com",nocase; http_uri; content:"/at&t/",nocase; classtype:attempted-recon; sid:200003991; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"azeioaz.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200003992; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"baovesusonglcxt.com",nocase; http_uri; content:"/wp-includes/index.html",nocase; classtype:attempted-recon; sid:200003993; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bardaiconnect.com",nocase; http_uri; content:"/app/listeners/ae/n-nv6588123/ae/ae/verify/sms.php",nocase; classtype:attempted-recon; sid:200003994; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"baritasonte.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200003995; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bdsfa.sharepoint.com",nocase; http_uri; content:"/:x:/r/_layouts/15/wopiframe.aspx?guestaccesstoken=d96ydzq8vuilprdurtucov60qbtyz20222a95vav4da%3d&docid=1_1f81a6ca97d114a5f8e9829362518b16d&wdformid=%7b11b3b6fc%2d6e67%2d434d%2da029%2d3afe98d81a11%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200003996; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bdsfa.sharepoint.com",nocase; http_uri; content:"/_layouts/15/wopiframe.aspx?guestaccesstoken=d96ydzq8vuilprdurtucov60qbtyz20222a95vav4da%3d&docid=1_1f81a6ca97d114a5f8e9829362518b16d&wdformid=%7b11b3b6fc%2d6e67%2d434d%2da029%2d3afe98d81a11%7d&action=formsubmit&cid=57d50783-8fd3-4515-8ab3-24c639533fdf",nocase; classtype:attempted-recon; sid:200003997; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bendmytrend.com",nocase; http_uri; content:"/mp/china/index.php?login=sindy.zhu@swift.com",nocase; classtype:attempted-recon; sid:200003998; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.do",nocase; http_uri; content:"/fr3kf",nocase; classtype:attempted-recon; sid:200003999; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.do",nocase; http_uri; content:"/frxsz",nocase; classtype:attempted-recon; sid:200004000; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.do",nocase; http_uri; content:"/fs7cb",nocase; classtype:attempted-recon; sid:200004001; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.do",nocase; http_uri; content:"/fs8cx",nocase; classtype:attempted-recon; sid:200004002; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.do",nocase; http_uri; content:"/fsf6l",nocase; classtype:attempted-recon; sid:200004003; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly.",nocase; http_uri; content:"/3ijwsm2",nocase; classtype:attempted-recon; sid:200004004; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2iz03nf",nocase; classtype:attempted-recon; sid:200004005; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2kduy2u",nocase; classtype:attempted-recon; sid:200004006; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2nog4ow?facebook_update",nocase; classtype:attempted-recon; sid:200004007; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2nwrbgj",nocase; classtype:attempted-recon; sid:200004008; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2oq6dhz",nocase; classtype:attempted-recon; sid:200004009; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2p28z0h",nocase; classtype:attempted-recon; sid:200004010; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2q7fcpg",nocase; classtype:attempted-recon; sid:200004011; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2uwvcnh",nocase; classtype:attempted-recon; sid:200004012; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2vuwbzk",nocase; classtype:attempted-recon; sid:200004013; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2wqlrea",nocase; classtype:attempted-recon; sid:200004014; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2zaee65",nocase; classtype:attempted-recon; sid:200004015; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2zejaht",nocase; classtype:attempted-recon; sid:200004016; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/2zomh31?confirmation",nocase; classtype:attempted-recon; sid:200004017; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/30ceyfq",nocase; classtype:attempted-recon; sid:200004018; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/30dwddq",nocase; classtype:attempted-recon; sid:200004019; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/30vy89r",nocase; classtype:attempted-recon; sid:200004020; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/319qtui",nocase; classtype:attempted-recon; sid:200004021; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/31cwtqd?facebook_update",nocase; classtype:attempted-recon; sid:200004022; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/31d3mp6?facebook_service",nocase; classtype:attempted-recon; sid:200004023; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/31xebzq",nocase; classtype:attempted-recon; sid:200004024; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/32xotak?l=www.bancoripley.cl",nocase; classtype:attempted-recon; sid:200004025; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/33ipjf7",nocase; classtype:attempted-recon; sid:200004026; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/33pcwtj",nocase; classtype:attempted-recon; sid:200004027; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/34mhgdg",nocase; classtype:attempted-recon; sid:200004028; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/37r8zo3",nocase; classtype:attempted-recon; sid:200004029; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/38xmo4d",nocase; classtype:attempted-recon; sid:200004030; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/392hszz",nocase; classtype:attempted-recon; sid:200004031; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3aetm80",nocase; classtype:attempted-recon; sid:200004032; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3afo6kx",nocase; classtype:attempted-recon; sid:200004033; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3an4lcn",nocase; classtype:attempted-recon; sid:200004034; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3aqvwmn",nocase; classtype:attempted-recon; sid:200004035; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3bdkpfx?facebook_update",nocase; classtype:attempted-recon; sid:200004036; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3bmjhx1?confirmation",nocase; classtype:attempted-recon; sid:200004037; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3bq4stv?confirmation",nocase; classtype:attempted-recon; sid:200004038; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3bsgkin",nocase; classtype:attempted-recon; sid:200004039; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3bvwofv?confirmation",nocase; classtype:attempted-recon; sid:200004040; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3c7nozm",nocase; classtype:attempted-recon; sid:200004041; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3ca8owp?facebook_update",nocase; classtype:attempted-recon; sid:200004042; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3cahvv5help-center-notice-comunity",nocase; classtype:attempted-recon; sid:200004043; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3clopj4",nocase; classtype:attempted-recon; sid:200004044; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3cpqerq",nocase; classtype:attempted-recon; sid:200004045; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3cvl6ir",nocase; classtype:attempted-recon; sid:200004046; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3czqfzo?confirmation",nocase; classtype:attempted-recon; sid:200004047; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3d7ezub?facebook_update",nocase; classtype:attempted-recon; sid:200004048; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3dj0r1p",nocase; classtype:attempted-recon; sid:200004049; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3dky0ds?facebook_update",nocase; classtype:attempted-recon; sid:200004050; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3e3wjwp",nocase; classtype:attempted-recon; sid:200004051; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3eeiwqv",nocase; classtype:attempted-recon; sid:200004052; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3ego3xw?redirect=system",nocase; classtype:attempted-recon; sid:200004053; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3eoqvcn",nocase; classtype:attempted-recon; sid:200004054; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3eptccr",nocase; classtype:attempted-recon; sid:200004055; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3exbeuu?i=www.bancoripley.cl",nocase; classtype:attempted-recon; sid:200004056; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3fb9f8f",nocase; classtype:attempted-recon; sid:200004057; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3fd8key",nocase; classtype:attempted-recon; sid:200004058; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3fk3blu",nocase; classtype:attempted-recon; sid:200004059; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3fmvby5?facebook_update",nocase; classtype:attempted-recon; sid:200004060; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3fyg9rf",nocase; classtype:attempted-recon; sid:200004061; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3guiinq?confirmation",nocase; classtype:attempted-recon; sid:200004062; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3gxztog",nocase; classtype:attempted-recon; sid:200004063; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3gyfnlm?confirmation",nocase; classtype:attempted-recon; sid:200004064; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3hvucnu",nocase; classtype:attempted-recon; sid:200004065; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3hwhrlr",nocase; classtype:attempted-recon; sid:200004066; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3i8tjul",nocase; classtype:attempted-recon; sid:200004067; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3jow35g?confirmation",nocase; classtype:attempted-recon; sid:200004068; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3jqfusj?confirmation",nocase; classtype:attempted-recon; sid:200004069; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3jqmbfu",nocase; classtype:attempted-recon; sid:200004070; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3jsnadf?i=www.bancoripley.cl",nocase; classtype:attempted-recon; sid:200004071; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3jvodhm?confirmation",nocase; classtype:attempted-recon; sid:200004072; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3jxszq1?confirmation",nocase; classtype:attempted-recon; sid:200004073; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3k2aaqc?facebook_update",nocase; classtype:attempted-recon; sid:200004074; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3kdifqr",nocase; classtype:attempted-recon; sid:200004075; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3kueruz",nocase; classtype:attempted-recon; sid:200004076; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3kxfgbu",nocase; classtype:attempted-recon; sid:200004077; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3l4jpqg?facebook_update",nocase; classtype:attempted-recon; sid:200004078; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3ldovbh",nocase; classtype:attempted-recon; sid:200004079; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3lgmoqh",nocase; classtype:attempted-recon; sid:200004080; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3mgij5v",nocase; classtype:attempted-recon; sid:200004081; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3mkihc9",nocase; classtype:attempted-recon; sid:200004082; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3mrtcap",nocase; classtype:attempted-recon; sid:200004083; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3mryk6q",nocase; classtype:attempted-recon; sid:200004084; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3mvat1h?confirmation",nocase; classtype:attempted-recon; sid:200004085; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3mwnmia?confirmation",nocase; classtype:attempted-recon; sid:200004086; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3nddkta",nocase; classtype:attempted-recon; sid:200004087; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3nkpgzq",nocase; classtype:attempted-recon; sid:200004088; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3nvr2mn",nocase; classtype:attempted-recon; sid:200004089; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3phrfct",nocase; classtype:attempted-recon; sid:200004090; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3pqid6z?confirmation",nocase; classtype:attempted-recon; sid:200004091; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3qc8jtv",nocase; classtype:attempted-recon; sid:200004092; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3qplrme",nocase; classtype:attempted-recon; sid:200004093; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3r49apq?facebook_update",nocase; classtype:attempted-recon; sid:200004094; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3r8xxmg?facebook_update",nocase; classtype:attempted-recon; sid:200004095; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3rd3dgx",nocase; classtype:attempted-recon; sid:200004096; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3reovvv",nocase; classtype:attempted-recon; sid:200004097; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3rkzqb5",nocase; classtype:attempted-recon; sid:200004098; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3rucafb?confirmations",nocase; classtype:attempted-recon; sid:200004099; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3s7gmhf",nocase; classtype:attempted-recon; sid:200004100; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3sdxkuf",nocase; classtype:attempted-recon; sid:200004101; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3tkk6kn",nocase; classtype:attempted-recon; sid:200004102; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3tks2um",nocase; classtype:attempted-recon; sid:200004103; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3tzc89x",nocase; classtype:attempted-recon; sid:200004104; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3vtbyq5",nocase; classtype:attempted-recon; sid:200004105; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3vyh0x9",nocase; classtype:attempted-recon; sid:200004106; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3w8ru6g?confirmation",nocase; classtype:attempted-recon; sid:200004107; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3wb6m3i",nocase; classtype:attempted-recon; sid:200004108; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3xhfy9m?facebook_update",nocase; classtype:attempted-recon; sid:200004109; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3xkuef1?confirmation",nocase; classtype:attempted-recon; sid:200004110; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3xrdvez?facebook_update",nocase; classtype:attempted-recon; sid:200004111; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3yatzv9?confirmation",nocase; classtype:attempted-recon; sid:200004112; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3zbrsmk?|=www.bancoripley.cl",nocase; classtype:attempted-recon; sid:200004113; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/3zv9bif",nocase; classtype:attempted-recon; sid:200004114; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/bancamps-web",nocase; classtype:attempted-recon; sid:200004115; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/click-confirm",nocase; classtype:attempted-recon; sid:200004116; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/coinspot-claim-bonus",nocase; classtype:attempted-recon; sid:200004117; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/community-details",nocase; classtype:attempted-recon; sid:200004118; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/confirm-click",nocase; classtype:attempted-recon; sid:200004119; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/edoardopolaccoufficiale",nocase; classtype:attempted-recon; sid:200004120; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/i-13orange",nocase; classtype:attempted-recon; sid:200004121; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/i-14orange",nocase; classtype:attempted-recon; sid:200004122; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/id-lockpages",nocase; classtype:attempted-recon; sid:200004123; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/id-locksystem",nocase; classtype:attempted-recon; sid:200004124; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/info-details-notification",nocase; classtype:attempted-recon; sid:200004125; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/ip13-orange",nocase; classtype:attempted-recon; sid:200004126; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/ip14-orange",nocase; classtype:attempted-recon; sid:200004127; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/lrs-gov1",nocase; classtype:attempted-recon; sid:200004128; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/main-pages",nocase; classtype:attempted-recon; sid:200004129; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/mr-pin",nocase; classtype:attempted-recon; sid:200004130; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/orange-id13",nocase; classtype:attempted-recon; sid:200004131; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/orange-id2",nocase; classtype:attempted-recon; sid:200004132; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/orange-id3",nocase; classtype:attempted-recon; sid:200004133; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/orange-id4",nocase; classtype:attempted-recon; sid:200004134; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/page-infromation",nocase; classtype:attempted-recon; sid:200004135; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/pandemicreliefpackage",nocase; classtype:attempted-recon; sid:200004136; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/policy-pages",nocase; classtype:attempted-recon; sid:200004137; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/portale-mps-attivazione",nocase; classtype:attempted-recon; sid:200004138; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/recoveryform",nocase; classtype:attempted-recon; sid:200004139; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bit.ly",nocase; http_uri; content:"/verifikasipemblokiran_id",nocase; classtype:attempted-recon; sid:200004140; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitflyertt.com",nocase; http_uri; content:"/#/",nocase; classtype:attempted-recon; sid:200004141; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitly.com",nocase; http_uri; content:"/2p3bbbs",nocase; classtype:attempted-recon; sid:200004142; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitly.com",nocase; http_uri; content:"/3aolo2y",nocase; classtype:attempted-recon; sid:200004143; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitly.com",nocase; http_uri; content:"/3bqoevf",nocase; classtype:attempted-recon; sid:200004144; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitly.com",nocase; http_uri; content:"/3g1epw3",nocase; classtype:attempted-recon; sid:200004145; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitly.com",nocase; http_uri; content:"/3jrtmmu",nocase; classtype:attempted-recon; sid:200004146; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitly.com",nocase; http_uri; content:"/3koilft",nocase; classtype:attempted-recon; sid:200004147; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitly.com",nocase; http_uri; content:"/3xmjxs4",nocase; classtype:attempted-recon; sid:200004148; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitly.com",nocase; http_uri; content:"/taxirsxcy",nocase; classtype:attempted-recon; sid:200004149; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitly.ws",nocase; http_uri; content:"/nlwp",nocase; classtype:attempted-recon; sid:200004150; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bitwayconnect.com",nocase; http_uri; content:"/en/wallets/",nocase; classtype:attempted-recon; sid:200004151; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"blackbearcccouk-my.sharepoint.com",nocase; http_uri; content:"/personal/accounts_blackbearcc_co_uk/_layouts/15/onedrive.aspx?id=%2fpersonal%2faccounts%5fblackbearcc%5fco%5fuk%2fdocuments%2fngb%20urgente%20substanti%c3%able%20update%20%5f%20voorstel%2epdf&amp\;parent=%2fpersonal%2faccounts%5fblackbearcc%5fco%5fuk%2fdocuments&amp\;originalpath=ahr0chm6ly9ibgfja2jlyxjjy2nvdwstbxkuc2hhcmvwb2ludc5jb20vomi6l2cvcgvyc29uywwvywnjb3vudhnfymxhy2tizwfyy2nfy29fdwsvrve5as01b19mukjbcutzeunhv3eznw9ccfbtmze3b2fsrnrgnhpzuenbvlfiqt9ydgltzt1tqjzyquroodjvzw",nocase; classtype:attempted-recon; sid:200004152; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bluehorse.in",nocase; http_uri; content:"/sella/info.html",nocase; classtype:attempted-recon; sid:200004153; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bodegalatinacorp-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/012dsd_fiestamart_com/_layouts/15/wopiframe.aspx?guestaccesstoken=t3v5ldmmhrtlw5cyiohlp9z4yo7ufnrop9j1plyfdkm%3d&docid=1_1d89d259f7e704301aca26ac4dbabaa8d&wdformid=%7bfeb771e5%2d93ee%2d4015%2d8e87%2dd1c30d0f406a%7d&action=formsubmit&cid=f609fe16-56c4-4e2b-a964-75e250d31c99",nocase; classtype:attempted-recon; sid:200004154; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bom.to",nocase; http_uri; content:"/nlozan9lgoapq",nocase; classtype:attempted-recon; sid:200004155; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bonomequedoencasa.blogspot.com",nocase; http_uri; content:"/?aplicar",nocase; classtype:attempted-recon; sid:200004156; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bpl.kr",nocase; http_uri; content:"/s9x",nocase; classtype:attempted-recon; sid:200004157; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"bre.is",nocase; http_uri; content:"/2r9pyocy",nocase; classtype:attempted-recon; sid:200004158; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"capstroyinvest.com",nocase; http_uri; content:"/assets/content/7fde14dcc130f933dfa5c0283d776eb9/?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft",nocase; classtype:attempted-recon; sid:200004159; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"capstroyinvest.com",nocase; http_uri; content:"/assets/content/c0e9ccedb57ca77a45d83f9bde98224b/?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft",nocase; classtype:attempted-recon; sid:200004160; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"capstroyinvest.com",nocase; http_uri; content:"/assets/content/c0e9ccedb57ca77a45d83f9bde98224b?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft",nocase; classtype:attempted-recon; sid:200004161; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"capstroyinvest.com",nocase; http_uri; content:"/assets/content/c4957ef2c1f1801d0506e35cc3b5a6a8/?user=3d{{email}}&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft",nocase; classtype:attempted-recon; sid:200004162; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"capstroyinvest.com",nocase; http_uri; content:"/assets/content/c4957ef2c1f1801d0506e35cc3b5a6a8?user=3d{{email}}&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft",nocase; classtype:attempted-recon; sid:200004163; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"capstroyinvest.com",nocase; http_uri; content:"/assets/content/d190a3ceefc52c12869c2bee7b9ed710/?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft",nocase; classtype:attempted-recon; sid:200004164; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"capstroyinvest.com",nocase; http_uri; content:"/assets/content/d190a3ceefc52c12869c2bee7b9ed710?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft",nocase; classtype:attempted-recon; sid:200004165; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"capstroyinvest.com",nocase; http_uri; content:"/assets/content/fcc3a33269bb5f281754c49ab86c3d4e/?user=3d{{email}}&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft",nocase; classtype:attempted-recon; sid:200004166; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cdn.shopify.com",nocase; http_uri; content:"/s/files/1/0533/5367/6992/t/3/assets/home.html",nocase; classtype:attempted-recon; sid:200004167; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"centromedicoviladomat.com",nocase; http_uri; content:"/index.php?option=com_content&view=article&id=67",nocase; classtype:attempted-recon; sid:200004168; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"chronopostvalidation.blogspot.com",nocase; http_uri; content:"/2021/02/blog-post_12.html",nocase; classtype:attempted-recon; sid:200004169; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ci3.googleusercontent.com",nocase; http_uri; content:"/proxy/rdh-rjsrv9zzrx57iscgov74o1gka4qjdfj01qr7v8-pkjgyvn50tivt7pzqgm5kuqdmonqle3f8eq_t8f4xl6jdozabmf2lxy-888ai8hdji633rg",nocase; classtype:attempted-recon; sid:200004170; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ci4.googleusercontent.com",nocase; http_uri; content:"/proxy/djc3ckf7jcnj8l0duyaqyjwffeskzbccy9spjiauj_jwrplgw0ahyaf1xozvm6n_fjn8q1-2vkhqqujjr1en3qej703lyxxujt6tto-ttwsl6hgsggp3ehcc",nocase; classtype:attempted-recon; sid:200004171; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ci4.googleusercontent.com",nocase; http_uri; content:"/proxy/zjba9cvtmkfnoveyofx6gqong0kqi3s69d9o2y32fmu_gankb59tj-rb79bolx0bwbsemnonfhh2esy9olfdp-20gybztkzstfhfheqrrjuefxwiwkqws29wxm6tdobikwz-qkzfphpaldfr",nocase; classtype:attempted-recon; sid:200004172; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cimslp-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/eric_cimsltd_com/_layouts/15/wopiframe.aspx?guestaccesstoken=wnhqsp58ikn1qzzozpe2oiw%2fmizdr53wegdbyscml7y%3d&amp\;docid=1_1207bcf2f71094b5cb97dcb5bea3e1a3a&amp\;wdformid=%7bd98de46a%2d2777%2d417f%2dbbcf%2d5f08c8244727%7d&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200004173; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"clck.ru",nocase; http_uri; content:"/yc8bd&post=665308711_37&cc_key",nocase; classtype:attempted-recon; sid:200004174; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"clck.ru",nocase; http_uri; content:"/yzuft&post=665308711_32&cc_key",nocase; classtype:attempted-recon; sid:200004175; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"click.icptrack.com",nocase; http_uri; content:"/icp/relay.php?r=57372110&amp\;msgid=807563&amp\;act=af7a&amp\;c=1365247&amp\;destination=https://www.linkedin.com/&amp\;cf=17638&amp\;v=6023ca6bc5e4f8b8568ed04ff6a646a7d7757336e750d772ecc1cb2b3b6063b4",nocase; classtype:attempted-recon; sid:200004176; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"click.message.fruit.com",nocase; http_uri; content:"/?qs=6541641088c869552ced792d84ee93eabf075e23cd5eba83a7d07a40ad9cf2ce36c931984719b9df7de658999defbc87f999ec46970a0280",nocase; classtype:attempted-recon; sid:200004177; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cloud-dot-chaser-331005.uk.r.appspot.com",nocase; http_uri; content:"/#moreinfo@widomaker.com",nocase; classtype:attempted-recon; sid:200004178; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"codepasta.app",nocase; http_uri; content:"/paste/c4tl1sfout2tbkhn5810/raw",nocase; classtype:attempted-recon; sid:200004179; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev",nocase; http_uri; content:"/#investor-relations@cyient.com",nocase; classtype:attempted-recon; sid:200004180; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"community-die.blogspot.com",nocase; http_uri; content:"/?!=%25_col_email%20address_%25",nocase; classtype:attempted-recon; sid:200004181; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"communitychurch-my.sharepoint.com",nocase; http_uri; content:"/:b:/g/personal/infonoreply_communitychurch_tv/eburrky2tklimiiiqf0ia5kbbhkaxaypf06-08wf9wjebq?e=w5jmrb",nocase; classtype:attempted-recon; sid:200004182; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"confabint.com",nocase; http_uri; content:"/discounts_services/writing/loginform2d0e.php",nocase; classtype:attempted-recon; sid:200004183; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"consultorioveterinario7colinas.pt",nocase; http_uri; content:"/it/userbcc/indexx.html",nocase; classtype:attempted-recon; sid:200004184; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"createchsoft.com",nocase; http_uri; content:"/wp-includes/js/crop/cm",nocase; classtype:attempted-recon; sid:200004185; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php",nocase; classtype:attempted-recon; sid:200004186; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?.rand=13inboxlight.aspx?n=1774256418",nocase; classtype:attempted-recon; sid:200004187; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?.rand=13inboxlight.aspx?n=1774256418&amp\;email=jackdavis@eureliosollutions.com&amp\;fid=1&amp\;fid=4&amp\;rand=13inboxlightaspxn.1774256418",nocase; classtype:attempted-recon; sid:200004188; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418",nocase; classtype:attempted-recon; sid:200004189; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;",nocase; classtype:attempted-recon; sid:200004190; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;amp",nocase; classtype:attempted-recon; sid:200004191; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;amp\;ampopensource:observable-35835700-0d08-4c25-a188-b8312ba00a941067515",nocase; classtype:attempted-recon; sid:200004192; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;ampopensource:observable-35835700-0d08-4c25-a188-b8312ba00a941067515",nocase; classtype:attempted-recon; sid:200004193; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;fid.4.1252899642&amp\;fid=1&amp\;fav.1&amp\;rand.13inboxlight.aspxn.1774256418&amp\;fid.1252899642&amp\;fid.1&amp\;fav.1&amp\;email=&amp\;.rand=13inboxlight.aspx?n=1774256418&amp\;fid=4",nocase; classtype:attempted-recon; sid:200004194; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;fid.4.1252899642&amp\;fid=4&amp\;fav.1&amp\;rand.13inboxlight.aspxn.1774256418&amp\;fid.1252899642&amp\;fid.1&amp\;email=jsmith@imaphost.com&amp\;.rand=13inboxlight.aspx?n=1774256418",nocase; classtype:attempted-recon; sid:200004195; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13inboxlight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=jackdavis@eureliosollutions.com&.rand=13inboxlight.aspx?n=1774256418&fid=4",nocase; classtype:attempted-recon; sid:200004196; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativecombat.com",nocase; http_uri; content:"/wp-admin/network/acct?email=jackdavis@eureliosollutions.com",nocase; classtype:attempted-recon; sid:200004197; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creativeingredient.com",nocase; http_uri; content:"/wp-includes/images/verify/update/y.html",nocase; classtype:attempted-recon; sid:200004198; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"creditiperhabbogratissicuro100.blogspot.com",nocase; http_uri; content:"/2011/02/habbo-crediti-gratis-sicuro-100.html",nocase; classtype:attempted-recon; sid:200004199; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cusstomerservicee.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004200; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"custream.com",nocase; http_uri; content:"/91eb6b959cd1249d6877/",nocase; classtype:attempted-recon; sid:200004201; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/2isbc3k",nocase; classtype:attempted-recon; sid:200004202; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/3yqokjg",nocase; classtype:attempted-recon; sid:200004203; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/3yy01ci",nocase; classtype:attempted-recon; sid:200004204; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/4ypfq09",nocase; classtype:attempted-recon; sid:200004205; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/5yhe1qn",nocase; classtype:attempted-recon; sid:200004206; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/7yqfwsn",nocase; classtype:attempted-recon; sid:200004207; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/aynunsk",nocase; classtype:attempted-recon; sid:200004208; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/ayw5mev",nocase; classtype:attempted-recon; sid:200004209; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/bundu4e?id/help/pages?ref=cr",nocase; classtype:attempted-recon; sid:200004210; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/byqp8mx",nocase; classtype:attempted-recon; sid:200004211; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/claiminc",nocase; classtype:attempted-recon; sid:200004212; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/ctmlfil",nocase; classtype:attempted-recon; sid:200004213; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/cyni5cc",nocase; classtype:attempted-recon; sid:200004214; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/cyqucr4",nocase; classtype:attempted-recon; sid:200004215; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/dkvkq49/",nocase; classtype:attempted-recon; sid:200004216; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/gyqdc7m",nocase; classtype:attempted-recon; sid:200004217; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/ingdirect-es",nocase; classtype:attempted-recon; sid:200004218; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/irsgov",nocase; classtype:attempted-recon; sid:200004219; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/iyn1owx",nocase; classtype:attempted-recon; sid:200004220; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/kiiataa",nocase; classtype:attempted-recon; sid:200004221; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/mynrk6q",nocase; classtype:attempted-recon; sid:200004222; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/ny0rjd4",nocase; classtype:attempted-recon; sid:200004223; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/nynglzu",nocase; classtype:attempted-recon; sid:200004224; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/nyxbpmv",nocase; classtype:attempted-recon; sid:200004225; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/oyqykkh",nocase; classtype:attempted-recon; sid:200004226; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/ptl7kd8",nocase; classtype:attempted-recon; sid:200004227; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/py2rr2z",nocase; classtype:attempted-recon; sid:200004228; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/pyqptqe",nocase; classtype:attempted-recon; sid:200004229; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/pywuwcj",nocase; classtype:attempted-recon; sid:200004230; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/qyc4svc",nocase; classtype:attempted-recon; sid:200004231; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/qymd2vc",nocase; classtype:attempted-recon; sid:200004232; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/rykpt4j",nocase; classtype:attempted-recon; sid:200004233; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/ryzqc5o",nocase; classtype:attempted-recon; sid:200004234; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/tyq6jn2",nocase; classtype:attempted-recon; sid:200004235; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/uybigpf",nocase; classtype:attempted-recon; sid:200004236; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/uydktcc",nocase; classtype:attempted-recon; sid:200004237; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/uyqji5z",nocase; classtype:attempted-recon; sid:200004238; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/uyx0po9",nocase; classtype:attempted-recon; sid:200004239; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/wyc154r",nocase; classtype:attempted-recon; sid:200004240; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/xynjuem",nocase; classtype:attempted-recon; sid:200004241; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cutt.ly",nocase; http_uri; content:"/ytv0uzv",nocase; classtype:attempted-recon; sid:200004242; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"cy.tc",nocase; http_uri; content:"/oglp",nocase; classtype:attempted-recon; sid:200004243; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"d854c624d7.gesundheitundschonheit.com",nocase; http_uri; content:"/#?act=cl&pid=34515_md&uid=1&vid=25&ofid=1615&lid=126&cid=17171",nocase; classtype:attempted-recon; sid:200004244; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"digisigner.com",nocase; http_uri; content:"/online/showdocument?documentid=1fce937a-ba39-4053-a83a-f07711ad8efd&invitationid=82f3e840-cd11-4da4-8579-304bd7e930b0",nocase; classtype:attempted-recon; sid:200004245; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/document/d/e/2pacx-1vszcwxk6nifthkg32wjxfjgq9yc-jjujkbsumqeeau8uw7xkcutyp0tbgux2mvwu8iqfrxxlunajob8/pub",nocase; classtype:attempted-recon; sid:200004246; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/document/d/e/2pacx-1vt_xl-m0ff8yqqhzhgseahgwejo0znh9re6w0qvgbe0qfe084hrebjjg673htphdnvbcdnq6agehncq/pub?mobilelogin",nocase; classtype:attempted-recon; sid:200004247; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/document/d/e/2pacx-1vth3iya0ov7p49rk9ejozgqnueuk8fna2mky389hertlwx4mnoyhl1mlhnwbz8sxnsqtk8i5uysmq68/pub?embedded=true",nocase; classtype:attempted-recon; sid:200004248; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/document/d/e/2pacx-1vts9czxqycsgi-quifs7m1mqjzmlcjlccnhw3dsahdss5ymnpy6y0vsgwvf3piu6js22ydjyew1oyo_/pub?embedded=true",nocase; classtype:attempted-recon; sid:200004249; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/12467akksjbdxtns1aefg-fo9hlxamtxynf5brvbz5tc/viewform?edit_requested=true",nocase; classtype:attempted-recon; sid:200004250; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/1fpyjsolbptidxpf23lqom1jghfw7qrvbbbfxxi82pzg/viewform?edit_requested=true",nocase; classtype:attempted-recon; sid:200004251; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsc-xysogohjsbzmcnoded8ooar2gz1c5zxobgk8envh3jbpow/viewform",nocase; classtype:attempted-recon; sid:200004252; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsc0yyqlieizg0nzouznvhsjfags1h9qi5hpdw3qlgbivm501q/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004253; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsc4bagzjzmstbnjhy7zpy5zsx-xrn7reoouolv54luk5tihha/viewform",nocase; classtype:attempted-recon; sid:200004254; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsc8uc5aztlek3s6dqtk1etorhez5m2yvubyw5qmfkpisrelcq/viewform?usp=pp_url",nocase; classtype:attempted-recon; sid:200004255; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsc_enqwhhv1jnvzy55mb4ghvjd4wcz9plnolh2eoitk7qgbra/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004256; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsc_f0pxmnwzrtbck6u06fdzocmhgzvjzlc8cu7c9b456fhccq/viewform",nocase; classtype:attempted-recon; sid:200004257; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscaoiohhbm7suyz9ol9o9ueunbxn6donxrfjge2cevdw_8jmw/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004258; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscc30j0zmjvz0ct-wi59yhnz9gimpj3snofe5vkbovmeykomg/viewform",nocase; classtype:attempted-recon; sid:200004259; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscc98m5fw4ifog0zeiuquxitizmisrgsdvyxvtxsppunpkwzq/viewform",nocase; classtype:attempted-recon; sid:200004260; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscclmqirehqtkm3vl4u9gm2zv6xfvrddbrgke9fmsfujqbboq/viewform",nocase; classtype:attempted-recon; sid:200004261; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscd8t8sjgxqrsa6dq5kjpmrpsxkvi4bl38sfdu7wa3sl32elg/viewform",nocase; classtype:attempted-recon; sid:200004262; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscda1to5ru4sjeeujg3ki2bimklprvsec6u43kpvhbfyhrldw/viewform",nocase; classtype:attempted-recon; sid:200004263; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscda1to5ru4sjeeujg3ki2bimklprvsec6u43kpvhbfyhrldw/viewform?usp=sf_link",nocase; classtype:attempted-recon; sid:200004264; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscdct8mue2qq3syjr4tnntol30jfdk8vwpco6yjh7dxnq5nyg/viewform",nocase; classtype:attempted-recon; sid:200004265; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscdct8mue2qq3syjr4tnntol30jfdk8vwpco6yjh7dxnq5nyg/viewform?usp=sf_link",nocase; classtype:attempted-recon; sid:200004266; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscdkcb2saiqfhtrh2inewegl56-jrv0e_ncfubvdmdprxpzfq/viewform",nocase; classtype:attempted-recon; sid:200004267; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscdkcb2saiqfhtrh2inewegl56-jrv0e_ncfubvdmdprxpzfq/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004268; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsceoxsfawdsbd2r-jk2sppywnv1bchzjjcw2xkcj7oqkwqriw/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004269; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscf9u8nrld-zvu6clr4jcwnw0buqrykdldtzoullbxy8kc1ta/viewform",nocase; classtype:attempted-recon; sid:200004270; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscfh2njwrve6_rkxxy1yz83keoeekd4maqcnd-ivq7rkg0uca/viewform",nocase; classtype:attempted-recon; sid:200004271; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscfmdl3il-2rcplfeq-12jtre1mwsgbnmh2nhoj9xoflmplew/viewform",nocase; classtype:attempted-recon; sid:200004272; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscirilop6_iti0zvvrlsbk8zfaeo-f10otlhj9k5liyervk4g/viewform",nocase; classtype:attempted-recon; sid:200004273; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscjtat4fmstlxz3hbfkg4qyi-epfdmun7_avcqwvgscoydytw/viewform",nocase; classtype:attempted-recon; sid:200004274; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscjvnhykksssaw-kycyrl6ywg_r3fdjuyqhk2mrmxcpgwfxoa/viewform",nocase; classtype:attempted-recon; sid:200004275; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscmzyecgbuuccfs_5e5axn9hpruzskqmvseedm0xz1qrqb5vg/viewform",nocase; classtype:attempted-recon; sid:200004276; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscn6xxq_xvtivggy_4rkibou1i27e0kpiimikafpaavki1vsq/viewform?usp=send_form&usp=embed_facebook",nocase; classtype:attempted-recon; sid:200004277; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscphvypdecdasu-iqnvt4bvkiu5g1fioskjyfi9gk2z69cemq/viewform",nocase; classtype:attempted-recon; sid:200004278; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscqbbsvkpxnasqgeazpzwxp1ln7qzdurt-nqn4azqa7q14euw/viewform",nocase; classtype:attempted-recon; sid:200004279; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscrgopduxv2yg9memppi-dzfii70kq8hr8pi5zn9o_5amr3xa/viewform",nocase; classtype:attempted-recon; sid:200004280; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscrmsgjymaojts0bfneswvnfekiw6zya5rzyqoa1ydp5wkcrw/viewform",nocase; classtype:attempted-recon; sid:200004281; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscuttypbph1iazuis8aa6xvrlmagwglmdcrrg8g2oymskvbva/viewform",nocase; classtype:attempted-recon; sid:200004282; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscuzwqncl3qs7cwfb7jlimpdueycxy0mv6zknp0uubdbkcu3w/viewform",nocase; classtype:attempted-recon; sid:200004283; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscvp9muuu33wgba4h5kugaleeh0onrqzug-b6n5aj5werrmaw/viewform",nocase; classtype:attempted-recon; sid:200004284; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscvqmhqgwbubzxdynzgvlbmmziyagdiadz2eyhc-s-ro8ndfq/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004285; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscxgbsqs0_gphf4vziykyu_g5rgytw2s9fir3lyfar7kaixew/viewform",nocase; classtype:attempted-recon; sid:200004286; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscxgbsqs0_gphf4vziykyu_g5rgytw2s9fir3lyfar7kaixew/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004287; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlscz4uf8dtvwhgxggkzsbbhjcgu9npgc6agxpy5o2fwpo6tv5q/viewform?usp=sf_link",nocase; classtype:attempted-recon; sid:200004288; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsczp3nbsyvoj5-wf-7k4xshjczyxvdc-lc679urtbl_k-9x8q/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004289; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsd1x00gqusaavdvp5ualsrctsjb80y9oy7yln6wwani40srpw/viewform",nocase; classtype:attempted-recon; sid:200004290; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsd1x00gqusaavdvp5ualsrctsjb80y9oy7yln6wwani40srpw/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004291; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsd3x6brnru3toiionptordwmc4zorxcky1ebpmeg6bb4jfuca/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004292; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsd7jgegqudsjg7blscqgfvdftyvlno6xreg6wjuxl0hnfbwtw/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;gxids=7628",nocase; classtype:attempted-recon; sid:200004293; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsd8_xzmknrntxwpeg8bvmvbbzmjsfgejo-vngsmyjx1dnidsg/viewform",nocase; classtype:attempted-recon; sid:200004294; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsd8vkw5fxeroe_pxa7n5cdfpukhahbg_7k7sg0iuosh_xsyoa/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004295; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsd9poeb_wmgffgg8taw4z_np0kdbo32gr35k1zxizj7lcdela/viewform",nocase; classtype:attempted-recon; sid:200004296; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsd_c4wpt0zzouwt5lr9p5kn5cylz3ananv1hlix6u_h36w1rg/viewform",nocase; classtype:attempted-recon; sid:200004297; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsda4flfi-1_gvwqnbb1dcxz_mb5omo9t2oc-vslzfgh6avrag/viewform",nocase; classtype:attempted-recon; sid:200004298; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdbgprbyowwcugqslasnoo-sbqcrgi6ppycsytvsw2_dwfeug/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004299; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdce9c1bqexlzlu9rojtuwtaatyeeshywbkmuiobrw_a-_mga/viewform",nocase; classtype:attempted-recon; sid:200004300; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdce9c1bqexlzlu9rojtuwtaatyeeshywbkmuiobrw_a-_mga/viewform?usp=pp_url",nocase; classtype:attempted-recon; sid:200004301; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdcznggxnwia2ct8kmxid1tdqhgerhnmixukxuj7nmq1lqsma/viewform",nocase; classtype:attempted-recon; sid:200004302; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdfarxg-0eurkyimsg-ukgl4mbtgvwfhe1wzbdxmb7oaosnyg/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004303; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdfyxb1kjjvkaiwbbpbgr0dfaq1xx2ehhzbxnt3adndssy1yw/viewform",nocase; classtype:attempted-recon; sid:200004304; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdfyxb1kjjvkaiwbbpbgr0dfaq1xx2ehhzbxnt3adndssy1yw/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004305; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdgxybkn7btnmkuuyyoe0rlbw8kmdgbwejv6l52fjbm9vledg/viewform",nocase; classtype:attempted-recon; sid:200004306; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdinjm_qvdbv3roybqi073rm1pujmrrs7lid7c3qk-4xwweew/viewform",nocase; classtype:attempted-recon; sid:200004307; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdlwgxgjcqz_53lnvyfaiibnkptndldhs4vd0c__6lufv81zq/viewform",nocase; classtype:attempted-recon; sid:200004308; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdmsww4edj2yofwdenmvl3uvyibigishgajtsfa7chvcan0wg/viewform",nocase; classtype:attempted-recon; sid:200004309; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdmsww4edj2yofwdenmvl3uvyibigishgajtsfa7chvcan0wg/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004310; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdnngh7an2vfxw1k7cotxcb24wwne2qcm3j5deelwsn676z2q/viewform?usp=pp_url",nocase; classtype:attempted-recon; sid:200004311; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdpetadtoy4qkid3frxtq_jkthudhyvm17bkmb8iqonismzvw/viewform",nocase; classtype:attempted-recon; sid:200004312; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdvo-nueiprck-o5gw7-bnmsz9jvwlyspeqfhfr2g2osbsrba/viewform",nocase; classtype:attempted-recon; sid:200004313; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdvwkczn_rxvn1522z1mcojbs40ymrctyizpyuv72_0wbypgq/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004314; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdwbz5hapgqojwjyndeeyjxamg0wnaj3kolh3fb6xf4c-fxjw/viewform",nocase; classtype:attempted-recon; sid:200004315; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdwbz5hapgqojwjyndeeyjxamg0wnaj3kolh3fb6xf4c-fxjw/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004316; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdxm-rwnv41p3wdcbtetukrctoakvuoe1h_uy8jgnxy7kldza/viewform",nocase; classtype:attempted-recon; sid:200004317; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdy1071rbhheyidjzo6fw5busqot5eunllw_thawo6udamfaq/viewform",nocase; classtype:attempted-recon; sid:200004318; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdybqflfptobqslhflytic3g936bnojaljztk6ct1d5mjvnnw/viewform",nocase; classtype:attempted-recon; sid:200004319; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdyygc4-s_a1dcdvcf9z9n1yhvz2dnehdr2aij-bcetxe2csg/viewform",nocase; classtype:attempted-recon; sid:200004320; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsdzrubbm3nrqdzjs6q7phutjgmn-dm8zquphjg9ge31q7bdhg/viewform",nocase; classtype:attempted-recon; sid:200004321; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlse3-zgmg83lctfks0egmambwonybkscrvxix--n1azwngkphg/viewform",nocase; classtype:attempted-recon; sid:200004322; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlse5htthgifmniezokiypnjjhanvkvlehsrk9esgcpoauqutiw/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004323; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlse8ds15kxxdcrhfspcfrbvy6sbdhp0e4540zzmhhvzouewvka/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link",nocase; classtype:attempted-recon; sid:200004324; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlse_mo9pzgdahzdgz0wctr7lm0cqm_zwos8ljc4cqgtvnqfmfq/viewform",nocase; classtype:attempted-recon; sid:200004325; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseaoj1gseoc72inocx9jofb1nqgqm81_firdsookdvnd4fz3q/viewform",nocase; classtype:attempted-recon; sid:200004326; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsebpakzyvtprhygwe23jlsdieyoca0jtiyy-f68nqwofparww/viewform",nocase; classtype:attempted-recon; sid:200004327; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsebyedalhc7exqq5fljf8x1akbwz0h8l8ojbx5nx3go7bh3sa/viewform",nocase; classtype:attempted-recon; sid:200004328; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsebyedalhc7exqq5fljf8x1akbwz0h8l8ojbx5nx3go7bh3sa/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004329; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseck8-g3um70ihw-ajfait5whcec3qdowobizswz8_-et_jkq/viewform",nocase; classtype:attempted-recon; sid:200004330; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsed7ckwpjf0hndj7zb3qtjmirtkv6pwcrmhplptuczapfmdew/viewform",nocase; classtype:attempted-recon; sid:200004331; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseerl98zqhhsjdo_vwhfzft3njmrw-es6isa689uqc2opalkg/viewform",nocase; classtype:attempted-recon; sid:200004332; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsefdjhvlb8j4f16k5uewfckrm6sxun7mb8kmt6hnsw4twzb1a/viewform",nocase; classtype:attempted-recon; sid:200004333; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsefv5nkokmsxbkw84jsid2gwxxq8hhcvvajj-hjwl43irewza/viewform?vc=0&amp\;c=0&amp\;w=1",nocase; classtype:attempted-recon; sid:200004334; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseggxi9u9oxdijtvvfpdkom7-bau-dstzgnovfyndrhxtk_ew/viewform?fbzx=450838898210045776",nocase; classtype:attempted-recon; sid:200004335; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseht4cdltkad8967jjarcb5nafonbaw3dtpynth9mdk94hf-q/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004336; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseirld9oyigwxmec2bc-ax4yd-m-rhezlne00aminsjf0uteq/viewform",nocase; classtype:attempted-recon; sid:200004337; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseja63wnjv6158neslzqwlnlui4yluhb0nlou-vx0ehpwkexg/viewform",nocase; classtype:attempted-recon; sid:200004338; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsejavlqdkikylynqlg6p7kyfu4qnlyy31opnfttucuhgmek4a/viewform",nocase; classtype:attempted-recon; sid:200004339; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsekx9ewwwdcej4qewpnqgzq3bzhqogrop2ui9vxaeswphzyvq/viewform",nocase; classtype:attempted-recon; sid:200004340; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsemwyrvcln1ql8uxd0dsiswveuehikz5hwalfeni7jjfaefmg/viewform?usp=sf_link",nocase; classtype:attempted-recon; sid:200004341; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseoz9zpmm0c0fjksklv-p1hsrwsuybmj6bvbd_fkewzzcv_ea/viewform?usp=pp_url",nocase; classtype:attempted-recon; sid:200004342; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsepe4jevfm3mjc-vndxuq_9wjpc7afrjadkxvp8czawh27cqg/viewform?usp=sf_link",nocase; classtype:attempted-recon; sid:200004343; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseq5h3-5stw3bwnpoi6g-gfwcgej7q82incdm01dd1lf182iq/viewform",nocase; classtype:attempted-recon; sid:200004344; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseqdx2wgybdxlhascsuopq1xqsmwrxjf4erl_cpmvtt96dq_g/viewform",nocase; classtype:attempted-recon; sid:200004345; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlser-b6q--nvif2fj7nbn88dh8lj-s2yfbgjyuygwsacbhm6lw/viewform",nocase; classtype:attempted-recon; sid:200004346; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsesuqyiwovf64ujl8ewzqpw-vq7_ljhh96vouros2rqn1vunw/viewform",nocase; classtype:attempted-recon; sid:200004347; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseszgantjzuxgteg0dsiizzmadcwjbjqcsri5nidod2rd2_lg/viewform",nocase; classtype:attempted-recon; sid:200004348; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlset42bzecl3yrdnnffv6f7kecxpd1sy4rbh3h3govwg1k1z1w/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004349; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlseumxp-wga1x873upqxmi_hx8nbbllh12zzmxia1xuqp2mgbq/viewform",nocase; classtype:attempted-recon; sid:200004350; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsevpkt1byhl-oqjptw8wbecnm7-iqnax-mz8zd-mxp0fol3jg/viewform",nocase; classtype:attempted-recon; sid:200004351; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsewr7-ksdpydhc1tv8tkcxrlad8zrf3q_uqt-rj9a_fmmzxya/viewform",nocase; classtype:attempted-recon; sid:200004352; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsewr7-ksdpydhc1tv8tkcxrlad8zrf3q_uqt-rj9a_fmmzxya/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004353; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsewymtg0_yxlw9-prz205ldklpt1q0_aklvlput4ndg_coetq/viewform",nocase; classtype:attempted-recon; sid:200004354; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsf-exsf9vm0rleksdp46wa2dfca3dhphayf4tl4rktjvmgguw/viewform",nocase; classtype:attempted-recon; sid:200004355; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsf32hx6ujsi_gqji38udpamxxxnhyrx8qhmqcqnteinj_0cmg/viewform",nocase; classtype:attempted-recon; sid:200004356; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsf43dgkrjoe0kbhyqzxvaswkmbstzlu6x-40xi-sxxgfevhww/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link",nocase; classtype:attempted-recon; sid:200004357; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsf9wlt_kxvre3b2hhpi0hcx4zia83c9bbkabo4w15nfekvwuw/viewform",nocase; classtype:attempted-recon; sid:200004358; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfacaqo8c7hsu7mr6zkbsfulv8m710ke2qna_7tyusomgmtjw/viewform",nocase; classtype:attempted-recon; sid:200004359; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfacaqo8c7hsu7mr6zkbsfulv8m710ke2qna_7tyusomgmtjw/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004360; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfanborkr2ivrhpsjdnvnb-jktwkjbuub3wnsxb-md7haddsq/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004361; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfbu-bfa-om2nk21gbc1gbbeoy4veybh7qcrj8jw7nwthmh_w/viewform",nocase; classtype:attempted-recon; sid:200004362; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfeoy_w3jwkkz8psgsw4nrja9tmg2lx0x0nvtmv38k0hjzzmq/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004363; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfgrkvxsp4vv3h2jpge8n2rwi_acvt3o91y4av8-nbjpc0xxw/viewform?c=0&amp\;w=1",nocase; classtype:attempted-recon; sid:200004364; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfhzli805cycnlai887dfo6ra8bwbwjbc8uehmv5amiaqdbyq/viewform",nocase; classtype:attempted-recon; sid:200004365; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfjpx-sxpejnp_q2fmfu0jy8oqoesrx9wbrqplcychw9luupa/viewform",nocase; classtype:attempted-recon; sid:200004366; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfjsgjhbjke-mlmni8cfg1tacz-hdpvmy5j2br9upjr1f7nda/viewform",nocase; classtype:attempted-recon; sid:200004367; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfjsgjhbjke-mlmni8cfg1tacz-hdpvmy5j2br9upjr1f7nda/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004368; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfk9fn6xlhju27dzlzxp6nzvjlaqbtzb3uf20uakw6ddguvnw/viewform",nocase; classtype:attempted-recon; sid:200004369; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfk9fn6xlhju27dzlzxp6nzvjlaqbtzb3uf20uakw6ddguvnw/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004370; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfk9hpkld9-qwaxs8b0cpslaw2-oomu6bcwpxkmp-fo8kr3ew/viewform",nocase; classtype:attempted-recon; sid:200004371; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfksirdejkit-tdeiwrnkf00ygsqdsqth0hmwydiqdik10tna/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004372; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfnjyzbmw-pd1byw4b4opoksx2cealounsnhg5fjc3fk1qocq/viewform",nocase; classtype:attempted-recon; sid:200004373; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfnlsbejsiacubkj2geltmn7slefoweeczuagp3jfmfkijg4a/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004374; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsforgq2zksc0soenei1m7xcow9surjrynoh6ppsku6_kxvdpw/viewform?usp=sf_link",nocase; classtype:attempted-recon; sid:200004375; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfp1eukgsktriyraz2csynqwfwtv6ehlnbszu69dbxz9lirtq/viewform",nocase; classtype:attempted-recon; sid:200004376; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfp1eukgsktriyraz2csynqwfwtv6ehlnbszu69dbxz9lirtq/viewform?usp=send_form",nocase; classtype:attempted-recon; sid:200004377; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfpvmlfha5uwdz_4bnvq19l2mctpltose6aszym6w9ls0hxza/viewform",nocase; classtype:attempted-recon; sid:200004378; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfqpqpbuxrrc0ubvtbrr86nxa4pt68zft0bm_2ufdvt1tzvuw/viewform",nocase; classtype:attempted-recon; sid:200004379; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfrzt6zpkhgtvzqutkypqtjffxaucn3evqpf6ytbqug3t41yw/viewform?usp=pp_urlorganization",nocase; classtype:attempted-recon; sid:200004380; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfsia_g4fb5yg_cu8fjuxcndbgqz1setzfedm0cw0eaonb57g/viewform?usp=sf_link",nocase; classtype:attempted-recon; sid:200004381; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsftriyys-rvphnbmh6v6lyimxjy3rpog8xvtb3v1agqhawiva/viewform?usp=sf_link",nocase; classtype:attempted-recon; sid:200004382; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfuzr1yx2exrzt3ysxszgcawjpp45t9gz3nqtkvhfqslxw_ig/viewform",nocase; classtype:attempted-recon; sid:200004383; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfvgwgijgampx2qfseard_pb2bcyonllojnjhrv9qxb8vpeva/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link",nocase; classtype:attempted-recon; sid:200004384; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfvgwgijgampx2qfseard_pb2bcyonllojnjhrv9qxb8vpeva/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link",nocase; classtype:attempted-recon; sid:200004385; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfvhavjlgw4__-x0qdg5tbot5uo9vkn4csn8mx3lpvkdah8ag/viewform",nocase; classtype:attempted-recon; sid:200004386; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfwbcfrxuktidm2ctjalngebxbx4k_dijxbekg2y-naausaqw/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link",nocase; classtype:attempted-recon; sid:200004387; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfwdsuczwrih_wnciwh_qjpg1v5p-qk8zyjjoccpbhmyeygrq/viewform",nocase; classtype:attempted-recon; sid:200004388; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfygwrauuzg0kcnd6w_s42qneyhqpha0zs1rift0akntmlugq/viewform",nocase; classtype:attempted-recon; sid:200004389; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/forms/d/e/1faipqlsfzhyjvw1nn6bvqhbwmd3rcrm6gukuzir5u9tmsszmcrr8nyw/viewform",nocase; classtype:attempted-recon; sid:200004390; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"docs.google.com",nocase; http_uri; content:"/presentation/d/e/2pacx-1vrp2k-b45tcwcadgwzkulyaqrs1f9vfjs3y19o6fs_7p34ymzwuascr7lkuijhc83-o6fmsbbvehcf2/pub?start=false&amp\;loop=false&amp\;delayms=3000&amp\;slide=id.p",nocase; classtype:attempted-recon; sid:200004391; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/19zpw90jgon3j5merxi1pauvkjdmx8nfq/edit",nocase; classtype:attempted-recon; sid:200004392; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1bcdyitw2vo5jp6yrbdmiy8cfrkcf4tby/view?usp=drive_web",nocase; classtype:attempted-recon; sid:200004393; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1c5o9_y8_octsepwyojfarn1k-kj4d9fe",nocase; classtype:attempted-recon; sid:200004394; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1cppgzjnodnftsks_w82um_b_ctgzn-ah/edit",nocase; classtype:attempted-recon; sid:200004395; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1fdgs5g6fqqkudcl2meym63ua3yu0o-tb/view?usp=drive_web",nocase; classtype:attempted-recon; sid:200004396; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1fsvmjkcq7ennrsfdufkcxshfhnda_fui/view",nocase; classtype:attempted-recon; sid:200004397; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1ginbnlpvt7kpfnog9a68fqmn7k3aivui",nocase; classtype:attempted-recon; sid:200004398; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1hdvx7j89h5l7yz39idgzhqji93jnkl_c/view",nocase; classtype:attempted-recon; sid:200004399; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1jixb69t_nw9tmkhvfrejkfzof3d-ijet/view",nocase; classtype:attempted-recon; sid:200004400; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1jvfh6wq9ea9kxr1shhwbh3pecflqzppc/edit",nocase; classtype:attempted-recon; sid:200004401; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1mg5asnyoeet7qsg2n0d_2paxc3j7wx3k/edit",nocase; classtype:attempted-recon; sid:200004402; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1qf58h-1lunq1pubplwdhwd3uooj_vjxa/view",nocase; classtype:attempted-recon; sid:200004403; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"drive.google.com",nocase; http_uri; content:"/file/d/1robiosanbh8doqa7yuiewn3akz4094ho/edit",nocase; classtype:attempted-recon; sid:200004404; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ecomcrew.staging.wpengine.com",nocase; http_uri; content:"/wp-content/plugins/alldomain/domain/dmain/index.php?i=i&amp\;0=abuse@optusnet.com.au",nocase; classtype:attempted-recon; sid:200004405; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ecusltd-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/angela_ure_ecusltd_co_uk/_layouts/15/wopiframe.aspx?guestaccesstoken=umwosbguhwaqic3hhtqfly7zjwf8oggrcn6d%2bggohoc%3d&docid=1_1956f6e254d71417a89981b2a1c8d0a99&wdformid=%7be61ca4f5-c461-425a-a52e-4598e7b699e5%7d&action=formsubmit&cid=4ab9a2a7-7cf4-43ae-8149-ffead8d66e7b",nocase; classtype:attempted-recon; sid:200004406; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eeverywhere-my.sharepoint.com",nocase; http_uri; content:"/personal/marco_eeverywhere_com/_layouts/15/onedrive.aspx?id=/personal/marco_eeverywhere_com/documents/documents&amp\;originalpath=ahr0chm6ly9lzxzlcnl3agvyzs1tes5zagfyzxbvaw50lmnvbs86zjovcc9tyxjjby9fcwhvbeq1x3hltknorzbdmdvvmgjvvujoy1z3b25futjvejhtlwxqrg9svwvrp3j0aw1lpvduaunytfu4mlvn",nocase; classtype:attempted-recon; sid:200004407; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eleoelswka.blogspot.com",nocase; http_uri; content:"/?m&#61\;0",nocase; classtype:attempted-recon; sid:200004408; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ersfilter-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=t6t%2fhn1dkbyhlyx%2beimbazufa43rrgz6%2faaaewnocdi%3d&docid=1_18168db23429e45f29fdf2e7be120efc4&wdformid=%7bb9970f62%2d44c3%2d4d09%2d9929%2d6e1eb652da57%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200004409; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ersfilter-my.sharepoint.com",nocase; http_uri; content:"/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=6ywmlbqi9%20sjfgzhadhvte2gyowjf83iqbjrjehik4s=&amp\;docid=1_135f7008dfbfa44e6b09dab0eb165b997&amp\;wdformid={e037f2d9-5daa-4916-ba03-eb11d0aa6dea}&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200004410; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ersfilter-my.sharepoint.com",nocase; http_uri; content:"/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=6ywmlbqi9%2bsjfgzhadhvte2gyowjf83iqbjrjehik4s%3d&docid=1_135f7008dfbfa44e6b09dab0eb165b997&wdformid=%7be037f2d9%2d5daa%2d4916%2dba03%2deb11d0aa6dea%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200004411; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eu.questionpro.com",nocase; http_uri; content:"/a/takesurvey?tt=/p9xlsw/pwa97qdwq8ubbg%3d%3d",nocase; classtype:attempted-recon; sid:200004412; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eu.questionpro.com",nocase; http_uri; content:"/t/ab3uufjzb3vk20",nocase; classtype:attempted-recon; sid:200004413; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"eurobankovnikredit.com",nocase; http_uri; content:"/?fbclid=iwar3cu_8pblosqw-rwa7evcrs5jpl6zvzkou0qrf7vl9oqge4h2ctmcxrdyk",nocase; classtype:attempted-recon; sid:200004414; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"evernote.com",nocase; http_uri; content:"/shard/s339/client/snv?noteguid=f48e12fd-48da-e57f-8e76-cdf6e4054e1d&amp\;notekey=02a9fa6bd051dc6b4581ee3b617b3f88&amp\;sn=https://www.evernote.com/shard/s339/sh/f48e12fd-48da-e57f-8e76-cdf6e4054e1d/02a9fa6bd051dc6b4581ee3b617b3f88&amp\;title=optus%20webmail",nocase; classtype:attempted-recon; sid:200004415; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"evernote.com",nocase; http_uri; content:"/shard/s446/client/snv?noteguid=4dc119ab-57d6-b8e0-4fcb-c11c0a637b94&notekey=9ddb3753cb700b0c86a78176be71f4f5&sn=https%3a%2f%2fwww.evernote.com%2fshard%2fs446%2fsh%2f4dc119ab-57d6-b8e0-4fcb-c11c0a637b94%2f9ddb3753cb700b0c86a78176be71f4f5&title=you%2bhave%2breceived%2ban%2binvoice.",nocase; classtype:attempted-recon; sid:200004416; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"evernote.com",nocase; http_uri; content:"/shard/s446/sh/4dc119ab-57d6-b8e0-4fcb-c11c0a637b94/9ddb3753cb700b0c86a78176be71f4f5",nocase; classtype:attempted-recon; sid:200004417; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"everythingmobilelimited-my.sharepoint.com",nocase; http_uri; content:"/personal/jameswaterston_everythingmobilelimited_onmicrosoft_com/_layouts/15/onedrive.aspx",nocase; classtype:attempted-recon; sid:200004418; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"excelelectrical0-my.sharepoint.com",nocase; http_uri; content:"/personal/tim_hansen_excelelectrical_com/_layouts/15/onedrive.aspx?id=/personal/tim_hansen_excelelectrical_com/documents/open%20to%20view%20shared%20document%20in%20hitech%20sharepoint&amp\;originalpath=ahr0chm6ly9legnlbgvszwn0cmljywwwlw15lnnoyxjlcg9pbnquy29tlzpmoi9nl3blcnnvbmfsl3rpbv9oyw5zzw5fzxhjzwxlbgvjdhjpy2fsx2nvbs9fa2zoazdydndfaettvl9pwulkctdzmejlveeyr3awzwjnsdfkrgdjrfdfttznp3j0aw1lpunrvevzrwxcmlvn",nocase; classtype:attempted-recon; sid:200004419; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exch.quantserve.com",nocase; http_uri; content:"/r?us_privacy=&amp\;a=p-w_ayumw3pzr2w&amp\;labels=_qc.clk,_click.adserver.rtb,_click.rand.60541&amp\;rtbip=192.184.70.137&amp\;rtbdata2=eaaaiencvf9odwdnzxrzx1e0mjfftwfuywdlzf9tzxj2awnlimofncj-jtiws_b-ohnodhrwczovl3d3dy5syxcuy29twihbt0llsefpmvdcvwi0vmdxvi1julfbztjdullinvfzuuitwjdutjfpdu3bfukaayfd3aqeoaebqahv4fyeugeawahq-aniadv5u4til9obfllxavhtz0fpaghnqs1sufktuvntqkhlaarzydroawsyaviznracclocbmc4ronaagliagdqas7hhvv4n_fmqqhgagdoagd4agckaxywlnb1yi0xmjyxotkyndq0odazodc1mamaqamasgmejmh7angd_dgd4gmpcc13x0fzdu13m1baujj36gmfcngfefryawu5mjeymfgdaiaeayoedxf1yw50y2fzdc1xyzhybajvuw&amp\;redirecturl3=https://www.cbtnuggets.com/?utm_source=quantcast&amp\;utm_medium=prospecting&amp\;utm_campaign=general_us&amp\;utm_term=testimonial&amp\;qc_campaign=cbt_nuggets_q421_managed_service&amp\;qc_adid=2078771",nocase; classtype:attempted-recon; sid:200004420; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"exchange4free.com",nocase; http_uri; content:"/remote/mandate/4jya9anuerrpmikrph7-j5pl9nyz_uw1bc7q1vvmmhw",nocase; classtype:attempted-recon; sid:200004421; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"explorebathurst.com.au",nocase; http_uri; content:"/rrefeeieoj.html?erectrcsq@*cthiytvcdx$zsxycuikjmkjivee$terdtygjyvtrre",nocase; classtype:attempted-recon; sid:200004422; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fbapps.milestoneinternet.com",nocase; http_uri; content:"/gvrmpushnotification/nbproject/private/fbapps/melis/",nocase; classtype:attempted-recon; sid:200004423; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fclighting.sharepoint.com",nocase; http_uri; content:"/:x:/r/customercare/_layouts/15/wopiframe.aspx?guestaccesstoken=ce%2fd5uzxeu8hlntd6e5v18nttv4whxgmlwyudt4igom%3d&docid=1_1eb5df03726a240859b223a44b8b16724&wdformid=%7bb8008e00-21bc-4a4a-91dc-1e1b63610c96%7d&action=formsubmit&cid=c766f7bd-9562-4c9e-a9b0-75cf38b33e48",nocase; classtype:attempted-recon; sid:200004424; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"feeds.feedburner.com",nocase; http_uri; content:"/investorway",nocase; classtype:attempted-recon; sid:200004425; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ferferfccezs.blogspot.com",nocase; http_uri; content:"//?m=0",nocase; classtype:attempted-recon; sid:200004426; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ferferfrefe.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004427; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fifit.co.uk",nocase; http_uri; content:"/jelxwqrcrvhj&amp\;ijosing&amp\;kontakt@wmb-walther.de.html",nocase; classtype:attempted-recon; sid:200004428; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"files.fm",nocase; http_uri; content:"/f/75h75hd7v",nocase; classtype:attempted-recon; sid:200004429; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/biyugbhiuhgy7o900-h9oh98h9-987.appspot.com/o/vnmbvuyt8-8y98yh0%3d890y8iuh9yyh%2f5rtyfghtfyu67-9876trfc%3d9ygv.htm?alt=media&amp\;token=dce6f041-19ff-4e8a-8012-1cfdac4cf369#bv@pplsi.com",nocase; classtype:attempted-recon; sid:200004430; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/dr-clin-c4f68.appspot.com/o/drweb.html?alt=media&amp\;token=09293ba9-0738-41ea-9cf3-67cb43af2b88&amp\;x=famacas-cfa0appspotappspotmacas-macas-vfwefsaxsppspotcfa0ps&amp\;prox=p2000isolation@aaa.kr",nocase; classtype:attempted-recon; sid:200004431; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/dr-clin-c4f68.appspot.com/o/drweb.html?alt=media&amp\;token=09293ba9-0738-41ea-9cf3-67cb43af2b88&amp\;x=famacas-cfa0appspotappspotmacas-macas-vfwefsaxsppspotcfa0ps&amp\;prox=yourname@yourcompany.com",nocase; classtype:attempted-recon; sid:200004432; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/goo2-ac630.appspot.com/o/goo%20(2).html?alt=media&amp\;token=2d1281a2-3364-420f-a3b5-c693b7bda1f2#a@b.com",nocase; classtype:attempted-recon; sid:200004433; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/macryti-109.appspot.com/o/kp-oe0%2fbtt-hash.html?alt=media&amp\;token=02abe8bd-5141-4b5a-a7d4-08120e5f43dd#choiteng@motenghaiplc.com",nocase; classtype:attempted-recon; sid:200004434; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/ntachi-e1dbe.appspot.com/o/hgigieiciejceinhviejrie95489349%20(19).html?alt=media&amp\;token=5901e369-e71e-416b-9688-b21c62e31587#m.couvee@colasit.nl",nocase; classtype:attempted-recon; sid:200004435; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/odrv-3c4a4.appspot.com/o/index1.html?alt=media&amp\;token=11958c2a-34a6-4ed1-a1b5-081ec066cb95&amp\;data=zxzhbi5ncmvzagftqg1py2hlbglulmnvbq==",nocase; classtype:attempted-recon; sid:200004436; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/outlook-4c0f2.appspot.com/o/books%2fwebmail.htm?alt=media&amp\;token=216401d2-aba7-42f4-8fd5-9b672cade830#abuse@optusnet.com.au",nocase; classtype:attempted-recon; sid:200004437; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/outlook-4c0f2.appspot.com/o/books%2fwebmail.htm?alt=media&amp\;token=216401d2-aba7-42f4-8fd5-9b672cade830#tiekimas@tidlo.lt",nocase; classtype:attempted-recon; sid:200004438; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/rei-rezuio-rexire-565.appspot.com/o/%40%40%40indexv-vb-vau-ry-8%252fbv-yu-er-8f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%20-%20copy.html?alt=media&amp\;token=da92acdd-870d-4049-b9ac-f0d373777f06#info@legalshield.com",nocase; classtype:attempted-recon; sid:200004439; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/rei-rezuio-rexire-565.appspot.com/o/%40%40%40indexv-vb-vau-ry-8%252fbv-yu-er-8f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%20-%20copy.html?alt=media&amp\;token=da92acdd-870d-4049-b9ac-f0d373777f06#support@legalshieldcorp.com",nocase; classtype:attempted-recon; sid:200004440; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/rned-a824v.appspot.com/o/gen%252findex2oli.html?alt=media&amp\;token=828c2259-c86f-442e-91a0-8d43a1fe7d8b#abuse@optusnet.com.au",nocase; classtype:attempted-recon; sid:200004441; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"firebasestorage.googleapis.com",nocase; http_uri; content:"/v0/b/tei-neriou-reuix-678.appspot.com/o/%40%40%40indexv-vb-veu-ry-8%25433%2569.html?alt=media&amp\;token=6b0a9c43-8711-491b-9f40-50ad280ffb32#ggradnigo@prepaidlegal.com",nocase; classtype:attempted-recon; sid:200004442; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flavena.co.rs",nocase; http_uri; content:"/mc.html",nocase; classtype:attempted-recon; sid:200004443; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flow.page",nocase; http_uri; content:"/btinternetwebmail",nocase; classtype:attempted-recon; sid:200004444; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flow.page",nocase; http_uri; content:"/bttelecoommunication",nocase; classtype:attempted-recon; sid:200004445; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flow.page",nocase; http_uri; content:"/hdhdhdeue",nocase; classtype:attempted-recon; sid:200004446; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flow.page",nocase; http_uri; content:"/hjbsvjhfb",nocase; classtype:attempted-recon; sid:200004447; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flow.page",nocase; http_uri; content:"/jhgcfghj",nocase; classtype:attempted-recon; sid:200004448; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flow.page",nocase; http_uri; content:"/mnkpo",nocase; classtype:attempted-recon; sid:200004449; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flow.page",nocase; http_uri; content:"/nicszdbaiodi",nocase; classtype:attempted-recon; sid:200004450; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flowcode.com",nocase; http_uri; content:"/p/vf7vfv9ky?fc=0",nocase; classtype:attempted-recon; sid:200004451; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flowcode.com",nocase; http_uri; content:"/page/btinternetwebmail",nocase; classtype:attempted-recon; sid:200004452; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flowcode.com",nocase; http_uri; content:"/page/btisojtuf",nocase; classtype:attempted-recon; sid:200004453; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flowcode.com",nocase; http_uri; content:"/page/bttelecommunicaation",nocase; classtype:attempted-recon; sid:200004454; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flowcode.com",nocase; http_uri; content:"/page/bttelecoommunication",nocase; classtype:attempted-recon; sid:200004455; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flowcode.com",nocase; http_uri; content:"/page/hjbsvjhfb",nocase; classtype:attempted-recon; sid:200004456; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flowcode.com",nocase; http_uri; content:"/page/jhgcfghj",nocase; classtype:attempted-recon; sid:200004457; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"flowcode.com",nocase; http_uri; content:"/page/mnkpo",nocase; classtype:attempted-recon; sid:200004458; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/1mqqu8exzgpptqpl8",nocase; classtype:attempted-recon; sid:200004459; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/3cyoxmwxqkbfpt2v5",nocase; classtype:attempted-recon; sid:200004460; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/8epxhwdapiab7mfw7",nocase; classtype:attempted-recon; sid:200004461; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/9bwawhpz5vi7ilpe6",nocase; classtype:attempted-recon; sid:200004462; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/akohiguxjs9wlpu28?sllqm",nocase; classtype:attempted-recon; sid:200004463; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/b7lqaal42juffiw1a",nocase; classtype:attempted-recon; sid:200004464; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/bfz2l7i3wvrp5heb9",nocase; classtype:attempted-recon; sid:200004465; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/dncj4btc56n1n71n8",nocase; classtype:attempted-recon; sid:200004466; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/edtu6r7rqxqyegcf6",nocase; classtype:attempted-recon; sid:200004467; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/egj66jkgwkcd3aat8",nocase; classtype:attempted-recon; sid:200004468; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/eozlrnnf7jh84xdp8",nocase; classtype:attempted-recon; sid:200004469; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/fzlons3fgnjdqdd19?omgbfzrazhlppbtx",nocase; classtype:attempted-recon; sid:200004470; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/goerpntl5tfeumdz6",nocase; classtype:attempted-recon; sid:200004471; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/gr4b9sxradtcj7or7",nocase; classtype:attempted-recon; sid:200004472; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/guptjarp2xatzbvo8",nocase; classtype:attempted-recon; sid:200004473; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/iai7pzm4pxyb145i9",nocase; classtype:attempted-recon; sid:200004474; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/jnkkauxwwbfhtuqz9?hkgotygikyoujp",nocase; classtype:attempted-recon; sid:200004475; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/jzxtb9auexgjcewfa",nocase; classtype:attempted-recon; sid:200004476; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/kehch96avaku7oey7?akowgmooutpwa",nocase; classtype:attempted-recon; sid:200004477; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/nvljeb1quzaovd8u5",nocase; classtype:attempted-recon; sid:200004478; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/puadbxscibgw5ma79?xfccuwmmhgwrwztd",nocase; classtype:attempted-recon; sid:200004479; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/qhwastfqxg1yehi77",nocase; classtype:attempted-recon; sid:200004480; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/qzopkn9aj2gzaw2g6",nocase; classtype:attempted-recon; sid:200004481; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/ruaxzqjjzghi8rar9",nocase; classtype:attempted-recon; sid:200004482; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/rwpcmhm8vtfa7f4m8",nocase; classtype:attempted-recon; sid:200004483; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/sj21ehdebhkcpvfv6",nocase; classtype:attempted-recon; sid:200004484; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/smufgmyhduckbq6ka?fjxhgyroek",nocase; classtype:attempted-recon; sid:200004485; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/uqzzznxv4cfhu3yr9",nocase; classtype:attempted-recon; sid:200004486; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/v5xtnywt5s6zvpp27",nocase; classtype:attempted-recon; sid:200004487; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/v7k2chwbcca59vz27",nocase; classtype:attempted-recon; sid:200004488; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/w6uh9p66tdq6l1m66",nocase; classtype:attempted-recon; sid:200004489; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/x3aasffazsrl8pcr9",nocase; classtype:attempted-recon; sid:200004490; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/x8hybjggubfftabw8",nocase; classtype:attempted-recon; sid:200004491; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/xxccjhuzjtg4pr3y8",nocase; classtype:attempted-recon; sid:200004492; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/xxjqmu6luzkpnalg6",nocase; classtype:attempted-recon; sid:200004493; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.gle",nocase; http_uri; content:"/yfxkceytox2zuyvb6",nocase; classtype:attempted-recon; sid:200004494; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.office.com",nocase; http_uri; content:"/pages/responsepage.aspx?id=60hhzfbtoe-qdzpnyrluyo-ivxb0mexgqufvg5tcyifunzg5uknzne1irjzvt1y3slewrepwnflmvs4u",nocase; classtype:attempted-recon; sid:200004495; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.office.com",nocase; http_uri; content:"/pages/responsepage.aspx?id=dqsikwdsw0yxejajblztrqaaaaaaaaaaaao__tdasqlurfrqmjzxneyxn0g3vexutfvzq0mztu9fms4u",nocase; classtype:attempted-recon; sid:200004496; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.office.com",nocase; http_uri; content:"/pages/responsepage.aspx?id=dqsikwdsw0yxejajblztrqaaaaaaaaaaaao__thg5xvuodnbwtvytzhwwdnctknvovo4tldctexmvi4u",nocase; classtype:attempted-recon; sid:200004497; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"forms.office.com",nocase; http_uri; content:"/pages/responsepage.aspx?id=jrbxvx3x9keewcq72hm6fnkqekonandcsjd9av060h5urepumvvgmks2te41rfewmlletulvufnuqy4u",nocase; classtype:attempted-recon; sid:200004498; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fra1.digitaloceanspaces.com",nocase; http_uri; content:"/gmaingt/server.html",nocase; classtype:attempted-recon; sid:200004499; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"frdezeredaresafin.blogspot.com",nocase; http_uri; content:"/?m&#61\;0",nocase; classtype:attempted-recon; sid:200004500; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"fredsamasont.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004501; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go.skimresources.com",nocase; http_uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fewn4zq5fegh6bf3qpasy44v&amp\;persistence=1&amp\;checksum=3d7975c121a1d514f1b3a9facb177a78f25e1326da6497ae9cf35e33ba436119",nocase; classtype:attempted-recon; sid:200004502; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go.skimresources.com",nocase; http_uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fewn4zx501vbg1xj6vr2hk10&amp\;persistence=1&amp\;checksum=fc555be29c86e6e13177069b7632770b2cb9f30b36d229624f37be1cb2475704",nocase; classtype:attempted-recon; sid:200004503; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go.skimresources.com",nocase; http_uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fexfpq10qje7acrftnz6v4zb&amp\;persistence=1&amp\;checksum=5916a09fb5c03e4187a58ae7221dbc20e8568b5840df4b6f3eb57227975bd2ce",nocase; classtype:attempted-recon; sid:200004504; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go.skimresources.com",nocase; http_uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fey1pewqgha9bqebgbvwe95n&amp\;persistence=1&amp\;checksum=3fefba73b68799e5152bf7031ce8a7b1a300456243ee123a27f6efca31d9f055",nocase; classtype:attempted-recon; sid:200004505; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go.skimresources.com",nocase; http_uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fez46yyrvh6f0bbehn8h419h&amp\;persistence=1&amp\;checksum=069f46345ac935567ad562a3d64a332066064c97f8feae803d555f9cc820c561",nocase; classtype:attempted-recon; sid:200004506; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go.skimresources.com",nocase; http_uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fezncfbjbj86yneatjn0qvt4&amp\;persistence=1&amp\;checksum=8142350e161acc6cb246be1d05d596973a1d3ac50af1f3594ee9ea462c87a4ef",nocase; classtype:attempted-recon; sid:200004507; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go.skimresources.com",nocase; http_uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01ff06m6n2q43m6zcaqrh8xpm2&amp\;persistence=1&amp\;checksum=26e140f8abae23dd0c8dd547390a4deb9fc54b1acf3539d8aa44fb19e04902ef",nocase; classtype:attempted-recon; sid:200004508; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"go.skimresources.com",nocase; http_uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01ff0qxy635yfpkrdaxav47j5k&amp\;persistence=1&amp\;checksum=cb2e0f7328d6ffea0e15a24046095a0bb98d27d4488e822bea4b181763f2eb0b",nocase; classtype:attempted-recon; sid:200004509; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"google.com",nocase; http_uri; content:"/url?q=http%3a%2f%2fbit.do%2ffr6ci&sa=d&sntz=1&usg=afqjcne7joz-iz-adrzkrxcihj8t9fs9qw",nocase; classtype:attempted-recon; sid:200004510; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"google.com",nocase; http_uri; content:"/url?q=http%3a%2f%2fbit.do%2ffsgjq&amp\;sa=d&amp\;sntz=1&amp\;usg=afqjcngvqc30z-4hiaizv03gpwblwu3vnw",nocase; classtype:attempted-recon; sid:200004511; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"google.com",nocase; http_uri; content:"/url?q=http://srv-auth.web.app/upd/index.html%23%5b%5b-email-%5d%5d&amp\;source=gmail&amp\;ust=1607952068298000&amp\;usg=afqjcnet34jepejaewvja8unv7ycds1vjg",nocase; classtype:attempted-recon; sid:200004512; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"google.com",nocase; http_uri; content:"/url?q=https://393512dfd8544c98be9a40f2f67df8bd.svc.dynamics.com/t/r/a7uua5shyiplufx4zj7f6u2clgtguiagoxngfoio4am?clientid%3d70000%23%5bemail%5d%2b00-70000&amp\;source=gmail&amp\;ust=1636719774661000&amp\;usg=aovvaw2fsk8htfwhsfqapvbu674n",nocase; classtype:attempted-recon; sid:200004513; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"google.com",nocase; http_uri; content:"/url?q=https://passionfruit4576261.brizy.site/&amp\;source=gmail&amp\;ust=1608664764243000&amp\;usg=afqjcnghljnr1tyn8j4c1ijid09ra9ehdq",nocase; classtype:attempted-recon; sid:200004514; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"google.com",nocase; http_uri; content:"/url?q=https://us4-usndr.com/ru/mail_link_tracker?hash%3d6k5ar5ciusdx1q1tdgm8atcrexmonyy3xdfiogu7zr6gb6gtthpqk7fm8tz4gzkjftg9oouu31eqdro67dtgwnn5x1p3ziiieq8rykja%26url%3dahr0chm6ly90lm1ll2fhegnvbw11bml0eq~~%26uid%3dndmwndy3nw~~%26ucs%3dd93ed45d47070739243d9b678dd03e93&amp\;source=gmail&amp\;ust=1607288611770000&amp\;usg=afqjcngo5kdwx08p-bg6mzdtluzdjhtzxw",nocase; classtype:attempted-recon; sid:200004515; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"googleweblight.com",nocase; http_uri; content:"/fp?u=https://tinyurl.com/32xz989f&grqid=zbk35vud&s=1&hl=id-id",nocase; classtype:attempted-recon; sid:200004516; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"googleweblight.com",nocase; http_uri; content:"/i?u=a894ec7f.46t33454t4.pages.dev?user=masoli@legalshieldassociate.com",nocase; classtype:attempted-recon; sid:200004517; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"googleweblight.com",nocase; http_uri; content:"/i?u=b4e921f0.sso-mailsrvr-4344e5teed.pages.dev?user=abuse@gmail.com",nocase; classtype:attempted-recon; sid:200004518; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gormanusa-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/tspencer_gormanusa_com/_layouts/15/wopiframe.aspx?guestaccesstoken=wgfwcmmssvdsofa7ljviwaj85tleclug2xbvoqwlmp0%3d&amp\;docid=1_12424441d8c29412bb868684e5cb74e47&amp\;wdformid=%7b992e319a%2dbe72%2d460b%2db6b4%2d2d3fcf789fc5%7d&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200004519; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"gradcracker.com",nocase; http_uri; content:"/out/408?jobid=29207&u=princed.de?id=8400239909",nocase; classtype:attempted-recon; sid:200004520; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hafslundno.blogspot.com",nocase; http_uri; content:"/2021/12/hafslund.html",nocase; classtype:attempted-recon; sid:200004521; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/1kzic",nocase; classtype:attempted-recon; sid:200004522; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/4ds15",nocase; classtype:attempted-recon; sid:200004523; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/6qnhc",nocase; classtype:attempted-recon; sid:200004524; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/dghpp",nocase; classtype:attempted-recon; sid:200004525; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/f1itl",nocase; classtype:attempted-recon; sid:200004526; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/fmjiu",nocase; classtype:attempted-recon; sid:200004527; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/g9yl5",nocase; classtype:attempted-recon; sid:200004528; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/i51rh",nocase; classtype:attempted-recon; sid:200004529; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/lmiyt",nocase; classtype:attempted-recon; sid:200004530; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/m8ikv",nocase; classtype:attempted-recon; sid:200004531; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/o0ugq",nocase; classtype:attempted-recon; sid:200004532; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/ta0lq",nocase; classtype:attempted-recon; sid:200004533; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/ue2ho",nocase; classtype:attempted-recon; sid:200004534; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/urq2m",nocase; classtype:attempted-recon; sid:200004535; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/vfywl",nocase; classtype:attempted-recon; sid:200004536; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/w27iz",nocase; classtype:attempted-recon; sid:200004537; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/xegru",nocase; classtype:attempted-recon; sid:200004538; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"han.gl",nocase; http_uri; content:"/zlbow",nocase; classtype:attempted-recon; sid:200004539; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hangovertest1.blogspot.com",nocase; http_uri; content:"/2021/12/window.html",nocase; classtype:attempted-recon; sid:200004540; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"heaterintwintersz.ams3.digitaloceanspaces.com",nocase; http_uri; content:"/yuhgbfvdfvbtytrvdfbgt.html",nocase; classtype:attempted-recon; sid:200004541; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"hm.ru",nocase; http_uri; content:"/mz4yho",nocase; classtype:attempted-recon; sid:200004542; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"homeentertainmentexpo.com",nocase; http_uri; content:"/zeland.html",nocase; classtype:attempted-recon; sid:200004543; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"house18.info",nocase; http_uri; content:"/themes/engines/ira.xml",nocase; classtype:attempted-recon; sid:200004544; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"href.li",nocase; http_uri; content:"/?https://trimurl.co/0wsx7z",nocase; classtype:attempted-recon; sid:200004545; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"href.li",nocase; http_uri; content:"/?https://www.rkat2.2r-p.xyz/",nocase; classtype:attempted-recon; sid:200004546; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"href.li",nocase; http_uri; content:"/?https://ykm.de/f4b990c239777330",nocase; classtype:attempted-recon; sid:200004547; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"href.li?https:",nocase; http_uri; content:"//ykm.de/f4b990c239777330",nocase; classtype:attempted-recon; sid:200004548; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ht.ly",nocase; http_uri; content:"/hgav30ruohf",nocase; classtype:attempted-recon; sid:200004549; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ht.ly",nocase; http_uri; content:"/shoh30rwmdj?10/13/2021",nocase; classtype:attempted-recon; sid:200004550; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"i-m.mx",nocase; http_uri; content:"/ebuse/servic",nocase; classtype:attempted-recon; sid:200004551; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"i-m.mx",nocase; http_uri; content:"/webaccountupdate/stockholmsuniversitet/",nocase; classtype:attempted-recon; sid:200004552; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ifyufyujk.quip.com",nocase; http_uri; content:"/mdkea5ckpozm/click-here-to-start",nocase; classtype:attempted-recon; sid:200004553; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"igsasso-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/pginet_groupe-igs_fr/_layouts/15/wopiframe.aspx?guestaccesstoken=o1ljzjnq70g8yg6w%2fce3ec9zu3%2bg6ck6ibkmhwt3wl0%3d&amp\;docid=1_1c2a91e87cc7a4ffb85611d8ebf31f653&amp\;wdformid=%7bcdf56303%2d9250%2d4cf1%2d8370%2db3f9a84cd714%7d&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200004554; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"im-creator.com",nocase; http_uri; content:"/free/4t6u/bt",nocase; classtype:attempted-recon; sid:200004555; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"im-creator.com",nocase; http_uri; content:"/free/kennymoore12/btinternet",nocase; classtype:attempted-recon; sid:200004556; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"im-creator.com",nocase; http_uri; content:"/free/kfouo/btcommmms",nocase; classtype:attempted-recon; sid:200004557; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"im-creator.com",nocase; http_uri; content:"/free/msw0rd/att_word",nocase; classtype:attempted-recon; sid:200004558; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"im-creator.com",nocase; http_uri; content:"/viewer/vbid-fa0f29d5-fpsjmms8",nocase; classtype:attempted-recon; sid:200004559; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"imagematch300.com",nocase; http_uri; content:"/survey/27415/source=39-4621",nocase; classtype:attempted-recon; sid:200004560; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"imcreator.com",nocase; http_uri; content:"/viewer/vbid-fa0f29d5-fpsjmms8",nocase; classtype:attempted-recon; sid:200004561; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"improvproject.com",nocase; http_uri; content:"/appmanager/renouvellement-automatique-obligatoire/ovh/managerweb-ovhdepartmenttechniqueovh/web.index.html5400configuration_hosting_database/web-ovh/vh/?user-agent=mozilla/5.0+(windows+nt+10.0\;+win64\;+x64)+applewebkit/537.36+(khtml,+like+gecko)+chrome/86.0.4240.75+safari/537.36",nocase; classtype:attempted-recon; sid:200004562; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"imxprs.com",nocase; http_uri; content:"/free/emailupdatee/owaweb",nocase; classtype:attempted-recon; sid:200004563; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"imxprs.com",nocase; http_uri; content:"/free/outlookwebaccessupgrade/outlookwebaccessupgrade",nocase; classtype:attempted-recon; sid:200004564; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"imxprs.com",nocase; http_uri; content:"/free/webmaiil/accounttportal",nocase; classtype:attempted-recon; sid:200004565; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"insurance2019.moneynet.com.tw",nocase; http_uri; content:"/wp-admin/maint/?hash=a2fyaw5hywxtzwlkyxjpymvpcm9aag90bwfpbc5jb20=",nocase; classtype:attempted-recon; sid:200004566; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"is.gd",nocase; http_uri; content:"/areawebmps",nocase; classtype:attempted-recon; sid:200004567; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"is.gd",nocase; http_uri; content:"/clnhxv",nocase; classtype:attempted-recon; sid:200004568; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"is.gd",nocase; http_uri; content:"/f0iqhg?trackingid=lxyqpvnl&signature=newsletter",nocase; classtype:attempted-recon; sid:200004569; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"is.gd",nocase; http_uri; content:"/t1xeia",nocase; classtype:attempted-recon; sid:200004570; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"j.mp",nocase; http_uri; content:"/3arx6oo",nocase; classtype:attempted-recon; sid:200004571; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"j.mp",nocase; http_uri; content:"/3gydg8x?/supporrecovery",nocase; classtype:attempted-recon; sid:200004572; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"j.mp",nocase; http_uri; content:"/3i22f5g?jnlope",nocase; classtype:attempted-recon; sid:200004573; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"j.mp",nocase; http_uri; content:"/3kkkf0n",nocase; classtype:attempted-recon; sid:200004574; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"jtbtigers.com",nocase; http_uri; content:"/65g2g",nocase; classtype:attempted-recon; sid:200004575; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"k12inc-my.sharepoint.com",nocase; http_uri; content:"/personal/jdonahue_k12_com/_layouts/15/wopiframe.aspx?guestaccesstoken=jxndynkzmynao0nofzmhz4t%2fk%2br%2fg7qir2agrjo42ha%3d&docid=1_12252b23331654ef4bf8ef978a8eb83ee&wdformid=%7b2711d93c%2d7591%2d4baa%2db377%2dcf40ba8c7343%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200004576; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kutt.it",nocase; http_uri; content:"/c07czi",nocase; classtype:attempted-recon; sid:200004577; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"kutt.it",nocase; http_uri; content:"/l3leph",nocase; classtype:attempted-recon; sid:200004578; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l.wl.co",nocase; http_uri; content:"/l?u=https://claimthirdpaymnet.page.link/mvfa?trackingid=4rcleqvo&signature=newsletter",nocase; classtype:attempted-recon; sid:200004579; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l.wl.co",nocase; http_uri; content:"/l?u=https://claimthirdpaymnet.page.link/mvfa?trackingid=xx6dnmzz&signature=newsletter",nocase; classtype:attempted-recon; sid:200004580; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l.wl.co",nocase; http_uri; content:"/l?u=https://is.gd/f0iqhg?trackingid=kzg8g3od&signature=newsletter",nocase; classtype:attempted-recon; sid:200004581; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l.wl.co",nocase; http_uri; content:"/l?u=https://is.gd/vohpj6?trackingid=rt6fxwgl&signature=newsletter",nocase; classtype:attempted-recon; sid:200004582; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l.wl.co",nocase; http_uri; content:"/l?u=https://parg.co/bewg?trackingid=egqfrhlp&signature=newsletter",nocase; classtype:attempted-recon; sid:200004583; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l.wl.co",nocase; http_uri; content:"/l?u=https://submit.irs.completeyourdata.info/?claim",nocase; classtype:attempted-recon; sid:200004584; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l.wl.co",nocase; http_uri; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=cvhzehjl&signature=newsletter",nocase; classtype:attempted-recon; sid:200004585; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l.wl.co",nocase; http_uri; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=nwb0pxlg&signature=newsletter",nocase; classtype:attempted-recon; sid:200004586; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"l.wl.co",nocase; http_uri; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=wqdypvka&signature=newsletter",nocase; classtype:attempted-recon; sid:200004587; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lifeiswhatyoumakeofit.com",nocase; http_uri; content:"/match_login/match.com/match/login1876.html",nocase; classtype:attempted-recon; sid:200004588; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lihi1.cc",nocase; http_uri; content:"/fqg9x",nocase; classtype:attempted-recon; sid:200004589; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lihi1.cc",nocase; http_uri; content:"/uh2xv",nocase; classtype:attempted-recon; sid:200004590; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkedin.com",nocase; http_uri; content:"/slink?code=ek5cbk8g",nocase; classtype:attempted-recon; sid:200004591; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkprotect.cudasvc.com",nocase; http_uri; content:"/url?a=https://u25098085.ct.sendgrid.net/ls/click?upn=4o0yybebwwobmwye6nfxf74k9v8ctniui1j2zge2nz95e9lyg4bkzyeqhmb7dtwcz7ioun-2bn1j8mpzi-2fpiiskt0bhpz08nwukegu0uqqki2h1s5yghctgcifqu-2bw1xclixrd_0qvnbxqwscekttpgl5skkts6yu-2batmdqkyh3bke4v1frfd55qka72zddyevzyat2nxv1k3yz6k8mwivrnsgvysy0wagfn8g5lfrsekexaptnpwfu0cediip-2bx7vwnyo9s20tqt2-2bj-2bvkbnfrh9uuad9j9stqo-2bcbol-2fjxsacxht5mztqgwx1c5d6x4fkpu32hmnetd1eimxhhfmzkxiukogw4aalovfcjsym0u8gjpy-3d&amp\;c=e,1,2vluk9dfc0eb8l7-rios2j4nvvlmg8fu0rs0_haoaqpf_7ary6vt_oiimum26g-03mgzmsvdmzlfwohfhlogn3z77jluyi415qw9iw3dptggs_9sfqsq4a,,&amp\;typo=1",nocase; classtype:attempted-recon; sid:200004592; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkr.bio",nocase; http_uri; content:"/2oj172",nocase; classtype:attempted-recon; sid:200004593; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkr.bio",nocase; http_uri; content:"/5254ov",nocase; classtype:attempted-recon; sid:200004594; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkr.bio",nocase; http_uri; content:"/9o5vz8",nocase; classtype:attempted-recon; sid:200004595; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkr.bio",nocase; http_uri; content:"/attservice365",nocase; classtype:attempted-recon; sid:200004596; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkr.bio",nocase; http_uri; content:"/bt.home",nocase; classtype:attempted-recon; sid:200004597; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkr.bio",nocase; http_uri; content:"/btinternet",nocase; classtype:attempted-recon; sid:200004598; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linkr.bio",nocase; http_uri; content:"/w1vl9o",nocase; classtype:attempted-recon; sid:200004599; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/attmailserver",nocase; classtype:attempted-recon; sid:200004600; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/attonlineservice",nocase; classtype:attempted-recon; sid:200004601; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/attverificationpro",nocase; classtype:attempted-recon; sid:200004602; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/btelop",nocase; classtype:attempted-recon; sid:200004603; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/btinternettt",nocase; classtype:attempted-recon; sid:200004604; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/d.emery1",nocase; classtype:attempted-recon; sid:200004605; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/dannygeez",nocase; classtype:attempted-recon; sid:200004606; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/feetesuqshailhkaia",nocase; classtype:attempted-recon; sid:200004607; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/ftggtgrtt",nocase; classtype:attempted-recon; sid:200004608; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/keedkudi",nocase; classtype:attempted-recon; sid:200004609; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/mobicomgb",nocase; classtype:attempted-recon; sid:200004610; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/nbvkl",nocase; classtype:attempted-recon; sid:200004611; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/plkjh",nocase; classtype:attempted-recon; sid:200004612; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/pubgxmetrodus",nocase; classtype:attempted-recon; sid:200004613; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/savermail.yahoo",nocase; classtype:attempted-recon; sid:200004614; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/service.orange",nocase; classtype:attempted-recon; sid:200004615; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/teccalicious",nocase; classtype:attempted-recon; sid:200004616; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"linktr.ee",nocase; http_uri; content:"/yah00nccx",nocase; classtype:attempted-recon; sid:200004617; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"livenmitac-my.sharepoint.com",nocase; http_uri; content:"/personal/czarina-cabalza_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=bcxwl3a7ttskgw2polh3cucg2dfe77pbj2gkmixkizs%3d&docid=1_1b87bddf46e1144efadb39c587acdadae&wdformid=%7b5b4e96cf%2d1bcd%2d468f%2da845%2d09b4d8027bc2%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200004618; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"livenmitac-my.sharepoint.com",nocase; http_uri; content:"/personal/czarina-cabalza_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=bcxwl3a7ttskgw2polh3cucg2dfe77pbj2gkmixkizs=&amp\;docid=1_1b87bddf46e1144efadb39c587acdadae&amp\;wdformid={5b4e96cf-1bcd-468f-a845-09b4d8027bc2}&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200004619; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"livenmitac-my.sharepoint.com",nocase; http_uri; content:"/personal/czarina-cabalza_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=fnyckzjagh3z%2bl1cadcdqxot6rfyhmeonulx7ksc7pq%3d&docid=1_15129478f60da40db8395b5675832ef56&wdformid=%7b000c8ab1%2dcbc8%2d44e3%2dac19%2d0015f01b771e%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200004620; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"livenmitac-my.sharepoint.com",nocase; http_uri; content:"/personal/hannah-daly_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=ia5uzzon3iviku4f3pxemyhhabfwkpdjirpftfear%2fk%3d&docid=1_169208e425ed84fea9fd294a6886d67e9&wdformid=%7b06255f86%2d4bf9%2d4ee8%2dbd7e%2dfef81913a79b%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200004621; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"livenmitac-my.sharepoint.com",nocase; http_uri; content:"/personal/hannah-daly_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=ia5uzzon3iviku4f3pxemyhhabfwkpdjirpftfear/k=&amp\;docid=1_169208e425ed84fea9fd294a6886d67e9&amp\;wdformid={06255f86-4bf9-4ee8-bd7e-fef81913a79b}&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200004622; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnkd.in",nocase; http_uri; content:"/d8ruzprc",nocase; classtype:attempted-recon; sid:200004623; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnkd.in",nocase; http_uri; content:"/di6hueus",nocase; classtype:attempted-recon; sid:200004624; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnkd.in",nocase; http_uri; content:"/dn4fff29",nocase; classtype:attempted-recon; sid:200004625; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnkd.in",nocase; http_uri; content:"/edxjbzfy",nocase; classtype:attempted-recon; sid:200004626; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnkd.in",nocase; http_uri; content:"/emruebe2",nocase; classtype:attempted-recon; sid:200004627; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnkd.in",nocase; http_uri; content:"/eqjcnf2u",nocase; classtype:attempted-recon; sid:200004628; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"lnkd.in",nocase; http_uri; content:"/gib6fpsz",nocase; classtype:attempted-recon; sid:200004629; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"login.xfinity.meculinkvolt.com",nocase; http_uri; content:"/home/?6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d",nocase; classtype:attempted-recon; sid:200004630; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"magyarpoosta.blogspot.com",nocase; http_uri; content:"/2021/02/blog-post.html",nocase; classtype:attempted-recon; sid:200004631; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.hfcfit.com",nocase; http_uri; content:"/forms/forms/form1.html",nocase; classtype:attempted-recon; sid:200004632; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/179.32.144.1585349/sucursalpersonas.transaccionesbancolombia.com/mua",nocase; classtype:attempted-recon; sid:200004633; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/179.32.144.1585349/sucursalpersonas.transaccionesbancolombia.com/mua/",nocase; classtype:attempted-recon; sid:200004634; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/181.143.31.2028037/sucursalpersonas.transaccionesbancolombia.com/mua",nocase; classtype:attempted-recon; sid:200004635; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/181.143.31.2028037/sucursalpersonas.transaccionesbancolombia.com/mua/",nocase; classtype:attempted-recon; sid:200004636; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/186.154.25.1064023/sucursalpersonas.transaccionesbancolombia.com/mua",nocase; classtype:attempted-recon; sid:200004637; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/186.154.25.1064023/sucursalpersonas.transaccionesbancolombia.com/mua/",nocase; classtype:attempted-recon; sid:200004638; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/190.27.90.2077221/sucursalpersonas.transaccionesbancolombia.com/mua/index.html",nocase; classtype:attempted-recon; sid:200004639; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/190.61.55.2105806/sucursalpersonas.transaccionesbancolombia.com/mua/index.html",nocase; classtype:attempted-recon; sid:200004640; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/191.110.122.835718/sucursalpersonas.transaccionesbancolombia.com/mua",nocase; classtype:attempted-recon; sid:200004641; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/191.110.122.835718/sucursalpersonas.transaccionesbancolombia.com/mua/",nocase; classtype:attempted-recon; sid:200004642; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/191.95.152.1287758/sucursalpersonas.transaccionesbancolombia.com/mua/index.html",nocase; classtype:attempted-recon; sid:200004643; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mail.trendset.com.ar.ci3.toservers.com",nocase; http_uri; content:"/mua/201.233.42.1501206/sucursalpersonas.transaccionesbancolombia.com/mua/index.html",nocase; classtype:attempted-recon; sid:200004644; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mamasitasont.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004645; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/1gne6",nocase; classtype:attempted-recon; sid:200004646; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/6w9qj",nocase; classtype:attempted-recon; sid:200004647; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/77srn",nocase; classtype:attempted-recon; sid:200004648; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/g50gq",nocase; classtype:attempted-recon; sid:200004649; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/hfldu",nocase; classtype:attempted-recon; sid:200004650; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/ibyyn",nocase; classtype:attempted-recon; sid:200004651; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/ij3t9",nocase; classtype:attempted-recon; sid:200004652; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/jlrbo",nocase; classtype:attempted-recon; sid:200004653; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/qpwha",nocase; classtype:attempted-recon; sid:200004654; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/reu8w",nocase; classtype:attempted-recon; sid:200004655; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"me2.kr",nocase; http_uri; content:"/sb6ww",nocase; classtype:attempted-recon; sid:200004656; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"meet.google.com",nocase; http_uri; content:"/linkredirect?authuser=0&amp\;dest=https%3a%2f%2flinktr.ee%2fpaypai.serviceid?idtrack=kzsykctt",nocase; classtype:attempted-recon; sid:200004657; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mi.jetblue.com",nocase; http_uri; content:"/p/cp/0ccc3066dc2bcd17/c?mi_u=87923176&mi_origin=&url=http://email.stickercanada.com/t?entity_type=2&entity_id=32534&email_pref_id=34785928&sent_id=1600423397&service_id=22668&redirect_url=https:/relievehotmailonly.cloudns.cl/imagineme/ionos.php",nocase; classtype:attempted-recon; sid:200004658; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"milanno342.blogspot.com",nocase; http_uri; content:"/2020/11/fiyatlar.html",nocase; classtype:attempted-recon; sid:200004659; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"monstercarp.rn86.ru",nocase; http_uri; content:"/dvtygtgvrv.html?ggcdraewqaszxfdxcgchjbjnhbgvfcdrxtcyvbuninhbygtfcrx",nocase; classtype:attempted-recon; sid:200004660; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my.forms.app",nocase; http_uri; content:"/form/60deff002ca34f5aa4985ab3",nocase; classtype:attempted-recon; sid:200004661; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my.forms.app",nocase; http_uri; content:"/form/6112452ca3f6e60d511bad0d",nocase; classtype:attempted-recon; sid:200004662; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"my.forms.app",nocase; http_uri; content:"/leboncoin-service/confirmationpaiement-1",nocase; classtype:attempted-recon; sid:200004663; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"mybrenger-transport.com",nocase; http_uri; content:"/app/views/abn/identification.php",nocase; classtype:attempted-recon; sid:200004664; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"myparc.sharepoint.com",nocase; http_uri; content:"/:x:/r/_layouts/15/wopiframe.aspx?guestaccesstoken=xvdowzk%2bkm4wndrziofnpfcj8fb8rkrsqt%2bkybvollg%3d&docid=1_16fb1a2a3e2f9468aa7cebc35874c9da0&wdformid=%7b95111770-0103-492b-8c70-e9625f96b49a%7d&action=formsubmit&cid=4d02a372-8b83-4120-84b5-1d9a2a3492dd",nocase; classtype:attempted-recon; sid:200004665; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"netorg6600800-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/ginger_gingerfountain_com/_layouts/15/wopiframe.aspx?guestaccesstoken=gpys8ex7ys1urrzbfeasvlexkodtrovmmcpn%2brsnebs%3d&amp\;docid=1_1882b07b5eb5643d2bdaa63426324ef0e&amp\;wdformid=%7b9bd54af1%2dee16%2d4e07%2d8d62%2d6e9b76e47512%7d&amp\;action=formsubmit&amp\;cid=9adf3e74-8cc1-4e36-b545-c9165fcafde7",nocase; classtype:attempted-recon; sid:200004666; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"netorgft2223515-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/leon_leongavartin_com/_layouts/15/wopiframe.aspx?guestaccesstoken=rpanwaz3gooz0d20j9wu7zzskog8p5egpbt4oc5j5bq%3d&docid=1_137b486a2059c4fc7b670d2ddb8f27254&wdformid=%7b07fe213f%2d4079%2d45b9%2db73f%2dfa9809248dd7%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200004667; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nexoinmobiliario.pe",nocase; http_uri; content:"/bancos/interbank",nocase; classtype:attempted-recon; sid:200004668; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"nihmt.com",nocase; http_uri; content:"/examination/admitpanel/filemanager/5365678587",nocase; classtype:attempted-recon; sid:200004669; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"norwayposten.blogspot.com",nocase; http_uri; content:"/2021/02/blog-post.html",nocase; classtype:attempted-recon; sid:200004670; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"objectstorage.us-phoenix-1.oraclecloud.com",nocase; http_uri; content:"/n/axjt4zimmriy/b/cherishppps-20210930-1214/o/spaceblack.html",nocase; classtype:attempted-recon; sid:200004671; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oiazeiuiazolme.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004672; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"online.visual-paradigm.com",nocase; http_uri; content:"/app/forms/view/zalxyved/a9adea36-d163-4d46-a3de-0e990d86e78e",nocase; classtype:attempted-recon; sid:200004673; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"onlinecasinospark.com",nocase; http_uri; content:"/ions/index.php?email=redacted@abuse.ionos.com",nocase; classtype:attempted-recon; sid:200004674; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com",nocase; http_uri; content:"/''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''",nocase; classtype:attempted-recon; sid:200004675; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pancakeswapsupport.co",nocase; http_uri; content:"/walletconnect/",nocase; classtype:attempted-recon; sid:200004676; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paozeia.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004677; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"paypal-inc-userupdatenuber7925570844.blogspot.com",nocase; http_uri; content:"/2021/02/blog-post.html",nocase; classtype:attempted-recon; sid:200004678; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pilgrimapp.com",nocase; http_uri; content:"/wp-mails/",nocase; classtype:attempted-recon; sid:200004679; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"plytecfi-my.sharepoint.com",nocase; http_uri; content:"/personal/pasi_puumalainen_plytec_fi/_layouts/15/wopiframe.aspx?sourcedoc={8f0414f2-e7a8-46f4-a2bb-d38353ed20d6}&amp\;action=default&amp\;originalpath=ahr0chm6ly9wbhl0zwnmas1tes5zagfyzxbvaw50lmnvbs86bzovzy9wzxjzb25hbc9wyxnpx3b1dw1hbgfpbmvux3bsexrly19mas9fdklvqkktbzvfukdvcnzuzzfqdelowui1vgg5bxf2ltjlvl9mohvka09sb2pnp3j0aw1lpxvysjgtvnb2mtbn",nocase; classtype:attempted-recon; sid:200004680; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pplastmart.com",nocase; http_uri; content:"/att/citi",nocase; classtype:attempted-recon; sid:200004681; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ppt.cc",nocase; http_uri; content:"/fia8mx",nocase; classtype:attempted-recon; sid:200004682; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ppt.cc",nocase; http_uri; content:"/fva4wx",nocase; classtype:attempted-recon; sid:200004683; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ppt.cc",nocase; http_uri; content:"/fvakzx",nocase; classtype:attempted-recon; sid:200004684; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ppt.cc",nocase; http_uri; content:"/fvllvx",nocase; classtype:attempted-recon; sid:200004685; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"proprofs.com",nocase; http_uri; content:"/survey/t/?title=bt-broadband-and-private-policy-support_20",nocase; classtype:attempted-recon; sid:200004686; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pub5.bravenet.com",nocase; http_uri; content:"/emailfwd/show.php?usernum=350311855&amp\;formid=3879",nocase; classtype:attempted-recon; sid:200004687; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pxlme.me",nocase; http_uri; content:"/pfbgzhkd",nocase; classtype:attempted-recon; sid:200004688; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"pxlme.me",nocase; http_uri; content:"/vn79myoi",nocase; classtype:attempted-recon; sid:200004689; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qualitasc-my.sharepoint.com",nocase; http_uri; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d%2f&action=formsubmit",nocase; classtype:attempted-recon; sid:200004690; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qualitasc-my.sharepoint.com",nocase; http_uri; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d%3e%2f&action=formsubmit",nocase; classtype:attempted-recon; sid:200004691; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"qualitasc-my.sharepoint.com",nocase; http_uri; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200004692; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"quip.com",nocase; http_uri; content:"/jeh2aebbsh97",nocase; classtype:attempted-recon; sid:200004693; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"quip.com",nocase; http_uri; content:"/qv7malu8n7cz/you-have-some-messages-pending",nocase; classtype:attempted-recon; sid:200004694; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"r3g34.fra1.digitaloceanspaces.com",nocase; http_uri; content:"/77ll23ween.html",nocase; classtype:attempted-recon; sid:200004695; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rabofree.blogspot.com",nocase; http_uri; content:"/2020?m=1",nocase; classtype:attempted-recon; sid:200004696; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"readymag.com",nocase; http_uri; content:"/u1496343659/3363308/",nocase; classtype:attempted-recon; sid:200004697; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"readymag.com",nocase; http_uri; content:"/u3169021124/3364004/",nocase; classtype:attempted-recon; sid:200004698; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"readymag.com",nocase; http_uri; content:"/u3908669287/3364075/",nocase; classtype:attempted-recon; sid:200004699; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reamaam.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004700; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rebrand.ly",nocase; http_uri; content:"/j7107dr",nocase; classtype:attempted-recon; sid:200004701; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rebrand.ly",nocase; http_uri; content:"/z83ig2n?rb.routing.mode=proxy&amp\;rb.routing.signature=123%20836",nocase; classtype:attempted-recon; sid:200004702; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"redatofadesafe.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004703; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"redirect.viglink.com",nocase; http_uri; content:"/?key=bbb516d91daee20498798694a42dd559&u=https://lrs.financial/eesuri6?l5oyrhkwq",nocase; classtype:attempted-recon; sid:200004704; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reikreitel.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004705; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"release-held-messageshee.fra1.digitaloceanspaces.com",nocase; http_uri; content:"/v01iebe3vicvgirviexv4sbdve1r03f.html",nocase; classtype:attempted-recon; sid:200004706; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"renew.trusted-travelers-online.com",nocase; http_uri; content:"/renew-global-entry",nocase; classtype:attempted-recon; sid:200004707; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reurl.cc",nocase; http_uri; content:"/xeknoz?confirmation",nocase; classtype:attempted-recon; sid:200004708; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"reurl.cc",nocase; http_uri; content:"/xgmxr1",nocase; classtype:attempted-recon; sid:200004709; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"rezunz.quip.com",nocase; http_uri; content:"/2d0jazx1eky5/click-here-to-verify-your-email",nocase; classtype:attempted-recon; sid:200004710; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"riderctposten.blogspot.com",nocase; http_uri; content:"/2021/02/blog-post.html",nocase; classtype:attempted-recon; sid:200004711; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ruralaccounting.com.au",nocase; http_uri; content:"/ruralaccoun/alibaba.com/portal.php?email=june3354@naver.com",nocase; classtype:attempted-recon; sid:200004712; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s.id",nocase; http_uri; content:"/-rb9g",nocase; classtype:attempted-recon; sid:200004713; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s.id",nocase; http_uri; content:"/actueel1",nocase; classtype:attempted-recon; sid:200004714; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s.id",nocase; http_uri; content:"/actueel2",nocase; classtype:attempted-recon; sid:200004715; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s.id",nocase; http_uri; content:"/crsqh",nocase; classtype:attempted-recon; sid:200004716; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s.id",nocase; http_uri; content:"/ytk-r",nocase; classtype:attempted-recon; sid:200004717; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"s3.amazonaws.com",nocase; http_uri; content:"/progressivebank-uat/index.html",nocase; classtype:attempted-recon; sid:200004718; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sanclemente.cl",nocase; http_uri; content:"/carli_lamell.html",nocase; classtype:attempted-recon; sid:200004719; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sandert12.blogspot.com",nocase; http_uri; content:"/p/la-banque-postale.html",nocase; classtype:attempted-recon; sid:200004720; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sateegourmet.com",nocase; http_uri; content:"/sbot",nocase; classtype:attempted-recon; sid:200004721; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sefonta.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004722; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"seonewsservic.blogspot.com",nocase; http_uri; content:"/p/postenno_9.html",nocase; classtype:attempted-recon; sid:200004723; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sgp1.digitaloceanspaces.com",nocase; http_uri; content:"/6gwvve65243s9/eer442.html",nocase; classtype:attempted-recon; sid:200004724; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"share.hsforms.com",nocase; http_uri; content:"/1fni_ent2sao6wqv0vzdn7g8nl9d",nocase; classtype:attempted-recon; sid:200004725; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shared-document.com",nocase; http_uri; content:"/basic.php?k=d63621ef3dc01735479befc13f97ec7fdb68991d",nocase; classtype:attempted-recon; sid:200004726; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"shorturl.at",nocase; http_uri; content:"/nqgu1",nocase; classtype:attempted-recon; sid:200004727; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"silitrade-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/jh_silitrade_com/_layouts/15/wopiframe.aspx?guestaccesstoken=8vzaur%2f5gb%2fwmmsfdszlpfueeb0ml%2fzkiljmp9hfa0o%3d&amp\;docid=1_14a3d3f238b844155b59bb08023697365&amp\;wdformid=%7b3395edb6%2d941b%2d49a6%2dbd04%2dc039ca27bb2b%7d&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200004728; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"simp.ly",nocase; http_uri; content:"/p/3cd35d",nocase; classtype:attempted-recon; sid:200004729; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"simp.ly",nocase; http_uri; content:"/p/h45c89",nocase; classtype:attempted-recon; sid:200004730; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"simp.ly",nocase; http_uri; content:"/publish/xhrdvc",nocase; classtype:attempted-recon; sid:200004731; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/a/sy4norton.com/setup/home",nocase; classtype:attempted-recon; sid:200004732; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/newservices.website/orange-mobiles/home",nocase; classtype:attempted-recon; sid:200004733; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/site/e9d24c72/23524457",nocase; classtype:attempted-recon; sid:200004734; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/site/habbotuttogratis",nocase; classtype:attempted-recon; sid:200004735; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/site/habbotuttogratis/assignments",nocase; classtype:attempted-recon; sid:200004736; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/site/libretyreserve",nocase; classtype:attempted-recon; sid:200004737; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/site/libretyreserve/",nocase; classtype:attempted-recon; sid:200004738; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/site/protectedinmprovmnt44/",nocase; classtype:attempted-recon; sid:200004739; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/site/safetycheck427064200647221/",nocase; classtype:attempted-recon; sid:200004740; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/site/verifycheckpointpaqes/",nocase; classtype:attempted-recon; sid:200004741; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/08ie-securepage-facebook",nocase; classtype:attempted-recon; sid:200004742; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/0iey-securepage-facebook",nocase; classtype:attempted-recon; sid:200004743; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/2-orangebank-salva/accueil",nocase; classtype:attempted-recon; sid:200004744; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/3-orangebank-vetch/accueil",nocase; classtype:attempted-recon; sid:200004745; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/4-orangebank-toto/accueil",nocase; classtype:attempted-recon; sid:200004746; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/65h7t65ygtdw5f4/bt",nocase; classtype:attempted-recon; sid:200004747; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/aattt/home",nocase; classtype:attempted-recon; sid:200004748; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/abuse-privacy/",nocase; classtype:attempted-recon; sid:200004749; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/access-office-docxpdf-call-net/home",nocase; classtype:attempted-recon; sid:200004750; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/airplanecost/accueil",nocase; classtype:attempted-recon; sid:200004751; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/alert-app-pages/",nocase; classtype:attempted-recon; sid:200004752; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/app-mobile-uuid/recovery",nocase; classtype:attempted-recon; sid:200004753; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/appsconfirms",nocase; classtype:attempted-recon; sid:200004754; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/asdfghjklhgfdsdfgh/home",nocase; classtype:attempted-recon; sid:200004755; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/att-managements/home",nocase; classtype:attempted-recon; sid:200004756; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/attemail56/home?authuser=3",nocase; classtype:attempted-recon; sid:200004757; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/attfeatures/home",nocase; classtype:attempted-recon; sid:200004758; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/attyahooohroffice231/home",nocase; classtype:attempted-recon; sid:200004759; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/audio-call-net/home",nocase; classtype:attempted-recon; sid:200004760; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/audio-mp-vm/home",nocase; classtype:attempted-recon; sid:200004761; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/authentification-orangebank-eu/accueil",nocase; classtype:attempted-recon; sid:200004762; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/awspage",nocase; classtype:attempted-recon; sid:200004763; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/banquepostalebanqueetassurance/accueil",nocase; classtype:attempted-recon; sid:200004764; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/bdbhdhbdhbd/home?authuser=2",nocase; classtype:attempted-recon; sid:200004765; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/benachrichtigung-sparkasse/accueil",nocase; classtype:attempted-recon; sid:200004766; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/bt-cloud-voice-review-voice/bt-voice-cloud",nocase; classtype:attempted-recon; sid:200004767; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/bt-clould-preview000112/voice010101010bt-cloud?authuser=8",nocase; classtype:attempted-recon; sid:200004768; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/bt-interne/home",nocase; classtype:attempted-recon; sid:200004769; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/bt-mail-690/home",nocase; classtype:attempted-recon; sid:200004770; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/bt-pdf-receipt-payment/www-bt-pdf?authuser=8",nocase; classtype:attempted-recon; sid:200004771; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/bt-voice1010010/bt-voicemesaage10120201002?authuser=8",nocase; classtype:attempted-recon; sid:200004772; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/bt-web-com32/home",nocase; classtype:attempted-recon; sid:200004773; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btbtbtbtbtbtcomm/home",nocase; classtype:attempted-recon; sid:200004774; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btbusinessx/bt",nocase; classtype:attempted-recon; sid:200004775; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btcloudpaymentinvoice202000/httpsbtcloudvm-voice-new?authuser=1",nocase; classtype:attempted-recon; sid:200004776; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btcoms/bt",nocase; classtype:attempted-recon; sid:200004777; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btconnectbusiness/btconnect",nocase; classtype:attempted-recon; sid:200004778; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btconnectmailserver/home",nocase; classtype:attempted-recon; sid:200004779; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btconnectted/home",nocase; classtype:attempted-recon; sid:200004780; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btconnnect/home",nocase; classtype:attempted-recon; sid:200004781; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btinternetco/home",nocase; classtype:attempted-recon; sid:200004782; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btmv-voice-notice011/btvoicemessage?authuser=8",nocase; classtype:attempted-recon; sid:200004783; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btnvm-urgentnotice/btvmnew-note?authuser=1",nocase; classtype:attempted-recon; sid:200004784; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btsbusinessbill/",nocase; classtype:attempted-recon; sid:200004785; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btserver22/home",nocase; classtype:attempted-recon; sid:200004786; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/bttbusinesssss/home",nocase; classtype:attempted-recon; sid:200004787; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/btvoivemessage/bt-home",nocase; classtype:attempted-recon; sid:200004788; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/capitaloneloginus/home",nocase; classtype:attempted-recon; sid:200004789; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/chabillacoat/accueil",nocase; classtype:attempted-recon; sid:200004790; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/clickheretoverifyyouracount/home",nocase; classtype:attempted-recon; sid:200004791; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/clickpagenewlogin2021",nocase; classtype:attempted-recon; sid:200004792; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/coinsbuysellswapcryptocurrency/?fbclid=iwar2isl9xfxxgcxtftml2hmcl_dglhshlkfkpdotycyqu-qjqqfdqm9whtfm",nocase; classtype:attempted-recon; sid:200004793; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/comfimobiekdofl/accueil",nocase; classtype:attempted-recon; sid:200004794; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/community-pages-app/",nocase; classtype:attempted-recon; sid:200004795; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/confirmation-orangabank/accueil",nocase; classtype:attempted-recon; sid:200004796; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/connectolo/accueil",nocase; classtype:attempted-recon; sid:200004797; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/continue6363gd/home",nocase; classtype:attempted-recon; sid:200004798; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ctz03",nocase; classtype:attempted-recon; sid:200004799; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/currentlyserver/home",nocase; classtype:attempted-recon; sid:200004800; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/dfffrreeer/home?authuser=3",nocase; classtype:attempted-recon; sid:200004801; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/dffvderr/home",nocase; classtype:attempted-recon; sid:200004802; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/dfghjhckuyf/home",nocase; classtype:attempted-recon; sid:200004803; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/dfghjhl/home",nocase; classtype:attempted-recon; sid:200004804; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/dkdfkazii-ofoqisjaz1wk/accueil",nocase; classtype:attempted-recon; sid:200004805; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/dkekkeole/home",nocase; classtype:attempted-recon; sid:200004806; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/dumes/accueil",nocase; classtype:attempted-recon; sid:200004807; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/dvrbtrethy5642qwrfvd/bt",nocase; classtype:attempted-recon; sid:200004808; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/espace-orange-vocal/accueil",nocase; classtype:attempted-recon; sid:200004809; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/espace-vocalorange-ref0325/accueil",nocase; classtype:attempted-recon; sid:200004810; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/espacemessagerieorangesms/accueil",nocase; classtype:attempted-recon; sid:200004811; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/etyajdnxnskoeprlwyaxbdhfkrituy/btconnect",nocase; classtype:attempted-recon; sid:200004812; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ewyy65/home",nocase; classtype:attempted-recon; sid:200004813; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ewyy65/home?authuser=3",nocase; classtype:attempted-recon; sid:200004814; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/feelblessed/bt-business",nocase; classtype:attempted-recon; sid:200004815; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/fhgfbythfrsv/bt",nocase; classtype:attempted-recon; sid:200004816; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/fhgfjhfj/home",nocase; classtype:attempted-recon; sid:200004817; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/form-recovery/",nocase; classtype:attempted-recon; sid:200004818; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/form-recovery/details",nocase; classtype:attempted-recon; sid:200004819; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/gdhbfcxzx",nocase; classtype:attempted-recon; sid:200004820; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/hbxchx",nocase; classtype:attempted-recon; sid:200004821; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/hccwc/home",nocase; classtype:attempted-recon; sid:200004822; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/home-bt-updates/bt-com",nocase; classtype:attempted-recon; sid:200004823; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/home-pages-recovery/details",nocase; classtype:attempted-recon; sid:200004824; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/htvvss/home?authuser=3",nocase; classtype:attempted-recon; sid:200004825; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/identificaton-10777502102022/",nocase; classtype:attempted-recon; sid:200004826; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ii-securepage-facebook",nocase; classtype:attempted-recon; sid:200004827; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/invoice-payment-pdf/home",nocase; classtype:attempted-recon; sid:200004828; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/invoicehomepdf/home",nocase; classtype:attempted-recon; sid:200004829; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/invoicescan365pdf/home",nocase; classtype:attempted-recon; sid:200004830; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/jcnvvn/home",nocase; classtype:attempted-recon; sid:200004831; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/jmjmnhvdc/home",nocase; classtype:attempted-recon; sid:200004832; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/labred-authentification-source/accueil",nocase; classtype:attempted-recon; sid:200004833; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/leafadd/accueil",nocase; classtype:attempted-recon; sid:200004834; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/log-inpagenew",nocase; classtype:attempted-recon; sid:200004835; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/mcwdbvefjberjrwgnwriviwr/home",nocase; classtype:attempted-recon; sid:200004836; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/messor/accueil",nocase; classtype:attempted-recon; sid:200004837; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/mobile-apps-pages/",nocase; classtype:attempted-recon; sid:200004838; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/mobile-redirect-system",nocase; classtype:attempted-recon; sid:200004839; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/mv-voicepage/home?authuser=8",nocase; classtype:attempted-recon; sid:200004840; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/mycoinwallet/",nocase; classtype:attempted-recon; sid:200004841; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/necrologieinfosfroravocal/accueil",nocase; classtype:attempted-recon; sid:200004842; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/newbtmissedcall/home",nocase; classtype:attempted-recon; sid:200004843; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/newuploadpage",nocase; classtype:attempted-recon; sid:200004844; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/newvoicemail/home?authuser=1",nocase; classtype:attempted-recon; sid:200004845; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/nextprojectpage",nocase; classtype:attempted-recon; sid:200004846; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/nextprojectpage2022",nocase; classtype:attempted-recon; sid:200004847; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/noticeplaypagenew2021",nocase; classtype:attempted-recon; sid:200004848; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/noticepublicpagenew2021",nocase; classtype:attempted-recon; sid:200004849; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/notifcationnoticesystempage",nocase; classtype:attempted-recon; sid:200004850; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/nouveau-sms-message-vocal/accueil",nocase; classtype:attempted-recon; sid:200004851; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ob-seccurite/accueil",nocase; classtype:attempted-recon; sid:200004852; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ob-securite/accueil",nocase; classtype:attempted-recon; sid:200004853; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ob-securites/accueil",nocase; classtype:attempted-recon; sid:200004854; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ob-service/accueil",nocase; classtype:attempted-recon; sid:200004855; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/offiice-voice-com/home",nocase; classtype:attempted-recon; sid:200004856; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/onlinefifthercheckaccout/home",nocase; classtype:attempted-recon; sid:200004857; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orange-b-securite/accueil",nocase; classtype:attempted-recon; sid:200004858; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orange-forfaits-et-mobiles",nocase; classtype:attempted-recon; sid:200004859; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangeb-190/accueil",nocase; classtype:attempted-recon; sid:200004860; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangeb171/accueil",nocase; classtype:attempted-recon; sid:200004861; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangeb221/accueil",nocase; classtype:attempted-recon; sid:200004862; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangeba/accueil",nocase; classtype:attempted-recon; sid:200004863; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangeban/accueil",nocase; classtype:attempted-recon; sid:200004864; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangebank-r/accueil",nocase; classtype:attempted-recon; sid:200004865; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangebank-sc/accueil",nocase; classtype:attempted-recon; sid:200004866; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangebank-secure-secure/accueil",nocase; classtype:attempted-recon; sid:200004867; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangebanksecurite/accueil",nocase; classtype:attempted-recon; sid:200004868; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangebannk/accueil",nocase; classtype:attempted-recon; sid:200004869; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangeibank/accueil",nocase; classtype:attempted-recon; sid:200004870; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangeinfosvocalnews/accueil",nocase; classtype:attempted-recon; sid:200004871; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangemyconnect/accueil",nocase; classtype:attempted-recon; sid:200004872; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/oranggebank/accueil",nocase; classtype:attempted-recon; sid:200004873; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/orangiebank/accueil",nocase; classtype:attempted-recon; sid:200004874; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/pagenewlogin2022",nocase; classtype:attempted-recon; sid:200004875; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/pages-identificaton-1000050210/",nocase; classtype:attempted-recon; sid:200004876; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/pass-press/accueil",nocase; classtype:attempted-recon; sid:200004877; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/paypal-customer-services/",nocase; classtype:attempted-recon; sid:200004878; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/paypal-loginn/",nocase; classtype:attempted-recon; sid:200004879; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/pfherjwlsnmcyelwudy/home?authuser=3",nocase; classtype:attempted-recon; sid:200004880; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/pleasecheckpoint2021",nocase; classtype:attempted-recon; sid:200004881; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/postacerticodplusaccaccueil/accueil",nocase; classtype:attempted-recon; sid:200004882; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/protonmailservice/home",nocase; classtype:attempted-recon; sid:200004883; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/quickteamservice/yahoo-com",nocase; classtype:attempted-recon; sid:200004884; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/reactivationhelp2021/",nocase; classtype:attempted-recon; sid:200004885; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/redirect-acctpages-uuid/details",nocase; classtype:attempted-recon; sid:200004886; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/redirectme-to/",nocase; classtype:attempted-recon; sid:200004887; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/retttt/home",nocase; classtype:attempted-recon; sid:200004888; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/reviewappspagerviicee/",nocase; classtype:attempted-recon; sid:200004889; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/reviewappspagerviiceee",nocase; classtype:attempted-recon; sid:200004890; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/rg9eur94uwe9d/bt",nocase; classtype:attempted-recon; sid:200004891; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/richcoff/bt-business",nocase; classtype:attempted-recon; sid:200004892; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/rimekahsdjg/summary_page",nocase; classtype:attempted-recon; sid:200004893; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/salimkaso/",nocase; classtype:attempted-recon; sid:200004894; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/sbcglobalm/home?authuser=1",nocase; classtype:attempted-recon; sid:200004895; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securbtcomms/bt",nocase; classtype:attempted-recon; sid:200004896; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/secure-bt-homevoice01010120/home?authuser=8",nocase; classtype:attempted-recon; sid:200004897; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/secure-ob-/accueil",nocase; classtype:attempted-recon; sid:200004898; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/secure-ob/accueil",nocase; classtype:attempted-recon; sid:200004899; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securebtcomms/bt",nocase; classtype:attempted-recon; sid:200004900; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securebtcommss/bt",nocase; classtype:attempted-recon; sid:200004901; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securebusinessbtsecurbt/bt",nocase; classtype:attempted-recon; sid:200004902; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securiplus0101/accueil",nocase; classtype:attempted-recon; sid:200004903; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securite-ob-service/accueil",nocase; classtype:attempted-recon; sid:200004904; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securite-obank/accueil",nocase; classtype:attempted-recon; sid:200004905; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securitee-ob/accueil",nocase; classtype:attempted-recon; sid:200004906; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securites-ob/accueil",nocase; classtype:attempted-recon; sid:200004907; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securmybusinessbtsecurbt/bt",nocase; classtype:attempted-recon; sid:200004908; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securree/home?authuser=1",nocase; classtype:attempted-recon; sid:200004909; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/securritee-ob/accueil",nocase; classtype:attempted-recon; sid:200004910; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/serv-ob/accueil",nocase; classtype:attempted-recon; sid:200004911; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/serv-obank/accueil",nocase; classtype:attempted-recon; sid:200004912; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/serveur-communication-box/accueil",nocase; classtype:attempted-recon; sid:200004913; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/service-orangebank-fr/accueil",nocase; classtype:attempted-recon; sid:200004914; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/service-orangebank-securi/accueil",nocase; classtype:attempted-recon; sid:200004915; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/service-securite-ob/accueil",nocase; classtype:attempted-recon; sid:200004916; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/servicenewlogin",nocase; classtype:attempted-recon; sid:200004917; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/shgeudh/home",nocase; classtype:attempted-recon; sid:200004918; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ski03/strona-g%c5%82%c3%b3wna",nocase; classtype:attempted-recon; sid:200004919; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/soeyankandi5/bt-business",nocase; classtype:attempted-recon; sid:200004920; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/szdgsdhgd",nocase; classtype:attempted-recon; sid:200004921; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/thenewstartpage2021",nocase; classtype:attempted-recon; sid:200004922; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/update-allreadypage",nocase; classtype:attempted-recon; sid:200004923; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/updatesecure",nocase; classtype:attempted-recon; sid:200004924; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/updatingnewpage",nocase; classtype:attempted-recon; sid:200004925; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/upgrade-bt/home",nocase; classtype:attempted-recon; sid:200004926; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/utututttu/home",nocase; classtype:attempted-recon; sid:200004927; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/v-ob/accueil",nocase; classtype:attempted-recon; sid:200004928; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/venmo-loginusa/",nocase; classtype:attempted-recon; sid:200004929; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/vfbjf/btconnect",nocase; classtype:attempted-recon; sid:200004930; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/view-your-billonline/home",nocase; classtype:attempted-recon; sid:200004931; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/viewyourbilll/home",nocase; classtype:attempted-recon; sid:200004932; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/viewyournewbill/bt-business-btconnect",nocase; classtype:attempted-recon; sid:200004933; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/vjsdhdfidjasi/btconnect",nocase; classtype:attempted-recon; sid:200004934; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/webespaceclient-ref8/accueil",nocase; classtype:attempted-recon; sid:200004935; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/webmailcooom/home",nocase; classtype:attempted-recon; sid:200004936; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/xcccjcdhasks/btconnect",nocase; classtype:attempted-recon; sid:200004937; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/xmicrosoftoficew/home",nocase; classtype:attempted-recon; sid:200004938; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/xsvgcxsgvdhg/home?authuser=4",nocase; classtype:attempted-recon; sid:200004939; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/xvhfefef/bt-business",nocase; classtype:attempted-recon; sid:200004940; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/yah000/home",nocase; classtype:attempted-recon; sid:200004941; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/yahooend/yahoo",nocase; classtype:attempted-recon; sid:200004942; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/yahoomailingdesk/yahoo-com",nocase; classtype:attempted-recon; sid:200004943; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/yahooscott/yahoo",nocase; classtype:attempted-recon; sid:200004944; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/yourbillnotification/home",nocase; classtype:attempted-recon; sid:200004945; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/yt89ougjio/bt",nocase; classtype:attempted-recon; sid:200004946; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sites.google.com",nocase; http_uri; content:"/view/ztt5zazu/home",nocase; classtype:attempted-recon; sid:200004947; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"skart.co.in",nocase; http_uri; content:"/admin/webmail.cpanel.net/user/cp.user.sign_in/auth/cpanel_mailbox/index.htm",nocase; classtype:attempted-recon; sid:200004948; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"snip.ly",nocase; http_uri; content:"/qevjwc",nocase; classtype:attempted-recon; sid:200004949; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"solatresont.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004950; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soufatanse.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004951; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"soufsont.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200004952; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sprw.io",nocase; http_uri; content:"/stt-c625a3f2c2",nocase; classtype:attempted-recon; sid:200004953; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"steinercoza-my.sharepoint.com",nocase; http_uri; content:"/:b:/g/personal/mandyb_steiner_co_za/exxq1passetnrojoe83fzboboxufoggwb7uvmyfqbionla?e=4:su8jhq&amp\;at=9",nocase; classtype:attempted-recon; sid:200004954; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"stolizaparketa.ru",nocase; http_uri; content:"/wp-content/themes/twentyfifteen/css/read/chinavali/index.php?email=jsmith@imaphost.com",nocase; classtype:attempted-recon; sid:200004955; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/1lordman1man3/oscman2.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200004956; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/acc03lzzl4m3izm03iauserpowa.appspot.com/index.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200004957; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/algebraic-pact-316913.appspot.com/index.html#jbell@legalshield.com",nocase; classtype:attempted-recon; sid:200004958; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/anaagc040gdyacgd0dyuser.appspot.com/index.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200004959; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/ciat3tdtttd53c3e5userp.appspot.com/index.html#jr@legalshield.com",nocase; classtype:attempted-recon; sid:200004960; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/ciat3tdtttd53c3e5userp.appspot.com/index.html#paul@legalshield.com",nocase; classtype:attempted-recon; sid:200004961; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/clientid4dunptjlryzrift3nrlomi160gqntzgznajujcnbszq8w/index.htm",nocase; classtype:attempted-recon; sid:200004962; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/dhngw6p6rwrwnuv6vnuse.appspot.com/index.html#brianvillacarlos@legalshieldcorp.com",nocase; classtype:attempted-recon; sid:200004963; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/g58t3e588ddgmdeddauth.appspot.com/index.html#jim-shelvy@legalshield.com",nocase; classtype:attempted-recon; sid:200004964; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/gu1r0utjruhjkukrxhauser.appspot.com/index.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200004965; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/indettn/pdflmanco.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200004966; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/indettn/zdewaman.html#example@example.com",nocase; classtype:attempted-recon; sid:200004967; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/kkkqkl633qn6kq3lqssiiddnenen.appspot.com/index.html#jbell@legalshield.com",nocase; classtype:attempted-recon; sid:200004968; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/kkkqkl633qn6kq3lqssiiddnenen.appspot.com/index.html#t.voit@legalshield.com",nocase; classtype:attempted-recon; sid:200004969; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/logon_id63757945b-32c6-49b0-83e6-1d93765276e7/",nocase; classtype:attempted-recon; sid:200004970; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/logon_id63757945b-32c6-49b0-83e6-1d93765276e7/index.html#martin.manasek@ruk.cuni.cz",nocase; classtype:attempted-recon; sid:200004971; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/maintainancecomponeta.appspot.com/index.html#a@b.com",nocase; classtype:attempted-recon; sid:200004972; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/maintainancecomponeta.appspot.com/kayindex.html#eimaste@stinpriza.org",nocase; classtype:attempted-recon; sid:200004973; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/maintainancecomponeta.appspot.com/myowngeneral.html#eimaste@stinpriza.org",nocase; classtype:attempted-recon; sid:200004974; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/maintainancecomponeta.appspot.com/newmineindex.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200004975; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/owuddqd9dqqdddq9qd0caerq.appspot.com/index.html#stevewilliamson@legalshield.com",nocase; classtype:attempted-recon; sid:200004976; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/projerroro0h5j5ro0jrrj.appspot.com/index.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200004977; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/q90qqqar22r229r292euser.appspot.com/index.html",nocase; classtype:attempted-recon; sid:200004978; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/q90qqqar22r229r292euser.appspot.com/index.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200004979; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/rrdar99rt9qraraq99euser.appspot.com/index.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200004980; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/s0pts0apttxpp00atarrauth.appspot.com/index.html#user@calstatela.edu",nocase; classtype:attempted-recon; sid:200004981; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/staging.maintainancecomponeta.appspot.com/fcocnew.html",nocase; classtype:attempted-recon; sid:200004982; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/staging.maintainancecomponeta.appspot.com/nvhdjgtpl8txagtoccpyscuekxctc7j3kpg5bbugwqv0kemeas313lqehufuifcl6el9vtvomhrfbjbpxbg6qrnsg5sz3dyaiqor%2c%2520ffx6khej2lavfftroaizcq99hjdn3f4hs6gdeg2qodfyhobl8zonx6lez2dafyafc6spylufytfvuzn1jsioh4u6xpsbsqxqgh.html#icann@tecnocratica.net",nocase; classtype:attempted-recon; sid:200004983; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/staging.maintainancecomponeta.appspot.com/sydlasgendomain.html#winnie@soupro.com",nocase; classtype:attempted-recon; sid:200004984; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/user517497679326978.appspot.com/index.html",nocase; classtype:attempted-recon; sid:200004985; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/uth0uax3t3uh30ttna0nnuser.appspot.com/index.html#jbell@legalshield.com",nocase; classtype:attempted-recon; sid:200004986; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.cloud.google.com",nocase; http_uri; content:"/yyw77ywnn68weyew6euserq.appspot.com/index.html#rosalefua@legalshield.com",nocase; classtype:attempted-recon; sid:200004987; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/03a6c481bbd83f8/df225c198d58561#un/68425_md/2/16247/3955/23/19171",nocase; classtype:attempted-recon; sid:200004988; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/1827435283/1827435283.html",nocase; classtype:attempted-recon; sid:200004989; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/abjsfatitvyrobprkawlycsckcwrvnntndjwbgoqjiswdbkhhlyxnbv/cli123.html",nocase; classtype:attempted-recon; sid:200004990; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/abuabomvnediarrfgxamrtqcoehnpskugrmafutqnhugsbzossviqfv/cli123.html",nocase; classtype:attempted-recon; sid:200004991; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/acwuwxxomzzlrrfuyssheahvokqfunqvlbjnjrbyfsmbbmdppwimvbd/cli123.html",nocase; classtype:attempted-recon; sid:200004992; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bbss-urltest-public/docomo_20210726_01.html",nocase; classtype:attempted-recon; sid:200004993; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bbss-urltest-public/docomo_20210910_01.html",nocase; classtype:attempted-recon; sid:200004994; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bbss-urltest-public/docomo_20210910_02.html",nocase; classtype:attempted-recon; sid:200004995; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bionat/xdaysonde1.html",nocase; classtype:attempted-recon; sid:200004996; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bionat/xdragon1.html",nocase; classtype:attempted-recon; sid:200004997; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bionat/xgmx1.html",nocase; classtype:attempted-recon; sid:200004998; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bionat/xiphoneswiss1.html",nocase; classtype:attempted-recon; sid:200004999; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bionat/xketode1.html",nocase; classtype:attempted-recon; sid:200005000; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bionat/xlena1.html",nocase; classtype:attempted-recon; sid:200005001; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bionat/xps5de1.html",nocase; classtype:attempted-recon; sid:200005002; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/bionat/xspar1.html",nocase; classtype:attempted-recon; sid:200005003; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/buckettt01/redirect%20newslettersreply.shop.html#rd/u8888idsyy65301cvmt1247244psw23077wujo1715",nocase; classtype:attempted-recon; sid:200005004; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/document-check/sign.html",nocase; classtype:attempted-recon; sid:200005005; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/inboxino/brand.html#cl/13669_md/1/788/1401/22/1025434",nocase; classtype:attempted-recon; sid:200005006; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/inboxino/brand.html#cl/13695_md/1/788/1401/109/376564",nocase; classtype:attempted-recon; sid:200005007; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/inboxino/brand.html#un/13664_md/1/455/1401/112/814109",nocase; classtype:attempted-recon; sid:200005008; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/inboxino/brand.html#un/13695_md/1/788/1401/25/339407",nocase; classtype:attempted-recon; sid:200005009; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/sstoragert/linkqs.html#cl/19939_md/1/4441/3808/112/984664",nocase; classtype:attempted-recon; sid:200005010; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/sstoragert/linkqs.html#un/19995_md/1/4542/3682/112/984664",nocase; classtype:attempted-recon; sid:200005011; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"storage.googleapis.com",nocase; http_uri; content:"/ylffhg/redireck.html",nocase; classtype:attempted-recon; sid:200005012; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"suivi-coupon-recharge.blogspot.com",nocase; http_uri; content:"/p/authentifier-transcash.html",nocase; classtype:attempted-recon; sid:200005013; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"sunnylandingpages.com",nocase; http_uri; content:"/usroutput/themeset1_2021-12-21-23-15-13/",nocase; classtype:attempted-recon; sid:200005014; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"superpark-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/adrian_ramos_superpark_com_hk/_layouts/15/wopiframe.aspx?guestaccesstoken=vofjngnui%2fslbameorlq62qlg8mcdnpo1dizu6i%2bc1m%3d&amp\;docid=1_124bbb2f682ca4c7daba6cec6ee34dfb9&amp\;wdformid=%7ba85c8abe%2d68be%2d43dd%2d91f3%2db397386186be%7d&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200005015; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"surveyheart.com",nocase; http_uri; content:"/form/608bca7586919c70a2066ef7",nocase; classtype:attempted-recon; sid:200005016; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"svkmmumbai-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/pranjali_chandurkar_nmims_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=668cyp4s%2fwcmx8rj223bvjfwdvtryffzfpyarbrueha%3d&amp\;docid=1_1916b69db182644fead12e874cad930c4&amp\;wdformid=%7bcd4093b9%2ddfae%2d49f1%2dadde%2df32fbe93b271%7d&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200005017; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"swisscoat.com.cn",nocase; http_uri; content:"/index.html",nocase; classtype:attempted-recon; sid:200005018; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"synapse-project.com",nocase; http_uri; content:"/about-us/netflix/9001ca429212011f4a4fda6c778cc318/account",nocase; classtype:attempted-recon; sid:200005019; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"synapse-project.com",nocase; http_uri; content:"/about-us/netflix/9001ca429212011f4a4fda6c778cc318/account/",nocase; classtype:attempted-recon; sid:200005020; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"synmultiwallet.com",nocase; http_uri; content:"/public/dapp",nocase; classtype:attempted-recon; sid:200005021; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/6b3rxfp90m",nocase; classtype:attempted-recon; sid:200005022; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/8mptsau4zq?amp=1",nocase; classtype:attempted-recon; sid:200005023; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/9ooxxstzmb?amp=1?trackingid=ftiikjly&signature=newsletter",nocase; classtype:attempted-recon; sid:200005024; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/9ooxxstzmb?trackingid=lxr1lc3e&signature=newsletter",nocase; classtype:attempted-recon; sid:200005025; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/ef7oipwfto",nocase; classtype:attempted-recon; sid:200005026; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/fy2lasfqae?trackingid=agbl0dxn&signature=newsletter",nocase; classtype:attempted-recon; sid:200005027; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/fy2lasfqae?trackingid=dhrt9pxv&signature=newsletter",nocase; classtype:attempted-recon; sid:200005028; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/fy2lasfqae?trackingid=mhrdlxok&signature=newsletter",nocase; classtype:attempted-recon; sid:200005029; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/fy2lasfqae?trackingid=s5kqcb1o&signature=newsletter",nocase; classtype:attempted-recon; sid:200005030; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/ge6k1ctsmd?trackingid=3pc2vgmn&signature=newsletter",nocase; classtype:attempted-recon; sid:200005031; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/ge6k1ctsmd?trackingid=n13hzxpy&signature=newsletter",nocase; classtype:attempted-recon; sid:200005032; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/ge6k1ctsmd?trackingid=ocfgjhka&signature=newsletter",nocase; classtype:attempted-recon; sid:200005033; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/ge6k1ctsmd?trackingid=ohj6ctus&signature=newsletter",nocase; classtype:attempted-recon; sid:200005034; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/lkcd0mnequ",nocase; classtype:attempted-recon; sid:200005035; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/timonfvymu?trackingid=67yzc2bv&signature=newsletter",nocase; classtype:attempted-recon; sid:200005036; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/timonfvymu?trackingid=cybyidfp&signature=newsletter",nocase; classtype:attempted-recon; sid:200005037; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/zrd6j5rq4u?amp=1",nocase; classtype:attempted-recon; sid:200005038; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"t.co",nocase; http_uri; content:"/zwuq6zjpdj",nocase; classtype:attempted-recon; sid:200005039; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tasteentertainment.com",nocase; http_uri; content:"/helton.law/outlook.office.com/",nocase; classtype:attempted-recon; sid:200005040; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tecsuport.com.br",nocase; http_uri; content:"/files/system32/procesosdeseguridadhb/170.51.165.16679791/agregar/telefono/contacto/logonoperacionservlet.html",nocase; classtype:attempted-recon; sid:200005041; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"telenorkandklimsupoort.blogspot.com",nocase; http_uri; content:"/2021/03/blog-post_48.html",nocase; classtype:attempted-recon; sid:200005042; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thedigirocket.com",nocase; http_uri; content:"/wp-content/plugins/form.htm",nocase; classtype:attempted-recon; sid:200005043; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"thelibrarysamui.com",nocase; http_uri; content:"/wp-content/uploads/2021/11/1/1and1/index.php",nocase; classtype:attempted-recon; sid:200005044; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tiny.one",nocase; http_uri; content:"/ing587388",nocase; classtype:attempted-recon; sid:200005045; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tiny.one",nocase; http_uri; content:"/ing67454",nocase; classtype:attempted-recon; sid:200005046; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tiny.one",nocase; http_uri; content:"/reuswnzc",nocase; classtype:attempted-recon; sid:200005047; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/48rzxpne",nocase; classtype:attempted-recon; sid:200005048; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/4wcw6fcu",nocase; classtype:attempted-recon; sid:200005049; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/btinternet56",nocase; classtype:attempted-recon; sid:200005050; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/evyu688y",nocase; classtype:attempted-recon; sid:200005051; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/nycgovtgrant",nocase; classtype:attempted-recon; sid:200005052; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/uha4nvtf",nocase; classtype:attempted-recon; sid:200005053; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/y8mcrhhp",nocase; classtype:attempted-recon; sid:200005054; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/yxb48kqj",nocase; classtype:attempted-recon; sid:200005055; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/yxry9vf5",nocase; classtype:attempted-recon; sid:200005056; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tinyurl.com",nocase; http_uri; content:"/yyvm8qr5",nocase; classtype:attempted-recon; sid:200005057; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"topearnersafrica.com",nocase; http_uri; content:"/truist.com/",nocase; classtype:attempted-recon; sid:200005058; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tr.cloudmagic.com",nocase; http_uri; content:"/h/v6/link-track/1.0/1612678003989072-e5f6d8cc-499b-ea4f-85f1-8b23ad935661/1612677988/2f5895837f8d3f0a667c6b92ad41f652/8af273ac431e289838c8bf7c490185f3/3fe2530ffaa60580b73b9eec6af02f4d?redirect_uri=http://amazon.com",nocase; classtype:attempted-recon; sid:200005059; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tr.cloudmagic.com",nocase; http_uri; content:"/h/v6/link-track/1.0/1614590779401122-8e06125c-4b23-d643-3068-601cab9bec04/1614590763/2f5895837f8d3f0a667c6b92ad41f652/31367888a66bf6f98973a200c83075bb/3fe2530ffaa60580b73b9eec6af02f4d?redirect_uri=http://amazon.com",nocase; classtype:attempted-recon; sid:200005060; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"track.adform.net",nocase; http_uri; content:"/c/?bn=35405429\;cpdir=https://tmmny.csb.app/.wewrewew.ahr0chm6ly9pbnzlc3rpbmdpbmdvzc5vcmcvqvbjmjq3.yw1izxiuzml0dg9uqhnwyxjrlmnvlm56",nocase; classtype:attempted-recon; sid:200005061; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"transcash-fr-v.blogspot.com",nocase; http_uri; content:"/?m=1",nocase; classtype:attempted-recon; sid:200005062; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"tribratanewsbondowoso.com",nocase; http_uri; content:"/webapp/tribratanews/public/js/hughesnet.com/index.php",nocase; classtype:attempted-recon; sid:200005063; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"u.to",nocase; http_uri; content:"/lsjpgw?verification-online-service",nocase; classtype:attempted-recon; sid:200005064; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"u.to",nocase; http_uri; content:"/unrpgg",nocase; classtype:attempted-recon; sid:200005065; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"u.to",nocase; http_uri; content:"/wsddga",nocase; classtype:attempted-recon; sid:200005066; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"ucbonline.com",nocase; http_uri; content:"/pbi_pbi1151/login/remote/071108407/6",nocase; classtype:attempted-recon; sid:200005067; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"umconnectumt-my.sharepoint.com",nocase; http_uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=e%2f5p4lmr7oxtbuuzst9ihpacebtz%2bhbogl5i950bhau%3d&docid=1_151b39d9e7dd54cfba500875349d3beb6&wdformid=%7bda6fcad9%2d9684%2d43af%2db959%2de2fa774eaba6%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200005068; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"umconnectumt-my.sharepoint.com",nocase; http_uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=h2b5qkvlooc%2bfvhpo6qkbxdfdzwzpa7doqhaikfrj08%3d&docid=1_1cab74931edec4bf39e6f4768e7830a02&wdformid=%7b6a702647%2db560%2d40c5%2d8890%2d109ec5ad9bc5%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200005069; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"umconnectumt-my.sharepoint.com",nocase; http_uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=inau9tsjk5bvaoypx%2fgfkvgo0iz4rq47kvts4tkb8yq%3d&docid=1_19c7a48ea3a0448c78765a480857920f0&wdformid=%7bd8f70a7d%2d4204%2d4a87%2da88e%2dbad6b0e4129e%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200005070; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"umconnectumt-my.sharepoint.com",nocase; http_uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=inau9tsjk5bvaoypx/gfkvgo0iz4rq47kvts4tkb8yq=&amp\;docid=1_19c7a48ea3a0448c78765a480857920f0&amp\;wdformid={d8f70a7d-4204-4a87-a88e-bad6b0e4129e}&amp\;action=formsubmit",nocase; classtype:attempted-recon; sid:200005071; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"umconnectumt-my.sharepoint.com",nocase; http_uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=uh9hjveaooebgqolme%2f5qft71pw2stg2ojiiqxebzce%3d&docid=1_11e28ca5d86c6416f926736ea3e8ad885&wdformid=%7b70256f91%2df178%2d4e5f%2d847a%2df748294a79c9%7d&action=formsubmit",nocase; classtype:attempted-recon; sid:200005072; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"umeacademy.com",nocase; http_uri; content:"/wine",nocase; classtype:attempted-recon; sid:200005073; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"uniga.ac.id",nocase; http_uri; content:"/wptracking/tracking2/tracking/tracking.php",nocase; classtype:attempted-recon; sid:200005074; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"url.gratis",nocase; http_uri; content:"/0lxgmv",nocase; classtype:attempted-recon; sid:200005075; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"users.tpg.com.au",nocase; http_uri; content:"/kcornwall/email-verification/notice/account_login/login.html#accounting@utu.fi",nocase; classtype:attempted-recon; sid:200005076; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"v.ht",nocase; http_uri; content:"/1pxak",nocase; classtype:attempted-recon; sid:200005077; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"v.ht",nocase; http_uri; content:"/yogs",nocase; classtype:attempted-recon; sid:200005078; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vaiddzed.cc",nocase; http_uri; content:"/rd/c56498tvifh29711728hupj8172asy17489blob7311",nocase; classtype:attempted-recon; sid:200005079; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"velvet.by",nocase; http_uri; content:"/drupal-7.56/scripts/bp",nocase; classtype:attempted-recon; sid:200005080; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"velvet.by",nocase; http_uri; content:"/drupal-7.56/scripts/bp/",nocase; classtype:attempted-recon; sid:200005081; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"veredesafs.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200005082; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vetrfedsonte.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200005083; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"viamobte.blogspot.com",nocase; http_uri; content:"/2021/03/blog-post.html",nocase; classtype:attempted-recon; sid:200005084; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"view.genial.ly",nocase; http_uri; content:"/61e168ca67f4550de805d006/interactive-content-secured-document",nocase; classtype:attempted-recon; sid:200005085; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"view.genial.ly",nocase; http_uri; content:"/61e168ca67f4550de805d006/interactive-content-untitled-genially",nocase; classtype:attempted-recon; sid:200005086; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vivaterouna.blogspot.com",nocase; http_uri; content:"/?m=0",nocase; classtype:attempted-recon; sid:200005087; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?cc_key=&amp\;post=%7brandom_number_5%7d_1&amp\;to=http://18.118.206.123/index.php?key=%7brandom_letternumberuplow_5%7d,email=%7bemail%7d",nocase; classtype:attempted-recon; sid:200005088; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=1qg10",nocase; classtype:attempted-recon; sid:200005089; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=3efeh",nocase; classtype:attempted-recon; sid:200005090; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=cylqz",nocase; classtype:attempted-recon; sid:200005091; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=dmyfj",nocase; classtype:attempted-recon; sid:200005092; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=dvexh",nocase; classtype:attempted-recon; sid:200005093; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=fhqja",nocase; classtype:attempted-recon; sid:200005094; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=g9dzz",nocase; classtype:attempted-recon; sid:200005095; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=qq74g",nocase; classtype:attempted-recon; sid:200005096; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=v0de0,email=kflove23@icloud.com&post=11981_1&cc_key",nocase; classtype:attempted-recon; sid:200005097; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=zzbtj",nocase; classtype:attempted-recon; sid:200005098; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=ccugr",nocase; classtype:attempted-recon; sid:200005099; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=mb1wu",nocase; classtype:attempted-recon; sid:200005100; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=meixj",nocase; classtype:attempted-recon; sid:200005101; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=toboe",nocase; classtype:attempted-recon; sid:200005102; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=tyzud",nocase; classtype:attempted-recon; sid:200005103; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=u7tfm,email=resurgita@icloud.com&post=35252_1&cc_key",nocase; classtype:attempted-recon; sid:200005104; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=v5t6m,email=robertgoby@icloud.com&post=24927_1&cc_key",nocase; classtype:attempted-recon; sid:200005105; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=vgy1e",nocase; classtype:attempted-recon; sid:200005106; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=znbui",nocase; classtype:attempted-recon; sid:200005107; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2fhumanity06.com%2fwp-content%2fthemes%2fapi.html",nocase; classtype:attempted-recon; sid:200005108; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2frois-zkxzx.run.goorm.io/safe-browser/",nocase; classtype:attempted-recon; sid:200005109; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2fwww.allovisite.com%2fwp-content%2fplugins%2fapi.html",nocase; classtype:attempted-recon; sid:200005110; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=http%3a%2f%2fwww.allovisite.com%2fwp-content%2fplugins%2fapi.html&post=693378694_2&cc_key",nocase; classtype:attempted-recon; sid:200005111; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https%3a%2f%2fmsq-health.com%2fimages%2fonehealth%2fsound%2faudio&post=696668869_2&cc_key=/odmibxru/tsiqjhleqcj",nocase; classtype:attempted-recon; sid:200005112; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https%3a%2f%2fsapphireinternationalschool.com%2falbum%2fimages%2fsound%2faudio&post=690576696_17&cc_key=/lhgesiqipz/ksbqekez2fa",nocase; classtype:attempted-recon; sid:200005113; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://api.safebrowser-antidrop.com/ai.html?key=ppsyk",nocase; classtype:attempted-recon; sid:200005114; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://arroketainsificansion.com/r/cairdiembos",nocase; classtype:attempted-recon; sid:200005115; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://drmustafaalagamy.com/css/rajahutandil2",nocase; classtype:attempted-recon; sid:200005116; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://laprospergroup.com/wp-admin/assets/?key=8oyrd,email={email}",nocase; classtype:attempted-recon; sid:200005117; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://rendelparis.com/wp-admin/assets?key=isvbt,email={email}",nocase; classtype:attempted-recon; sid:200005118; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://sahara-distribution.com/wp-admin/dir",nocase; classtype:attempted-recon; sid:200005119; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://www.marmum.ae/css/?key=ibxa",nocase; classtype:attempted-recon; sid:200005120; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://www.marmum.ae/css/?key=ksor",nocase; classtype:attempted-recon; sid:200005121; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://www.marmum.ae/css/?key=lzqm",nocase; classtype:attempted-recon; sid:200005122; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://www.marmum.ae/css/?key=yihv",nocase; classtype:attempted-recon; sid:200005123; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vk.com",nocase; http_uri; content:"/away.php?to=https://www.newlifenursery.com/assets/rdt.html?key=lwhi1",nocase; classtype:attempted-recon; sid:200005124; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"vps3920.ultahost.com",nocase; http_uri; content:"/all.php",nocase; classtype:attempted-recon; sid:200005125; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallieget.com",nocase; http_uri; content:"/8jdu/sb6/index.php?_",nocase; classtype:attempted-recon; sid:200005126; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallieget.com",nocase; http_uri; content:"/8jdu/sb6/index.php?_&amp\;_",nocase; classtype:attempted-recon; sid:200005127; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wallieget.com",nocase; http_uri; content:"/8jdu/sb6/index.php?_&amp\;_&amp\;_",nocase; classtype:attempted-recon; sid:200005128; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"warriorplus.com",nocase; http_uri; content:"/o2/a/f5s4y/0",nocase; classtype:attempted-recon; sid:200005129; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webmail.serviceunit.co.uk",nocase; http_uri; content:"/upgrade/",nocase; classtype:attempted-recon; sid:200005130; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webuyworkshopequipment.com",nocase; http_uri; content:"/wp-content/themes/sketch/js/sf_trash/c45b222914e3c78d",nocase; classtype:attempted-recon; sid:200005131; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"webuyworkshopequipment.com",nocase; http_uri; content:"/wp-content/themes/sketch/js/sf_trash/c45b222914e3c78d/",nocase; classtype:attempted-recon; sid:200005132; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"whitmansasphalt.com",nocase; http_uri; content:"/secure/wells",nocase; classtype:attempted-recon; sid:200005133; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"whitmansasphalt.com",nocase; http_uri; content:"/secure/wells/",nocase; classtype:attempted-recon; sid:200005134; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"withkoji.com",nocase; http_uri; content:"/@bt_home",nocase; classtype:attempted-recon; sid:200005135; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"withkoji.com",nocase; http_uri; content:"/@bt_internet",nocase; classtype:attempted-recon; sid:200005136; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"withkoji.com",nocase; http_uri; content:"/@bt_service_alert.",nocase; classtype:attempted-recon; sid:200005137; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"withkoji.com",nocase; http_uri; content:"/@bt_teem",nocase; classtype:attempted-recon; sid:200005138; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"withkoji.com",nocase; http_uri; content:"/@bt_update",nocase; classtype:attempted-recon; sid:200005139; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"withkoji.com",nocase; http_uri; content:"/@bt_upgrade",nocase; classtype:attempted-recon; sid:200005140; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"withkoji.com",nocase; http_uri; content:"/@btinternet",nocase; classtype:attempted-recon; sid:200005141; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wvk12-my.sharepoint.com",nocase; http_uri; content:"/:x:/r/personal/pklewis_k12_wv_us/_layouts/15/wopiframe.aspx?guestaccesstoken=tqintdtuii%2bam%2fbqmtnjkenggs2dptoi8hs2jqftjkq%3d&docid=1_1446052cffa4c4871bd24bb98fe86ed6d&wdformid=%7bdf30d25d%2d0b59%2d47e5%2d956e%2dc601397ea4d7%7d&action=formsubmit&cid=57cdb8ab-426b-4eff-a51f-903ee3684f96",nocase; classtype:attempted-recon; sid:200005142; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"wvk12-my.sharepoint.com",nocase; http_uri; content:"/personal/pklewis_k12_wv_us/_layouts/15/wopiframe.aspx?guestaccesstoken=tqintdtuii%2bam%2fbqmtnjkenggs2dptoi8hs2jqftjkq%3d&docid=1_1446052cffa4c4871bd24bb98fe86ed6d&wdformid=%7bdf30d25d%2d0b59%2d47e5%2d956e%2dc601397ea4d7%7d&action=formsubmit&cid=57cdb8ab-426b-4eff-a51f-903ee3684f96",nocase; classtype:attempted-recon; sid:200005143; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"xip.li",nocase; http_uri; content:"/oih3b8",nocase; classtype:attempted-recon; sid:200005144; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"znbint.com",nocase; http_uri; content:"/fire/dhl/load.php?0=aw5mb0btzxrhbg9naxmuy29t&amp\;guce_referrer=ahr0chm6ly9sb2dpbi55ywhvby5jb20v&amp\;guce_referrer_sig=aqaaaba99nmgr9inqoyu5mi3asjqfyjcpatd_a8modgjxpnxynmo8n5zxdi8ezv7gfypzosc_rpmz0hyfdck0olmxnmb6tpfznd5enc",nocase; classtype:attempted-recon; sid:200005145; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zpr.io",nocase; http_uri; content:"/kms8u47zlxwk",nocase; classtype:attempted-recon; sid:200005146; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zpr.io",nocase; http_uri; content:"/mxvzwlcdizyq",nocase; classtype:attempted-recon; sid:200005147; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; http_header:field host; content:"zpr.io",nocase; http_uri; content:"/nckeqquhrpuf",nocase; classtype:attempted-recon; sid:200005148; rev:1;)
diff --git a/dist/phishing-filter-suricata.rules b/dist/phishing-filter-suricata.rules
index 6348e16a..9a9fe221 100644
--- a/dist/phishing-filter-suricata.rules
+++ b/dist/phishing-filter-suricata.rules
@@ -1,5 +1,5 @@
 # Title: Phishing URL Suricata Ruleset
-# Updated: Sun, 16 Jan 2022 12:01:44 +0000
+# Updated: Mon, 17 Jan 2022 00:01:35 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/phishing-filter
 # License: https://gitlab.com/curben/phishing-filter#license
@@ -13,59 +13,59 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing web
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"02-billing-support.org"; classtype:attempted-recon; sid:200000005; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"08863299.sso-secure-mail0454etr.pages.dev"; classtype:attempted-recon; sid:200000006; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"0bs.de"; classtype:attempted-recon; sid:200000007; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"0gjvj7a8eydbjz3au8anbg-on.drv.tw"; classtype:attempted-recon; sid:200000008; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1000000000347789523698541.tk"; classtype:attempted-recon; sid:200000009; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1000000000347789523698545.tk"; classtype:attempted-recon; sid:200000010; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1000000000347789523698546.tk"; classtype:attempted-recon; sid:200000011; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1000000000347789523698547.tk"; classtype:attempted-recon; sid:200000012; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.114.16.4"; classtype:attempted-recon; sid:200000013; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"104.168.173.244"; classtype:attempted-recon; sid:200000014; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"104.168.173.248"; classtype:attempted-recon; sid:200000015; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.172.198.119"; classtype:attempted-recon; sid:200000016; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"109edc5b.ssdtfgyb09.pages.dev"; classtype:attempted-recon; sid:200000017; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112358400702021.biz.id"; classtype:attempted-recon; sid:200000018; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.164.17.147"; classtype:attempted-recon; sid:200000019; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121techyard.com"; classtype:attempted-recon; sid:200000020; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"130.211.30.154"; classtype:attempted-recon; sid:200000021; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"138.68.69.90"; classtype:attempted-recon; sid:200000022; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.98.234.77"; classtype:attempted-recon; sid:200000023; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"149-210-143-165.colo.transip.net"; classtype:attempted-recon; sid:200000024; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"149.210.143.165"; classtype:attempted-recon; sid:200000025; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"15004083383734.data-store-company.com"; classtype:attempted-recon; sid:200000026; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"154.30.211.130.bc.googleusercontent.com"; classtype:attempted-recon; sid:200000027; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"161.35.142.2"; classtype:attempted-recon; sid:200000028; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"165.227.122.125"; classtype:attempted-recon; sid:200000029; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"16park.cn"; classtype:attempted-recon; sid:200000030; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"173.82.154.253"; classtype:attempted-recon; sid:200000031; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"178.128.108.233.dsl.dyn.forthnet.gr"; classtype:attempted-recon; sid:200000032; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"179.43.140.208"; classtype:attempted-recon; sid:200000033; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"179.48.65.130"; classtype:attempted-recon; sid:200000034; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"18.217.56.169"; classtype:attempted-recon; sid:200000035; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1800poolservice.com"; classtype:attempted-recon; sid:200000036; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.73.136.210"; classtype:attempted-recon; sid:200000037; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185-46-10-159.cloudvps.regruhosting.ru"; classtype:attempted-recon; sid:200000038; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"18sitedev.com"; classtype:attempted-recon; sid:200000039; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190854.8b.io"; classtype:attempted-recon; sid:200000040; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1inch.party"; classtype:attempted-recon; sid:200000041; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1inhc.exchange"; classtype:attempted-recon; sid:200000042; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1inich.exchange"; classtype:attempted-recon; sid:200000043; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1ncih.exchange"; classtype:attempted-recon; sid:200000044; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2.136.95.251"; classtype:attempted-recon; sid:200000045; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"20140301.xyz"; classtype:attempted-recon; sid:200000046; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2022-exodus.com"; classtype:attempted-recon; sid:200000047; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2022-girobanken-sparkassen.xyz"; classtype:attempted-recon; sid:200000048; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2022.intrebrkprsonas.xyz"; classtype:attempted-recon; sid:200000049; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1000000000347789523698546.tk"; classtype:attempted-recon; sid:200000008; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1000000000347789523698547.tk"; classtype:attempted-recon; sid:200000009; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"103.114.16.4"; classtype:attempted-recon; sid:200000010; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"104.168.173.244"; classtype:attempted-recon; sid:200000011; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"104.168.173.248"; classtype:attempted-recon; sid:200000012; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"107.172.198.119"; classtype:attempted-recon; sid:200000013; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"109edc5b.ssdtfgyb09.pages.dev"; classtype:attempted-recon; sid:200000014; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"112358400702021.biz.id"; classtype:attempted-recon; sid:200000015; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"113.164.17.147"; classtype:attempted-recon; sid:200000016; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"121techyard.com"; classtype:attempted-recon; sid:200000017; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"130.211.30.154"; classtype:attempted-recon; sid:200000018; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"138.68.69.90"; classtype:attempted-recon; sid:200000019; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"14.98.234.77"; classtype:attempted-recon; sid:200000020; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"149-210-143-165.colo.transip.net"; classtype:attempted-recon; sid:200000021; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"149.210.143.165"; classtype:attempted-recon; sid:200000022; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"15004083383734.data-store-company.com"; classtype:attempted-recon; sid:200000023; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"154.222.224.81"; classtype:attempted-recon; sid:200000024; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"154.30.211.130.bc.googleusercontent.com"; classtype:attempted-recon; sid:200000025; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"161.35.142.2"; classtype:attempted-recon; sid:200000026; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"165.227.122.125"; classtype:attempted-recon; sid:200000027; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"16park.cn"; classtype:attempted-recon; sid:200000028; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1727365.com"; classtype:attempted-recon; sid:200000029; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"173.82.154.253"; classtype:attempted-recon; sid:200000030; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"178.128.108.233.dsl.dyn.forthnet.gr"; classtype:attempted-recon; sid:200000031; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"179.43.140.208"; classtype:attempted-recon; sid:200000032; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"179.48.65.130"; classtype:attempted-recon; sid:200000033; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"18.217.56.169"; classtype:attempted-recon; sid:200000034; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1800poolservice.com"; classtype:attempted-recon; sid:200000035; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"182.73.136.210"; classtype:attempted-recon; sid:200000036; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"185-46-10-159.cloudvps.regruhosting.ru"; classtype:attempted-recon; sid:200000037; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"18sitedev.com"; classtype:attempted-recon; sid:200000038; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"190854.8b.io"; classtype:attempted-recon; sid:200000039; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1inch.party"; classtype:attempted-recon; sid:200000040; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1inhc.exchange"; classtype:attempted-recon; sid:200000041; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1inich.exchange"; classtype:attempted-recon; sid:200000042; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"1ncih.exchange"; classtype:attempted-recon; sid:200000043; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2.136.95.251"; classtype:attempted-recon; sid:200000044; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"20140301.xyz"; classtype:attempted-recon; sid:200000045; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2022-exodus.com"; classtype:attempted-recon; sid:200000046; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2022-girobanken-sparkassen.xyz"; classtype:attempted-recon; sid:200000047; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2022.intrebrkprsonas.xyz"; classtype:attempted-recon; sid:200000048; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"205.185.113.221"; classtype:attempted-recon; sid:200000049; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"208.82.115.230"; classtype:attempted-recon; sid:200000050; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"217651.8b.io"; classtype:attempted-recon; sid:200000051; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2247317.verifyinguser426128734570198363.com"; classtype:attempted-recon; sid:200000052; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"228.94.92.rev.sfr.net.gghost.ru"; classtype:attempted-recon; sid:200000053; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24611250.sibforms.com"; classtype:attempted-recon; sid:200000054; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2482689012.yolasite.com"; classtype:attempted-recon; sid:200000055; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"299kensingtonroad.my.webex.com"; classtype:attempted-recon; sid:200000056; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2ex2cfu.cn"; classtype:attempted-recon; sid:200000057; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2fa.bthei.com"; classtype:attempted-recon; sid:200000058; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2pil.ru"; classtype:attempted-recon; sid:200000059; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2rakuten.co.jp.happyyear.cn"; classtype:attempted-recon; sid:200000060; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"228.94.92.rev.sfr.net.gghost.ru"; classtype:attempted-recon; sid:200000052; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"24611250.sibforms.com"; classtype:attempted-recon; sid:200000053; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2482689012.yolasite.com"; classtype:attempted-recon; sid:200000054; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"299kensingtonroad.my.webex.com"; classtype:attempted-recon; sid:200000055; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2ex2cfu.cn"; classtype:attempted-recon; sid:200000056; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2fa.bthei.com"; classtype:attempted-recon; sid:200000057; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2pil.ru"; classtype:attempted-recon; sid:200000058; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2rakuten.co.jp.happyyear.cn"; classtype:attempted-recon; sid:200000059; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2yfh.short.gy"; classtype:attempted-recon; sid:200000060; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"3-139-75-158.cprapid.com"; classtype:attempted-recon; sid:200000061; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"343i.org"; classtype:attempted-recon; sid:200000062; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"343t3dv9qdufp.clickfunnels.com"; classtype:attempted-recon; sid:200000063; rev:1;)
@@ -73,847 +73,847 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing web
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"35.199.84.117"; classtype:attempted-recon; sid:200000065; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"35.225.222.142"; classtype:attempted-recon; sid:200000066; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"3568365.com"; classtype:attempted-recon; sid:200000067; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"3a10a178.s6t6sj4s46tu4sys54y5.pages.dev"; classtype:attempted-recon; sid:200000068; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"3bvjh.sbs"; classtype:attempted-recon; sid:200000069; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"3ck.me"; classtype:attempted-recon; sid:200000070; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"3dprintersupplies.com.au"; classtype:attempted-recon; sid:200000071; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"3dsecure-update-service-info-live.duckdns.org"; classtype:attempted-recon; sid:200000072; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"3ff7c459-86b2-4f6d-b6b0-ba6402ef6cb0.htmlcomponentservice.com"; classtype:attempted-recon; sid:200000073; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"3j124.csb.app"; classtype:attempted-recon; sid:200000074; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.193.110.254"; classtype:attempted-recon; sid:200000075; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.186.132.130"; classtype:attempted-recon; sid:200000076; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.9.20.146"; classtype:attempted-recon; sid:200000077; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"48tlp.codesandbox.io"; classtype:attempted-recon; sid:200000078; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"4a14def9.sibforms.com"; classtype:attempted-recon; sid:200000079; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"4c0mr.93.8934.easyflv.com"; classtype:attempted-recon; sid:200000080; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"4lxkd.r.ag.d.sendibm3.com"; classtype:attempted-recon; sid:200000081; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"4r1un.app.link"; classtype:attempted-recon; sid:200000082; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"4w8bmmjcw86e.clickfunnels.com"; classtype:attempted-recon; sid:200000083; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"5.qarshishxtb.uz"; classtype:attempted-recon; sid:200000084; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"51.fi"; classtype:attempted-recon; sid:200000085; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"5181365.com"; classtype:attempted-recon; sid:200000086; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"52.148.252.166"; classtype:attempted-recon; sid:200000087; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"52292936869418365.web.id"; classtype:attempted-recon; sid:200000088; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"53vzxcnk6rwp.clickfunnels.com"; classtype:attempted-recon; sid:200000089; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"54-160-232-146.cprapid.com"; classtype:attempted-recon; sid:200000090; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"5736365.com"; classtype:attempted-recon; sid:200000091; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"5b0f6cb9-0485-4fc7-9775-eb74bb45bbf6.htmlcomponentservice.com"; classtype:attempted-recon; sid:200000092; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"5e841ae2.srvr-cloudmail-srvr6765e7tg.pages.dev"; classtype:attempted-recon; sid:200000093; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"613707.selcdn.ru"; classtype:attempted-recon; sid:200000094; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61da8ae6.6u6566hrrthsh45.pages.dev"; classtype:attempted-recon; sid:200000095; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"638ca12d-ba2f-451c-8418-faf56b7de7ff.htmlcomponentservice.com"; classtype:attempted-recon; sid:200000096; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"65451440241544.hyperphp.com"; classtype:attempted-recon; sid:200000097; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"664876.verifyinguser426128734570198363.com"; classtype:attempted-recon; sid:200000098; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"67lksxgjd.bttmassage-thai-tanger.com"; classtype:attempted-recon; sid:200000099; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"6a7zu9he6mqh.clickfunnels.com"; classtype:attempted-recon; sid:200000100; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"6c7f0acc.sibforms.com"; classtype:attempted-recon; sid:200000101; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"78.108.89.240"; classtype:attempted-recon; sid:200000102; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"7837365.com"; classtype:attempted-recon; sid:200000103; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"7a4298b9.sso-mail-secure234ds23d23wd1.pages.dev"; classtype:attempted-recon; sid:200000104; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"7wr4u.csb.app"; classtype:attempted-recon; sid:200000105; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"7yu3v.csb.app"; classtype:attempted-recon; sid:200000106; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"8.215.32.173"; classtype:attempted-recon; sid:200000107; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"8010361370310234068010361370310234.blogspot.be"; classtype:attempted-recon; sid:200000108; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"859411.icu"; classtype:attempted-recon; sid:200000109; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"8760365.com"; classtype:attempted-recon; sid:200000110; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"889381.icu"; classtype:attempted-recon; sid:200000111; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"8899.jp"; classtype:attempted-recon; sid:200000112; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"89ix7y0.cn"; classtype:attempted-recon; sid:200000113; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"92.rev.sfr.net.gghost.ru"; classtype:attempted-recon; sid:200000114; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"94183655229293686.web.id"; classtype:attempted-recon; sid:200000115; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"98yiujh.9peop5jzad1945.workers.dev"; classtype:attempted-recon; sid:200000116; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"9d62cfee-59b3-42a8-9542-4b3a32692792.htmlcomponentservice.com"; classtype:attempted-recon; sid:200000117; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"9faf19faf1.virkrupaengg.com"; classtype:attempted-recon; sid:200000118; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"9ftytucsh4ph.clickfunnels.com"; classtype:attempted-recon; sid:200000119; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a.2827e82ca6640ef29594fb288383c901159970954a6ca74d562cd3aa.com"; classtype:attempted-recon; sid:200000120; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a.insecurpage.recovery-safty.workers.dev"; classtype:attempted-recon; sid:200000121; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a.mauofeg.com"; classtype:attempted-recon; sid:200000122; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a.mauofog.com"; classtype:attempted-recon; sid:200000123; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a.scicemecod.com"; classtype:attempted-recon; sid:200000124; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a.snadc-oecddo.com"; classtype:attempted-recon; sid:200000125; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a0570626.xsph.ru"; classtype:attempted-recon; sid:200000126; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a4d3b42c.chgmar-d8y.pages.dev"; classtype:attempted-recon; sid:200000127; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a71843c1.mailssocloud-srvr65e5rd.pages.dev"; classtype:attempted-recon; sid:200000128; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a894ec7f.46t33454t4.pages.dev"; classtype:attempted-recon; sid:200000129; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aa.snadc-oecddo.com"; classtype:attempted-recon; sid:200000130; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aagamsteelcorporation.com"; classtype:attempted-recon; sid:200000131; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aar.macecri.com"; classtype:attempted-recon; sid:200000132; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"abeermultimediadesign.com"; classtype:attempted-recon; sid:200000133; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"absaonline2021.website2.me"; classtype:attempted-recon; sid:200000134; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"absolute-containers-sip.business.site"; classtype:attempted-recon; sid:200000135; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"absolutepleasure.com.my"; classtype:attempted-recon; sid:200000136; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"acacia.webdevonline.net"; classtype:attempted-recon; sid:200000137; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"account.herephyshy.info"; classtype:attempted-recon; sid:200000138; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"account.verifications.help-page.workers.dev"; classtype:attempted-recon; sid:200000139; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"accounts-autoscout24.de"; classtype:attempted-recon; sid:200000140; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"acessobradesco.digital"; classtype:attempted-recon; sid:200000141; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ach111.xyz"; classtype:attempted-recon; sid:200000142; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"activate-hulu-com-activate.sitey.me"; classtype:attempted-recon; sid:200000143; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"adamfeber.com"; classtype:attempted-recon; sid:200000144; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"adcloudserver.com"; classtype:attempted-recon; sid:200000145; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"admin-formserviceupdates.weeblysite.com"; classtype:attempted-recon; sid:200000146; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"administraciondefincaspereznovo.com"; classtype:attempted-recon; sid:200000147; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"adorablepomskyhome.net"; classtype:attempted-recon; sid:200000148; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"adpunemploymentclaims.sharefile.com"; classtype:attempted-recon; sid:200000149; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"adsmarca.com"; classtype:attempted-recon; sid:200000150; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ae.snadc-oecddo.com"; classtype:attempted-recon; sid:200000151; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"affixsports.net"; classtype:attempted-recon; sid:200000152; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"afreemart.xyz"; classtype:attempted-recon; sid:200000153; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"africansecrets.ca"; classtype:attempted-recon; sid:200000154; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"agora.imb.br"; classtype:attempted-recon; sid:200000155; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"agricolefr-99f918.ingress-erytho.easywp.com"; classtype:attempted-recon; sid:200000156; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"agrimetiersmartinique.fr"; classtype:attempted-recon; sid:200000157; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"agurimu-nagoya.com"; classtype:attempted-recon; sid:200000158; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ahhhh.pe.kr"; classtype:attempted-recon; sid:200000159; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ai.macecri.com"; classtype:attempted-recon; sid:200000160; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aib-unauthorized-access.com"; classtype:attempted-recon; sid:200000161; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aid-validation-human.run-us-west2.goorm.io"; classtype:attempted-recon; sid:200000162; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aimekidya-recpag.web.id"; classtype:attempted-recon; sid:200000163; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"airportprescreening.com"; classtype:attempted-recon; sid:200000164; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aitsidihamh.my-place.us"; classtype:attempted-recon; sid:200000165; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"akanksha3012.github.io"; classtype:attempted-recon; sid:200000166; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aks34.github.io"; classtype:attempted-recon; sid:200000167; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aksehirelittotel.com"; classtype:attempted-recon; sid:200000168; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aksjdkas.6icmtmbvlj5916.workers.dev"; classtype:attempted-recon; sid:200000169; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aksjoeomraadet.no"; classtype:attempted-recon; sid:200000170; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aktualizacja.jst.pl"; classtype:attempted-recon; sid:200000171; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"akun-peringatan03.webnode.page"; classtype:attempted-recon; sid:200000172; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alareentading-catalog.page.tl"; classtype:attempted-recon; sid:200000173; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"albel.intnet.mu"; classtype:attempted-recon; sid:200000174; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aldana.in"; classtype:attempted-recon; sid:200000175; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alerts.department.improvement.workers.dev"; classtype:attempted-recon; sid:200000176; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alexellis.gr"; classtype:attempted-recon; sid:200000177; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alexxou.website2.me"; classtype:attempted-recon; sid:200000178; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"algotextil.com.br"; classtype:attempted-recon; sid:200000179; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aliciabot.azurewebsites.net"; classtype:attempted-recon; sid:200000180; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alkhalilgraphics.com"; classtype:attempted-recon; sid:200000181; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"allegrolokalnie-pl-3dsafe.id-43051.xyz"; classtype:attempted-recon; sid:200000182; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"allegrolokalnie-pl-3dsafe.id-91501.xyz"; classtype:attempted-recon; sid:200000183; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"allegrolokalnie-pl-safe.id-43051.xyz"; classtype:attempted-recon; sid:200000184; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alliancesuper.com"; classtype:attempted-recon; sid:200000185; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"almighty.edu.np"; classtype:attempted-recon; sid:200000186; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alnajahh.com"; classtype:attempted-recon; sid:200000187; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aloun.ps"; classtype:attempted-recon; sid:200000188; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alphabnkgre.com"; classtype:attempted-recon; sid:200000189; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alqadi.ps"; classtype:attempted-recon; sid:200000190; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alquilervillora.net"; classtype:attempted-recon; sid:200000191; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alsofft.com"; classtype:attempted-recon; sid:200000192; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amacez.jyrtery4.top"; classtype:attempted-recon; sid:200000193; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amacredit.amacardpkey.xyz"; classtype:attempted-recon; sid:200000194; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amaenv.fgasdfw6.xyz"; classtype:attempted-recon; sid:200000195; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amaozn.ywcimei.com"; classtype:attempted-recon; sid:200000196; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amaznllo.co.jp.amauioda.net"; classtype:attempted-recon; sid:200000197; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazom.supesn.xyz"; classtype:attempted-recon; sid:200000198; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazom.supwwe.xyz"; classtype:attempted-recon; sid:200000199; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazomsse.shop"; classtype:attempted-recon; sid:200000200; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazon-gcatech.com"; classtype:attempted-recon; sid:200000201; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazon-interruption.com"; classtype:attempted-recon; sid:200000202; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazon.co.ip.jlig.cn"; classtype:attempted-recon; sid:200000203; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazon.co.jp.abaiaccounting.cn"; classtype:attempted-recon; sid:200000204; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazon.gousana.casa"; classtype:attempted-recon; sid:200000205; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazon.jp-m.win"; classtype:attempted-recon; sid:200000206; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazon.works.ga"; classtype:attempted-recon; sid:200000207; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazonhome.sfrmobiles.com"; classtype:attempted-recon; sid:200000208; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazonjapsne.cf"; classtype:attempted-recon; sid:200000209; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazoon.co.op.o4j.top"; classtype:attempted-recon; sid:200000210; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ambil-hadiah-gratis-resmi-dari-freefire.duckdns.org"; classtype:attempted-recon; sid:200000211; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amc-training.com"; classtype:attempted-recon; sid:200000212; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amcgardiennage.com"; classtype:attempted-recon; sid:200000213; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ameozom.jp.onaworks.com"; classtype:attempted-recon; sid:200000214; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"americanexpress-auth.azurewebsites.net"; classtype:attempted-recon; sid:200000215; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"americanexpress.heiwakai.com"; classtype:attempted-recon; sid:200000216; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amguevara.com"; classtype:attempted-recon; sid:200000217; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amidabuli.com"; classtype:attempted-recon; sid:200000218; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amlnov7.web.app"; classtype:attempted-recon; sid:200000219; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amnzma-jp.top"; classtype:attempted-recon; sid:200000220; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amnzms1-jp.top"; classtype:attempted-recon; sid:200000221; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amnzms4-jp.shop"; classtype:attempted-recon; sid:200000222; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amnzmsf-jp.shop"; classtype:attempted-recon; sid:200000223; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amnzmsn3-jp.shop"; classtype:attempted-recon; sid:200000224; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amoazom.rm82j6-t8.cn"; classtype:attempted-recon; sid:200000225; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amonzau_co_take.ktbf.shop"; classtype:attempted-recon; sid:200000226; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amosleh.com"; classtype:attempted-recon; sid:200000227; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amozom.co.ip.taxhod.club"; classtype:attempted-recon; sid:200000228; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amreeth.github.io"; classtype:attempted-recon; sid:200000229; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amusebouche-bg.com"; classtype:attempted-recon; sid:200000230; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amzcredit.dearva.xyz"; classtype:attempted-recon; sid:200000231; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"an.macecri.com"; classtype:attempted-recon; sid:200000232; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"anandsr-dev.github.io"; classtype:attempted-recon; sid:200000233; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"anarchitecturestudio.com"; classtype:attempted-recon; sid:200000234; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"anbn.ru"; classtype:attempted-recon; sid:200000235; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"andersonstrategic.com.au"; classtype:attempted-recon; sid:200000236; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"androapk.in"; classtype:attempted-recon; sid:200000237; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"andromeda-manageer-association-27.web.id"; classtype:attempted-recon; sid:200000238; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"angiofsi.page.link"; classtype:attempted-recon; sid:200000239; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"angryezgames.com"; classtype:attempted-recon; sid:200000240; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"anhduongjsc.com"; classtype:attempted-recon; sid:200000241; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"anj-azakp.run.goorm.io"; classtype:attempted-recon; sid:200000242; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"anjalijha167.github.io"; classtype:attempted-recon; sid:200000243; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"anjayredit.duckdns.org"; classtype:attempted-recon; sid:200000244; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"annacatania.com.mt"; classtype:attempted-recon; sid:200000245; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"anon-keep-admin-keep.rvsla.workers.dev"; classtype:attempted-recon; sid:200000246; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ansr.ro"; classtype:attempted-recon; sid:200000247; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aolmailukhelplinecustomerservice.blogspot.com"; classtype:attempted-recon; sid:200000248; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aolmailukhelplinecustomerservice.blogspot.com.au"; classtype:attempted-recon; sid:200000249; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aolpoweredservice.duckdns.org"; classtype:attempted-recon; sid:200000250; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aolverixon11dfd.weebly.com"; classtype:attempted-recon; sid:200000251; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aolxperience.com"; classtype:attempted-recon; sid:200000252; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"api-saisoncard-co-jp.o4ay8.net"; classtype:attempted-recon; sid:200000253; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"api.florense.com.br"; classtype:attempted-recon; sid:200000254; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"api.redirect-bentobot199.com"; classtype:attempted-recon; sid:200000255; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"api.redirect-safebrowser-online.com"; classtype:attempted-recon; sid:200000256; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"api.safe-directmail.com"; classtype:attempted-recon; sid:200000257; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aplintec.com.mx"; classtype:attempted-recon; sid:200000258; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"app-928e4a31-5ecb-44ae-8c1e-5a710ac73f9f.cleverapps.io"; classtype:attempted-recon; sid:200000259; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"app-bombcrypto-io-login-ab.blogspot.com"; classtype:attempted-recon; sid:200000260; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"app-panckswp.xyz"; classtype:attempted-recon; sid:200000261; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"app.bydn217.club"; classtype:attempted-recon; sid:200000262; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"app.duel.network"; classtype:attempted-recon; sid:200000263; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"app.fiiber.ca"; classtype:attempted-recon; sid:200000264; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"app.moneylinecreditcorporation.com"; classtype:attempted-recon; sid:200000265; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"app.skiff.org"; classtype:attempted-recon; sid:200000266; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"app.sugarsync.com"; classtype:attempted-recon; sid:200000267; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appatualizecef.com"; classtype:attempted-recon; sid:200000268; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appibsolicitud.com"; classtype:attempted-recon; sid:200000269; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appleid-check.info"; classtype:attempted-recon; sid:200000270; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"applepichincha.webcindario.com"; classtype:attempted-recon; sid:200000271; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"apply.aua.am"; classtype:attempted-recon; sid:200000272; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"apps.mobile-form-verification40124572700208277579.xjzsg0tqkl-ewl6ngk8w352.p.runcloud.link"; classtype:attempted-recon; sid:200000273; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appttech.com"; classtype:attempted-recon; sid:200000274; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aquaqualitas.com"; classtype:attempted-recon; sid:200000275; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arafathrumman.github.io"; classtype:attempted-recon; sid:200000276; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arcacg.com"; classtype:attempted-recon; sid:200000277; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"archivio-supporto.sitoper.it"; classtype:attempted-recon; sid:200000278; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"are.scicemecod.com"; classtype:attempted-recon; sid:200000279; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"areueaom.gtpzcve.cn"; classtype:attempted-recon; sid:200000280; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"areueaom.gtva.cn"; classtype:attempted-recon; sid:200000281; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aromatic.webenliven.in"; classtype:attempted-recon; sid:200000282; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arthamahotels.com"; classtype:attempted-recon; sid:200000283; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"artlux.com.pl"; classtype:attempted-recon; sid:200000284; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arub-service.org"; classtype:attempted-recon; sid:200000285; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aruba.fatt.ids-sys.com"; classtype:attempted-recon; sid:200000286; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"as.macecri.com"; classtype:attempted-recon; sid:200000287; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"asaipestcontrol.com"; classtype:attempted-recon; sid:200000288; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ascom.co.tz"; classtype:attempted-recon; sid:200000289; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"asd.9sw53wk.cn"; classtype:attempted-recon; sid:200000290; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"asgard-ampqy.run-us-west2.goorm.io"; classtype:attempted-recon; sid:200000291; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"asimpwsh.com"; classtype:attempted-recon; sid:200000292; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"asistentetramitadordigitalda.com"; classtype:attempted-recon; sid:200000293; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"askarmotorluaraclar.com"; classtype:attempted-recon; sid:200000294; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"asrefanavary.com"; classtype:attempted-recon; sid:200000295; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"at-t-support-service1.sitey.me"; classtype:attempted-recon; sid:200000296; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"at-t-yahoo.sitey.me"; classtype:attempted-recon; sid:200000297; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atento-fdi.plusoftomni.com.br"; classtype:attempted-recon; sid:200000298; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ativacao-online73681.com"; classtype:attempted-recon; sid:200000299; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atnr76dxku336szy.clickfunnels.com"; classtype:attempted-recon; sid:200000300; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"attcustomdesk.weebly.com"; classtype:attempted-recon; sid:200000301; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"attinfoser.weebly.com"; classtype:attempted-recon; sid:200000302; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"attonlinemanagementpage.weebly.com"; classtype:attempted-recon; sid:200000303; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"attpage1121.weebly.com"; classtype:attempted-recon; sid:200000304; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atualizacao-online547864.com"; classtype:attempted-recon; sid:200000305; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atualizarmodolo.com"; classtype:attempted-recon; sid:200000306; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atulrathore-dev.github.io"; classtype:attempted-recon; sid:200000307; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aurumship.com"; classtype:attempted-recon; sid:200000308; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aushfew.tokyo"; classtype:attempted-recon; sid:200000309; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aushotel.es"; classtype:attempted-recon; sid:200000310; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auth-task1-m.web.app"; classtype:attempted-recon; sid:200000311; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auth-webmailakeonetcom.yolasite.com"; classtype:attempted-recon; sid:200000312; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"authorize-trustvallet-protocol.com"; classtype:attempted-recon; sid:200000313; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"authorizewallet.app"; classtype:attempted-recon; sid:200000314; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"authuxeehmutconjxmailssocl.web.app"; classtype:attempted-recon; sid:200000315; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"authxntico.cc"; classtype:attempted-recon; sid:200000316; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"autodiscover.ryder-dutton.co.uk"; classtype:attempted-recon; sid:200000317; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"autoexprs.com"; classtype:attempted-recon; sid:200000318; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"autoranplususeremailprocessingupdate.pages.dev"; classtype:attempted-recon; sid:200000319; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"autoscurt24.de"; classtype:attempted-recon; sid:200000320; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"autumn-sun-4a21.paqesads-scure.workers.dev"; classtype:attempted-recon; sid:200000321; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"avrorganics.com"; classtype:attempted-recon; sid:200000322; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"awesome-gates-8bdd6f.netlify.app"; classtype:attempted-recon; sid:200000323; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ax.xiguw.workers.dev"; classtype:attempted-recon; sid:200000324; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"axieinfinity-meta.com"; classtype:attempted-recon; sid:200000325; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"axieinfinity-supportwallet.com"; classtype:attempted-recon; sid:200000326; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"axlr.in"; classtype:attempted-recon; sid:200000327; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ayguru.com"; classtype:attempted-recon; sid:200000328; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"az.macecri.com"; classtype:attempted-recon; sid:200000329; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"azb3s.cf"; classtype:attempted-recon; sid:200000330; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"azmnsaz.000webhostapp.com"; classtype:attempted-recon; sid:200000331; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"azmznonos_co_long.akys.shop"; classtype:attempted-recon; sid:200000332; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"b.com.0cdb6084fc320a42a6418192753f5960.laremolonarestaurante.com"; classtype:attempted-recon; sid:200000333; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"b059c86968a6427389952025bcee9886.svc.dynamics.com"; classtype:attempted-recon; sid:200000334; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"b4e921f0.sso-mailsrvr-4344e5teed.pages.dev"; classtype:attempted-recon; sid:200000335; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"b96f7f93.sibforms.com"; classtype:attempted-recon; sid:200000336; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"b97bca39.srvr-cloudmail-srvr6754e5rte.pages.dev"; classtype:attempted-recon; sid:200000337; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bacteralia.com"; classtype:attempted-recon; sid:200000338; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"badnewswegewroighgserhhg.xyz"; classtype:attempted-recon; sid:200000339; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bag-macben.eu"; classtype:attempted-recon; sid:200000340; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bakhai.vn"; classtype:attempted-recon; sid:200000341; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"balajihospital.net"; classtype:attempted-recon; sid:200000342; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"balalabala090.diskstation.eu"; classtype:attempted-recon; sid:200000343; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bamarfoundation.org"; classtype:attempted-recon; sid:200000344; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"banca-electronica1.odoo.com"; classtype:attempted-recon; sid:200000345; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaenlineal-interbark2.com"; classtype:attempted-recon; sid:200000346; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporinternet-interbark.pcriot.com"; classtype:attempted-recon; sid:200000347; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporinternet.interban.pe.magictourscancun.com"; classtype:attempted-recon; sid:200000348; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporinternet.interbrnpe.com"; classtype:attempted-recon; sid:200000349; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporinternet.lnterbank.pronductos.com"; classtype:attempted-recon; sid:200000350; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporinternetinterbank.pe-promocion.app"; classtype:attempted-recon; sid:200000351; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporintrnet.interbnkperu.es"; classtype:attempted-recon; sid:200000352; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporlnternetlnterbarnk.dominandoagestao.com.br"; classtype:attempted-recon; sid:200000353; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporlnternetlnterbarnk.infinitegoldjewelry.com"; classtype:attempted-recon; sid:200000354; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporlnternetlnterbarnk.jifad.org"; classtype:attempted-recon; sid:200000355; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporlnternetlnterbarnk.libertycanais.com.br"; classtype:attempted-recon; sid:200000356; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancoiinng.site44.com"; classtype:attempted-recon; sid:200000357; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancooccidentalb.com"; classtype:attempted-recon; sid:200000358; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bank-id.pl"; classtype:attempted-recon; sid:200000359; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bankapolska.com"; classtype:attempted-recon; sid:200000360; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"banki0wa.us"; classtype:attempted-recon; sid:200000361; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bankocaoffo.webcindario.com"; classtype:attempted-recon; sid:200000362; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bankofamer86.ddns.net"; classtype:attempted-recon; sid:200000363; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bannerbank.control-inc.com"; classtype:attempted-recon; sid:200000364; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bannerchampnyc.com"; classtype:attempted-recon; sid:200000365; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"banproseguridadasistenteenlineanic.webnode.es"; classtype:attempted-recon; sid:200000366; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"banqsuepoy.temp.swtest.ru"; classtype:attempted-recon; sid:200000367; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"baradua.it"; classtype:attempted-recon; sid:200000368; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"battlelastmont.cyou"; classtype:attempted-recon; sid:200000369; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bc1.paiementervice.com"; classtype:attempted-recon; sid:200000370; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bconclutmjy.ru"; classtype:attempted-recon; sid:200000371; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bcp-marketing.com"; classtype:attempted-recon; sid:200000372; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bcpzonaseguirabeta.com"; classtype:attempted-recon; sid:200000373; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-home.web.do"; classtype:attempted-recon; sid:200000374; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bearmybrand.com"; classtype:attempted-recon; sid:200000375; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beast-blog.com"; classtype:attempted-recon; sid:200000376; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beibys.com.br"; classtype:attempted-recon; sid:200000377; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beijing.vfzfy1v.cn"; classtype:attempted-recon; sid:200000378; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"belovedaroma.com"; classtype:attempted-recon; sid:200000379; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bendmytrend.com"; classtype:attempted-recon; sid:200000380; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"berketurizm.com"; classtype:attempted-recon; sid:200000381; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beupdatedmust.pricesrakutenlogin.buzz"; classtype:attempted-recon; sid:200000382; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bexwebmailupdate.web.app"; classtype:attempted-recon; sid:200000383; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beyondsmiles.co.in"; classtype:attempted-recon; sid:200000384; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bghgcd.psuxscm.cn"; classtype:attempted-recon; sid:200000385; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bharathi1809.github.io"; classtype:attempted-recon; sid:200000386; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhavin0077.github.io"; classtype:attempted-recon; sid:200000387; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhddf.uwe6ui0.cn"; classtype:attempted-recon; sid:200000388; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhdf.bdc9985.cn"; classtype:attempted-recon; sid:200000389; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhdf.ryhk63.cn"; classtype:attempted-recon; sid:200000390; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhdf.t18v2kr.cn"; classtype:attempted-recon; sid:200000391; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhdf.y0ai5w8.cn"; classtype:attempted-recon; sid:200000392; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhgcd.8h391um.cn"; classtype:attempted-recon; sid:200000393; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhgcxz.00e5gfu.cn"; classtype:attempted-recon; sid:200000394; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhgd.48ud0ez.cn"; classtype:attempted-recon; sid:200000395; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhgdd.qlljdgs.cn"; classtype:attempted-recon; sid:200000396; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhgxa.eo76sni.cn"; classtype:attempted-recon; sid:200000397; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhhcd.9bzuw49.cn"; classtype:attempted-recon; sid:200000398; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhhxaa.123qi7b.cn"; classtype:attempted-recon; sid:200000399; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhxas.rb0xts7.cn"; classtype:attempted-recon; sid:200000400; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhxdd.2hllf8x.cn"; classtype:attempted-recon; sid:200000401; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bicicentroslezama.com"; classtype:attempted-recon; sid:200000402; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"biedronka-news.biz"; classtype:attempted-recon; sid:200000403; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"biedronka-news.us"; classtype:attempted-recon; sid:200000404; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"biedronkainvest.biz"; classtype:attempted-recon; sid:200000405; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bienlinea.com"; classtype:attempted-recon; sid:200000406; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bijoycity.com"; classtype:attempted-recon; sid:200000407; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bilacintatakk.institute-pagess.workers.dev"; classtype:attempted-recon; sid:200000408; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bilasajaterjadii.institute-pagess.workers.dev"; classtype:attempted-recon; sid:200000409; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"billingfailure-o2.com"; classtype:attempted-recon; sid:200000410; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bioenergyevitalite.com"; classtype:attempted-recon; sid:200000411; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"birlacitywaterpark.com"; classtype:attempted-recon; sid:200000412; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bisanew.20931.repl.co"; classtype:attempted-recon; sid:200000413; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"biswap.fm"; classtype:attempted-recon; sid:200000414; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"biswapdapp.org"; classtype:attempted-recon; sid:200000415; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bitbaink.web.app"; classtype:attempted-recon; sid:200000416; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bitflye87.com"; classtype:attempted-recon; sid:200000417; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bitflyerfr.cc"; classtype:attempted-recon; sid:200000418; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bithunnb.web.app"; classtype:attempted-recon; sid:200000419; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bitmexinc.com"; classtype:attempted-recon; sid:200000420; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bitso.cm"; classtype:attempted-recon; sid:200000421; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bitsrflyer.com"; classtype:attempted-recon; sid:200000422; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bizlinktek.com"; classtype:attempted-recon; sid:200000423; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bizzcityinfo.com"; classtype:attempted-recon; sid:200000424; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blanchevetements.com"; classtype:attempted-recon; sid:200000425; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blllsoth.weebly.com"; classtype:attempted-recon; sid:200000426; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blockchain-fix.org"; classtype:attempted-recon; sid:200000427; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blockchainwallet-tool.com"; classtype:attempted-recon; sid:200000428; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blocks.rn86.ru"; classtype:attempted-recon; sid:200000429; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blog.booxium.com"; classtype:attempted-recon; sid:200000430; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blog.drmostafafouadivf.com"; classtype:attempted-recon; sid:200000431; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blog.storrea.com"; classtype:attempted-recon; sid:200000432; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blog.visionconsulting.ro"; classtype:attempted-recon; sid:200000433; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blog.weiwanjia.com"; classtype:attempted-recon; sid:200000434; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blowfish-ltd.co.uk"; classtype:attempted-recon; sid:200000435; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blslightinginc.com"; classtype:attempted-recon; sid:200000436; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bmcporlnternet.lnterbamkpe.extracaslh.shop"; classtype:attempted-recon; sid:200000437; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bn-seguridadperu.com"; classtype:attempted-recon; sid:200000438; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bnconacional.odoo.com"; classtype:attempted-recon; sid:200000439; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bncre.odoo.com"; classtype:attempted-recon; sid:200000440; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bncxz.9wx9b27.cn"; classtype:attempted-recon; sid:200000441; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bndigitalpersonas.com"; classtype:attempted-recon; sid:200000442; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bnpparibas-pl.mob-app.xyz"; classtype:attempted-recon; sid:200000443; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boaupdate.bfaoscr.com"; classtype:attempted-recon; sid:200000444; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bogdonovlerer.com"; classtype:attempted-recon; sid:200000445; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bogged-finance.com"; classtype:attempted-recon; sid:200000446; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bokgabanesolutions.co.za"; classtype:attempted-recon; sid:200000447; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bookfbs.evangsamuelministries.com"; classtype:attempted-recon; sid:200000448; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boxes.com.py"; classtype:attempted-recon; sid:200000449; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"br4.in"; classtype:attempted-recon; sid:200000450; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"br622.teste.website"; classtype:attempted-recon; sid:200000451; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brave-knuth-96d329.netlify.app"; classtype:attempted-recon; sid:200000452; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"breople.com"; classtype:attempted-recon; sid:200000453; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brigida_cossette.gitlab.io"; classtype:attempted-recon; sid:200000454; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooks-forrunning.top"; classtype:attempted-recon; sid:200000455; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooks-justforjogging.top"; classtype:attempted-recon; sid:200000456; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooks-move.top"; classtype:attempted-recon; sid:200000457; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooks-ooke.top"; classtype:attempted-recon; sid:200000458; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooks-runfarther.top"; classtype:attempted-recon; sid:200000459; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooks-xsdaodab.top"; classtype:attempted-recon; sid:200000460; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooks-xsdauofc.top"; classtype:attempted-recon; sid:200000461; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooks-xsgdfaja.top"; classtype:attempted-recon; sid:200000462; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooks1984.shop"; classtype:attempted-recon; sid:200000463; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksair.top"; classtype:attempted-recon; sid:200000464; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksale.top"; classtype:attempted-recon; sid:200000465; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksboom.top"; classtype:attempted-recon; sid:200000466; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksdiscount.top"; classtype:attempted-recon; sid:200000467; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksnewmethod.top"; classtype:attempted-recon; sid:200000468; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksnewsports.top"; classtype:attempted-recon; sid:200000469; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksprime.top"; classtype:attempted-recon; sid:200000470; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksrevel.top"; classtype:attempted-recon; sid:200000471; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksrunble.top"; classtype:attempted-recon; sid:200000472; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksrunshoeshopping.top"; classtype:attempted-recon; sid:200000473; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksshopsft.top"; classtype:attempted-recon; sid:200000474; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brookssoft.top"; classtype:attempted-recon; sid:200000475; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bruno-genthial.mykajabi.com"; classtype:attempted-recon; sid:200000476; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bt-108665.square.site"; classtype:attempted-recon; sid:200000477; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"btbusinessbilling.wordpress.com"; classtype:attempted-recon; sid:200000478; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"btclickpreview365pdf.1msite.eu"; classtype:attempted-recon; sid:200000479; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"btconnect-109798.square.site"; classtype:attempted-recon; sid:200000480; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"btconnectfilesecurebthomelogindropboxinupdatetdropboxpdf-logss.yolasite.com"; classtype:attempted-recon; sid:200000481; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"btconnectfilesecurebthomelogindropboxlinkupdatetdropboxpdf-logs.yolasite.com"; classtype:attempted-recon; sid:200000482; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"btconnectfilesecurebthomeloginpdropboxupdatepdf-logsssss-websit.yolasite.com"; classtype:attempted-recon; sid:200000483; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"btconnectfilesecurebthomesloginpdropboxupdatepdf-logsssss-websi.yolasite.com"; classtype:attempted-recon; sid:200000484; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bthak.com"; classtype:attempted-recon; sid:200000485; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"btinfoldddasasa.weebly.com"; classtype:attempted-recon; sid:200000486; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bttelecommunicatiiion.weebly.com"; classtype:attempted-recon; sid:200000487; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"budrimon.xyz"; classtype:attempted-recon; sid:200000488; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"builmon.xyz"; classtype:attempted-recon; sid:200000489; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bujikena.web.app"; classtype:attempted-recon; sid:200000490; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bundel-cobragratis2022.duckdns.org"; classtype:attempted-recon; sid:200000491; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"busanopen.org"; classtype:attempted-recon; sid:200000492; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-action-copyright11022.web.app"; classtype:attempted-recon; sid:200000493; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-action-page129591.web.app"; classtype:attempted-recon; sid:200000494; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-appeal-copyright8211.web.app"; classtype:attempted-recon; sid:200000495; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-appeal-form-18222.web.app"; classtype:attempted-recon; sid:200000496; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-copyright-alert100821.web.app"; classtype:attempted-recon; sid:200000497; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-copyright-alert198082.web.app"; classtype:attempted-recon; sid:200000498; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-copyright-alert19882.web.app"; classtype:attempted-recon; sid:200000499; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-copyright-detected920.web.app"; classtype:attempted-recon; sid:200000500; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-page-content125882.web.app"; classtype:attempted-recon; sid:200000501; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-required-helpcenter82.web.app"; classtype:attempted-recon; sid:200000502; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-required-info188221.web.app"; classtype:attempted-recon; sid:200000503; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"businessemailss.biz"; classtype:attempted-recon; sid:200000504; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bussines.messages-redirect-to-page.e37uezyquk-rz83y0rwz4d7.p.runcloud.link"; classtype:attempted-recon; sid:200000505; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"buyelectronicsnyc.com"; classtype:attempted-recon; sid:200000506; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"c.curiousmorty.be"; classtype:attempted-recon; sid:200000507; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"c.jardindemiedo.es"; classtype:attempted-recon; sid:200000508; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"c.loveawaits.be"; classtype:attempted-recon; sid:200000509; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"c.mail.com"; classtype:attempted-recon; sid:200000510; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"c0m-r51znzlh8i.isiolo.go.ke"; classtype:attempted-recon; sid:200000511; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"c10012022j.temp.swtest.ru"; classtype:attempted-recon; sid:200000512; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"c1christine.tjelmeland2e.cso.gov.tt"; classtype:attempted-recon; sid:200000513; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"c2dc5b99.chgmar.pages.dev"; classtype:attempted-recon; sid:200000514; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"c6ebv708.caspio.com"; classtype:attempted-recon; sid:200000515; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cabsiler.com"; classtype:attempted-recon; sid:200000516; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cache.nebula.phx3.secureserver.net"; classtype:attempted-recon; sid:200000517; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cadeau-orange.fr"; classtype:attempted-recon; sid:200000518; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"caixaseguradora.quadientcloud.com"; classtype:attempted-recon; sid:200000519; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cakesbyannemotha.com"; classtype:attempted-recon; sid:200000520; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cammymiller.com"; classtype:attempted-recon; sid:200000521; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"canadapost.reschedule.online.portal.services.parcel01868972.mh-group.net"; classtype:attempted-recon; sid:200000522; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cann-life.com"; classtype:attempted-recon; sid:200000523; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cannellandcoflooring.co.uk"; classtype:attempted-recon; sid:200000524; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"capservice.online"; classtype:attempted-recon; sid:200000525; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"caracasmateriais.blogspot.com"; classtype:attempted-recon; sid:200000526; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"carpediemxp.com"; classtype:attempted-recon; sid:200000527; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"carry.reduxservices.com"; classtype:attempted-recon; sid:200000528; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"carservicessaupdate.xyz"; classtype:attempted-recon; sid:200000529; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cartamorin-geometres.fr"; classtype:attempted-recon; sid:200000530; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"carwash.tv"; classtype:attempted-recon; sid:200000531; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"casbygroup.com"; classtype:attempted-recon; sid:200000532; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"caseforpage1003496539563.web.app"; classtype:attempted-recon; sid:200000533; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"catalogue-orange.com"; classtype:attempted-recon; sid:200000534; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cateringfoodanddrinksupplies777.business.site"; classtype:attempted-recon; sid:200000535; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"catus.cat"; classtype:attempted-recon; sid:200000536; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"caycos.beispielseite-wmka.de"; classtype:attempted-recon; sid:200000537; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"caymanreno.com"; classtype:attempted-recon; sid:200000538; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cbmonlinegroups.com"; classtype:attempted-recon; sid:200000539; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cc.scicemecod.com"; classtype:attempted-recon; sid:200000540; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ccjrlaw.com"; classtype:attempted-recon; sid:200000541; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cdas.nxzigco.cn"; classtype:attempted-recon; sid:200000542; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cdsoa.wuefyta.cn"; classtype:attempted-recon; sid:200000543; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ce33312.tmweb.ru"; classtype:attempted-recon; sid:200000544; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cekpointfacebook.wixsite.com"; classtype:attempted-recon; sid:200000545; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"celikoglumakina.com"; classtype:attempted-recon; sid:200000546; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cellfunworld.com"; classtype:attempted-recon; sid:200000547; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cema-fossano.it"; classtype:attempted-recon; sid:200000548; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centralconsulta.link"; classtype:attempted-recon; sid:200000549; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centre1.bubbleapps.io"; classtype:attempted-recon; sid:200000550; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ceresgulf.com"; classtype:attempted-recon; sid:200000551; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"certifica-montepaschii.com"; classtype:attempted-recon; sid:200000552; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chalokradocallkakuch.azurewebsites.net"; classtype:attempted-recon; sid:200000553; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"changenotification.pricesamazonlogincard.monster"; classtype:attempted-recon; sid:200000554; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"charperimagedesign.com"; classtype:attempted-recon; sid:200000555; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chat-whatasapp.com"; classtype:attempted-recon; sid:200000556; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chat-whatsaap99.duckdns.org"; classtype:attempted-recon; sid:200000557; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chat-whatsapp-com-go8i7q-qregrabc-ibuxub.duckdns.org"; classtype:attempted-recon; sid:200000558; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chat-whatsapp-group-2022.duckdns.org"; classtype:attempted-recon; sid:200000559; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chat-whatsapp-grupo-invitacion.blogspot.com"; classtype:attempted-recon; sid:200000560; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill1.web.app"; classtype:attempted-recon; sid:200000561; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill10.web.app"; classtype:attempted-recon; sid:200000562; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill11.web.app"; classtype:attempted-recon; sid:200000563; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill12.web.app"; classtype:attempted-recon; sid:200000564; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill13.web.app"; classtype:attempted-recon; sid:200000565; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill14.web.app"; classtype:attempted-recon; sid:200000566; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill15.web.app"; classtype:attempted-recon; sid:200000567; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill17.web.app"; classtype:attempted-recon; sid:200000568; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill18.web.app"; classtype:attempted-recon; sid:200000569; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill19.web.app"; classtype:attempted-recon; sid:200000570; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill2.web.app"; classtype:attempted-recon; sid:200000571; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill20.web.app"; classtype:attempted-recon; sid:200000572; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill21.web.app"; classtype:attempted-recon; sid:200000573; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill22.web.app"; classtype:attempted-recon; sid:200000574; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill23.web.app"; classtype:attempted-recon; sid:200000575; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill24.web.app"; classtype:attempted-recon; sid:200000576; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill25.web.app"; classtype:attempted-recon; sid:200000577; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill3.web.app"; classtype:attempted-recon; sid:200000578; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill4.web.app"; classtype:attempted-recon; sid:200000579; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill5.web.app"; classtype:attempted-recon; sid:200000580; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill6.web.app"; classtype:attempted-recon; sid:200000581; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill7.web.app"; classtype:attempted-recon; sid:200000582; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill8.web.app"; classtype:attempted-recon; sid:200000583; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill9.web.app"; classtype:attempted-recon; sid:200000584; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"checkkeyvip.000webhostapp.com"; classtype:attempted-recon; sid:200000585; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"checkverifymyatt.weebly.com"; classtype:attempted-recon; sid:200000586; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chefsenaccion.org"; classtype:attempted-recon; sid:200000587; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chikkuthomas.github.io"; classtype:attempted-recon; sid:200000588; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chinmayavidyalayarspuram.com"; classtype:attempted-recon; sid:200000589; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chiragrajoria.github.io"; classtype:attempted-recon; sid:200000590; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chois.jp"; classtype:attempted-recon; sid:200000591; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"christienstudystl.wixsite.com"; classtype:attempted-recon; sid:200000592; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"christmas-dhl-express-delvr.hopekosmos.com"; classtype:attempted-recon; sid:200000593; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chtbnk.uk"; classtype:attempted-recon; sid:200000594; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chutomen.com"; classtype:attempted-recon; sid:200000595; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ciiusea.com"; classtype:attempted-recon; sid:200000596; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cinemaleftech.com"; classtype:attempted-recon; sid:200000597; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"citagestionenlineabn.com"; classtype:attempted-recon; sid:200000598; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"city-of-jazz.de"; classtype:attempted-recon; sid:200000599; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ckwgruppe.service-now.com"; classtype:attempted-recon; sid:200000600; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claiimdiamondgratis84.duckdns.org"; classtype:attempted-recon; sid:200000601; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claim-event-freefire-garena-oldfree-a4.duckdns.org"; classtype:attempted-recon; sid:200000602; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claim-skingratis-mobailegends161.duckdns.org"; classtype:attempted-recon; sid:200000603; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claimgratisff2022.duckdns.org"; classtype:attempted-recon; sid:200000604; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claims-funds-enczj.run-us-west2.goorm.io"; classtype:attempted-recon; sid:200000605; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claimseventmlbb.duckdns.org"; classtype:attempted-recon; sid:200000606; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claimshopee.yolasite.com"; classtype:attempted-recon; sid:200000607; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claro-link.brsafe.com.br"; classtype:attempted-recon; sid:200000608; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claus.bz"; classtype:attempted-recon; sid:200000609; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"clefman.cl"; classtype:attempted-recon; sid:200000610; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"click-here-help.in"; classtype:attempted-recon; sid:200000611; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"client-support-page.com"; classtype:attempted-recon; sid:200000612; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"clientid-h5p8n7f9e6fbmkhbr3i4gbnia7e9zpts4nbk3ebk0zj625t2ol.website.yandexcloud.net"; classtype:attempted-recon; sid:200000613; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"clientid-ij66191jgbm96ujp40bz1gzmpc8iquhoff3ocmbrzs6g5i89t0.website.yandexcloud.net"; classtype:attempted-recon; sid:200000614; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"clients.devtux.com"; classtype:attempted-recon; sid:200000615; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"clone-7473c.web.app"; classtype:attempted-recon; sid:200000616; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"closingdocs9480.myportfolio.com"; classtype:attempted-recon; sid:200000617; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cloud-object-storage-o9-cos-static-web-hocsx2.pages.dev"; classtype:attempted-recon; sid:200000618; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cloud.go4clients.com"; classtype:attempted-recon; sid:200000619; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cloud102.hostgator.com"; classtype:attempted-recon; sid:200000620; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"clouddoc-authorize.firebaseapp.com"; classtype:attempted-recon; sid:200000621; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cloudflare-rbnuo.run.goorm.io"; classtype:attempted-recon; sid:200000622; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cloudshare-account-auth.firebaseapp.com"; classtype:attempted-recon; sid:200000623; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cloudtracker.com.br"; classtype:attempted-recon; sid:200000624; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"club.quomodo.com"; classtype:attempted-recon; sid:200000625; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"clubeamigosdopedrosegundo.com.br"; classtype:attempted-recon; sid:200000626; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cms.time-investments.com"; classtype:attempted-recon; sid:200000627; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cnbxa.1of2o6k.cn"; classtype:attempted-recon; sid:200000628; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cner283829.odoo.com"; classtype:attempted-recon; sid:200000629; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cninflables.com"; classtype:attempted-recon; sid:200000630; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.azoynfq.cn"; classtype:attempted-recon; sid:200000631; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.bh1fgg1.cn"; classtype:attempted-recon; sid:200000632; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.bzkgfzj.cn"; classtype:attempted-recon; sid:200000633; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.clblrvh.cn"; classtype:attempted-recon; sid:200000634; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.csfknas.cn"; classtype:attempted-recon; sid:200000635; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.daailrf.cn"; classtype:attempted-recon; sid:200000636; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.eiatphe.cn"; classtype:attempted-recon; sid:200000637; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.fjzzgxx.cn"; classtype:attempted-recon; sid:200000638; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.fxdwtxc.cn"; classtype:attempted-recon; sid:200000639; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.ghemivv.cn"; classtype:attempted-recon; sid:200000640; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.hivbdco.cn"; classtype:attempted-recon; sid:200000641; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.iiaqjrp.cn"; classtype:attempted-recon; sid:200000642; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.rkrabsk.cn"; classtype:attempted-recon; sid:200000643; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.rqqidd.cn"; classtype:attempted-recon; sid:200000644; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.rukbcga.cn"; classtype:attempted-recon; sid:200000645; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.sefdvsi.cn"; classtype:attempted-recon; sid:200000646; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.tezkkbp.cn"; classtype:attempted-recon; sid:200000647; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.ztxzzup.cn"; classtype:attempted-recon; sid:200000648; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"codwarzonemobile.com"; classtype:attempted-recon; sid:200000649; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev"; classtype:attempted-recon; sid:200000650; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"collab-land.net"; classtype:attempted-recon; sid:200000651; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"collabland.info"; classtype:attempted-recon; sid:200000652; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"collablandfi.com"; classtype:attempted-recon; sid:200000653; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"colorfastinv.com"; classtype:attempted-recon; sid:200000654; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"com-3z9m3j9qhp.isiolo.go.ke"; classtype:attempted-recon; sid:200000655; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"com-4tfgonrlym.isiolo.go.ke"; classtype:attempted-recon; sid:200000656; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"com-dnq84vac.isiolo.go.ke"; classtype:attempted-recon; sid:200000657; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"com-h3v9t9zycu.isiolo.go.ke"; classtype:attempted-recon; sid:200000658; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"com-l5tpetwb.isiolo.go.ke"; classtype:attempted-recon; sid:200000659; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"com-mm2ai86orr.isiolo.go.ke"; classtype:attempted-recon; sid:200000660; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"com-r51znzlh8i.isiolo.go.ke"; classtype:attempted-recon; sid:200000661; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"com-sauuvazpjo.isiolo.go.ke"; classtype:attempted-recon; sid:200000662; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"com-ugsyk69nqb.isiolo.go.ke"; classtype:attempted-recon; sid:200000663; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"comefuck.co"; classtype:attempted-recon; sid:200000664; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"community.fb-pages-01138913366342885284.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; classtype:attempted-recon; sid:200000665; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"community.fb-pages-28202553629866144006.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; classtype:attempted-recon; sid:200000666; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"community.fb-pages-44883444930165123303.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; classtype:attempted-recon; sid:200000667; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"completeegali.webcindario.com"; classtype:attempted-recon; sid:200000668; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"comunicazione-europe.net"; classtype:attempted-recon; sid:200000669; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"comunity-isue-ideent-andromeda-29.web.id"; classtype:attempted-recon; sid:200000670; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"comunity-isue-ideent-andromeda-33.web.id"; classtype:attempted-recon; sid:200000671; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"comunity-isue-ideent-andromeda-88.web.id"; classtype:attempted-recon; sid:200000672; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"con-firma.firebaseapp.com"; classtype:attempted-recon; sid:200000673; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"confirming-pages-idntitysupport.web.id"; classtype:attempted-recon; sid:200000674; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"congresosba.com.ar"; classtype:attempted-recon; sid:200000675; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"conhecaonlinedigital.com.br"; classtype:attempted-recon; sid:200000676; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"connect.au-login.0662smt.com"; classtype:attempted-recon; sid:200000677; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"connectwallet.me"; classtype:attempted-recon; sid:200000678; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"conoscofaturahiiiper.com"; classtype:attempted-recon; sid:200000679; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"consultavirtuai.bieah.com"; classtype:attempted-recon; sid:200000680; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contabilidaderabello.com.br"; classtype:attempted-recon; sid:200000681; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contact2acceptpoilcyverifingyouracceptancemailfullinbox.pages.dev"; classtype:attempted-recon; sid:200000682; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contapessoal.digital"; classtype:attempted-recon; sid:200000683; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"content.av1.com.au"; classtype:attempted-recon; sid:200000684; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"content.edgerockwealth.com"; classtype:attempted-recon; sid:200000685; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"content.meetmagic.org"; classtype:attempted-recon; sid:200000686; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"continentepecas.com"; classtype:attempted-recon; sid:200000687; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contratodeparceria.com.br"; classtype:attempted-recon; sid:200000688; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"controlpichincha.webcindario.com"; classtype:attempted-recon; sid:200000689; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"copyright-center-live.ml"; classtype:attempted-recon; sid:200000690; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"corl-inv.web.app"; classtype:attempted-recon; sid:200000691; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"correosdemexico-web.com"; classtype:attempted-recon; sid:200000692; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"corta.ai"; classtype:attempted-recon; sid:200000693; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cosemu.com"; classtype:attempted-recon; sid:200000694; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cottonwooddentalg.nimbusweb.me"; classtype:attempted-recon; sid:200000695; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"courtcase.co.in"; classtype:attempted-recon; sid:200000696; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"covid-foyyn.run-us-west2.goorm.io"; classtype:attempted-recon; sid:200000697; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cox0.yolasite.com"; classtype:attempted-recon; sid:200000698; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cp.digitalprocurements.co.uk"; classtype:attempted-recon; sid:200000699; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cp45362.tmweb.ru"; classtype:attempted-recon; sid:200000700; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cpanel10wh.bkk1.cloud.z.com"; classtype:attempted-recon; sid:200000701; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cr24185.tmweb.ru"; classtype:attempted-recon; sid:200000702; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crackfreekey.com"; classtype:attempted-recon; sid:200000703; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cranetech.com.br"; classtype:attempted-recon; sid:200000704; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"creatorsverificationandsafetybusiness.co.vu"; classtype:attempted-recon; sid:200000705; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credcloud-object-storage-o9-cos-static-web-hocsd3d.pages.dev"; classtype:attempted-recon; sid:200000706; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credicorp-capital.net"; classtype:attempted-recon; sid:200000707; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credicorpfiduciariasa.com"; classtype:attempted-recon; sid:200000708; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credifinanciera.didacsis.com"; classtype:attempted-recon; sid:200000709; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crediserfinanza.com"; classtype:attempted-recon; sid:200000710; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credita302.temp.swtest.ru"; classtype:attempted-recon; sid:200000711; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"creditagricole-sudrhonealpes.blogspot.ba"; classtype:attempted-recon; sid:200000712; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"creditagricole-sudrhonealpes.blogspot.com"; classtype:attempted-recon; sid:200000713; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"creditagricole-sudrhonealpes.blogspot.ro"; classtype:attempted-recon; sid:200000714; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"creditinternationalbank.com"; classtype:attempted-recon; sid:200000715; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"creditiperhabbogratissicuro100.blogspot.it"; classtype:attempted-recon; sid:200000716; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cresvin.com"; classtype:attempted-recon; sid:200000717; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"criticalcarevizag.com"; classtype:attempted-recon; sid:200000718; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cryptocars-plays.buzz"; classtype:attempted-recon; sid:200000719; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cryptocarsme.com"; classtype:attempted-recon; sid:200000720; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cryptscars-logs.com"; classtype:attempted-recon; sid:200000721; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cryqtocars.me"; classtype:attempted-recon; sid:200000722; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cuans.bkaamiv.cn"; classtype:attempted-recon; sid:200000723; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"currentlyupgrade.mystrikingly.com"; classtype:attempted-recon; sid:200000724; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cxasd.easghbl.cn"; classtype:attempted-recon; sid:200000725; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cxnbas.nmkbmqk.cn"; classtype:attempted-recon; sid:200000726; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cxuahs.1wc9bxm.cn"; classtype:attempted-recon; sid:200000727; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cyna.rkpmage.cn"; classtype:attempted-recon; sid:200000728; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cyqsnwx.cn"; classtype:attempted-recon; sid:200000729; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"czechposta-cz.cz.swtest.ru"; classtype:attempted-recon; sid:200000730; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"czvon.4fan.cz"; classtype:attempted-recon; sid:200000731; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"czxasd.3ot975v.cn"; classtype:attempted-recon; sid:200000732; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"d.app32150.xyz"; classtype:attempted-recon; sid:200000733; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"d18gc1ytkdv37u.cloudfront.net"; classtype:attempted-recon; sid:200000734; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"d2aae6a6.srvr-cloudmail-srvr675eu6r.pages.dev"; classtype:attempted-recon; sid:200000735; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"d3ncuwwrr82.typeform.com"; classtype:attempted-recon; sid:200000736; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"daatahomes.com"; classtype:attempted-recon; sid:200000737; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"damp-f43e.recovery-page-secur.workers.dev"; classtype:attempted-recon; sid:200000738; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"danitraseoexperts.com"; classtype:attempted-recon; sid:200000739; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dapponlines.com"; classtype:attempted-recon; sid:200000740; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dappscoins.com"; classtype:attempted-recon; sid:200000741; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dappsiconnect.com"; classtype:attempted-recon; sid:200000742; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dappsmainnetverify.com"; classtype:attempted-recon; sid:200000743; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dappswalletapp.org"; classtype:attempted-recon; sid:200000744; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dappswalletliveauthenticate.com"; classtype:attempted-recon; sid:200000745; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dasd.atio2tq.cn"; classtype:attempted-recon; sid:200000746; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"date-on-14-01.totaltrackingimproveupscanada.com"; classtype:attempted-recon; sid:200000747; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"datos-pichincha.webcindario.com"; classtype:attempted-recon; sid:200000748; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"davidshopeaz.org"; classtype:attempted-recon; sid:200000749; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"daycoval.contrato.srv.br"; classtype:attempted-recon; sid:200000750; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"daycoval.facildepagar.com.br"; classtype:attempted-recon; sid:200000751; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"db-web-client.com"; classtype:attempted-recon; sid:200000752; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dbesmdcjzturhizszllesbthsn-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200000753; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dbkuzwes.online"; classtype:attempted-recon; sid:200000754; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dbs-interrnet.online"; classtype:attempted-recon; sid:200000755; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dbs.limited"; classtype:attempted-recon; sid:200000756; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dbs.webdbslistinonline.com"; classtype:attempted-recon; sid:200000757; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dbw.gr"; classtype:attempted-recon; sid:200000758; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dcm1.ae.iwc.static.tungmung.co.id"; classtype:attempted-recon; sid:200000759; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dd90001.github.io"; classtype:attempted-recon; sid:200000760; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"de.eurohome.civ.pl"; classtype:attempted-recon; sid:200000761; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"de22c9kukppr.clickfunnels.com"; classtype:attempted-recon; sid:200000762; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"deactivemsnon-8k98-l9k8-98j8-98j78u.pages.dev"; classtype:attempted-recon; sid:200000763; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"deborahholland.net"; classtype:attempted-recon; sid:200000764; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"debuil.xyz"; classtype:attempted-recon; sid:200000765; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"declicgestion.fr"; classtype:attempted-recon; sid:200000766; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"decorcenter.com.pe"; classtype:attempted-recon; sid:200000767; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dejpaad.com"; classtype:attempted-recon; sid:200000768; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"delacproperties.com.mx"; classtype:attempted-recon; sid:200000769; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"delezhen.mashalezhen.com"; classtype:attempted-recon; sid:200000770; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"delhiescort69.com"; classtype:attempted-recon; sid:200000771; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"deltaairlinecourier.com"; classtype:attempted-recon; sid:200000772; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"demallplot-tra.web.app"; classtype:attempted-recon; sid:200000773; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"demiregalos.com.ar"; classtype:attempted-recon; sid:200000774; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"demo.bradescocontrol.vertitecnologia.com.br"; classtype:attempted-recon; sid:200000775; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"demo2.cloudwp.dev"; classtype:attempted-recon; sid:200000776; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"denuihuongson.com.vn"; classtype:attempted-recon; sid:200000777; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"deportesartiza.com"; classtype:attempted-recon; sid:200000778; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"deregister-lbpayee.com"; classtype:attempted-recon; sid:200000779; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"desejoourocard.com.br"; classtype:attempted-recon; sid:200000780; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"desidiatech.com"; classtype:attempted-recon; sid:200000781; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"designerlakehouse.com"; classtype:attempted-recon; sid:200000782; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"desksellcompany.com"; classtype:attempted-recon; sid:200000783; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"destinationth.com"; classtype:attempted-recon; sid:200000784; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"deutsche-post.apurvathespygenesh.com"; classtype:attempted-recon; sid:200000785; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dev-nadaj.orlenpaczka.ce5.pl"; classtype:attempted-recon; sid:200000786; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dev-secu-credit-union.pantheonsite.io"; classtype:attempted-recon; sid:200000787; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dev-www.orlenpaczka.ce5.pl"; classtype:attempted-recon; sid:200000788; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dev.shivaxi.com"; classtype:attempted-recon; sid:200000789; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"devicepichincha.webcindario.com"; classtype:attempted-recon; sid:200000790; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"devops.help"; classtype:attempted-recon; sid:200000791; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dfscord-app.club"; classtype:attempted-recon; sid:200000792; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dgi.is"; classtype:attempted-recon; sid:200000793; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dgmepunjab.gov.pk"; classtype:attempted-recon; sid:200000794; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dgsh2ws45.lovestoblog.com"; classtype:attempted-recon; sid:200000795; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dhanushr24.github.io"; classtype:attempted-recon; sid:200000796; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dhl-event.app"; classtype:attempted-recon; sid:200000797; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dhl.recruitmentplatform.com"; classtype:attempted-recon; sid:200000798; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"diamondplate.us"; classtype:attempted-recon; sid:200000799; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"die-post-swiss-id-19782635812.psd2any.com"; classtype:attempted-recon; sid:200000800; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"diginto.org"; classtype:attempted-recon; sid:200000801; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dilscord.gift"; classtype:attempted-recon; sid:200000802; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"directqpuprozaakp.weebly.com"; classtype:attempted-recon; sid:200000803; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dirtyez.com"; classtype:attempted-recon; sid:200000804; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"disccrdapp.com"; classtype:attempted-recon; sid:200000805; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"disckord.club"; classtype:attempted-recon; sid:200000806; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"discoord-nittro.com"; classtype:attempted-recon; sid:200000807; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"discorc.gift"; classtype:attempted-recon; sid:200000808; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"discordbugs.com"; classtype:attempted-recon; sid:200000809; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dispositivoapp.azurewebsites.net"; classtype:attempted-recon; sid:200000810; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"distinctivei.com"; classtype:attempted-recon; sid:200000811; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"distrial.ec"; classtype:attempted-recon; sid:200000812; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"divinasoutfit.cl"; classtype:attempted-recon; sid:200000813; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"djfh.wmfc241.cn"; classtype:attempted-recon; sid:200000814; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dkb-info.com"; classtype:attempted-recon; sid:200000815; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dkbtan07.com"; classtype:attempted-recon; sid:200000816; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dke060122.page.link"; classtype:attempted-recon; sid:200000817; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dkglobaljobs.com"; classtype:attempted-recon; sid:200000818; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dl.9xu.com"; classtype:attempted-recon; sid:200000819; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dlink.me"; classtype:attempted-recon; sid:200000820; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dmaxpesca.com.es"; classtype:attempted-recon; sid:200000821; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dminer.cloud"; classtype:attempted-recon; sid:200000822; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"doclab-console-auth.firebaseapp.com"; classtype:attempted-recon; sid:200000823; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"docs-verify-c671.thajetiase.workers.dev"; classtype:attempted-recon; sid:200000824; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"docs.revv.so"; classtype:attempted-recon; sid:200000825; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"docsharex-authorize.firebaseapp.com"; classtype:attempted-recon; sid:200000826; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"docuservice.us"; classtype:attempted-recon; sid:200000827; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"docusign-lnc.info"; classtype:attempted-recon; sid:200000828; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domaincontroller.pmeimg.co.uk"; classtype:attempted-recon; sid:200000829; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa100.web.app"; classtype:attempted-recon; sid:200000830; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa101.web.app"; classtype:attempted-recon; sid:200000831; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa102.web.app"; classtype:attempted-recon; sid:200000832; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa103.web.app"; classtype:attempted-recon; sid:200000833; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa104.web.app"; classtype:attempted-recon; sid:200000834; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa105.web.app"; classtype:attempted-recon; sid:200000835; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa108.web.app"; classtype:attempted-recon; sid:200000836; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa109.web.app"; classtype:attempted-recon; sid:200000837; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa110.web.app"; classtype:attempted-recon; sid:200000838; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa111.web.app"; classtype:attempted-recon; sid:200000839; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa112.web.app"; classtype:attempted-recon; sid:200000840; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa113.web.app"; classtype:attempted-recon; sid:200000841; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa114.web.app"; classtype:attempted-recon; sid:200000842; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa115.web.app"; classtype:attempted-recon; sid:200000843; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa116.web.app"; classtype:attempted-recon; sid:200000844; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa117.web.app"; classtype:attempted-recon; sid:200000845; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa118.web.app"; classtype:attempted-recon; sid:200000846; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa119.web.app"; classtype:attempted-recon; sid:200000847; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa120.web.app"; classtype:attempted-recon; sid:200000848; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa121.web.app"; classtype:attempted-recon; sid:200000849; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa122.web.app"; classtype:attempted-recon; sid:200000850; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa123.web.app"; classtype:attempted-recon; sid:200000851; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa124.web.app"; classtype:attempted-recon; sid:200000852; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa125.web.app"; classtype:attempted-recon; sid:200000853; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa126.web.app"; classtype:attempted-recon; sid:200000854; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa127.web.app"; classtype:attempted-recon; sid:200000855; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa128.web.app"; classtype:attempted-recon; sid:200000856; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa129.web.app"; classtype:attempted-recon; sid:200000857; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa13.web.app"; classtype:attempted-recon; sid:200000858; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa130.web.app"; classtype:attempted-recon; sid:200000859; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa131.web.app"; classtype:attempted-recon; sid:200000860; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa132.web.app"; classtype:attempted-recon; sid:200000861; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa133.web.app"; classtype:attempted-recon; sid:200000862; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa134.web.app"; classtype:attempted-recon; sid:200000863; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa135.web.app"; classtype:attempted-recon; sid:200000864; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa136.web.app"; classtype:attempted-recon; sid:200000865; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa137.web.app"; classtype:attempted-recon; sid:200000866; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa138.web.app"; classtype:attempted-recon; sid:200000867; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa139.web.app"; classtype:attempted-recon; sid:200000868; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa14.web.app"; classtype:attempted-recon; sid:200000869; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa140.web.app"; classtype:attempted-recon; sid:200000870; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa141.web.app"; classtype:attempted-recon; sid:200000871; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa142.web.app"; classtype:attempted-recon; sid:200000872; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa143.web.app"; classtype:attempted-recon; sid:200000873; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa144.web.app"; classtype:attempted-recon; sid:200000874; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa145.web.app"; classtype:attempted-recon; sid:200000875; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa146.web.app"; classtype:attempted-recon; sid:200000876; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa147.web.app"; classtype:attempted-recon; sid:200000877; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa148.web.app"; classtype:attempted-recon; sid:200000878; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa149.web.app"; classtype:attempted-recon; sid:200000879; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa150.web.app"; classtype:attempted-recon; sid:200000880; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa151.web.app"; classtype:attempted-recon; sid:200000881; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa152.web.app"; classtype:attempted-recon; sid:200000882; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa153.web.app"; classtype:attempted-recon; sid:200000883; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa154.web.app"; classtype:attempted-recon; sid:200000884; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa155.web.app"; classtype:attempted-recon; sid:200000885; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa156.web.app"; classtype:attempted-recon; sid:200000886; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa157.web.app"; classtype:attempted-recon; sid:200000887; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa158.web.app"; classtype:attempted-recon; sid:200000888; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa159.web.app"; classtype:attempted-recon; sid:200000889; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa160.web.app"; classtype:attempted-recon; sid:200000890; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa161.web.app"; classtype:attempted-recon; sid:200000891; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa162.web.app"; classtype:attempted-recon; sid:200000892; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa163.web.app"; classtype:attempted-recon; sid:200000893; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa164.web.app"; classtype:attempted-recon; sid:200000894; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa165.web.app"; classtype:attempted-recon; sid:200000895; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa166.web.app"; classtype:attempted-recon; sid:200000896; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa167.web.app"; classtype:attempted-recon; sid:200000897; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa168.web.app"; classtype:attempted-recon; sid:200000898; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa169.web.app"; classtype:attempted-recon; sid:200000899; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa17.web.app"; classtype:attempted-recon; sid:200000900; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa170.web.app"; classtype:attempted-recon; sid:200000901; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa171.web.app"; classtype:attempted-recon; sid:200000902; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa172.web.app"; classtype:attempted-recon; sid:200000903; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa173.web.app"; classtype:attempted-recon; sid:200000904; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa174.web.app"; classtype:attempted-recon; sid:200000905; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa175.web.app"; classtype:attempted-recon; sid:200000906; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa176.web.app"; classtype:attempted-recon; sid:200000907; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa177.web.app"; classtype:attempted-recon; sid:200000908; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"365unfreezesecurity.com"; classtype:attempted-recon; sid:200000068; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"3782365.com"; classtype:attempted-recon; sid:200000069; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"3a10a178.s6t6sj4s46tu4sys54y5.pages.dev"; classtype:attempted-recon; sid:200000070; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"3bvjh.sbs"; classtype:attempted-recon; sid:200000071; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"3c5.com"; classtype:attempted-recon; sid:200000072; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"3ck.me"; classtype:attempted-recon; sid:200000073; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"3dprintersupplies.com.au"; classtype:attempted-recon; sid:200000074; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"3dsecure-update-service-info-live.duckdns.org"; classtype:attempted-recon; sid:200000075; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"3ff7c459-86b2-4f6d-b6b0-ba6402ef6cb0.htmlcomponentservice.com"; classtype:attempted-recon; sid:200000076; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"3j124.csb.app"; classtype:attempted-recon; sid:200000077; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"42.193.110.254"; classtype:attempted-recon; sid:200000078; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.186.132.130"; classtype:attempted-recon; sid:200000079; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"45.9.20.146"; classtype:attempted-recon; sid:200000080; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"48tlp.codesandbox.io"; classtype:attempted-recon; sid:200000081; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"4a14def9.sibforms.com"; classtype:attempted-recon; sid:200000082; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"4c0mr.93.8934.easyflv.com"; classtype:attempted-recon; sid:200000083; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"4lxkd.r.ag.d.sendibm3.com"; classtype:attempted-recon; sid:200000084; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"4r1un.app.link"; classtype:attempted-recon; sid:200000085; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"4w8bmmjcw86e.clickfunnels.com"; classtype:attempted-recon; sid:200000086; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"5.qarshishxtb.uz"; classtype:attempted-recon; sid:200000087; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"51.fi"; classtype:attempted-recon; sid:200000088; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"5181365.com"; classtype:attempted-recon; sid:200000089; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"52.148.252.166"; classtype:attempted-recon; sid:200000090; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"52292936869418365.web.id"; classtype:attempted-recon; sid:200000091; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"53vzxcnk6rwp.clickfunnels.com"; classtype:attempted-recon; sid:200000092; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"54-160-232-146.cprapid.com"; classtype:attempted-recon; sid:200000093; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"5736365.com"; classtype:attempted-recon; sid:200000094; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"5b0f6cb9-0485-4fc7-9775-eb74bb45bbf6.htmlcomponentservice.com"; classtype:attempted-recon; sid:200000095; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"5e841ae2.srvr-cloudmail-srvr6765e7tg.pages.dev"; classtype:attempted-recon; sid:200000096; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"613707.selcdn.ru"; classtype:attempted-recon; sid:200000097; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"61da8ae6.6u6566hrrthsh45.pages.dev"; classtype:attempted-recon; sid:200000098; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"638ca12d-ba2f-451c-8418-faf56b7de7ff.htmlcomponentservice.com"; classtype:attempted-recon; sid:200000099; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"6734365.com"; classtype:attempted-recon; sid:200000100; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"67lksxgjd.bttmassage-thai-tanger.com"; classtype:attempted-recon; sid:200000101; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"6a7zu9he6mqh.clickfunnels.com"; classtype:attempted-recon; sid:200000102; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"6c7f0acc.sibforms.com"; classtype:attempted-recon; sid:200000103; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"6stupefacentevideo2022.pagedemo.co"; classtype:attempted-recon; sid:200000104; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"754675377.xyz"; classtype:attempted-recon; sid:200000105; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"78.108.89.240"; classtype:attempted-recon; sid:200000106; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"7837365.com"; classtype:attempted-recon; sid:200000107; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"7a4298b9.sso-mail-secure234ds23d23wd1.pages.dev"; classtype:attempted-recon; sid:200000108; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"7wr4u.csb.app"; classtype:attempted-recon; sid:200000109; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"7yu3v.csb.app"; classtype:attempted-recon; sid:200000110; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"8.215.32.173"; classtype:attempted-recon; sid:200000111; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"859411.icu"; classtype:attempted-recon; sid:200000112; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"8760365.com"; classtype:attempted-recon; sid:200000113; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"885211.icu"; classtype:attempted-recon; sid:200000114; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"889381.icu"; classtype:attempted-recon; sid:200000115; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"8899.jp"; classtype:attempted-recon; sid:200000116; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"89ix7y0.cn"; classtype:attempted-recon; sid:200000117; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"92.rev.sfr.net.gghost.ru"; classtype:attempted-recon; sid:200000118; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"94183655229293686.web.id"; classtype:attempted-recon; sid:200000119; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"98yiujh.9peop5jzad1945.workers.dev"; classtype:attempted-recon; sid:200000120; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"9d62cfee-59b3-42a8-9542-4b3a32692792.htmlcomponentservice.com"; classtype:attempted-recon; sid:200000121; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"9faf19faf1.virkrupaengg.com"; classtype:attempted-recon; sid:200000122; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"9ftytucsh4ph.clickfunnels.com"; classtype:attempted-recon; sid:200000123; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a.2827e82ca6640ef29594fb288383c901159970954a6ca74d562cd3aa.com"; classtype:attempted-recon; sid:200000124; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a.insecurpage.recovery-safty.workers.dev"; classtype:attempted-recon; sid:200000125; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a.mauofeg.com"; classtype:attempted-recon; sid:200000126; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a.mauofog.com"; classtype:attempted-recon; sid:200000127; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a.scicemecod.com"; classtype:attempted-recon; sid:200000128; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a.snadc-oecddo.com"; classtype:attempted-recon; sid:200000129; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a0570626.xsph.ru"; classtype:attempted-recon; sid:200000130; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a4d3b42c.chgmar-d8y.pages.dev"; classtype:attempted-recon; sid:200000131; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a71843c1.mailssocloud-srvr65e5rd.pages.dev"; classtype:attempted-recon; sid:200000132; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"a894ec7f.46t33454t4.pages.dev"; classtype:attempted-recon; sid:200000133; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aa.snadc-oecddo.com"; classtype:attempted-recon; sid:200000134; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aagamsteelcorporation.com"; classtype:attempted-recon; sid:200000135; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aar.macecri.com"; classtype:attempted-recon; sid:200000136; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"abeermultimediadesign.com"; classtype:attempted-recon; sid:200000137; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"absaonline2021.website2.me"; classtype:attempted-recon; sid:200000138; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"absolute-containers-sip.business.site"; classtype:attempted-recon; sid:200000139; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"absolutepleasure.com.my"; classtype:attempted-recon; sid:200000140; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"acacia.webdevonline.net"; classtype:attempted-recon; sid:200000141; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"account-recovery.org"; classtype:attempted-recon; sid:200000142; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"account.herephyshy.info"; classtype:attempted-recon; sid:200000143; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"account.verifications.help-page.workers.dev"; classtype:attempted-recon; sid:200000144; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"accounts-autoscout24.de"; classtype:attempted-recon; sid:200000145; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"acessobradesco.digital"; classtype:attempted-recon; sid:200000146; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ach111.xyz"; classtype:attempted-recon; sid:200000147; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"activate-hulu-com-activate.sitey.me"; classtype:attempted-recon; sid:200000148; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"activatingmymainnet.com"; classtype:attempted-recon; sid:200000149; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"adamfeber.com"; classtype:attempted-recon; sid:200000150; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"adcloudserver.com"; classtype:attempted-recon; sid:200000151; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"admin-formserviceupdates.weeblysite.com"; classtype:attempted-recon; sid:200000152; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"administer-708aa.web.app"; classtype:attempted-recon; sid:200000153; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"administraciondefincaspereznovo.com"; classtype:attempted-recon; sid:200000154; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"adorablepomskyhome.net"; classtype:attempted-recon; sid:200000155; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"adpunemploymentclaims.sharefile.com"; classtype:attempted-recon; sid:200000156; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"adsmarca.com"; classtype:attempted-recon; sid:200000157; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ae.snadc-oecddo.com"; classtype:attempted-recon; sid:200000158; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"affixsports.net"; classtype:attempted-recon; sid:200000159; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"afreemart.xyz"; classtype:attempted-recon; sid:200000160; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"africansecrets.ca"; classtype:attempted-recon; sid:200000161; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"agora.imb.br"; classtype:attempted-recon; sid:200000162; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"agrimetiersmartinique.fr"; classtype:attempted-recon; sid:200000163; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"agurimu-nagoya.com"; classtype:attempted-recon; sid:200000164; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ahhhh.pe.kr"; classtype:attempted-recon; sid:200000165; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ai.macecri.com"; classtype:attempted-recon; sid:200000166; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aid-validation-human.run-us-west2.goorm.io"; classtype:attempted-recon; sid:200000167; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aimekidya-recpag.web.id"; classtype:attempted-recon; sid:200000168; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"airbnb.book-space-b851927.live"; classtype:attempted-recon; sid:200000169; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"airportprescreening.com"; classtype:attempted-recon; sid:200000170; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aitsidihamh.my-place.us"; classtype:attempted-recon; sid:200000171; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"akanksha3012.github.io"; classtype:attempted-recon; sid:200000172; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aks34.github.io"; classtype:attempted-recon; sid:200000173; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aksehirelittotel.com"; classtype:attempted-recon; sid:200000174; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aksjdkas.6icmtmbvlj5916.workers.dev"; classtype:attempted-recon; sid:200000175; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aksjoeomraadet.no"; classtype:attempted-recon; sid:200000176; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aktualizacja.jst.pl"; classtype:attempted-recon; sid:200000177; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"akun-peringatan03.webnode.page"; classtype:attempted-recon; sid:200000178; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alareentading-catalog.page.tl"; classtype:attempted-recon; sid:200000179; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"albel.intnet.mu"; classtype:attempted-recon; sid:200000180; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aldana.in"; classtype:attempted-recon; sid:200000181; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alerts.department.improvement.workers.dev"; classtype:attempted-recon; sid:200000182; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alexellis.gr"; classtype:attempted-recon; sid:200000183; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alexxou.website2.me"; classtype:attempted-recon; sid:200000184; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"algotextil.com.br"; classtype:attempted-recon; sid:200000185; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aliciabot.azurewebsites.net"; classtype:attempted-recon; sid:200000186; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alkhalilgraphics.com"; classtype:attempted-recon; sid:200000187; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"allegrolokalnie-pl-3dsafe.id-43051.xyz"; classtype:attempted-recon; sid:200000188; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"allegrolokalnie-pl-3dsafe.id-91501.xyz"; classtype:attempted-recon; sid:200000189; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"allegrolokalnie-pl-3dseif.id-43051.xyz"; classtype:attempted-recon; sid:200000190; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"allegrolokalnie-pl-safe.id-43051.xyz"; classtype:attempted-recon; sid:200000191; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alliancesuper.com"; classtype:attempted-recon; sid:200000192; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"almarjantours.com"; classtype:attempted-recon; sid:200000193; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"almighty.edu.np"; classtype:attempted-recon; sid:200000194; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alnajahh.com"; classtype:attempted-recon; sid:200000195; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aloun.ps"; classtype:attempted-recon; sid:200000196; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alphabnkgre.com"; classtype:attempted-recon; sid:200000197; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alqadi.ps"; classtype:attempted-recon; sid:200000198; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alquilervillora.net"; classtype:attempted-recon; sid:200000199; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alsofft.com"; classtype:attempted-recon; sid:200000200; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"alupi-frey.shop"; classtype:attempted-recon; sid:200000201; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amacez.jyrtery4.top"; classtype:attempted-recon; sid:200000202; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amacredit.amacardpkey.xyz"; classtype:attempted-recon; sid:200000203; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amaenv.fgasdfw6.xyz"; classtype:attempted-recon; sid:200000204; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amaozn.ywcimei.com"; classtype:attempted-recon; sid:200000205; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amaznllo.co.jp.amauioda.net"; classtype:attempted-recon; sid:200000206; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazom.supesn.xyz"; classtype:attempted-recon; sid:200000207; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazom.supwwe.xyz"; classtype:attempted-recon; sid:200000208; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazomsse.shop"; classtype:attempted-recon; sid:200000209; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazon-gcatech.com"; classtype:attempted-recon; sid:200000210; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazon-interruption.com"; classtype:attempted-recon; sid:200000211; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazon.co.jp.abaiaccounting.cn"; classtype:attempted-recon; sid:200000212; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazon.gousana.casa"; classtype:attempted-recon; sid:200000213; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazon.logins-co.jp"; classtype:attempted-recon; sid:200000214; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazon.works.ga"; classtype:attempted-recon; sid:200000215; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazonhome.sfrmobiles.com"; classtype:attempted-recon; sid:200000216; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazonjapsne.cf"; classtype:attempted-recon; sid:200000217; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazonses.authflows.com"; classtype:attempted-recon; sid:200000218; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amazoon.co.op.o4j.top"; classtype:attempted-recon; sid:200000219; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amc-training.com"; classtype:attempted-recon; sid:200000220; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amecmasmerd.ga"; classtype:attempted-recon; sid:200000221; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ameozom.jp.onaworks.com"; classtype:attempted-recon; sid:200000222; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"americanexpress-auth.azurewebsites.net"; classtype:attempted-recon; sid:200000223; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amguevara.com"; classtype:attempted-recon; sid:200000224; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amhsd.com"; classtype:attempted-recon; sid:200000225; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amidabuli.com"; classtype:attempted-recon; sid:200000226; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amlnov7.web.app"; classtype:attempted-recon; sid:200000227; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amnzma-jp.top"; classtype:attempted-recon; sid:200000228; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amnzms1-jp.top"; classtype:attempted-recon; sid:200000229; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amnzms4-jp.shop"; classtype:attempted-recon; sid:200000230; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amnzmsf-jp.shop"; classtype:attempted-recon; sid:200000231; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amnzmsn3-jp.shop"; classtype:attempted-recon; sid:200000232; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amoazom.rm82j6-t8.cn"; classtype:attempted-recon; sid:200000233; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amonzau_co_take.ktbf.shop"; classtype:attempted-recon; sid:200000234; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amosleh.com"; classtype:attempted-recon; sid:200000235; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amreeth.github.io"; classtype:attempted-recon; sid:200000236; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amusebouche-bg.com"; classtype:attempted-recon; sid:200000237; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amzcredit.dearva.xyz"; classtype:attempted-recon; sid:200000238; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"an.macecri.com"; classtype:attempted-recon; sid:200000239; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"anandsr-dev.github.io"; classtype:attempted-recon; sid:200000240; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"anarchitecturestudio.com"; classtype:attempted-recon; sid:200000241; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"anbn.ru"; classtype:attempted-recon; sid:200000242; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"andersonstrategic.com.au"; classtype:attempted-recon; sid:200000243; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"androapk.in"; classtype:attempted-recon; sid:200000244; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"andromeda-manageer-association-27.web.id"; classtype:attempted-recon; sid:200000245; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"angiofsi.page.link"; classtype:attempted-recon; sid:200000246; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"angryezgames.com"; classtype:attempted-recon; sid:200000247; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"anhduongjsc.com"; classtype:attempted-recon; sid:200000248; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"anj-azakp.run.goorm.io"; classtype:attempted-recon; sid:200000249; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"anjalijha167.github.io"; classtype:attempted-recon; sid:200000250; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"annacatania.com.mt"; classtype:attempted-recon; sid:200000251; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"anon-keep-admin-keep.rvsla.workers.dev"; classtype:attempted-recon; sid:200000252; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ansr.ro"; classtype:attempted-recon; sid:200000253; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aolmailukhelplinecustomerservice.blogspot.com"; classtype:attempted-recon; sid:200000254; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aolmailukhelplinecustomerservice.blogspot.com.au"; classtype:attempted-recon; sid:200000255; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aolverixon11dfd.weebly.com"; classtype:attempted-recon; sid:200000256; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aolxperience.com"; classtype:attempted-recon; sid:200000257; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"api-saisoncard-co-jp.md160.net"; classtype:attempted-recon; sid:200000258; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"api-saisoncard-co-jp.o4ay8.net"; classtype:attempted-recon; sid:200000259; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"api.florense.com.br"; classtype:attempted-recon; sid:200000260; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"api.redirect-bentobot199.com"; classtype:attempted-recon; sid:200000261; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"api.redirect-safebrowser-online.com"; classtype:attempted-recon; sid:200000262; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aplintec.com.mx"; classtype:attempted-recon; sid:200000263; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"app-928e4a31-5ecb-44ae-8c1e-5a710ac73f9f.cleverapps.io"; classtype:attempted-recon; sid:200000264; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"app-bombcrypto-io-login-ab.blogspot.com"; classtype:attempted-recon; sid:200000265; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"app.bydn217.club"; classtype:attempted-recon; sid:200000266; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"app.duel.network"; classtype:attempted-recon; sid:200000267; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"app.fiiber.ca"; classtype:attempted-recon; sid:200000268; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"app.moneylinecreditcorporation.com"; classtype:attempted-recon; sid:200000269; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"app.skiff.org"; classtype:attempted-recon; sid:200000270; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"app.sugarsync.com"; classtype:attempted-recon; sid:200000271; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appatualizecef.com"; classtype:attempted-recon; sid:200000272; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appibsolicitud.com"; classtype:attempted-recon; sid:200000273; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appleid-check.info"; classtype:attempted-recon; sid:200000274; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"applekra.com"; classtype:attempted-recon; sid:200000275; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"applepichincha.webcindario.com"; classtype:attempted-recon; sid:200000276; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"apply.aua.am"; classtype:attempted-recon; sid:200000277; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"apps.mobile-form-verification40124572700208277579.xjzsg0tqkl-ewl6ngk8w352.p.runcloud.link"; classtype:attempted-recon; sid:200000278; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aprilgagenesh.com"; classtype:attempted-recon; sid:200000279; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aquaqualitas.com"; classtype:attempted-recon; sid:200000280; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arafathrumman.github.io"; classtype:attempted-recon; sid:200000281; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arcacg.com"; classtype:attempted-recon; sid:200000282; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"archivio-supporto.sitoper.it"; classtype:attempted-recon; sid:200000283; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"are.scicemecod.com"; classtype:attempted-recon; sid:200000284; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"areueaom.gtpzcve.cn"; classtype:attempted-recon; sid:200000285; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"areueaom.gtva.cn"; classtype:attempted-recon; sid:200000286; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arif.com.bd"; classtype:attempted-recon; sid:200000287; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aromatic.webenliven.in"; classtype:attempted-recon; sid:200000288; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arthamahotels.com"; classtype:attempted-recon; sid:200000289; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"artlux.com.pl"; classtype:attempted-recon; sid:200000290; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arub-service.org"; classtype:attempted-recon; sid:200000291; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aruba.fatt.ids-sys.com"; classtype:attempted-recon; sid:200000292; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"as.macecri.com"; classtype:attempted-recon; sid:200000293; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"as.scicemecod.com"; classtype:attempted-recon; sid:200000294; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"asaipestcontrol.com"; classtype:attempted-recon; sid:200000295; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ascom.co.tz"; classtype:attempted-recon; sid:200000296; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"asd.9sw53wk.cn"; classtype:attempted-recon; sid:200000297; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"asdxa.p2x11pi.cn"; classtype:attempted-recon; sid:200000298; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"asgard-ampqy.run-us-west2.goorm.io"; classtype:attempted-recon; sid:200000299; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"asimpwsh.com"; classtype:attempted-recon; sid:200000300; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"asistentetramitadordigitalda.com"; classtype:attempted-recon; sid:200000301; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"askarmotorluaraclar.com"; classtype:attempted-recon; sid:200000302; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"asrefanavary.com"; classtype:attempted-recon; sid:200000303; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"at-t-support-service1.sitey.me"; classtype:attempted-recon; sid:200000304; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"at-t-yahoo.sitey.me"; classtype:attempted-recon; sid:200000305; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atento-fdi.plusoftomni.com.br"; classtype:attempted-recon; sid:200000306; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ativacao-online73681.com"; classtype:attempted-recon; sid:200000307; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atlanticeconcrete.com"; classtype:attempted-recon; sid:200000308; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atnr76dxku336szy.clickfunnels.com"; classtype:attempted-recon; sid:200000309; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"att556.weebly.com"; classtype:attempted-recon; sid:200000310; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"att87.weebly.com"; classtype:attempted-recon; sid:200000311; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"attinfoser.weebly.com"; classtype:attempted-recon; sid:200000312; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"attonlinemanagementpage.weebly.com"; classtype:attempted-recon; sid:200000313; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"attonlineuserverification.weebly.com"; classtype:attempted-recon; sid:200000314; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"attpage1121.weebly.com"; classtype:attempted-recon; sid:200000315; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atualizacao-online547864.com"; classtype:attempted-recon; sid:200000316; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atualizarmodolo.com"; classtype:attempted-recon; sid:200000317; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atulrathore-dev.github.io"; classtype:attempted-recon; sid:200000318; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auid-japan.com"; classtype:attempted-recon; sid:200000319; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aurumship.com"; classtype:attempted-recon; sid:200000320; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aushotel.es"; classtype:attempted-recon; sid:200000321; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auth-task1-m.web.app"; classtype:attempted-recon; sid:200000322; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auth-webmailakeonetcom.yolasite.com"; classtype:attempted-recon; sid:200000323; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auth.topgamers.cn"; classtype:attempted-recon; sid:200000324; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"authent54-sedure32.duckdns.org"; classtype:attempted-recon; sid:200000325; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"authorize-trustvallet-protocol.com"; classtype:attempted-recon; sid:200000326; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"authorizewallet.app"; classtype:attempted-recon; sid:200000327; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"authuxeehmutconjxmailssocl.web.app"; classtype:attempted-recon; sid:200000328; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"authxntico.cc"; classtype:attempted-recon; sid:200000329; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"autodiscover.ryder-dutton.co.uk"; classtype:attempted-recon; sid:200000330; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"autoexprs.com"; classtype:attempted-recon; sid:200000331; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"autoranplususeremailprocessingupdate.pages.dev"; classtype:attempted-recon; sid:200000332; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"autoscurt24.de"; classtype:attempted-recon; sid:200000333; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"autumn-sun-4a21.paqesads-scure.workers.dev"; classtype:attempted-recon; sid:200000334; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"avelocidad.com"; classtype:attempted-recon; sid:200000335; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"avrorganics.com"; classtype:attempted-recon; sid:200000336; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"awesome-gates-8bdd6f.netlify.app"; classtype:attempted-recon; sid:200000337; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ax.xiguw.workers.dev"; classtype:attempted-recon; sid:200000338; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"axieinfinity-supportwallet.com"; classtype:attempted-recon; sid:200000339; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"axlr.in"; classtype:attempted-recon; sid:200000340; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ayushenterprise.in"; classtype:attempted-recon; sid:200000341; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"az.macecri.com"; classtype:attempted-recon; sid:200000342; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"azb3s.cf"; classtype:attempted-recon; sid:200000343; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"azmznonos_co_long.akys.shop"; classtype:attempted-recon; sid:200000344; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"b.com.0cdb6084fc320a42a6418192753f5960.laremolonarestaurante.com"; classtype:attempted-recon; sid:200000345; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"b059c86968a6427389952025bcee9886.svc.dynamics.com"; classtype:attempted-recon; sid:200000346; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"b4e921f0.sso-mailsrvr-4344e5teed.pages.dev"; classtype:attempted-recon; sid:200000347; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"b96f7f93.sibforms.com"; classtype:attempted-recon; sid:200000348; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"b97bca39.srvr-cloudmail-srvr6754e5rte.pages.dev"; classtype:attempted-recon; sid:200000349; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bacteralia.com"; classtype:attempted-recon; sid:200000350; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bag-macben.eu"; classtype:attempted-recon; sid:200000351; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bakhai.vn"; classtype:attempted-recon; sid:200000352; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"balajihospital.net"; classtype:attempted-recon; sid:200000353; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"balalabala090.diskstation.eu"; classtype:attempted-recon; sid:200000354; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bamarfoundation.org"; classtype:attempted-recon; sid:200000355; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"banca-electronica1.odoo.com"; classtype:attempted-recon; sid:200000356; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaenlineal-interbark2.com"; classtype:attempted-recon; sid:200000357; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporinternet-interbark.pcriot.com"; classtype:attempted-recon; sid:200000358; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporinternet.interban.pe.magictourscancun.com"; classtype:attempted-recon; sid:200000359; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporinternet.interbrnpe.com"; classtype:attempted-recon; sid:200000360; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporinternet.lnterbank.pronductos.com"; classtype:attempted-recon; sid:200000361; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporinternetinterbank.pe-promocion.app"; classtype:attempted-recon; sid:200000362; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporintrnet.interbnkperu.es"; classtype:attempted-recon; sid:200000363; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporlnternetlnterbarnk.dominandoagestao.com.br"; classtype:attempted-recon; sid:200000364; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporlnternetlnterbarnk.infinitegoldjewelry.com"; classtype:attempted-recon; sid:200000365; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporlnternetlnterbarnk.jifad.org"; classtype:attempted-recon; sid:200000366; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancaporlnternetlnterbarnk.libertycanais.com.br"; classtype:attempted-recon; sid:200000367; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancoiinng.site44.com"; classtype:attempted-recon; sid:200000368; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bancooccidentalb.com"; classtype:attempted-recon; sid:200000369; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bankapolska.com"; classtype:attempted-recon; sid:200000370; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"banki0wa.us"; classtype:attempted-recon; sid:200000371; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bankocaoffo.webcindario.com"; classtype:attempted-recon; sid:200000372; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bankofamer86.ddns.net"; classtype:attempted-recon; sid:200000373; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bannerbank.control-inc.com"; classtype:attempted-recon; sid:200000374; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bannerchampnyc.com"; classtype:attempted-recon; sid:200000375; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"banproseguridadasistenteenlineanic.webnode.es"; classtype:attempted-recon; sid:200000376; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"baradua.it"; classtype:attempted-recon; sid:200000377; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"barbecuef.top"; classtype:attempted-recon; sid:200000378; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"battlelastmont.cyou"; classtype:attempted-recon; sid:200000379; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bc1.paiementervice.com"; classtype:attempted-recon; sid:200000380; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bconclutmjy.ru"; classtype:attempted-recon; sid:200000381; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bcp-marketing.com"; classtype:attempted-recon; sid:200000382; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bcpzonaseguirabeta.com"; classtype:attempted-recon; sid:200000383; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-home.web.do"; classtype:attempted-recon; sid:200000384; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bearmybrand.com"; classtype:attempted-recon; sid:200000385; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beast-blog.com"; classtype:attempted-recon; sid:200000386; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beccu07.zzux.com"; classtype:attempted-recon; sid:200000387; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beijing.vfzfy1v.cn"; classtype:attempted-recon; sid:200000388; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"belovedaroma.com"; classtype:attempted-recon; sid:200000389; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bendmytrend.com"; classtype:attempted-recon; sid:200000390; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"berketurizm.com"; classtype:attempted-recon; sid:200000391; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beupdatedmust.pricesrakutenlogin.buzz"; classtype:attempted-recon; sid:200000392; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bexwebmailupdate.web.app"; classtype:attempted-recon; sid:200000393; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beyondsmiles.co.in"; classtype:attempted-recon; sid:200000394; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bghgcd.psuxscm.cn"; classtype:attempted-recon; sid:200000395; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bharathi1809.github.io"; classtype:attempted-recon; sid:200000396; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhavin0077.github.io"; classtype:attempted-recon; sid:200000397; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhddf.uwe6ui0.cn"; classtype:attempted-recon; sid:200000398; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhdf.bdc9985.cn"; classtype:attempted-recon; sid:200000399; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhdf.ryhk63.cn"; classtype:attempted-recon; sid:200000400; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhdf.t18v2kr.cn"; classtype:attempted-recon; sid:200000401; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhdf.y0ai5w8.cn"; classtype:attempted-recon; sid:200000402; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhgcd.8h391um.cn"; classtype:attempted-recon; sid:200000403; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhgcxz.00e5gfu.cn"; classtype:attempted-recon; sid:200000404; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhgd.48ud0ez.cn"; classtype:attempted-recon; sid:200000405; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhgdd.qlljdgs.cn"; classtype:attempted-recon; sid:200000406; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhgxa.eo76sni.cn"; classtype:attempted-recon; sid:200000407; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhhcd.9bzuw49.cn"; classtype:attempted-recon; sid:200000408; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhhxaa.123qi7b.cn"; classtype:attempted-recon; sid:200000409; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhxas.rb0xts7.cn"; classtype:attempted-recon; sid:200000410; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bhxdd.2hllf8x.cn"; classtype:attempted-recon; sid:200000411; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bicicentroslezama.com"; classtype:attempted-recon; sid:200000412; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"biedronka-news.biz"; classtype:attempted-recon; sid:200000413; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"biedronka-news.us"; classtype:attempted-recon; sid:200000414; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"biedronkainvest.biz"; classtype:attempted-recon; sid:200000415; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bienlinea.com"; classtype:attempted-recon; sid:200000416; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bijoycity.com"; classtype:attempted-recon; sid:200000417; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bilacintatakk.institute-pagess.workers.dev"; classtype:attempted-recon; sid:200000418; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bilasajaterjadii.institute-pagess.workers.dev"; classtype:attempted-recon; sid:200000419; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"billingfailure-o2.com"; classtype:attempted-recon; sid:200000420; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bioenergyevitalite.com"; classtype:attempted-recon; sid:200000421; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"birlacitywaterpark.com"; classtype:attempted-recon; sid:200000422; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bisanew.20931.repl.co"; classtype:attempted-recon; sid:200000423; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"biswap.fm"; classtype:attempted-recon; sid:200000424; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"biswapdapp.org"; classtype:attempted-recon; sid:200000425; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bitbaink.web.app"; classtype:attempted-recon; sid:200000426; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bitflye87.com"; classtype:attempted-recon; sid:200000427; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bitflyerfr.cc"; classtype:attempted-recon; sid:200000428; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bithunnb.web.app"; classtype:attempted-recon; sid:200000429; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bitmexinc.com"; classtype:attempted-recon; sid:200000430; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bitso.cm"; classtype:attempted-recon; sid:200000431; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bitsrflyer.com"; classtype:attempted-recon; sid:200000432; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bizlinktek.com"; classtype:attempted-recon; sid:200000433; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bizzcityinfo.com"; classtype:attempted-recon; sid:200000434; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blanchevetements.com"; classtype:attempted-recon; sid:200000435; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blllsoth.weebly.com"; classtype:attempted-recon; sid:200000436; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blockchain-fix.org"; classtype:attempted-recon; sid:200000437; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blockchainwallet-tool.com"; classtype:attempted-recon; sid:200000438; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blocks.rn86.ru"; classtype:attempted-recon; sid:200000439; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blog.booxium.com"; classtype:attempted-recon; sid:200000440; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blog.drmostafafouadivf.com"; classtype:attempted-recon; sid:200000441; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blog.storrea.com"; classtype:attempted-recon; sid:200000442; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blog.visionconsulting.ro"; classtype:attempted-recon; sid:200000443; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blog.weiwanjia.com"; classtype:attempted-recon; sid:200000444; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blowfish-ltd.co.uk"; classtype:attempted-recon; sid:200000445; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"blslightinginc.com"; classtype:attempted-recon; sid:200000446; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bmcporlnternet.lnterbamkpe.extracaslh.shop"; classtype:attempted-recon; sid:200000447; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bn-seguridadperu.com"; classtype:attempted-recon; sid:200000448; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bnconacional.odoo.com"; classtype:attempted-recon; sid:200000449; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bncre.odoo.com"; classtype:attempted-recon; sid:200000450; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bncxz.9wx9b27.cn"; classtype:attempted-recon; sid:200000451; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bndigitalpersonas.com"; classtype:attempted-recon; sid:200000452; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boaupdate.bfaoscr.com"; classtype:attempted-recon; sid:200000453; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bogdonovlerer.com"; classtype:attempted-recon; sid:200000454; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bogged-finance.com"; classtype:attempted-recon; sid:200000455; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boi.365online-replacement.com"; classtype:attempted-recon; sid:200000456; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boke4-indonesia-2022a7whatsapp.duckdns.org"; classtype:attempted-recon; sid:200000457; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bokep-virall-sange33.duckdns.org"; classtype:attempted-recon; sid:200000458; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bokgabanesolutions.co.za"; classtype:attempted-recon; sid:200000459; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bold-lichterman.45-81-232-15.plesk.page"; classtype:attempted-recon; sid:200000460; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bookfbs.evangsamuelministries.com"; classtype:attempted-recon; sid:200000461; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boxes.com.py"; classtype:attempted-recon; sid:200000462; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"br4.in"; classtype:attempted-recon; sid:200000463; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"br622.teste.website"; classtype:attempted-recon; sid:200000464; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"breople.com"; classtype:attempted-recon; sid:200000465; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooks-forrunning.top"; classtype:attempted-recon; sid:200000466; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooks-justforjogging.top"; classtype:attempted-recon; sid:200000467; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooks-move.top"; classtype:attempted-recon; sid:200000468; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooks-ooke.top"; classtype:attempted-recon; sid:200000469; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooks-runfarther.top"; classtype:attempted-recon; sid:200000470; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooks-xsdaodab.top"; classtype:attempted-recon; sid:200000471; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooks-xsdauofc.top"; classtype:attempted-recon; sid:200000472; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooks-xsgdfaja.top"; classtype:attempted-recon; sid:200000473; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooks1984.shop"; classtype:attempted-recon; sid:200000474; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksair.top"; classtype:attempted-recon; sid:200000475; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksale.top"; classtype:attempted-recon; sid:200000476; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksboom.top"; classtype:attempted-recon; sid:200000477; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksdiscount.top"; classtype:attempted-recon; sid:200000478; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksnewmethod.top"; classtype:attempted-recon; sid:200000479; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksnewsports.top"; classtype:attempted-recon; sid:200000480; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksprime.top"; classtype:attempted-recon; sid:200000481; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksrevel.top"; classtype:attempted-recon; sid:200000482; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksrunble.top"; classtype:attempted-recon; sid:200000483; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksrunshoeshopping.top"; classtype:attempted-recon; sid:200000484; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brooksshopsft.top"; classtype:attempted-recon; sid:200000485; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brookssoft.top"; classtype:attempted-recon; sid:200000486; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bruno-genthial.mykajabi.com"; classtype:attempted-recon; sid:200000487; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bt-108665.square.site"; classtype:attempted-recon; sid:200000488; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"btbusinessbilling.wordpress.com"; classtype:attempted-recon; sid:200000489; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"btclickpreview365pdf.1msite.eu"; classtype:attempted-recon; sid:200000490; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"btconnect-109798.square.site"; classtype:attempted-recon; sid:200000491; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"btconnectfilesecurebthomelogindropboxinupdatetdropboxpdf-logss.yolasite.com"; classtype:attempted-recon; sid:200000492; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"btconnectfilesecurebthomelogindropboxlinkupdatetdropboxpdf-logs.yolasite.com"; classtype:attempted-recon; sid:200000493; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"btconnectfilesecurebthomeloginpdropboxupdatepdf-logsssss-websit.yolasite.com"; classtype:attempted-recon; sid:200000494; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"btconnectfilesecurebthomesloginpdropboxupdatepdf-logsssss-websi.yolasite.com"; classtype:attempted-recon; sid:200000495; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bthak.com"; classtype:attempted-recon; sid:200000496; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"btinfoldddasasa.weebly.com"; classtype:attempted-recon; sid:200000497; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bttelecommunicatiiion.weebly.com"; classtype:attempted-recon; sid:200000498; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"budrimon.xyz"; classtype:attempted-recon; sid:200000499; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"builmon.xyz"; classtype:attempted-recon; sid:200000500; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bujikena.web.app"; classtype:attempted-recon; sid:200000501; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bundel-cobragratis2022.duckdns.org"; classtype:attempted-recon; sid:200000502; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"busanopen.org"; classtype:attempted-recon; sid:200000503; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-action-page129591.web.app"; classtype:attempted-recon; sid:200000504; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-appeal-copyright8211.web.app"; classtype:attempted-recon; sid:200000505; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-appeal-form-18222.web.app"; classtype:attempted-recon; sid:200000506; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-copyright-alert100821.web.app"; classtype:attempted-recon; sid:200000507; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-copyright-alert198082.web.app"; classtype:attempted-recon; sid:200000508; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-copyright-alert19882.web.app"; classtype:attempted-recon; sid:200000509; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-copyright-detected920.web.app"; classtype:attempted-recon; sid:200000510; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-required-helpcenter82.web.app"; classtype:attempted-recon; sid:200000511; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"business-required-info188221.web.app"; classtype:attempted-recon; sid:200000512; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"businessemailss.biz"; classtype:attempted-recon; sid:200000513; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"buyelectronicsnyc.com"; classtype:attempted-recon; sid:200000514; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"c.curiousmorty.be"; classtype:attempted-recon; sid:200000515; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"c.jardindemiedo.es"; classtype:attempted-recon; sid:200000516; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"c.loveawaits.be"; classtype:attempted-recon; sid:200000517; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"c.mail.com"; classtype:attempted-recon; sid:200000518; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"c0m-r51znzlh8i.isiolo.go.ke"; classtype:attempted-recon; sid:200000519; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"c1christine.tjelmeland2e.cso.gov.tt"; classtype:attempted-recon; sid:200000520; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"c2dc5b99.chgmar.pages.dev"; classtype:attempted-recon; sid:200000521; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"c6ebv708.caspio.com"; classtype:attempted-recon; sid:200000522; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cabsiler.com"; classtype:attempted-recon; sid:200000523; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cache.nebula.phx3.secureserver.net"; classtype:attempted-recon; sid:200000524; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cadeau-orange.fr"; classtype:attempted-recon; sid:200000525; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"caixabanki.temp.swtest.ru"; classtype:attempted-recon; sid:200000526; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"caixaseguradora.quadientcloud.com"; classtype:attempted-recon; sid:200000527; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cakesbyannemotha.com"; classtype:attempted-recon; sid:200000528; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cammymiller.com"; classtype:attempted-recon; sid:200000529; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"canadapost.reschedule.online.portal.services.parcel01868972.mh-group.net"; classtype:attempted-recon; sid:200000530; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cann-life.com"; classtype:attempted-recon; sid:200000531; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cannellandcoflooring.co.uk"; classtype:attempted-recon; sid:200000532; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"capservice.online"; classtype:attempted-recon; sid:200000533; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"caracasmateriais.blogspot.com"; classtype:attempted-recon; sid:200000534; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"carpediemxp.com"; classtype:attempted-recon; sid:200000535; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"carservicessaupdate.xyz"; classtype:attempted-recon; sid:200000536; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cartamorin-geometres.fr"; classtype:attempted-recon; sid:200000537; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"carwash.tv"; classtype:attempted-recon; sid:200000538; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"casbygroup.com"; classtype:attempted-recon; sid:200000539; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"caseforpage1003496539563.web.app"; classtype:attempted-recon; sid:200000540; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"catalogue-orange.com"; classtype:attempted-recon; sid:200000541; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cateringfoodanddrinksupplies777.business.site"; classtype:attempted-recon; sid:200000542; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"catus.cat"; classtype:attempted-recon; sid:200000543; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"caycos.beispielseite-wmka.de"; classtype:attempted-recon; sid:200000544; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"caymanreno.com"; classtype:attempted-recon; sid:200000545; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cbmonlinegroups.com"; classtype:attempted-recon; sid:200000546; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cc.scicemecod.com"; classtype:attempted-recon; sid:200000547; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cc23674.tmweb.ru"; classtype:attempted-recon; sid:200000548; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ccjrlaw.com"; classtype:attempted-recon; sid:200000549; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cdas.nxzigco.cn"; classtype:attempted-recon; sid:200000550; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cdsoa.wuefyta.cn"; classtype:attempted-recon; sid:200000551; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ce33312.tmweb.ru"; classtype:attempted-recon; sid:200000552; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cekpointfacebook.wixsite.com"; classtype:attempted-recon; sid:200000553; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"celikoglumakina.com"; classtype:attempted-recon; sid:200000554; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cellfunworld.com"; classtype:attempted-recon; sid:200000555; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cema-fossano.it"; classtype:attempted-recon; sid:200000556; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centralconsulta.link"; classtype:attempted-recon; sid:200000557; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centre1.bubbleapps.io"; classtype:attempted-recon; sid:200000558; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ceresgulf.com"; classtype:attempted-recon; sid:200000559; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"certifica-montepaschii.com"; classtype:attempted-recon; sid:200000560; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"charitascb.com"; classtype:attempted-recon; sid:200000561; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"charperimagedesign.com"; classtype:attempted-recon; sid:200000562; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chat-whatasapp.com"; classtype:attempted-recon; sid:200000563; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chat-whatsaap99.duckdns.org"; classtype:attempted-recon; sid:200000564; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chat-whatsapp-com-go8i7q-qregrabc-ibuxub.duckdns.org"; classtype:attempted-recon; sid:200000565; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chat-whatsapp-grupo-invitacion.blogspot.com"; classtype:attempted-recon; sid:200000566; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chat-whatsapp-gscfghjsgsu.duckdns.org"; classtype:attempted-recon; sid:200000567; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill1.web.app"; classtype:attempted-recon; sid:200000568; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill10.web.app"; classtype:attempted-recon; sid:200000569; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill11.web.app"; classtype:attempted-recon; sid:200000570; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill12.web.app"; classtype:attempted-recon; sid:200000571; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill13.web.app"; classtype:attempted-recon; sid:200000572; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill14.web.app"; classtype:attempted-recon; sid:200000573; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill15.web.app"; classtype:attempted-recon; sid:200000574; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill17.web.app"; classtype:attempted-recon; sid:200000575; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill18.web.app"; classtype:attempted-recon; sid:200000576; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill19.web.app"; classtype:attempted-recon; sid:200000577; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill2.web.app"; classtype:attempted-recon; sid:200000578; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill20.web.app"; classtype:attempted-recon; sid:200000579; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill21.web.app"; classtype:attempted-recon; sid:200000580; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill22.web.app"; classtype:attempted-recon; sid:200000581; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill23.web.app"; classtype:attempted-recon; sid:200000582; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill24.web.app"; classtype:attempted-recon; sid:200000583; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill25.web.app"; classtype:attempted-recon; sid:200000584; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill3.web.app"; classtype:attempted-recon; sid:200000585; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill4.web.app"; classtype:attempted-recon; sid:200000586; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill5.web.app"; classtype:attempted-recon; sid:200000587; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill6.web.app"; classtype:attempted-recon; sid:200000588; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill7.web.app"; classtype:attempted-recon; sid:200000589; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill8.web.app"; classtype:attempted-recon; sid:200000590; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chckmaill9.web.app"; classtype:attempted-recon; sid:200000591; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"checkkeyvip.000webhostapp.com"; classtype:attempted-recon; sid:200000592; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"checkverifymyatt.weebly.com"; classtype:attempted-recon; sid:200000593; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chefsenaccion.org"; classtype:attempted-recon; sid:200000594; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chikkuthomas.github.io"; classtype:attempted-recon; sid:200000595; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chinmayavidyalayarspuram.com"; classtype:attempted-recon; sid:200000596; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chiragrajoria.github.io"; classtype:attempted-recon; sid:200000597; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chois.jp"; classtype:attempted-recon; sid:200000598; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"christienstudystl.wixsite.com"; classtype:attempted-recon; sid:200000599; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"christmas-dhl-express-delvr.hopekosmos.com"; classtype:attempted-recon; sid:200000600; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chronopostaws.com"; classtype:attempted-recon; sid:200000601; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chtbnk.uk"; classtype:attempted-recon; sid:200000602; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chutomen.com"; classtype:attempted-recon; sid:200000603; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cinemaleftech.com"; classtype:attempted-recon; sid:200000604; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"citagestionenlineabn.com"; classtype:attempted-recon; sid:200000605; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"city-of-jazz.de"; classtype:attempted-recon; sid:200000606; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ckwgruppe.service-now.com"; classtype:attempted-recon; sid:200000607; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claiimdiamondgratis84.duckdns.org"; classtype:attempted-recon; sid:200000608; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claim-event-freefire-garena-oldfree-a4.duckdns.org"; classtype:attempted-recon; sid:200000609; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claim-skingratis-mobailegends161.duckdns.org"; classtype:attempted-recon; sid:200000610; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claims-funds-enczj.run-us-west2.goorm.io"; classtype:attempted-recon; sid:200000611; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claimseventmlbb.duckdns.org"; classtype:attempted-recon; sid:200000612; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claimshopee.yolasite.com"; classtype:attempted-recon; sid:200000613; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claro-link.brsafe.com.br"; classtype:attempted-recon; sid:200000614; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claus.bz"; classtype:attempted-recon; sid:200000615; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"click-here-help.in"; classtype:attempted-recon; sid:200000616; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"client-support-page.com"; classtype:attempted-recon; sid:200000617; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"clientid-h5p8n7f9e6fbmkhbr3i4gbnia7e9zpts4nbk3ebk0zj625t2ol.website.yandexcloud.net"; classtype:attempted-recon; sid:200000618; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"clientid-ij66191jgbm96ujp40bz1gzmpc8iquhoff3ocmbrzs6g5i89t0.website.yandexcloud.net"; classtype:attempted-recon; sid:200000619; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"clients.devtux.com"; classtype:attempted-recon; sid:200000620; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"clone-7473c.web.app"; classtype:attempted-recon; sid:200000621; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"closingdocs9480.myportfolio.com"; classtype:attempted-recon; sid:200000622; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cloud-object-storage-o9-cos-static-web-hocsx2.pages.dev"; classtype:attempted-recon; sid:200000623; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cloud.go4clients.com"; classtype:attempted-recon; sid:200000624; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cloud102.hostgator.com"; classtype:attempted-recon; sid:200000625; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"clouddoc-authorize.firebaseapp.com"; classtype:attempted-recon; sid:200000626; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cloudflare-rbnuo.run.goorm.io"; classtype:attempted-recon; sid:200000627; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cloudshare-account-auth.firebaseapp.com"; classtype:attempted-recon; sid:200000628; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cloudtracker.com.br"; classtype:attempted-recon; sid:200000629; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"club.quomodo.com"; classtype:attempted-recon; sid:200000630; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"clubeamigosdopedrosegundo.com.br"; classtype:attempted-recon; sid:200000631; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cms.time-investments.com"; classtype:attempted-recon; sid:200000632; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cnbxa.1of2o6k.cn"; classtype:attempted-recon; sid:200000633; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cner283829.odoo.com"; classtype:attempted-recon; sid:200000634; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cninflables.com"; classtype:attempted-recon; sid:200000635; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.azoynfq.cn"; classtype:attempted-recon; sid:200000636; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.bh1fgg1.cn"; classtype:attempted-recon; sid:200000637; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.bzkgfzj.cn"; classtype:attempted-recon; sid:200000638; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.clblrvh.cn"; classtype:attempted-recon; sid:200000639; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.csfknas.cn"; classtype:attempted-recon; sid:200000640; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.daailrf.cn"; classtype:attempted-recon; sid:200000641; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.eiatphe.cn"; classtype:attempted-recon; sid:200000642; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.fjzzgxx.cn"; classtype:attempted-recon; sid:200000643; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.fxdwtxc.cn"; classtype:attempted-recon; sid:200000644; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.ghemivv.cn"; classtype:attempted-recon; sid:200000645; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.hivbdco.cn"; classtype:attempted-recon; sid:200000646; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.iiaqjrp.cn"; classtype:attempted-recon; sid:200000647; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.rkrabsk.cn"; classtype:attempted-recon; sid:200000648; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.rqqidd.cn"; classtype:attempted-recon; sid:200000649; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.rukbcga.cn"; classtype:attempted-recon; sid:200000650; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.sefdvsi.cn"; classtype:attempted-recon; sid:200000651; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.tezkkbp.cn"; classtype:attempted-recon; sid:200000652; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"co.jp.ztxzzup.cn"; classtype:attempted-recon; sid:200000653; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cobaincurlduluom.duckdns.org"; classtype:attempted-recon; sid:200000654; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"codwarzonemobile.com"; classtype:attempted-recon; sid:200000655; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"coindappsync.online"; classtype:attempted-recon; sid:200000656; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev"; classtype:attempted-recon; sid:200000657; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"collab-land.net"; classtype:attempted-recon; sid:200000658; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"collabland.info"; classtype:attempted-recon; sid:200000659; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"collablandfi.com"; classtype:attempted-recon; sid:200000660; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"colorfastinv.com"; classtype:attempted-recon; sid:200000661; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"com-3z9m3j9qhp.isiolo.go.ke"; classtype:attempted-recon; sid:200000662; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"com-4tfgonrlym.isiolo.go.ke"; classtype:attempted-recon; sid:200000663; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"com-dnq84vac.isiolo.go.ke"; classtype:attempted-recon; sid:200000664; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"com-h3v9t9zycu.isiolo.go.ke"; classtype:attempted-recon; sid:200000665; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"com-l5tpetwb.isiolo.go.ke"; classtype:attempted-recon; sid:200000666; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"com-mm2ai86orr.isiolo.go.ke"; classtype:attempted-recon; sid:200000667; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"com-r51znzlh8i.isiolo.go.ke"; classtype:attempted-recon; sid:200000668; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"com-sauuvazpjo.isiolo.go.ke"; classtype:attempted-recon; sid:200000669; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"com-ugsyk69nqb.isiolo.go.ke"; classtype:attempted-recon; sid:200000670; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"community.fb-pages-01138913366342885284.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; classtype:attempted-recon; sid:200000671; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"community.fb-pages-28202553629866144006.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; classtype:attempted-recon; sid:200000672; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"community.fb-pages-44883444930165123303.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; classtype:attempted-recon; sid:200000673; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"completeegali.webcindario.com"; classtype:attempted-recon; sid:200000674; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"completeyorcorp.lunsrgovert.net"; classtype:attempted-recon; sid:200000675; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"comunicazione-europe.net"; classtype:attempted-recon; sid:200000676; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"comunity-isue-ideent-andromeda-29.web.id"; classtype:attempted-recon; sid:200000677; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"comunity-isue-ideent-andromeda-33.web.id"; classtype:attempted-recon; sid:200000678; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"con-firma.firebaseapp.com"; classtype:attempted-recon; sid:200000679; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"congresosba.com.ar"; classtype:attempted-recon; sid:200000680; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"conhecaonlinedigital.com.br"; classtype:attempted-recon; sid:200000681; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"connect.au-login.0662smt.com"; classtype:attempted-recon; sid:200000682; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"connect.auone.jp-login.kddi-sys.com"; classtype:attempted-recon; sid:200000683; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"connect.myauone.jp-auid.jp-auid.com"; classtype:attempted-recon; sid:200000684; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"connect.myauone.jp-auid.kddi-mail.com"; classtype:attempted-recon; sid:200000685; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"connectlivewallet.io"; classtype:attempted-recon; sid:200000686; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"connectwallet.me"; classtype:attempted-recon; sid:200000687; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"conoscofaturahiiiper.com"; classtype:attempted-recon; sid:200000688; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contabilidaderabello.com.br"; classtype:attempted-recon; sid:200000689; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contact2acceptpoilcyverifingyouracceptancemailfullinbox.pages.dev"; classtype:attempted-recon; sid:200000690; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contapessoal.digital"; classtype:attempted-recon; sid:200000691; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"content.av1.com.au"; classtype:attempted-recon; sid:200000692; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"content.edgerockwealth.com"; classtype:attempted-recon; sid:200000693; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"content.meetmagic.org"; classtype:attempted-recon; sid:200000694; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"continentepecas.com"; classtype:attempted-recon; sid:200000695; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contratodeparceria.com.br"; classtype:attempted-recon; sid:200000696; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"controlpichincha.webcindario.com"; classtype:attempted-recon; sid:200000697; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"copyright-center-live.ml"; classtype:attempted-recon; sid:200000698; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"coroplastusa.com"; classtype:attempted-recon; sid:200000699; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"correosdemexico-web.com"; classtype:attempted-recon; sid:200000700; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"corta.ai"; classtype:attempted-recon; sid:200000701; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cosemu.com"; classtype:attempted-recon; sid:200000702; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cottonwooddentalg.nimbusweb.me"; classtype:attempted-recon; sid:200000703; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"courtcase.co.in"; classtype:attempted-recon; sid:200000704; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"covid-foyyn.run-us-west2.goorm.io"; classtype:attempted-recon; sid:200000705; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cox0.yolasite.com"; classtype:attempted-recon; sid:200000706; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cp.digitalprocurements.co.uk"; classtype:attempted-recon; sid:200000707; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cp45362.tmweb.ru"; classtype:attempted-recon; sid:200000708; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cpanel10wh.bkk1.cloud.z.com"; classtype:attempted-recon; sid:200000709; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cr24185.tmweb.ru"; classtype:attempted-recon; sid:200000710; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crackfreekey.com"; classtype:attempted-recon; sid:200000711; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cranetech.com.br"; classtype:attempted-recon; sid:200000712; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"creatorsverificationandsafetybusiness.co.vu"; classtype:attempted-recon; sid:200000713; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credcloud-object-storage-o9-cos-static-web-hocsd3d.pages.dev"; classtype:attempted-recon; sid:200000714; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credicorp-capital.net"; classtype:attempted-recon; sid:200000715; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credicorpfiduciariasa.com"; classtype:attempted-recon; sid:200000716; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credifinanciera.didacsis.com"; classtype:attempted-recon; sid:200000717; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crediserfinanza.com"; classtype:attempted-recon; sid:200000718; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"creditagricole-sudrhonealpes.blogspot.ba"; classtype:attempted-recon; sid:200000719; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"creditagricole-sudrhonealpes.blogspot.com"; classtype:attempted-recon; sid:200000720; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"creditagricole-sudrhonealpes.blogspot.ro"; classtype:attempted-recon; sid:200000721; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"creditinternationalbank.com"; classtype:attempted-recon; sid:200000722; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"creditiperhabbogratissicuro100.blogspot.it"; classtype:attempted-recon; sid:200000723; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cresvin.com"; classtype:attempted-recon; sid:200000724; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"criticalcarevizag.com"; classtype:attempted-recon; sid:200000725; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crrdxwjap7t.typeform.com"; classtype:attempted-recon; sid:200000726; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cryptocars-plays.buzz"; classtype:attempted-recon; sid:200000727; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cryptocarsme.com"; classtype:attempted-recon; sid:200000728; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cryptscars-logs.com"; classtype:attempted-recon; sid:200000729; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cryqtocars.me"; classtype:attempted-recon; sid:200000730; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cuans.bkaamiv.cn"; classtype:attempted-recon; sid:200000731; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"currentlyupgrade.mystrikingly.com"; classtype:attempted-recon; sid:200000732; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cusnas.366wuv.cn"; classtype:attempted-recon; sid:200000733; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cxas.bvd2q18.cn"; classtype:attempted-recon; sid:200000734; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cxas.zk6w4dt.cn"; classtype:attempted-recon; sid:200000735; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cxasd.easghbl.cn"; classtype:attempted-recon; sid:200000736; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cxmnsa.04frh0w.cn"; classtype:attempted-recon; sid:200000737; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cxnbas.nmkbmqk.cn"; classtype:attempted-recon; sid:200000738; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cxuahs.1wc9bxm.cn"; classtype:attempted-recon; sid:200000739; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cyna.rkpmage.cn"; classtype:attempted-recon; sid:200000740; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cyqsnwx.cn"; classtype:attempted-recon; sid:200000741; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"czechposta-cz.cz.swtest.ru"; classtype:attempted-recon; sid:200000742; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"czvon.4fan.cz"; classtype:attempted-recon; sid:200000743; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"czxasd.3ot975v.cn"; classtype:attempted-recon; sid:200000744; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"d.app32150.xyz"; classtype:attempted-recon; sid:200000745; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"d18gc1ytkdv37u.cloudfront.net"; classtype:attempted-recon; sid:200000746; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"d2aae6a6.srvr-cloudmail-srvr675eu6r.pages.dev"; classtype:attempted-recon; sid:200000747; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"d3ncuwwrr82.typeform.com"; classtype:attempted-recon; sid:200000748; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"daatahomes.com"; classtype:attempted-recon; sid:200000749; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dadafa88.com"; classtype:attempted-recon; sid:200000750; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"damp-f43e.recovery-page-secur.workers.dev"; classtype:attempted-recon; sid:200000751; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"danitraseoexperts.com"; classtype:attempted-recon; sid:200000752; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dappconnecttvalidator.net"; classtype:attempted-recon; sid:200000753; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dapponlines.com"; classtype:attempted-recon; sid:200000754; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dappscoins.com"; classtype:attempted-recon; sid:200000755; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dappsiconnect.com"; classtype:attempted-recon; sid:200000756; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dappsmainnetverify.com"; classtype:attempted-recon; sid:200000757; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dappswalletapp.org"; classtype:attempted-recon; sid:200000758; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dappswalletliveauthenticate.com"; classtype:attempted-recon; sid:200000759; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dasd.atio2tq.cn"; classtype:attempted-recon; sid:200000760; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"date-on-14-01.totaltrackingimproveupscanada.com"; classtype:attempted-recon; sid:200000761; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"datos-pichincha.webcindario.com"; classtype:attempted-recon; sid:200000762; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"davidshopeaz.org"; classtype:attempted-recon; sid:200000763; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"daycoval.contrato.srv.br"; classtype:attempted-recon; sid:200000764; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"daycoval.facildepagar.com.br"; classtype:attempted-recon; sid:200000765; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"db-web-client.com"; classtype:attempted-recon; sid:200000766; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dbesmdcjzturhizszllesbthsn-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200000767; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dbkuzwes.online"; classtype:attempted-recon; sid:200000768; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dbs.limited"; classtype:attempted-recon; sid:200000769; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dbs.online.webdbslistinonline.com"; classtype:attempted-recon; sid:200000770; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dbs.webdbslistinonline.com"; classtype:attempted-recon; sid:200000771; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dbw.gr"; classtype:attempted-recon; sid:200000772; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dcm1.ae.iwc.static.tungmung.co.id"; classtype:attempted-recon; sid:200000773; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dd90001.github.io"; classtype:attempted-recon; sid:200000774; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"de.eurohome.civ.pl"; classtype:attempted-recon; sid:200000775; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"de22c9kukppr.clickfunnels.com"; classtype:attempted-recon; sid:200000776; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"deactivemsnon-8k98-l9k8-98j8-98j78u.pages.dev"; classtype:attempted-recon; sid:200000777; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"deborahholland.net"; classtype:attempted-recon; sid:200000778; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"debuil.xyz"; classtype:attempted-recon; sid:200000779; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"declicgestion.fr"; classtype:attempted-recon; sid:200000780; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"decorcenter.com.pe"; classtype:attempted-recon; sid:200000781; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dejpaad.com"; classtype:attempted-recon; sid:200000782; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"delacproperties.com.mx"; classtype:attempted-recon; sid:200000783; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"delezhen.mashalezhen.com"; classtype:attempted-recon; sid:200000784; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"delhiescort69.com"; classtype:attempted-recon; sid:200000785; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"deltaairlinecourier.com"; classtype:attempted-recon; sid:200000786; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"demallplot-tra.web.app"; classtype:attempted-recon; sid:200000787; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"demiregalos.com.ar"; classtype:attempted-recon; sid:200000788; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"demo.bradescocontrol.vertitecnologia.com.br"; classtype:attempted-recon; sid:200000789; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"demo2.cloudwp.dev"; classtype:attempted-recon; sid:200000790; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"denuihuongson.com.vn"; classtype:attempted-recon; sid:200000791; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"deportesartiza.com"; classtype:attempted-recon; sid:200000792; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"deregister-lbpayee.com"; classtype:attempted-recon; sid:200000793; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"desejoourocard.com.br"; classtype:attempted-recon; sid:200000794; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"desidiatech.com"; classtype:attempted-recon; sid:200000795; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"designerlakehouse.com"; classtype:attempted-recon; sid:200000796; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"desksellcompany.com"; classtype:attempted-recon; sid:200000797; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"destinationth.com"; classtype:attempted-recon; sid:200000798; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"deutsche-post.apurvathespygenesh.com"; classtype:attempted-recon; sid:200000799; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dev-nadaj.orlenpaczka.ce5.pl"; classtype:attempted-recon; sid:200000800; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dev-secu-credit-union.pantheonsite.io"; classtype:attempted-recon; sid:200000801; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dev-www.orlenpaczka.ce5.pl"; classtype:attempted-recon; sid:200000802; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dev.massageliabilityinsurancegroup.com"; classtype:attempted-recon; sid:200000803; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dev.shivaxi.com"; classtype:attempted-recon; sid:200000804; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"devicepichincha.webcindario.com"; classtype:attempted-recon; sid:200000805; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"devops.help"; classtype:attempted-recon; sid:200000806; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dfscord-app.club"; classtype:attempted-recon; sid:200000807; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dgi.is"; classtype:attempted-recon; sid:200000808; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dgmepunjab.gov.pk"; classtype:attempted-recon; sid:200000809; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dgsh2ws45.lovestoblog.com"; classtype:attempted-recon; sid:200000810; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dhanushr24.github.io"; classtype:attempted-recon; sid:200000811; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dhl-event.app"; classtype:attempted-recon; sid:200000812; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dhl.recruitmentplatform.com"; classtype:attempted-recon; sid:200000813; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"diamondplate.us"; classtype:attempted-recon; sid:200000814; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"die-post-swiss-id-19782635812.psd2any.com"; classtype:attempted-recon; sid:200000815; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"diepost-paketevhost207932.lowhost.ru"; classtype:attempted-recon; sid:200000816; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"diginto.org"; classtype:attempted-recon; sid:200000817; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"diligentverify.com"; classtype:attempted-recon; sid:200000818; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"directqpuprozaakp.weebly.com"; classtype:attempted-recon; sid:200000819; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dirtyez.com"; classtype:attempted-recon; sid:200000820; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"disccrdapp.com"; classtype:attempted-recon; sid:200000821; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"disckord.club"; classtype:attempted-recon; sid:200000822; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"discoord-nittro.com"; classtype:attempted-recon; sid:200000823; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"discordbugs.com"; classtype:attempted-recon; sid:200000824; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"discordnitroos.com"; classtype:attempted-recon; sid:200000825; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"discrods.gift"; classtype:attempted-recon; sid:200000826; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dispositivoapp.azurewebsites.net"; classtype:attempted-recon; sid:200000827; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"distinctivei.com"; classtype:attempted-recon; sid:200000828; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"distrial.ec"; classtype:attempted-recon; sid:200000829; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"divinasoutfit.cl"; classtype:attempted-recon; sid:200000830; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"djfh.wmfc241.cn"; classtype:attempted-recon; sid:200000831; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dkb-info.com"; classtype:attempted-recon; sid:200000832; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dkbtan07.com"; classtype:attempted-recon; sid:200000833; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dke060122.page.link"; classtype:attempted-recon; sid:200000834; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dkglobaljobs.com"; classtype:attempted-recon; sid:200000835; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dl.9xu.com"; classtype:attempted-recon; sid:200000836; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dlink.me"; classtype:attempted-recon; sid:200000837; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dmaxpesca.com.es"; classtype:attempted-recon; sid:200000838; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"doclab-console-auth.firebaseapp.com"; classtype:attempted-recon; sid:200000839; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"docs-verify-c671.thajetiase.workers.dev"; classtype:attempted-recon; sid:200000840; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"docs.revv.so"; classtype:attempted-recon; sid:200000841; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"docsharex-authorize.firebaseapp.com"; classtype:attempted-recon; sid:200000842; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"docuservice.us"; classtype:attempted-recon; sid:200000843; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"docusign-lnc.info"; classtype:attempted-recon; sid:200000844; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domaincontroller.pmeimg.co.uk"; classtype:attempted-recon; sid:200000845; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa100.web.app"; classtype:attempted-recon; sid:200000846; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa101.web.app"; classtype:attempted-recon; sid:200000847; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa102.web.app"; classtype:attempted-recon; sid:200000848; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa103.web.app"; classtype:attempted-recon; sid:200000849; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa104.web.app"; classtype:attempted-recon; sid:200000850; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa105.web.app"; classtype:attempted-recon; sid:200000851; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa108.web.app"; classtype:attempted-recon; sid:200000852; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa109.web.app"; classtype:attempted-recon; sid:200000853; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa110.web.app"; classtype:attempted-recon; sid:200000854; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa111.web.app"; classtype:attempted-recon; sid:200000855; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa112.web.app"; classtype:attempted-recon; sid:200000856; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa113.web.app"; classtype:attempted-recon; sid:200000857; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa114.web.app"; classtype:attempted-recon; sid:200000858; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa115.web.app"; classtype:attempted-recon; sid:200000859; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa116.web.app"; classtype:attempted-recon; sid:200000860; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa117.web.app"; classtype:attempted-recon; sid:200000861; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa118.web.app"; classtype:attempted-recon; sid:200000862; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa119.web.app"; classtype:attempted-recon; sid:200000863; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa122.web.app"; classtype:attempted-recon; sid:200000864; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa123.web.app"; classtype:attempted-recon; sid:200000865; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa124.web.app"; classtype:attempted-recon; sid:200000866; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa126.web.app"; classtype:attempted-recon; sid:200000867; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa127.web.app"; classtype:attempted-recon; sid:200000868; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa128.web.app"; classtype:attempted-recon; sid:200000869; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa129.web.app"; classtype:attempted-recon; sid:200000870; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa13.web.app"; classtype:attempted-recon; sid:200000871; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa130.web.app"; classtype:attempted-recon; sid:200000872; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa131.web.app"; classtype:attempted-recon; sid:200000873; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa132.web.app"; classtype:attempted-recon; sid:200000874; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa134.web.app"; classtype:attempted-recon; sid:200000875; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa135.web.app"; classtype:attempted-recon; sid:200000876; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa136.web.app"; classtype:attempted-recon; sid:200000877; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa137.web.app"; classtype:attempted-recon; sid:200000878; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa139.web.app"; classtype:attempted-recon; sid:200000879; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa14.web.app"; classtype:attempted-recon; sid:200000880; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa142.web.app"; classtype:attempted-recon; sid:200000881; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa143.web.app"; classtype:attempted-recon; sid:200000882; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa144.web.app"; classtype:attempted-recon; sid:200000883; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa145.web.app"; classtype:attempted-recon; sid:200000884; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa146.web.app"; classtype:attempted-recon; sid:200000885; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa148.web.app"; classtype:attempted-recon; sid:200000886; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa149.web.app"; classtype:attempted-recon; sid:200000887; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa150.web.app"; classtype:attempted-recon; sid:200000888; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa152.web.app"; classtype:attempted-recon; sid:200000889; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa153.web.app"; classtype:attempted-recon; sid:200000890; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa155.web.app"; classtype:attempted-recon; sid:200000891; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa156.web.app"; classtype:attempted-recon; sid:200000892; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa158.web.app"; classtype:attempted-recon; sid:200000893; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa159.web.app"; classtype:attempted-recon; sid:200000894; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa160.web.app"; classtype:attempted-recon; sid:200000895; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa161.web.app"; classtype:attempted-recon; sid:200000896; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa162.web.app"; classtype:attempted-recon; sid:200000897; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa163.web.app"; classtype:attempted-recon; sid:200000898; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa164.web.app"; classtype:attempted-recon; sid:200000899; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa166.web.app"; classtype:attempted-recon; sid:200000900; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa167.web.app"; classtype:attempted-recon; sid:200000901; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa168.web.app"; classtype:attempted-recon; sid:200000902; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa169.web.app"; classtype:attempted-recon; sid:200000903; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa171.web.app"; classtype:attempted-recon; sid:200000904; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa172.web.app"; classtype:attempted-recon; sid:200000905; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa173.web.app"; classtype:attempted-recon; sid:200000906; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa174.web.app"; classtype:attempted-recon; sid:200000907; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa176.web.app"; classtype:attempted-recon; sid:200000908; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa178.web.app"; classtype:attempted-recon; sid:200000909; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa179.web.app"; classtype:attempted-recon; sid:200000910; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa18.web.app"; classtype:attempted-recon; sid:200000911; rev:1;)
@@ -922,4415 +922,4235 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing web
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa182.web.app"; classtype:attempted-recon; sid:200000914; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa183.web.app"; classtype:attempted-recon; sid:200000915; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa184.web.app"; classtype:attempted-recon; sid:200000916; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa185.web.app"; classtype:attempted-recon; sid:200000917; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa186.web.app"; classtype:attempted-recon; sid:200000918; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa187.web.app"; classtype:attempted-recon; sid:200000919; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa188.web.app"; classtype:attempted-recon; sid:200000920; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa189.web.app"; classtype:attempted-recon; sid:200000921; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa19.web.app"; classtype:attempted-recon; sid:200000922; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa190.web.app"; classtype:attempted-recon; sid:200000923; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa191.web.app"; classtype:attempted-recon; sid:200000924; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa193.web.app"; classtype:attempted-recon; sid:200000925; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa194.web.app"; classtype:attempted-recon; sid:200000926; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa195.web.app"; classtype:attempted-recon; sid:200000927; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa196.web.app"; classtype:attempted-recon; sid:200000928; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa197.web.app"; classtype:attempted-recon; sid:200000929; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa198.web.app"; classtype:attempted-recon; sid:200000930; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa199.web.app"; classtype:attempted-recon; sid:200000931; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa20.web.app"; classtype:attempted-recon; sid:200000932; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa200.web.app"; classtype:attempted-recon; sid:200000933; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa201.web.app"; classtype:attempted-recon; sid:200000934; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa202.web.app"; classtype:attempted-recon; sid:200000935; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa203.web.app"; classtype:attempted-recon; sid:200000936; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa204.web.app"; classtype:attempted-recon; sid:200000937; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa205.web.app"; classtype:attempted-recon; sid:200000938; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa206.web.app"; classtype:attempted-recon; sid:200000939; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa207.web.app"; classtype:attempted-recon; sid:200000940; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa208.web.app"; classtype:attempted-recon; sid:200000941; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa209.web.app"; classtype:attempted-recon; sid:200000942; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa21.web.app"; classtype:attempted-recon; sid:200000943; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa210.web.app"; classtype:attempted-recon; sid:200000944; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa211.web.app"; classtype:attempted-recon; sid:200000945; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa212.web.app"; classtype:attempted-recon; sid:200000946; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa213.web.app"; classtype:attempted-recon; sid:200000947; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa214.web.app"; classtype:attempted-recon; sid:200000948; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa215.web.app"; classtype:attempted-recon; sid:200000949; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa216.web.app"; classtype:attempted-recon; sid:200000950; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa217.web.app"; classtype:attempted-recon; sid:200000951; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa218.web.app"; classtype:attempted-recon; sid:200000952; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa219.web.app"; classtype:attempted-recon; sid:200000953; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa220.web.app"; classtype:attempted-recon; sid:200000954; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa221.web.app"; classtype:attempted-recon; sid:200000955; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa222.web.app"; classtype:attempted-recon; sid:200000956; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa223.web.app"; classtype:attempted-recon; sid:200000957; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa224.web.app"; classtype:attempted-recon; sid:200000958; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa225.web.app"; classtype:attempted-recon; sid:200000959; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa226.web.app"; classtype:attempted-recon; sid:200000960; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa227.web.app"; classtype:attempted-recon; sid:200000961; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa228.web.app"; classtype:attempted-recon; sid:200000962; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa229.web.app"; classtype:attempted-recon; sid:200000963; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa230.web.app"; classtype:attempted-recon; sid:200000964; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa231.web.app"; classtype:attempted-recon; sid:200000965; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa232.web.app"; classtype:attempted-recon; sid:200000966; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa233.web.app"; classtype:attempted-recon; sid:200000967; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa234.web.app"; classtype:attempted-recon; sid:200000968; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa235.web.app"; classtype:attempted-recon; sid:200000969; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa237.web.app"; classtype:attempted-recon; sid:200000970; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa238.web.app"; classtype:attempted-recon; sid:200000971; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa239.web.app"; classtype:attempted-recon; sid:200000972; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa240.web.app"; classtype:attempted-recon; sid:200000973; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa241.web.app"; classtype:attempted-recon; sid:200000974; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa242.web.app"; classtype:attempted-recon; sid:200000975; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa243.web.app"; classtype:attempted-recon; sid:200000976; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa244.web.app"; classtype:attempted-recon; sid:200000977; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa245.web.app"; classtype:attempted-recon; sid:200000978; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa246.web.app"; classtype:attempted-recon; sid:200000979; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa247.web.app"; classtype:attempted-recon; sid:200000980; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa248.web.app"; classtype:attempted-recon; sid:200000981; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa249.web.app"; classtype:attempted-recon; sid:200000982; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa25.web.app"; classtype:attempted-recon; sid:200000983; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa250.web.app"; classtype:attempted-recon; sid:200000984; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa251.web.app"; classtype:attempted-recon; sid:200000985; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa252.web.app"; classtype:attempted-recon; sid:200000986; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa253.web.app"; classtype:attempted-recon; sid:200000987; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa254.web.app"; classtype:attempted-recon; sid:200000988; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa255.web.app"; classtype:attempted-recon; sid:200000989; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa256.web.app"; classtype:attempted-recon; sid:200000990; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa257.web.app"; classtype:attempted-recon; sid:200000991; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa258.web.app"; classtype:attempted-recon; sid:200000992; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa259.web.app"; classtype:attempted-recon; sid:200000993; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa26.web.app"; classtype:attempted-recon; sid:200000994; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa260.web.app"; classtype:attempted-recon; sid:200000995; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa261.web.app"; classtype:attempted-recon; sid:200000996; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa262.web.app"; classtype:attempted-recon; sid:200000997; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa263.web.app"; classtype:attempted-recon; sid:200000998; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa264.web.app"; classtype:attempted-recon; sid:200000999; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa265.web.app"; classtype:attempted-recon; sid:200001000; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa266.web.app"; classtype:attempted-recon; sid:200001001; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa267.web.app"; classtype:attempted-recon; sid:200001002; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa268.web.app"; classtype:attempted-recon; sid:200001003; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa269.web.app"; classtype:attempted-recon; sid:200001004; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa270.web.app"; classtype:attempted-recon; sid:200001005; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa271.web.app"; classtype:attempted-recon; sid:200001006; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa272.web.app"; classtype:attempted-recon; sid:200001007; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa273.web.app"; classtype:attempted-recon; sid:200001008; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa274.web.app"; classtype:attempted-recon; sid:200001009; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa275.web.app"; classtype:attempted-recon; sid:200001010; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa276.web.app"; classtype:attempted-recon; sid:200001011; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa277.web.app"; classtype:attempted-recon; sid:200001012; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa278.web.app"; classtype:attempted-recon; sid:200001013; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa279.web.app"; classtype:attempted-recon; sid:200001014; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa280.web.app"; classtype:attempted-recon; sid:200001015; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa281.web.app"; classtype:attempted-recon; sid:200001016; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa282.web.app"; classtype:attempted-recon; sid:200001017; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa283.web.app"; classtype:attempted-recon; sid:200001018; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa284.web.app"; classtype:attempted-recon; sid:200001019; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa285.web.app"; classtype:attempted-recon; sid:200001020; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa286.web.app"; classtype:attempted-recon; sid:200001021; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa287.web.app"; classtype:attempted-recon; sid:200001022; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa289.web.app"; classtype:attempted-recon; sid:200001023; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa29.web.app"; classtype:attempted-recon; sid:200001024; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa290.web.app"; classtype:attempted-recon; sid:200001025; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa292.web.app"; classtype:attempted-recon; sid:200001026; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa293.web.app"; classtype:attempted-recon; sid:200001027; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa294.web.app"; classtype:attempted-recon; sid:200001028; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa295.web.app"; classtype:attempted-recon; sid:200001029; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa296.web.app"; classtype:attempted-recon; sid:200001030; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa297.web.app"; classtype:attempted-recon; sid:200001031; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa298.web.app"; classtype:attempted-recon; sid:200001032; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa299.web.app"; classtype:attempted-recon; sid:200001033; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa30.web.app"; classtype:attempted-recon; sid:200001034; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa300.web.app"; classtype:attempted-recon; sid:200001035; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa301.web.app"; classtype:attempted-recon; sid:200001036; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa302.web.app"; classtype:attempted-recon; sid:200001037; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa303.web.app"; classtype:attempted-recon; sid:200001038; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa304.web.app"; classtype:attempted-recon; sid:200001039; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa305.web.app"; classtype:attempted-recon; sid:200001040; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa306.web.app"; classtype:attempted-recon; sid:200001041; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa307.web.app"; classtype:attempted-recon; sid:200001042; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa308.web.app"; classtype:attempted-recon; sid:200001043; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa309.web.app"; classtype:attempted-recon; sid:200001044; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa31.web.app"; classtype:attempted-recon; sid:200001045; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa310.web.app"; classtype:attempted-recon; sid:200001046; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa311.web.app"; classtype:attempted-recon; sid:200001047; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa312.web.app"; classtype:attempted-recon; sid:200001048; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa313.web.app"; classtype:attempted-recon; sid:200001049; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa314.web.app"; classtype:attempted-recon; sid:200001050; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa315.web.app"; classtype:attempted-recon; sid:200001051; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa316.web.app"; classtype:attempted-recon; sid:200001052; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa317.web.app"; classtype:attempted-recon; sid:200001053; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa318.web.app"; classtype:attempted-recon; sid:200001054; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa319.web.app"; classtype:attempted-recon; sid:200001055; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa32.web.app"; classtype:attempted-recon; sid:200001056; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa320.web.app"; classtype:attempted-recon; sid:200001057; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa321.web.app"; classtype:attempted-recon; sid:200001058; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa322.web.app"; classtype:attempted-recon; sid:200001059; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa323.web.app"; classtype:attempted-recon; sid:200001060; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa324.web.app"; classtype:attempted-recon; sid:200001061; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa325.web.app"; classtype:attempted-recon; sid:200001062; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa326.web.app"; classtype:attempted-recon; sid:200001063; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa327.web.app"; classtype:attempted-recon; sid:200001064; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa328.web.app"; classtype:attempted-recon; sid:200001065; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa329.web.app"; classtype:attempted-recon; sid:200001066; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa33.web.app"; classtype:attempted-recon; sid:200001067; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa330.web.app"; classtype:attempted-recon; sid:200001068; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa331.web.app"; classtype:attempted-recon; sid:200001069; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa332.web.app"; classtype:attempted-recon; sid:200001070; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa333.web.app"; classtype:attempted-recon; sid:200001071; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa334.web.app"; classtype:attempted-recon; sid:200001072; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa335.web.app"; classtype:attempted-recon; sid:200001073; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa336.web.app"; classtype:attempted-recon; sid:200001074; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa337.web.app"; classtype:attempted-recon; sid:200001075; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa338.web.app"; classtype:attempted-recon; sid:200001076; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa339.web.app"; classtype:attempted-recon; sid:200001077; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa34.web.app"; classtype:attempted-recon; sid:200001078; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa340.web.app"; classtype:attempted-recon; sid:200001079; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa341.web.app"; classtype:attempted-recon; sid:200001080; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa342.web.app"; classtype:attempted-recon; sid:200001081; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa343.web.app"; classtype:attempted-recon; sid:200001082; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa344.web.app"; classtype:attempted-recon; sid:200001083; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa345.web.app"; classtype:attempted-recon; sid:200001084; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa346.web.app"; classtype:attempted-recon; sid:200001085; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa347.web.app"; classtype:attempted-recon; sid:200001086; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa348.web.app"; classtype:attempted-recon; sid:200001087; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa35.web.app"; classtype:attempted-recon; sid:200001088; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa350.web.app"; classtype:attempted-recon; sid:200001089; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa351.web.app"; classtype:attempted-recon; sid:200001090; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa352.web.app"; classtype:attempted-recon; sid:200001091; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa353.web.app"; classtype:attempted-recon; sid:200001092; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa354.web.app"; classtype:attempted-recon; sid:200001093; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa355.web.app"; classtype:attempted-recon; sid:200001094; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa356.web.app"; classtype:attempted-recon; sid:200001095; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa357.web.app"; classtype:attempted-recon; sid:200001096; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa358.web.app"; classtype:attempted-recon; sid:200001097; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa359.web.app"; classtype:attempted-recon; sid:200001098; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa36.web.app"; classtype:attempted-recon; sid:200001099; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa360.web.app"; classtype:attempted-recon; sid:200001100; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa361.web.app"; classtype:attempted-recon; sid:200001101; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa362.web.app"; classtype:attempted-recon; sid:200001102; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa363.web.app"; classtype:attempted-recon; sid:200001103; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa364.web.app"; classtype:attempted-recon; sid:200001104; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa365.web.app"; classtype:attempted-recon; sid:200001105; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa367.web.app"; classtype:attempted-recon; sid:200001106; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa368.web.app"; classtype:attempted-recon; sid:200001107; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa369.web.app"; classtype:attempted-recon; sid:200001108; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa37.web.app"; classtype:attempted-recon; sid:200001109; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa370.web.app"; classtype:attempted-recon; sid:200001110; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa371.web.app"; classtype:attempted-recon; sid:200001111; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa372.web.app"; classtype:attempted-recon; sid:200001112; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa373.web.app"; classtype:attempted-recon; sid:200001113; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa374.web.app"; classtype:attempted-recon; sid:200001114; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa375.web.app"; classtype:attempted-recon; sid:200001115; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa376.web.app"; classtype:attempted-recon; sid:200001116; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa377.web.app"; classtype:attempted-recon; sid:200001117; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa378.web.app"; classtype:attempted-recon; sid:200001118; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa379.web.app"; classtype:attempted-recon; sid:200001119; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa38.web.app"; classtype:attempted-recon; sid:200001120; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa380.web.app"; classtype:attempted-recon; sid:200001121; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa381.web.app"; classtype:attempted-recon; sid:200001122; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa382.web.app"; classtype:attempted-recon; sid:200001123; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa383.web.app"; classtype:attempted-recon; sid:200001124; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa384.web.app"; classtype:attempted-recon; sid:200001125; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa385.web.app"; classtype:attempted-recon; sid:200001126; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa386.web.app"; classtype:attempted-recon; sid:200001127; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa387.web.app"; classtype:attempted-recon; sid:200001128; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa388.web.app"; classtype:attempted-recon; sid:200001129; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa389.web.app"; classtype:attempted-recon; sid:200001130; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa39.web.app"; classtype:attempted-recon; sid:200001131; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa390.web.app"; classtype:attempted-recon; sid:200001132; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa391.web.app"; classtype:attempted-recon; sid:200001133; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa392.web.app"; classtype:attempted-recon; sid:200001134; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa393.web.app"; classtype:attempted-recon; sid:200001135; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa394.web.app"; classtype:attempted-recon; sid:200001136; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa395.web.app"; classtype:attempted-recon; sid:200001137; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa396.web.app"; classtype:attempted-recon; sid:200001138; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa397.web.app"; classtype:attempted-recon; sid:200001139; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa398.web.app"; classtype:attempted-recon; sid:200001140; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa40.web.app"; classtype:attempted-recon; sid:200001141; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa400.web.app"; classtype:attempted-recon; sid:200001142; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa401.web.app"; classtype:attempted-recon; sid:200001143; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa402.web.app"; classtype:attempted-recon; sid:200001144; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa403.web.app"; classtype:attempted-recon; sid:200001145; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa404.web.app"; classtype:attempted-recon; sid:200001146; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa405.web.app"; classtype:attempted-recon; sid:200001147; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa406.web.app"; classtype:attempted-recon; sid:200001148; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa407.web.app"; classtype:attempted-recon; sid:200001149; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa408.web.app"; classtype:attempted-recon; sid:200001150; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa409.web.app"; classtype:attempted-recon; sid:200001151; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa41.web.app"; classtype:attempted-recon; sid:200001152; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa410.web.app"; classtype:attempted-recon; sid:200001153; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa411.web.app"; classtype:attempted-recon; sid:200001154; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa412.web.app"; classtype:attempted-recon; sid:200001155; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa413.web.app"; classtype:attempted-recon; sid:200001156; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa414.web.app"; classtype:attempted-recon; sid:200001157; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa415.web.app"; classtype:attempted-recon; sid:200001158; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa416.web.app"; classtype:attempted-recon; sid:200001159; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa417.web.app"; classtype:attempted-recon; sid:200001160; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa418.web.app"; classtype:attempted-recon; sid:200001161; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa419.web.app"; classtype:attempted-recon; sid:200001162; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa42.web.app"; classtype:attempted-recon; sid:200001163; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa420.web.app"; classtype:attempted-recon; sid:200001164; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa421.web.app"; classtype:attempted-recon; sid:200001165; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa422.web.app"; classtype:attempted-recon; sid:200001166; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa423.web.app"; classtype:attempted-recon; sid:200001167; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa424.web.app"; classtype:attempted-recon; sid:200001168; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa425.web.app"; classtype:attempted-recon; sid:200001169; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa426.web.app"; classtype:attempted-recon; sid:200001170; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa427.web.app"; classtype:attempted-recon; sid:200001171; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa428.web.app"; classtype:attempted-recon; sid:200001172; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa429.web.app"; classtype:attempted-recon; sid:200001173; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa43.web.app"; classtype:attempted-recon; sid:200001174; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa430.web.app"; classtype:attempted-recon; sid:200001175; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa431.web.app"; classtype:attempted-recon; sid:200001176; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa432.web.app"; classtype:attempted-recon; sid:200001177; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa433.web.app"; classtype:attempted-recon; sid:200001178; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa434.web.app"; classtype:attempted-recon; sid:200001179; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa435.web.app"; classtype:attempted-recon; sid:200001180; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa436.web.app"; classtype:attempted-recon; sid:200001181; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa437.web.app"; classtype:attempted-recon; sid:200001182; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa438.web.app"; classtype:attempted-recon; sid:200001183; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa439.web.app"; classtype:attempted-recon; sid:200001184; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa44.web.app"; classtype:attempted-recon; sid:200001185; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa440.web.app"; classtype:attempted-recon; sid:200001186; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa441.web.app"; classtype:attempted-recon; sid:200001187; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa442.web.app"; classtype:attempted-recon; sid:200001188; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa443.web.app"; classtype:attempted-recon; sid:200001189; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa444.web.app"; classtype:attempted-recon; sid:200001190; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa445.web.app"; classtype:attempted-recon; sid:200001191; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa446.web.app"; classtype:attempted-recon; sid:200001192; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa447.web.app"; classtype:attempted-recon; sid:200001193; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa448.web.app"; classtype:attempted-recon; sid:200001194; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa449.web.app"; classtype:attempted-recon; sid:200001195; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa45.web.app"; classtype:attempted-recon; sid:200001196; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa450.web.app"; classtype:attempted-recon; sid:200001197; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa451.web.app"; classtype:attempted-recon; sid:200001198; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa452.web.app"; classtype:attempted-recon; sid:200001199; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa453.web.app"; classtype:attempted-recon; sid:200001200; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa454.web.app"; classtype:attempted-recon; sid:200001201; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa455.web.app"; classtype:attempted-recon; sid:200001202; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa456.web.app"; classtype:attempted-recon; sid:200001203; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa457.web.app"; classtype:attempted-recon; sid:200001204; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa458.web.app"; classtype:attempted-recon; sid:200001205; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa459.web.app"; classtype:attempted-recon; sid:200001206; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa46.web.app"; classtype:attempted-recon; sid:200001207; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa460.web.app"; classtype:attempted-recon; sid:200001208; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa461.web.app"; classtype:attempted-recon; sid:200001209; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa462.web.app"; classtype:attempted-recon; sid:200001210; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa463.web.app"; classtype:attempted-recon; sid:200001211; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa464.web.app"; classtype:attempted-recon; sid:200001212; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa465.web.app"; classtype:attempted-recon; sid:200001213; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa466.web.app"; classtype:attempted-recon; sid:200001214; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa467.web.app"; classtype:attempted-recon; sid:200001215; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa468.web.app"; classtype:attempted-recon; sid:200001216; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa469.web.app"; classtype:attempted-recon; sid:200001217; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa47.web.app"; classtype:attempted-recon; sid:200001218; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa470.web.app"; classtype:attempted-recon; sid:200001219; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa471.web.app"; classtype:attempted-recon; sid:200001220; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa472.web.app"; classtype:attempted-recon; sid:200001221; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa473.web.app"; classtype:attempted-recon; sid:200001222; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa474.web.app"; classtype:attempted-recon; sid:200001223; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa475.web.app"; classtype:attempted-recon; sid:200001224; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa476.web.app"; classtype:attempted-recon; sid:200001225; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa477.web.app"; classtype:attempted-recon; sid:200001226; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa478.web.app"; classtype:attempted-recon; sid:200001227; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa479.web.app"; classtype:attempted-recon; sid:200001228; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa480.web.app"; classtype:attempted-recon; sid:200001229; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa481.web.app"; classtype:attempted-recon; sid:200001230; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa482.web.app"; classtype:attempted-recon; sid:200001231; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa483.web.app"; classtype:attempted-recon; sid:200001232; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa484.web.app"; classtype:attempted-recon; sid:200001233; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa485.web.app"; classtype:attempted-recon; sid:200001234; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa486.web.app"; classtype:attempted-recon; sid:200001235; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa487.web.app"; classtype:attempted-recon; sid:200001236; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa488.web.app"; classtype:attempted-recon; sid:200001237; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa489.web.app"; classtype:attempted-recon; sid:200001238; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa49.web.app"; classtype:attempted-recon; sid:200001239; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa490.web.app"; classtype:attempted-recon; sid:200001240; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa491.web.app"; classtype:attempted-recon; sid:200001241; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa492.web.app"; classtype:attempted-recon; sid:200001242; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa493.web.app"; classtype:attempted-recon; sid:200001243; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa494.web.app"; classtype:attempted-recon; sid:200001244; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa495.web.app"; classtype:attempted-recon; sid:200001245; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa496.web.app"; classtype:attempted-recon; sid:200001246; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa497.web.app"; classtype:attempted-recon; sid:200001247; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa498.web.app"; classtype:attempted-recon; sid:200001248; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa499.web.app"; classtype:attempted-recon; sid:200001249; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa50.web.app"; classtype:attempted-recon; sid:200001250; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa500.web.app"; classtype:attempted-recon; sid:200001251; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa501.web.app"; classtype:attempted-recon; sid:200001252; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa502.web.app"; classtype:attempted-recon; sid:200001253; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa503.web.app"; classtype:attempted-recon; sid:200001254; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa504.web.app"; classtype:attempted-recon; sid:200001255; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa505.web.app"; classtype:attempted-recon; sid:200001256; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa506.web.app"; classtype:attempted-recon; sid:200001257; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa507.web.app"; classtype:attempted-recon; sid:200001258; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa508.web.app"; classtype:attempted-recon; sid:200001259; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa509.web.app"; classtype:attempted-recon; sid:200001260; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa51.web.app"; classtype:attempted-recon; sid:200001261; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa510.web.app"; classtype:attempted-recon; sid:200001262; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa511.web.app"; classtype:attempted-recon; sid:200001263; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa513.web.app"; classtype:attempted-recon; sid:200001264; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa514.web.app"; classtype:attempted-recon; sid:200001265; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa515.web.app"; classtype:attempted-recon; sid:200001266; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa516.web.app"; classtype:attempted-recon; sid:200001267; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa517.web.app"; classtype:attempted-recon; sid:200001268; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa518.web.app"; classtype:attempted-recon; sid:200001269; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa519.web.app"; classtype:attempted-recon; sid:200001270; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa52.web.app"; classtype:attempted-recon; sid:200001271; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa520.web.app"; classtype:attempted-recon; sid:200001272; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa521.web.app"; classtype:attempted-recon; sid:200001273; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa522.web.app"; classtype:attempted-recon; sid:200001274; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa523.web.app"; classtype:attempted-recon; sid:200001275; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa524.web.app"; classtype:attempted-recon; sid:200001276; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa525.web.app"; classtype:attempted-recon; sid:200001277; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa526.web.app"; classtype:attempted-recon; sid:200001278; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa527.web.app"; classtype:attempted-recon; sid:200001279; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa528.web.app"; classtype:attempted-recon; sid:200001280; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa529.web.app"; classtype:attempted-recon; sid:200001281; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa53.web.app"; classtype:attempted-recon; sid:200001282; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa530.web.app"; classtype:attempted-recon; sid:200001283; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa531.web.app"; classtype:attempted-recon; sid:200001284; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa532.web.app"; classtype:attempted-recon; sid:200001285; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa533.web.app"; classtype:attempted-recon; sid:200001286; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa534.web.app"; classtype:attempted-recon; sid:200001287; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa535.web.app"; classtype:attempted-recon; sid:200001288; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa536.web.app"; classtype:attempted-recon; sid:200001289; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa537.web.app"; classtype:attempted-recon; sid:200001290; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa538.web.app"; classtype:attempted-recon; sid:200001291; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa539.web.app"; classtype:attempted-recon; sid:200001292; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa54.web.app"; classtype:attempted-recon; sid:200001293; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa540.web.app"; classtype:attempted-recon; sid:200001294; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa541.web.app"; classtype:attempted-recon; sid:200001295; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa542.web.app"; classtype:attempted-recon; sid:200001296; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa543.web.app"; classtype:attempted-recon; sid:200001297; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa544.web.app"; classtype:attempted-recon; sid:200001298; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa545.web.app"; classtype:attempted-recon; sid:200001299; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa546.web.app"; classtype:attempted-recon; sid:200001300; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa547.web.app"; classtype:attempted-recon; sid:200001301; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa548.web.app"; classtype:attempted-recon; sid:200001302; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa549.web.app"; classtype:attempted-recon; sid:200001303; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa550.web.app"; classtype:attempted-recon; sid:200001304; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa551.web.app"; classtype:attempted-recon; sid:200001305; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa552.web.app"; classtype:attempted-recon; sid:200001306; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa553.web.app"; classtype:attempted-recon; sid:200001307; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa554.web.app"; classtype:attempted-recon; sid:200001308; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa555.web.app"; classtype:attempted-recon; sid:200001309; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa556.web.app"; classtype:attempted-recon; sid:200001310; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa557.web.app"; classtype:attempted-recon; sid:200001311; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa558.web.app"; classtype:attempted-recon; sid:200001312; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa559.web.app"; classtype:attempted-recon; sid:200001313; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa56.web.app"; classtype:attempted-recon; sid:200001314; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa560.web.app"; classtype:attempted-recon; sid:200001315; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa561.web.app"; classtype:attempted-recon; sid:200001316; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa562.web.app"; classtype:attempted-recon; sid:200001317; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa563.web.app"; classtype:attempted-recon; sid:200001318; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa564.web.app"; classtype:attempted-recon; sid:200001319; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa565.web.app"; classtype:attempted-recon; sid:200001320; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa566.web.app"; classtype:attempted-recon; sid:200001321; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa567.web.app"; classtype:attempted-recon; sid:200001322; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa568.web.app"; classtype:attempted-recon; sid:200001323; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa569.web.app"; classtype:attempted-recon; sid:200001324; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa57.web.app"; classtype:attempted-recon; sid:200001325; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa570.web.app"; classtype:attempted-recon; sid:200001326; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa571.web.app"; classtype:attempted-recon; sid:200001327; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa572.web.app"; classtype:attempted-recon; sid:200001328; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa573.web.app"; classtype:attempted-recon; sid:200001329; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa574.web.app"; classtype:attempted-recon; sid:200001330; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa575.web.app"; classtype:attempted-recon; sid:200001331; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa576.web.app"; classtype:attempted-recon; sid:200001332; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa577.web.app"; classtype:attempted-recon; sid:200001333; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa578.web.app"; classtype:attempted-recon; sid:200001334; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa579.web.app"; classtype:attempted-recon; sid:200001335; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa58.web.app"; classtype:attempted-recon; sid:200001336; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa580.web.app"; classtype:attempted-recon; sid:200001337; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa581.web.app"; classtype:attempted-recon; sid:200001338; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa582.web.app"; classtype:attempted-recon; sid:200001339; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa583.web.app"; classtype:attempted-recon; sid:200001340; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa584.web.app"; classtype:attempted-recon; sid:200001341; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa585.web.app"; classtype:attempted-recon; sid:200001342; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa586.web.app"; classtype:attempted-recon; sid:200001343; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa587.web.app"; classtype:attempted-recon; sid:200001344; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa588.web.app"; classtype:attempted-recon; sid:200001345; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa589.web.app"; classtype:attempted-recon; sid:200001346; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa59.web.app"; classtype:attempted-recon; sid:200001347; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa590.web.app"; classtype:attempted-recon; sid:200001348; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa591.web.app"; classtype:attempted-recon; sid:200001349; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa592.web.app"; classtype:attempted-recon; sid:200001350; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa593.web.app"; classtype:attempted-recon; sid:200001351; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa594.web.app"; classtype:attempted-recon; sid:200001352; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa595.web.app"; classtype:attempted-recon; sid:200001353; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa596.web.app"; classtype:attempted-recon; sid:200001354; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa597.web.app"; classtype:attempted-recon; sid:200001355; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa598.web.app"; classtype:attempted-recon; sid:200001356; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa599.web.app"; classtype:attempted-recon; sid:200001357; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa60.web.app"; classtype:attempted-recon; sid:200001358; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa600.web.app"; classtype:attempted-recon; sid:200001359; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa601.web.app"; classtype:attempted-recon; sid:200001360; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa602.web.app"; classtype:attempted-recon; sid:200001361; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa603.web.app"; classtype:attempted-recon; sid:200001362; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa604.web.app"; classtype:attempted-recon; sid:200001363; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa605.web.app"; classtype:attempted-recon; sid:200001364; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa606.web.app"; classtype:attempted-recon; sid:200001365; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa607.web.app"; classtype:attempted-recon; sid:200001366; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa608.web.app"; classtype:attempted-recon; sid:200001367; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa609.web.app"; classtype:attempted-recon; sid:200001368; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa61.web.app"; classtype:attempted-recon; sid:200001369; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa610.web.app"; classtype:attempted-recon; sid:200001370; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa611.web.app"; classtype:attempted-recon; sid:200001371; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa612.web.app"; classtype:attempted-recon; sid:200001372; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa613.web.app"; classtype:attempted-recon; sid:200001373; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa614.web.app"; classtype:attempted-recon; sid:200001374; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa615.web.app"; classtype:attempted-recon; sid:200001375; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa616.web.app"; classtype:attempted-recon; sid:200001376; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa617.web.app"; classtype:attempted-recon; sid:200001377; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa618.web.app"; classtype:attempted-recon; sid:200001378; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa619.web.app"; classtype:attempted-recon; sid:200001379; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa62.web.app"; classtype:attempted-recon; sid:200001380; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa620.web.app"; classtype:attempted-recon; sid:200001381; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa621.web.app"; classtype:attempted-recon; sid:200001382; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa622.web.app"; classtype:attempted-recon; sid:200001383; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa623.web.app"; classtype:attempted-recon; sid:200001384; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa624.web.app"; classtype:attempted-recon; sid:200001385; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa625.web.app"; classtype:attempted-recon; sid:200001386; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa626.web.app"; classtype:attempted-recon; sid:200001387; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa627.web.app"; classtype:attempted-recon; sid:200001388; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa628.web.app"; classtype:attempted-recon; sid:200001389; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa629.web.app"; classtype:attempted-recon; sid:200001390; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa63.web.app"; classtype:attempted-recon; sid:200001391; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa630.web.app"; classtype:attempted-recon; sid:200001392; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa631.web.app"; classtype:attempted-recon; sid:200001393; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa632.web.app"; classtype:attempted-recon; sid:200001394; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa633.web.app"; classtype:attempted-recon; sid:200001395; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa634.web.app"; classtype:attempted-recon; sid:200001396; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa635.web.app"; classtype:attempted-recon; sid:200001397; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa636.web.app"; classtype:attempted-recon; sid:200001398; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa637.web.app"; classtype:attempted-recon; sid:200001399; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa638.web.app"; classtype:attempted-recon; sid:200001400; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa639.web.app"; classtype:attempted-recon; sid:200001401; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa64.web.app"; classtype:attempted-recon; sid:200001402; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa640.web.app"; classtype:attempted-recon; sid:200001403; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa641.web.app"; classtype:attempted-recon; sid:200001404; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa642.web.app"; classtype:attempted-recon; sid:200001405; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa643.web.app"; classtype:attempted-recon; sid:200001406; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa644.web.app"; classtype:attempted-recon; sid:200001407; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa645.web.app"; classtype:attempted-recon; sid:200001408; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa646.web.app"; classtype:attempted-recon; sid:200001409; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa647.web.app"; classtype:attempted-recon; sid:200001410; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa648.web.app"; classtype:attempted-recon; sid:200001411; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa649.web.app"; classtype:attempted-recon; sid:200001412; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa65.web.app"; classtype:attempted-recon; sid:200001413; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa650.web.app"; classtype:attempted-recon; sid:200001414; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa651.web.app"; classtype:attempted-recon; sid:200001415; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa652.web.app"; classtype:attempted-recon; sid:200001416; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa653.web.app"; classtype:attempted-recon; sid:200001417; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa654.web.app"; classtype:attempted-recon; sid:200001418; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa655.web.app"; classtype:attempted-recon; sid:200001419; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa656.web.app"; classtype:attempted-recon; sid:200001420; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa657.web.app"; classtype:attempted-recon; sid:200001421; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa658.web.app"; classtype:attempted-recon; sid:200001422; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa659.web.app"; classtype:attempted-recon; sid:200001423; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa66.web.app"; classtype:attempted-recon; sid:200001424; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa660.web.app"; classtype:attempted-recon; sid:200001425; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa661.web.app"; classtype:attempted-recon; sid:200001426; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa662.web.app"; classtype:attempted-recon; sid:200001427; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa663.web.app"; classtype:attempted-recon; sid:200001428; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa664.web.app"; classtype:attempted-recon; sid:200001429; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa665.web.app"; classtype:attempted-recon; sid:200001430; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa666.web.app"; classtype:attempted-recon; sid:200001431; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa667.web.app"; classtype:attempted-recon; sid:200001432; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa668.web.app"; classtype:attempted-recon; sid:200001433; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa669.web.app"; classtype:attempted-recon; sid:200001434; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa67.web.app"; classtype:attempted-recon; sid:200001435; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa670.web.app"; classtype:attempted-recon; sid:200001436; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa671.web.app"; classtype:attempted-recon; sid:200001437; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa672.web.app"; classtype:attempted-recon; sid:200001438; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa673.web.app"; classtype:attempted-recon; sid:200001439; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa674.web.app"; classtype:attempted-recon; sid:200001440; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa675.web.app"; classtype:attempted-recon; sid:200001441; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa676.web.app"; classtype:attempted-recon; sid:200001442; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa677.web.app"; classtype:attempted-recon; sid:200001443; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa678.web.app"; classtype:attempted-recon; sid:200001444; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa679.web.app"; classtype:attempted-recon; sid:200001445; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa68.web.app"; classtype:attempted-recon; sid:200001446; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa680.web.app"; classtype:attempted-recon; sid:200001447; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa681.web.app"; classtype:attempted-recon; sid:200001448; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa682.web.app"; classtype:attempted-recon; sid:200001449; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa683.web.app"; classtype:attempted-recon; sid:200001450; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa684.web.app"; classtype:attempted-recon; sid:200001451; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa685.web.app"; classtype:attempted-recon; sid:200001452; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa686.web.app"; classtype:attempted-recon; sid:200001453; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa687.web.app"; classtype:attempted-recon; sid:200001454; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa688.web.app"; classtype:attempted-recon; sid:200001455; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa689.web.app"; classtype:attempted-recon; sid:200001456; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa69.web.app"; classtype:attempted-recon; sid:200001457; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa690.web.app"; classtype:attempted-recon; sid:200001458; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa691.web.app"; classtype:attempted-recon; sid:200001459; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa692.web.app"; classtype:attempted-recon; sid:200001460; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa693.web.app"; classtype:attempted-recon; sid:200001461; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa694.web.app"; classtype:attempted-recon; sid:200001462; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa695.web.app"; classtype:attempted-recon; sid:200001463; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa696.web.app"; classtype:attempted-recon; sid:200001464; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa697.web.app"; classtype:attempted-recon; sid:200001465; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa698.web.app"; classtype:attempted-recon; sid:200001466; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa699.web.app"; classtype:attempted-recon; sid:200001467; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa70.web.app"; classtype:attempted-recon; sid:200001468; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa700.web.app"; classtype:attempted-recon; sid:200001469; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa701.web.app"; classtype:attempted-recon; sid:200001470; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa702.web.app"; classtype:attempted-recon; sid:200001471; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa703.web.app"; classtype:attempted-recon; sid:200001472; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa704.web.app"; classtype:attempted-recon; sid:200001473; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa705.web.app"; classtype:attempted-recon; sid:200001474; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa706.web.app"; classtype:attempted-recon; sid:200001475; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa707.web.app"; classtype:attempted-recon; sid:200001476; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa708.web.app"; classtype:attempted-recon; sid:200001477; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa709.web.app"; classtype:attempted-recon; sid:200001478; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa71.web.app"; classtype:attempted-recon; sid:200001479; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa710.web.app"; classtype:attempted-recon; sid:200001480; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa711.web.app"; classtype:attempted-recon; sid:200001481; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa712.web.app"; classtype:attempted-recon; sid:200001482; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa713.web.app"; classtype:attempted-recon; sid:200001483; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa714.web.app"; classtype:attempted-recon; sid:200001484; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa715.web.app"; classtype:attempted-recon; sid:200001485; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa716.web.app"; classtype:attempted-recon; sid:200001486; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa717.web.app"; classtype:attempted-recon; sid:200001487; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa718.web.app"; classtype:attempted-recon; sid:200001488; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa719.web.app"; classtype:attempted-recon; sid:200001489; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa72.web.app"; classtype:attempted-recon; sid:200001490; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa720.web.app"; classtype:attempted-recon; sid:200001491; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa721.web.app"; classtype:attempted-recon; sid:200001492; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa722.web.app"; classtype:attempted-recon; sid:200001493; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa723.web.app"; classtype:attempted-recon; sid:200001494; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa724.web.app"; classtype:attempted-recon; sid:200001495; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa725.web.app"; classtype:attempted-recon; sid:200001496; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa726.web.app"; classtype:attempted-recon; sid:200001497; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa727.web.app"; classtype:attempted-recon; sid:200001498; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa728.web.app"; classtype:attempted-recon; sid:200001499; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa729.web.app"; classtype:attempted-recon; sid:200001500; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa73.web.app"; classtype:attempted-recon; sid:200001501; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa730.web.app"; classtype:attempted-recon; sid:200001502; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa731.web.app"; classtype:attempted-recon; sid:200001503; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa732.web.app"; classtype:attempted-recon; sid:200001504; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa733.web.app"; classtype:attempted-recon; sid:200001505; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa734.web.app"; classtype:attempted-recon; sid:200001506; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa735.web.app"; classtype:attempted-recon; sid:200001507; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa736.web.app"; classtype:attempted-recon; sid:200001508; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa737.web.app"; classtype:attempted-recon; sid:200001509; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa738.web.app"; classtype:attempted-recon; sid:200001510; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa739.web.app"; classtype:attempted-recon; sid:200001511; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa74.web.app"; classtype:attempted-recon; sid:200001512; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa740.web.app"; classtype:attempted-recon; sid:200001513; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa741.web.app"; classtype:attempted-recon; sid:200001514; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa742.web.app"; classtype:attempted-recon; sid:200001515; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa743.web.app"; classtype:attempted-recon; sid:200001516; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa744.web.app"; classtype:attempted-recon; sid:200001517; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa745.web.app"; classtype:attempted-recon; sid:200001518; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa746.web.app"; classtype:attempted-recon; sid:200001519; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa747.web.app"; classtype:attempted-recon; sid:200001520; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa748.web.app"; classtype:attempted-recon; sid:200001521; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa749.web.app"; classtype:attempted-recon; sid:200001522; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa75.web.app"; classtype:attempted-recon; sid:200001523; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa750.web.app"; classtype:attempted-recon; sid:200001524; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa751.web.app"; classtype:attempted-recon; sid:200001525; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa752.web.app"; classtype:attempted-recon; sid:200001526; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa753.web.app"; classtype:attempted-recon; sid:200001527; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa754.web.app"; classtype:attempted-recon; sid:200001528; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa755.web.app"; classtype:attempted-recon; sid:200001529; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa756.web.app"; classtype:attempted-recon; sid:200001530; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa757.web.app"; classtype:attempted-recon; sid:200001531; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa758.web.app"; classtype:attempted-recon; sid:200001532; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa759.web.app"; classtype:attempted-recon; sid:200001533; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa76.web.app"; classtype:attempted-recon; sid:200001534; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa760.web.app"; classtype:attempted-recon; sid:200001535; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa761.web.app"; classtype:attempted-recon; sid:200001536; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa762.web.app"; classtype:attempted-recon; sid:200001537; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa763.web.app"; classtype:attempted-recon; sid:200001538; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa764.web.app"; classtype:attempted-recon; sid:200001539; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa765.web.app"; classtype:attempted-recon; sid:200001540; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa766.web.app"; classtype:attempted-recon; sid:200001541; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa767.web.app"; classtype:attempted-recon; sid:200001542; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa768.web.app"; classtype:attempted-recon; sid:200001543; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa769.web.app"; classtype:attempted-recon; sid:200001544; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa77.web.app"; classtype:attempted-recon; sid:200001545; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa770.web.app"; classtype:attempted-recon; sid:200001546; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa771.web.app"; classtype:attempted-recon; sid:200001547; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa772.web.app"; classtype:attempted-recon; sid:200001548; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa773.web.app"; classtype:attempted-recon; sid:200001549; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa774.web.app"; classtype:attempted-recon; sid:200001550; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa775.web.app"; classtype:attempted-recon; sid:200001551; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa776.web.app"; classtype:attempted-recon; sid:200001552; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa777.web.app"; classtype:attempted-recon; sid:200001553; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa778.web.app"; classtype:attempted-recon; sid:200001554; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa779.web.app"; classtype:attempted-recon; sid:200001555; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa78.web.app"; classtype:attempted-recon; sid:200001556; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa780.web.app"; classtype:attempted-recon; sid:200001557; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa781.web.app"; classtype:attempted-recon; sid:200001558; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa782.web.app"; classtype:attempted-recon; sid:200001559; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa783.web.app"; classtype:attempted-recon; sid:200001560; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa784.web.app"; classtype:attempted-recon; sid:200001561; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa785.web.app"; classtype:attempted-recon; sid:200001562; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa786.web.app"; classtype:attempted-recon; sid:200001563; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa787.web.app"; classtype:attempted-recon; sid:200001564; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa788.web.app"; classtype:attempted-recon; sid:200001565; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa789.web.app"; classtype:attempted-recon; sid:200001566; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa79.web.app"; classtype:attempted-recon; sid:200001567; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa790.web.app"; classtype:attempted-recon; sid:200001568; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa791.web.app"; classtype:attempted-recon; sid:200001569; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa792.web.app"; classtype:attempted-recon; sid:200001570; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa793.web.app"; classtype:attempted-recon; sid:200001571; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa794.web.app"; classtype:attempted-recon; sid:200001572; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa795.web.app"; classtype:attempted-recon; sid:200001573; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa796.web.app"; classtype:attempted-recon; sid:200001574; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa797.web.app"; classtype:attempted-recon; sid:200001575; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa798.web.app"; classtype:attempted-recon; sid:200001576; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa799.web.app"; classtype:attempted-recon; sid:200001577; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa80.web.app"; classtype:attempted-recon; sid:200001578; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa800.web.app"; classtype:attempted-recon; sid:200001579; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa801.web.app"; classtype:attempted-recon; sid:200001580; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa802.web.app"; classtype:attempted-recon; sid:200001581; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa803.web.app"; classtype:attempted-recon; sid:200001582; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa804.web.app"; classtype:attempted-recon; sid:200001583; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa806.web.app"; classtype:attempted-recon; sid:200001584; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa807.web.app"; classtype:attempted-recon; sid:200001585; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa808.web.app"; classtype:attempted-recon; sid:200001586; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa809.web.app"; classtype:attempted-recon; sid:200001587; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa81.web.app"; classtype:attempted-recon; sid:200001588; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa810.web.app"; classtype:attempted-recon; sid:200001589; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa811.web.app"; classtype:attempted-recon; sid:200001590; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa812.web.app"; classtype:attempted-recon; sid:200001591; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa813.web.app"; classtype:attempted-recon; sid:200001592; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa814.web.app"; classtype:attempted-recon; sid:200001593; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa815.web.app"; classtype:attempted-recon; sid:200001594; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa816.web.app"; classtype:attempted-recon; sid:200001595; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa817.web.app"; classtype:attempted-recon; sid:200001596; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa818.web.app"; classtype:attempted-recon; sid:200001597; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa819.web.app"; classtype:attempted-recon; sid:200001598; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa82.web.app"; classtype:attempted-recon; sid:200001599; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa820.web.app"; classtype:attempted-recon; sid:200001600; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa821.web.app"; classtype:attempted-recon; sid:200001601; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa822.web.app"; classtype:attempted-recon; sid:200001602; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa823.web.app"; classtype:attempted-recon; sid:200001603; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa824.web.app"; classtype:attempted-recon; sid:200001604; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa825.web.app"; classtype:attempted-recon; sid:200001605; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa826.web.app"; classtype:attempted-recon; sid:200001606; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa827.web.app"; classtype:attempted-recon; sid:200001607; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa828.web.app"; classtype:attempted-recon; sid:200001608; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa829.web.app"; classtype:attempted-recon; sid:200001609; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa83.web.app"; classtype:attempted-recon; sid:200001610; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa830.web.app"; classtype:attempted-recon; sid:200001611; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa831.web.app"; classtype:attempted-recon; sid:200001612; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa832.web.app"; classtype:attempted-recon; sid:200001613; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa833.web.app"; classtype:attempted-recon; sid:200001614; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa834.web.app"; classtype:attempted-recon; sid:200001615; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa835.web.app"; classtype:attempted-recon; sid:200001616; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa836.web.app"; classtype:attempted-recon; sid:200001617; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa837.web.app"; classtype:attempted-recon; sid:200001618; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa838.web.app"; classtype:attempted-recon; sid:200001619; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa839.web.app"; classtype:attempted-recon; sid:200001620; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa84.web.app"; classtype:attempted-recon; sid:200001621; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa840.web.app"; classtype:attempted-recon; sid:200001622; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa841.web.app"; classtype:attempted-recon; sid:200001623; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa842.web.app"; classtype:attempted-recon; sid:200001624; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa843.web.app"; classtype:attempted-recon; sid:200001625; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa844.web.app"; classtype:attempted-recon; sid:200001626; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa845.web.app"; classtype:attempted-recon; sid:200001627; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa846.web.app"; classtype:attempted-recon; sid:200001628; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa847.web.app"; classtype:attempted-recon; sid:200001629; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa848.web.app"; classtype:attempted-recon; sid:200001630; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa849.web.app"; classtype:attempted-recon; sid:200001631; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa85.web.app"; classtype:attempted-recon; sid:200001632; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa850.web.app"; classtype:attempted-recon; sid:200001633; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa851.web.app"; classtype:attempted-recon; sid:200001634; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa852.web.app"; classtype:attempted-recon; sid:200001635; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa853.web.app"; classtype:attempted-recon; sid:200001636; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa854.web.app"; classtype:attempted-recon; sid:200001637; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa855.web.app"; classtype:attempted-recon; sid:200001638; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa856.web.app"; classtype:attempted-recon; sid:200001639; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa857.web.app"; classtype:attempted-recon; sid:200001640; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa858.web.app"; classtype:attempted-recon; sid:200001641; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa859.web.app"; classtype:attempted-recon; sid:200001642; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa86.web.app"; classtype:attempted-recon; sid:200001643; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa860.web.app"; classtype:attempted-recon; sid:200001644; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa861.web.app"; classtype:attempted-recon; sid:200001645; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa862.web.app"; classtype:attempted-recon; sid:200001646; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa863.web.app"; classtype:attempted-recon; sid:200001647; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa864.web.app"; classtype:attempted-recon; sid:200001648; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa865.web.app"; classtype:attempted-recon; sid:200001649; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa866.web.app"; classtype:attempted-recon; sid:200001650; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa867.web.app"; classtype:attempted-recon; sid:200001651; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa868.web.app"; classtype:attempted-recon; sid:200001652; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa869.web.app"; classtype:attempted-recon; sid:200001653; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa87.web.app"; classtype:attempted-recon; sid:200001654; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa870.web.app"; classtype:attempted-recon; sid:200001655; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa871.web.app"; classtype:attempted-recon; sid:200001656; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa872.web.app"; classtype:attempted-recon; sid:200001657; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa873.web.app"; classtype:attempted-recon; sid:200001658; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa874.web.app"; classtype:attempted-recon; sid:200001659; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa875.web.app"; classtype:attempted-recon; sid:200001660; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa877.web.app"; classtype:attempted-recon; sid:200001661; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa878.web.app"; classtype:attempted-recon; sid:200001662; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa879.web.app"; classtype:attempted-recon; sid:200001663; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa88.web.app"; classtype:attempted-recon; sid:200001664; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa880.web.app"; classtype:attempted-recon; sid:200001665; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa881.web.app"; classtype:attempted-recon; sid:200001666; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa882.web.app"; classtype:attempted-recon; sid:200001667; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa883.web.app"; classtype:attempted-recon; sid:200001668; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa884.web.app"; classtype:attempted-recon; sid:200001669; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa885.web.app"; classtype:attempted-recon; sid:200001670; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa886.web.app"; classtype:attempted-recon; sid:200001671; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa888.web.app"; classtype:attempted-recon; sid:200001672; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa889.web.app"; classtype:attempted-recon; sid:200001673; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa89.web.app"; classtype:attempted-recon; sid:200001674; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa890.web.app"; classtype:attempted-recon; sid:200001675; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa891.web.app"; classtype:attempted-recon; sid:200001676; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa892.web.app"; classtype:attempted-recon; sid:200001677; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa894.web.app"; classtype:attempted-recon; sid:200001678; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa895.web.app"; classtype:attempted-recon; sid:200001679; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa896.web.app"; classtype:attempted-recon; sid:200001680; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa897.web.app"; classtype:attempted-recon; sid:200001681; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa898.web.app"; classtype:attempted-recon; sid:200001682; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa899.web.app"; classtype:attempted-recon; sid:200001683; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa90.web.app"; classtype:attempted-recon; sid:200001684; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa900.web.app"; classtype:attempted-recon; sid:200001685; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa901.web.app"; classtype:attempted-recon; sid:200001686; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa902.web.app"; classtype:attempted-recon; sid:200001687; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa903.web.app"; classtype:attempted-recon; sid:200001688; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa904.web.app"; classtype:attempted-recon; sid:200001689; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa905.web.app"; classtype:attempted-recon; sid:200001690; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa906.web.app"; classtype:attempted-recon; sid:200001691; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa907.web.app"; classtype:attempted-recon; sid:200001692; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa908.web.app"; classtype:attempted-recon; sid:200001693; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa909.web.app"; classtype:attempted-recon; sid:200001694; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa91.web.app"; classtype:attempted-recon; sid:200001695; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa910.web.app"; classtype:attempted-recon; sid:200001696; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa911.web.app"; classtype:attempted-recon; sid:200001697; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa912.web.app"; classtype:attempted-recon; sid:200001698; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa913.web.app"; classtype:attempted-recon; sid:200001699; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa914.web.app"; classtype:attempted-recon; sid:200001700; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa915.web.app"; classtype:attempted-recon; sid:200001701; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa916.web.app"; classtype:attempted-recon; sid:200001702; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa917.web.app"; classtype:attempted-recon; sid:200001703; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa918.web.app"; classtype:attempted-recon; sid:200001704; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa92.web.app"; classtype:attempted-recon; sid:200001705; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa920.web.app"; classtype:attempted-recon; sid:200001706; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa921.web.app"; classtype:attempted-recon; sid:200001707; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa922.web.app"; classtype:attempted-recon; sid:200001708; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa923.web.app"; classtype:attempted-recon; sid:200001709; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa924.web.app"; classtype:attempted-recon; sid:200001710; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa925.web.app"; classtype:attempted-recon; sid:200001711; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa926.web.app"; classtype:attempted-recon; sid:200001712; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa927.web.app"; classtype:attempted-recon; sid:200001713; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa929.web.app"; classtype:attempted-recon; sid:200001714; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa93.web.app"; classtype:attempted-recon; sid:200001715; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa930.web.app"; classtype:attempted-recon; sid:200001716; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa931.web.app"; classtype:attempted-recon; sid:200001717; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa932.web.app"; classtype:attempted-recon; sid:200001718; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa933.web.app"; classtype:attempted-recon; sid:200001719; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa934.web.app"; classtype:attempted-recon; sid:200001720; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa935.web.app"; classtype:attempted-recon; sid:200001721; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa936.web.app"; classtype:attempted-recon; sid:200001722; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa937.web.app"; classtype:attempted-recon; sid:200001723; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa938.web.app"; classtype:attempted-recon; sid:200001724; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa939.web.app"; classtype:attempted-recon; sid:200001725; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa94.web.app"; classtype:attempted-recon; sid:200001726; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa940.web.app"; classtype:attempted-recon; sid:200001727; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa941.web.app"; classtype:attempted-recon; sid:200001728; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa942.web.app"; classtype:attempted-recon; sid:200001729; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa943.web.app"; classtype:attempted-recon; sid:200001730; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa944.web.app"; classtype:attempted-recon; sid:200001731; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa945.web.app"; classtype:attempted-recon; sid:200001732; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa946.web.app"; classtype:attempted-recon; sid:200001733; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa947.web.app"; classtype:attempted-recon; sid:200001734; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa948.web.app"; classtype:attempted-recon; sid:200001735; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa949.web.app"; classtype:attempted-recon; sid:200001736; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa95.web.app"; classtype:attempted-recon; sid:200001737; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa950.web.app"; classtype:attempted-recon; sid:200001738; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa951.web.app"; classtype:attempted-recon; sid:200001739; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa952.web.app"; classtype:attempted-recon; sid:200001740; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa953.web.app"; classtype:attempted-recon; sid:200001741; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa954.web.app"; classtype:attempted-recon; sid:200001742; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa955.web.app"; classtype:attempted-recon; sid:200001743; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa957.web.app"; classtype:attempted-recon; sid:200001744; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa958.web.app"; classtype:attempted-recon; sid:200001745; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa959.web.app"; classtype:attempted-recon; sid:200001746; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa96.web.app"; classtype:attempted-recon; sid:200001747; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa960.web.app"; classtype:attempted-recon; sid:200001748; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa961.web.app"; classtype:attempted-recon; sid:200001749; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa962.web.app"; classtype:attempted-recon; sid:200001750; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa963.web.app"; classtype:attempted-recon; sid:200001751; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa964.web.app"; classtype:attempted-recon; sid:200001752; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa965.web.app"; classtype:attempted-recon; sid:200001753; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa966.web.app"; classtype:attempted-recon; sid:200001754; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa967.web.app"; classtype:attempted-recon; sid:200001755; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa968.web.app"; classtype:attempted-recon; sid:200001756; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa969.web.app"; classtype:attempted-recon; sid:200001757; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa97.web.app"; classtype:attempted-recon; sid:200001758; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa970.web.app"; classtype:attempted-recon; sid:200001759; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa971.web.app"; classtype:attempted-recon; sid:200001760; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa972.web.app"; classtype:attempted-recon; sid:200001761; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa973.web.app"; classtype:attempted-recon; sid:200001762; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa974.web.app"; classtype:attempted-recon; sid:200001763; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa975.web.app"; classtype:attempted-recon; sid:200001764; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa976.web.app"; classtype:attempted-recon; sid:200001765; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa977.web.app"; classtype:attempted-recon; sid:200001766; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa978.web.app"; classtype:attempted-recon; sid:200001767; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa979.web.app"; classtype:attempted-recon; sid:200001768; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa98.web.app"; classtype:attempted-recon; sid:200001769; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa980.web.app"; classtype:attempted-recon; sid:200001770; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa981.web.app"; classtype:attempted-recon; sid:200001771; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa982.web.app"; classtype:attempted-recon; sid:200001772; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa983.web.app"; classtype:attempted-recon; sid:200001773; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa984.web.app"; classtype:attempted-recon; sid:200001774; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa985.web.app"; classtype:attempted-recon; sid:200001775; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa986.web.app"; classtype:attempted-recon; sid:200001776; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa987.web.app"; classtype:attempted-recon; sid:200001777; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa988.web.app"; classtype:attempted-recon; sid:200001778; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa989.web.app"; classtype:attempted-recon; sid:200001779; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa99.web.app"; classtype:attempted-recon; sid:200001780; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa990.web.app"; classtype:attempted-recon; sid:200001781; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa991.web.app"; classtype:attempted-recon; sid:200001782; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa992.web.app"; classtype:attempted-recon; sid:200001783; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa993.web.app"; classtype:attempted-recon; sid:200001784; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa994.web.app"; classtype:attempted-recon; sid:200001785; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa995.web.app"; classtype:attempted-recon; sid:200001786; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa996.web.app"; classtype:attempted-recon; sid:200001787; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa997.web.app"; classtype:attempted-recon; sid:200001788; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa998.web.app"; classtype:attempted-recon; sid:200001789; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa999.web.app"; classtype:attempted-recon; sid:200001790; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"doooog.cn"; classtype:attempted-recon; sid:200001791; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dopeydog.co.nz"; classtype:attempted-recon; sid:200001792; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dorouscom.com"; classtype:attempted-recon; sid:200001793; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"douuodwoman.com"; classtype:attempted-recon; sid:200001794; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dowaba-s2dhl.blogspot.com"; classtype:attempted-recon; sid:200001795; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"doz.tode.cz"; classtype:attempted-recon; sid:200001796; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dpasdasfasfasfas.pages.dev"; classtype:attempted-recon; sid:200001797; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dpd-redelivery-uk.com"; classtype:attempted-recon; sid:200001798; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dpmasdaskj.pages.dev"; classtype:attempted-recon; sid:200001799; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dr-joannepeeler.com"; classtype:attempted-recon; sid:200001800; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dr3aq.byethost32.com"; classtype:attempted-recon; sid:200001801; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dreamotion-jp.com"; classtype:attempted-recon; sid:200001802; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"drivingschoolglasgow.co.uk"; classtype:attempted-recon; sid:200001803; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"drmarciovaleriano.com.br"; classtype:attempted-recon; sid:200001804; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dsadsadsa.diskstation.eu"; classtype:attempted-recon; sid:200001805; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dsgcbeonline.com"; classtype:attempted-recon; sid:200001806; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dsp2codemdp.t.justns.ru"; classtype:attempted-recon; sid:200001807; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dswboot.cc"; classtype:attempted-recon; sid:200001808; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dtpprtmwbtudyquwgytcqcthzc-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200001809; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dtrpsystasfasgas.pages.dev"; classtype:attempted-recon; sid:200001810; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"duanemanor.tk"; classtype:attempted-recon; sid:200001811; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dukhovnist.in.ua"; classtype:attempted-recon; sid:200001812; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"durecorpperu.com"; classtype:attempted-recon; sid:200001813; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dwrat.andalous.org"; classtype:attempted-recon; sid:200001814; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dwvwq.cwfc.workers.dev"; classtype:attempted-recon; sid:200001815; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dydex.org"; classtype:attempted-recon; sid:200001816; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dyn.co"; classtype:attempted-recon; sid:200001817; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dynastyclinic.ae"; classtype:attempted-recon; sid:200001818; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"e-cassare.org"; classtype:attempted-recon; sid:200001819; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"e4ff557e.sso-secure-mail04wtwdw4.pages.dev"; classtype:attempted-recon; sid:200001820; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"e4ra.byethost8.com"; classtype:attempted-recon; sid:200001821; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"e63q45f9h5fr.clickfunnels.com"; classtype:attempted-recon; sid:200001822; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eagleeyeapparel.com"; classtype:attempted-recon; sid:200001823; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"earth01.info"; classtype:attempted-recon; sid:200001824; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"easy-webtdapp.com"; classtype:attempted-recon; sid:200001825; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"easywalletfix.net"; classtype:attempted-recon; sid:200001826; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"easywalletsfix.com"; classtype:attempted-recon; sid:200001827; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eba0200d0c.nxcli.net"; classtype:attempted-recon; sid:200001828; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ebay-de.ad49103.xyz"; classtype:attempted-recon; sid:200001829; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ebay.com.dashboard-seller.center"; classtype:attempted-recon; sid:200001830; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eberhardtedwige.wixsite.com"; classtype:attempted-recon; sid:200001831; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ebuddynews.com"; classtype:attempted-recon; sid:200001832; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ec.snadc-oecddo.com"; classtype:attempted-recon; sid:200001833; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ecloanmoney.com"; classtype:attempted-recon; sid:200001834; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ecogreenjanitorial.com"; classtype:attempted-recon; sid:200001835; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ecomcrew.staging.wpengine.com"; classtype:attempted-recon; sid:200001836; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ecosteelsolution.ro"; classtype:attempted-recon; sid:200001837; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"editpdfonline.tk"; classtype:attempted-recon; sid:200001838; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"edje.com"; classtype:attempted-recon; sid:200001839; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"edukickmexico.com"; classtype:attempted-recon; sid:200001840; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ee-sms.co.uk"; classtype:attempted-recon; sid:200001841; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ee.mseocri.com"; classtype:attempted-recon; sid:200001842; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ee.scicemecod.com"; classtype:attempted-recon; sid:200001843; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"efarms.com.ng"; classtype:attempted-recon; sid:200001844; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eharmonyservice.com"; classtype:attempted-recon; sid:200001845; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ekabel.hu"; classtype:attempted-recon; sid:200001846; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ekbofexjlnsdsfaqxbcfpnfift-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200001847; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ekobebe.cn"; classtype:attempted-recon; sid:200001848; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"electrocoolhvacr.com"; classtype:attempted-recon; sid:200001849; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"electronicanehuen.com"; classtype:attempted-recon; sid:200001850; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"elektroonline.pl"; classtype:attempted-recon; sid:200001851; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ellatinodigital.com"; classtype:attempted-recon; sid:200001852; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"elomo.ro"; classtype:attempted-recon; sid:200001853; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eluniversallatinworld.com"; classtype:attempted-recon; sid:200001854; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"email302.com"; classtype:attempted-recon; sid:200001855; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"emailsettings.webflow.io"; classtype:attempted-recon; sid:200001856; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"emailwebaccess.co.uk"; classtype:attempted-recon; sid:200001857; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"embarquefloripa.com.br"; classtype:attempted-recon; sid:200001858; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"emlink.me"; classtype:attempted-recon; sid:200001859; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"emojis.bons.bar"; classtype:attempted-recon; sid:200001860; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"emojis.dels.bar"; classtype:attempted-recon; sid:200001861; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"emsi-lobo.firebaseapp.com"; classtype:attempted-recon; sid:200001862; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"en-template-solicito-16414253314897.onepage.website"; classtype:attempted-recon; sid:200001863; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enbolivia.com"; classtype:attempted-recon; sid:200001864; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enchanting-guiltless-suede.glitch.me"; classtype:attempted-recon; sid:200001865; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"encryptdrive.booogle.net"; classtype:attempted-recon; sid:200001866; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"engcamp.org"; classtype:attempted-recon; sid:200001867; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enoman.fqzsdgtg.cn"; classtype:attempted-recon; sid:200001868; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"erinaflorist.com"; classtype:attempted-recon; sid:200001869; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ershamshad.github.io"; classtype:attempted-recon; sid:200001870; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"escortinraipur.com"; classtype:attempted-recon; sid:200001871; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eseax.ws"; classtype:attempted-recon; sid:200001872; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"esfdesentakip.com"; classtype:attempted-recon; sid:200001873; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eshetkari.com"; classtype:attempted-recon; sid:200001874; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"esi-texas.com"; classtype:attempted-recon; sid:200001875; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"esinnovativeinteriors.com"; classtype:attempted-recon; sid:200001876; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"establecimientoscolonia-uy.com"; classtype:attempted-recon; sid:200001877; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"estorneaqui.blogspot.com"; classtype:attempted-recon; sid:200001878; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"etc-co-jp.f2ss.co"; classtype:attempted-recon; sid:200001879; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"etc-co-jp.f3ss.co"; classtype:attempted-recon; sid:200001880; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"etc-meisfrq.xyz"; classtype:attempted-recon; sid:200001881; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"etc-uhfjk.monster"; classtype:attempted-recon; sid:200001882; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"etc.jp.anzhanfrp.cn"; classtype:attempted-recon; sid:200001883; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"etc.kcjis.com"; classtype:attempted-recon; sid:200001884; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"etc.oxqk.cn"; classtype:attempted-recon; sid:200001885; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"etc.synwy.cn"; classtype:attempted-recon; sid:200001886; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eth-coinwallet.net"; classtype:attempted-recon; sid:200001887; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eth.coinscout.cc"; classtype:attempted-recon; sid:200001888; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ethnictrendz.com"; classtype:attempted-recon; sid:200001889; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ets.jwr.pa-fakfak.go.id"; classtype:attempted-recon; sid:200001890; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"etwtny.cf"; classtype:attempted-recon; sid:200001891; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eucriomeumundo.com"; classtype:attempted-recon; sid:200001892; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eugnerally-wixsite-com.filesusr.com"; classtype:attempted-recon; sid:200001893; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"euraby.com"; classtype:attempted-recon; sid:200001894; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eusa-lombo.firebaseapp.com"; classtype:attempted-recon; sid:200001895; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"evashoes.com.ua"; classtype:attempted-recon; sid:200001896; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"even-ff-gratisterbaru2022.duckdns.org"; classtype:attempted-recon; sid:200001897; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"even-ff-terbarugratis2022.duckdns.org"; classtype:attempted-recon; sid:200001898; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"event-freefire728.duckdns.org"; classtype:attempted-recon; sid:200001899; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"event-garenafreefire263.duckdns.org"; classtype:attempted-recon; sid:200001900; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"event-skin-resmi-2022.duckdns.org"; classtype:attempted-recon; sid:200001901; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eventclaimfreefiregratis2022.duckdns.org"; classtype:attempted-recon; sid:200001902; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eventclaimsff0.duckdns.org"; classtype:attempted-recon; sid:200001903; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eventgarenafreefiremax2022.duckdns.org"; classtype:attempted-recon; sid:200001904; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"everestmotors.com.np"; classtype:attempted-recon; sid:200001905; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"evo-revolutioncups.com"; classtype:attempted-recon; sid:200001906; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"evolbithman.web.app"; classtype:attempted-recon; sid:200001907; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"excel-cloud-document-2021.square.site"; classtype:attempted-recon; sid:200001908; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"excelhana.com"; classtype:attempted-recon; sid:200001909; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exchange-pancakeswaps.com"; classtype:attempted-recon; sid:200001910; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exchangedictionary.com"; classtype:attempted-recon; sid:200001911; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exodlus.net"; classtype:attempted-recon; sid:200001912; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exodus.com-wallet-signin.com"; classtype:attempted-recon; sid:200001913; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exodus.com-web-wallet-online.com"; classtype:attempted-recon; sid:200001914; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exodus.com.tccaponline.com"; classtype:attempted-recon; sid:200001915; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exoduspool.io"; classtype:attempted-recon; sid:200001916; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exondus-lokin.com"; classtype:attempted-recon; sid:200001917; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exploretrace.xyz"; classtype:attempted-recon; sid:200001918; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"expocid.mx"; classtype:attempted-recon; sid:200001919; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"extracash-interlbankonline.com"; classtype:attempted-recon; sid:200001920; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"extracloud.com.au"; classtype:attempted-recon; sid:200001921; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ezblox.site"; classtype:attempted-recon; sid:200001922; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ezssausage.com"; classtype:attempted-recon; sid:200001923; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"f6fr7.codesandbox.io"; classtype:attempted-recon; sid:200001924; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"f9w1lned0ruqblxi6jahwotak.filesusr.com"; classtype:attempted-recon; sid:200001925; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"faccebook.azurewebsites.net"; classtype:attempted-recon; sid:200001926; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook--videos----app----today.blogspot.com"; classtype:attempted-recon; sid:200001927; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook-0.se.ke"; classtype:attempted-recon; sid:200001928; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook-accts.pages-recovery.workers.dev"; classtype:attempted-recon; sid:200001929; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook-login.tbit.vn"; classtype:attempted-recon; sid:200001930; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook.com-4tfgonrlym.isiolo.go.ke"; classtype:attempted-recon; sid:200001931; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook.com-j706zmy49r.isiolo.go.ke"; classtype:attempted-recon; sid:200001932; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook.com-qze9zt75vm.isiolo.go.ke"; classtype:attempted-recon; sid:200001933; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook.com-r51znzih8i.isiolo.go.ke"; classtype:attempted-recon; sid:200001934; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook.com-zxsrf038k.isiolo.go.ke"; classtype:attempted-recon; sid:200001935; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook.eventspinff.wtf"; classtype:attempted-recon; sid:200001936; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook.kingstopup.com"; classtype:attempted-recon; sid:200001937; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebookk.azurewebsites.net"; classtype:attempted-recon; sid:200001938; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebooks.azurewebsites.net"; classtype:attempted-recon; sid:200001939; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"faic.in"; classtype:attempted-recon; sid:200001940; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"faizankhan0408.github.io"; classtype:attempted-recon; sid:200001941; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"falling-scene-3ac3.updatelogaccountprogramedrfwerwrdhskk.workers.dev#winnie@soupro.com"; classtype:attempted-recon; sid:200001942; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fancy-rain-22bf.vakagew948.workers.dev"; classtype:attempted-recon; sid:200001943; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fantech.co.il"; classtype:attempted-recon; sid:200001944; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fanxtv.info"; classtype:attempted-recon; sid:200001945; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fassilneit.ultimatefreehost.in"; classtype:attempted-recon; sid:200001946; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fassilnet.ultimatefreehost.in"; classtype:attempted-recon; sid:200001947; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fassilnet5.ultimatefreehost.in"; classtype:attempted-recon; sid:200001948; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fax.gruppobiesse.it"; classtype:attempted-recon; sid:200001949; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fb-case-id-28031803-fcdc-48af.web.app"; classtype:attempted-recon; sid:200001950; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fb-pages.proteksion-help.workers.dev"; classtype:attempted-recon; sid:200001951; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fb.expressturkeyi.com"; classtype:attempted-recon; sid:200001952; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fb7927.bget.ru"; classtype:attempted-recon; sid:200001953; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fdasd.2e4jept.cn"; classtype:attempted-recon; sid:200001954; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fdhgf.xyz"; classtype:attempted-recon; sid:200001955; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"feceboolk.blogspot.com"; classtype:attempted-recon; sid:200001956; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"federalaccesscredit.com"; classtype:attempted-recon; sid:200001957; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fedner.net"; classtype:attempted-recon; sid:200001958; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fer-brooks.top"; classtype:attempted-recon; sid:200001959; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"feriadempleos.com"; classtype:attempted-recon; sid:200001960; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ferienhof-gempel.de"; classtype:attempted-recon; sid:200001961; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ff-anivesary225.duckdns.org"; classtype:attempted-recon; sid:200001962; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ff-membership-garena.com"; classtype:attempted-recon; sid:200001963; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ff-membershipz-garena.ga"; classtype:attempted-recon; sid:200001964; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ff.membership.garenaj.vn"; classtype:attempted-recon; sid:200001965; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ffim-event-2022.duckdns.org"; classtype:attempted-recon; sid:200001966; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fghjr74rhudfguhtfguji.blogspot.com"; classtype:attempted-recon; sid:200001967; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fi.uy"; classtype:attempted-recon; sid:200001968; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fiber10.iaasdns.com"; classtype:attempted-recon; sid:200001969; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fidelitybank-mn.net"; classtype:attempted-recon; sid:200001970; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fighting40s.com"; classtype:attempted-recon; sid:200001971; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fikir.id"; classtype:attempted-recon; sid:200001972; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fileundelete.net"; classtype:attempted-recon; sid:200001973; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"filmkenner.com"; classtype:attempted-recon; sid:200001974; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"filtrosmil.com.br"; classtype:attempted-recon; sid:200001975; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"finalfantasyguide.co.uk"; classtype:attempted-recon; sid:200001976; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"finiiishingedgex.tk"; classtype:attempted-recon; sid:200001977; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fir-9s-0s.web.app"; classtype:attempted-recon; sid:200001978; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"firstsourcesbus.com"; classtype:attempted-recon; sid:200001979; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fixi.rest"; classtype:attempted-recon; sid:200001980; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fixingtodaymailuserupdates.pages.dev"; classtype:attempted-recon; sid:200001981; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fixwalletissues.com"; classtype:attempted-recon; sid:200001982; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flcancer39-px.rtrk.com"; classtype:attempted-recon; sid:200001983; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flowerfactoryonline.com"; classtype:attempted-recon; sid:200001984; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fluksrv.mycpanel.rs"; classtype:attempted-recon; sid:200001985; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fmwebapp.azurewebsites.net"; classtype:attempted-recon; sid:200001986; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"foliar.pl"; classtype:attempted-recon; sid:200001987; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"foma-ura-lote.firebaseapp.com"; classtype:attempted-recon; sid:200001988; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"foresta-mod.firebaseapp.com"; classtype:attempted-recon; sid:200001989; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"forhimself9999.co.vu"; classtype:attempted-recon; sid:200001990; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"formbuddy.com"; classtype:attempted-recon; sid:200001991; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"forms.formium.io"; classtype:attempted-recon; sid:200001992; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"formtools.com"; classtype:attempted-recon; sid:200001993; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"forum-dofus.com.co"; classtype:attempted-recon; sid:200001994; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"foryour.gov-information.info"; classtype:attempted-recon; sid:200001995; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fpalpha.myportfolio.com"; classtype:attempted-recon; sid:200001996; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fpmaam.org"; classtype:attempted-recon; sid:200001997; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fr-europe564598-com.filesusr.com"; classtype:attempted-recon; sid:200001998; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"frankfurtertsparkasse.web.app"; classtype:attempted-recon; sid:200001999; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"free-covid-19-stimulus-bonus.nethouse.ru"; classtype:attempted-recon; sid:200002000; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"free-firecoderedem.blogspot.com"; classtype:attempted-recon; sid:200002001; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"free-mail4.yolasite.com"; classtype:attempted-recon; sid:200002002; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freefire.pontorecargajogo.com"; classtype:attempted-recon; sid:200002003; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freefiredot-comerhadiah.duckdns.org"; classtype:attempted-recon; sid:200002004; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freefireevent-codashop2022.duckdns.org"; classtype:attempted-recon; sid:200002005; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freeitemff-allreward.duckdns.org"; classtype:attempted-recon; sid:200002006; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freeliker.net"; classtype:attempted-recon; sid:200002007; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"frefire-membership-garena.sukienfreefire2021.top"; classtype:attempted-recon; sid:200002008; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freg-nine.pt"; classtype:attempted-recon; sid:200002009; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"friendsofnechockey.com"; classtype:attempted-recon; sid:200002010; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fromtheofficial.pricesrakutenlogin.top"; classtype:attempted-recon; sid:200002011; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftx-ca.com"; classtype:attempted-recon; sid:200002012; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftx-exchangex.com"; classtype:attempted-recon; sid:200002013; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftx-me.com"; classtype:attempted-recon; sid:200002014; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftx-register-pro.world"; classtype:attempted-recon; sid:200002015; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftx-register.biz"; classtype:attempted-recon; sid:200002016; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftx-register.website"; classtype:attempted-recon; sid:200002017; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftx-signup.click"; classtype:attempted-recon; sid:200002018; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftx.com.vn"; classtype:attempted-recon; sid:200002019; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftx.cool"; classtype:attempted-recon; sid:200002020; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftxbonus.site"; classtype:attempted-recon; sid:200002021; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funiswap.exchange"; classtype:attempted-recon; sid:200002022; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fusionrestobar.cl"; classtype:attempted-recon; sid:200002023; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fxhalifax.com"; classtype:attempted-recon; sid:200002024; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fxxmpavktyihgyqitmuaimubui-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200002025; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"g-mtcc.com"; classtype:attempted-recon; sid:200002026; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"g.greatsubstance.com.my"; classtype:attempted-recon; sid:200002027; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ga.teesmith.shop"; classtype:attempted-recon; sid:200002028; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gabrielamims.com"; classtype:attempted-recon; sid:200002029; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gabung-grubnew1342.duckdns.org"; classtype:attempted-recon; sid:200002030; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gagaclinic.com"; classtype:attempted-recon; sid:200002031; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gakrvwufrvhxjaabezdbltlhff-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200002032; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gallciaonllne.webcindario.com"; classtype:attempted-recon; sid:200002033; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"garena-xacminhtaikhoan.com"; classtype:attempted-recon; sid:200002034; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"garenafreefire728.duckdns.org"; classtype:attempted-recon; sid:200002035; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gastronomiarobertos.com"; classtype:attempted-recon; sid:200002036; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gasunige.mfs.gg"; classtype:attempted-recon; sid:200002037; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gedfdfsd.eu"; classtype:attempted-recon; sid:200002038; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"geg.li"; classtype:attempted-recon; sid:200002039; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"generali-italia-ag.hrweb.it"; classtype:attempted-recon; sid:200002040; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"genie-alba.firebaseapp.com"; classtype:attempted-recon; sid:200002041; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getapps.vip"; classtype:attempted-recon; sid:200002042; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getimpacteipay.com"; classtype:attempted-recon; sid:200002043; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getitapprovedacceptourterms2021.pages.dev"; classtype:attempted-recon; sid:200002044; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getlikesfree.com"; classtype:attempted-recon; sid:200002045; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gfxx.creatorlink.net"; classtype:attempted-recon; sid:200002046; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ghorana.com"; classtype:attempted-recon; sid:200002047; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gif-discorde.com"; classtype:attempted-recon; sid:200002048; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"giris-papara.net"; classtype:attempted-recon; sid:200002049; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"girleatsworld.org"; classtype:attempted-recon; sid:200002050; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200002051; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"glogo.org"; classtype:attempted-recon; sid:200002052; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"glsword.com"; classtype:attempted-recon; sid:200002053; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gmailposteingangi.de"; classtype:attempted-recon; sid:200002054; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gmgroupllc.co"; classtype:attempted-recon; sid:200002055; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gmxmailme.yolasite.com"; classtype:attempted-recon; sid:200002056; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"go.simplify.co.nz"; classtype:attempted-recon; sid:200002057; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"go24link.com"; classtype:attempted-recon; sid:200002058; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"goldenlasgidi10.web.app"; classtype:attempted-recon; sid:200002059; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"golkondaresorts.com"; classtype:attempted-recon; sid:200002060; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"goo-gl.me"; classtype:attempted-recon; sid:200002061; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"good12345.tripod.com"; classtype:attempted-recon; sid:200002062; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"goofy-wozniak.192-210-226-164.plesk.page"; classtype:attempted-recon; sid:200002063; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gorol-cost.web.app"; classtype:attempted-recon; sid:200002064; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gorol-investor.web.app"; classtype:attempted-recon; sid:200002065; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gosafes.com"; classtype:attempted-recon; sid:200002066; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gosteveshawtraining.com"; classtype:attempted-recon; sid:200002067; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gov.pl-covid.pl"; classtype:attempted-recon; sid:200002068; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gramarcales.com.br"; classtype:attempted-recon; sid:200002069; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"greekinfra.com"; classtype:attempted-recon; sid:200002070; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"greenclasses.in"; classtype:attempted-recon; sid:200002071; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grosshandel-mevida.de"; classtype:attempted-recon; sid:200002072; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"group-mantap-seger.duckdns.org"; classtype:attempted-recon; sid:200002073; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"group-wa-1.duckdns.org"; classtype:attempted-recon; sid:200002074; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"groupbkep-vral15.duckdns.org"; classtype:attempted-recon; sid:200002075; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"groworldinternational.com"; classtype:attempted-recon; sid:200002076; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grp02.member.mycld-rakuten.info"; classtype:attempted-recon; sid:200002077; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grub-sangex.wikaba.com"; classtype:attempted-recon; sid:200002078; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grubgabung.duckdns.org"; classtype:attempted-recon; sid:200002079; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grubnatajadeh12.duckdns.org"; classtype:attempted-recon; sid:200002080; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grubviralterbaru65c.duckdns.org"; classtype:attempted-recon; sid:200002081; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grup-bokephot-terbaru2022.duckdns.org"; classtype:attempted-recon; sid:200002082; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grup-bokepviral4.duckdns.org"; classtype:attempted-recon; sid:200002083; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grup-dwsa-indomesia845.duckdns.org"; classtype:attempted-recon; sid:200002084; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grup-viral-seleb.duckdns.org"; classtype:attempted-recon; sid:200002085; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grup-viralbokep111.myftp.org"; classtype:attempted-recon; sid:200002086; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grup-viralbokep2.ddns.net"; classtype:attempted-recon; sid:200002087; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grup-whatsapp121.duckdns.org"; classtype:attempted-recon; sid:200002088; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grup-whatsappbokep1.duckdns.org"; classtype:attempted-recon; sid:200002089; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grup-whatsappbokep2.duckdns.org"; classtype:attempted-recon; sid:200002090; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grupbokeppadacantik.duckdns.org"; classtype:attempted-recon; sid:200002091; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grupofsp.com.br"; classtype:attempted-recon; sid:200002092; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gruposanpio.com"; classtype:attempted-recon; sid:200002093; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gruptiktok.wikaba.com"; classtype:attempted-recon; sid:200002094; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grupviral-xx.duckdns.org"; classtype:attempted-recon; sid:200002095; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grupviral109.duckdns.org"; classtype:attempted-recon; sid:200002096; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grupviralterbaru.duckdns.org"; classtype:attempted-recon; sid:200002097; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grupwhatsappnobar-2022.duckdns.org"; classtype:attempted-recon; sid:200002098; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gscommunityspirit.greenschool.org"; classtype:attempted-recon; sid:200002099; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gstsolutions.online"; classtype:attempted-recon; sid:200002100; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gunatanahku.perkimtan.sumbarprov.go.id"; classtype:attempted-recon; sid:200002101; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gurukanth.com"; classtype:attempted-recon; sid:200002102; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gwenet.org"; classtype:attempted-recon; sid:200002103; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gyfnqyk.cn"; classtype:attempted-recon; sid:200002104; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gymjaokhanakho.azurewebsites.net"; classtype:attempted-recon; sid:200002105; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"habbocreditosparati.blogspot.com"; classtype:attempted-recon; sid:200002106; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"haftteam.ir"; classtype:attempted-recon; sid:200002107; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hahdaeupdate.es.tl"; classtype:attempted-recon; sid:200002108; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"halaisabudhabi.com"; classtype:attempted-recon; sid:200002109; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"halifax-securelink.com"; classtype:attempted-recon; sid:200002110; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"halisdurum.com"; classtype:attempted-recon; sid:200002111; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"haliuk-secure-device.com"; classtype:attempted-recon; sid:200002112; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"handakai.github.io"; classtype:attempted-recon; sid:200002113; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hangovertest1.blogspot.com"; classtype:attempted-recon; sid:200002114; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hans-ledlite.com"; classtype:attempted-recon; sid:200002115; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"happycabbagechicago.us"; classtype:attempted-recon; sid:200002116; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"haroldhazard1-wixsite-com.filesusr.com"; classtype:attempted-recon; sid:200002117; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hasseanhannitybeenwaterboarded.com"; classtype:attempted-recon; sid:200002118; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"haunlimited.org"; classtype:attempted-recon; sid:200002119; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hcnprdvz.azureedge.net"; classtype:attempted-recon; sid:200002120; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hdmediahub.club"; classtype:attempted-recon; sid:200002121; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hdss-stream.org"; classtype:attempted-recon; sid:200002122; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"heinthu1.github.io"; classtype:attempted-recon; sid:200002123; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hellenic-postbank.com"; classtype:attempted-recon; sid:200002124; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"helloparis.co.uk"; classtype:attempted-recon; sid:200002125; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"help-account-bxsfe.ondigitalocean.app"; classtype:attempted-recon; sid:200002126; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"help-notice-center-identity-6532.web.id"; classtype:attempted-recon; sid:200002127; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"help.insecur.saftyalert.workers.dev"; classtype:attempted-recon; sid:200002128; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"help.validation-page.workers.dev"; classtype:attempted-recon; sid:200002129; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"henan.vxim58i.cn"; classtype:attempted-recon; sid:200002130; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hermes.parcel-tracker.com"; classtype:attempted-recon; sid:200002131; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hetershaven.net"; classtype:attempted-recon; sid:200002132; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"heuristic-gagarin.45-88-108-231.plesk.page"; classtype:attempted-recon; sid:200002133; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hfemail.ntneancns.com"; classtype:attempted-recon; sid:200002134; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hgda.db0u4hs.cn"; classtype:attempted-recon; sid:200002135; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hgdaa.lfoxcct.cn"; classtype:attempted-recon; sid:200002136; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hghgda.erjl0hx.cn"; classtype:attempted-recon; sid:200002137; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hhdd.mzhemfi.cn"; classtype:attempted-recon; sid:200002138; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hi.switchy.io"; classtype:attempted-recon; sid:200002139; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hidzzs.com"; classtype:attempted-recon; sid:200002140; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hifly01721.top"; classtype:attempted-recon; sid:200002141; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hifly06356.top"; classtype:attempted-recon; sid:200002142; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hifly31916.top"; classtype:attempted-recon; sid:200002143; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hifly32053.top"; classtype:attempted-recon; sid:200002144; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hifly38926.top"; classtype:attempted-recon; sid:200002145; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hifly39091.top"; classtype:attempted-recon; sid:200002146; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hifly61215.top"; classtype:attempted-recon; sid:200002147; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hifly71191.top"; classtype:attempted-recon; sid:200002148; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hikaheal.com"; classtype:attempted-recon; sid:200002149; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"himalayansherpa.com.au"; classtype:attempted-recon; sid:200002150; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"himbauane.blogspot.com"; classtype:attempted-recon; sid:200002151; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hitman71hd-wixsite-com.filesusr.com"; classtype:attempted-recon; sid:200002152; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hjhjjhjhjh.pagedemo.co"; classtype:attempted-recon; sid:200002153; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hockian.com"; classtype:attempted-recon; sid:200002154; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"holobeam.000webhostapp.com"; classtype:attempted-recon; sid:200002155; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"home.ei1ns.de"; classtype:attempted-recon; sid:200002156; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"home.myfairpoint.net"; classtype:attempted-recon; sid:200002157; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"homepichilinea2.webcindario.com"; classtype:attempted-recon; sid:200002158; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"homesinlogin.com"; classtype:attempted-recon; sid:200002159; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"homestaylongho.com"; classtype:attempted-recon; sid:200002160; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hostnix.net"; classtype:attempted-recon; sid:200002161; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hostpoint.ch.17a902ef.tcorner.fr"; classtype:attempted-recon; sid:200002162; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hotbrooks.com"; classtype:attempted-recon; sid:200002163; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hotel-pontos.gr"; classtype:attempted-recon; sid:200002164; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hoteltigerplus.com"; classtype:attempted-recon; sid:200002165; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hounbvc-c7661.web.app"; classtype:attempted-recon; sid:200002166; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"houseofscotland.com.au"; classtype:attempted-recon; sid:200002167; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hpnepgnmwrgdrrsdshzrvyirlx-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200002168; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hpplotters.in"; classtype:attempted-recon; sid:200002169; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hs-giveaways.ca"; classtype:attempted-recon; sid:200002170; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ht-cargo.com.vn"; classtype:attempted-recon; sid:200002171; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"htlgroup.com.my"; classtype:attempted-recon; sid:200002172; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httpeugnerally-wixsite-com.filesusr.com"; classtype:attempted-recon; sid:200002173; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"https-scert-con04.xyz"; classtype:attempted-recon; sid:200002174; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"https-scert-srv02.xyz"; classtype:attempted-recon; sid:200002175; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"https-scert-srv06.xyz"; classtype:attempted-recon; sid:200002176; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"https-scert-srv08.xyz"; classtype:attempted-recon; sid:200002177; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httpsfaceb00k.com-r51znzih8l.isiolo.go.ke"; classtype:attempted-recon; sid:200002178; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httpsfacebo0k.com-r51znzlh8i.isiolo.go.ke"; classtype:attempted-recon; sid:200002179; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httpsfacebook.com-r51znzih8i.isiolo.go.ke"; classtype:attempted-recon; sid:200002180; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httpsfacebook.com-r51znzlh8i.isiolo.go.ke"; classtype:attempted-recon; sid:200002181; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httpsmarketplace.facebook.com-wd5sulr0f5.isiolo.go.ke"; classtype:attempted-recon; sid:200002182; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hubcare.co.in"; classtype:attempted-recon; sid:200002183; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hulu-com-activate.sitey.me"; classtype:attempted-recon; sid:200002184; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hulu-hulu-com-activate.sitey.me"; classtype:attempted-recon; sid:200002185; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hulu.sitey.me"; classtype:attempted-recon; sid:200002186; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"humc.in"; classtype:attempted-recon; sid:200002187; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hutoknepper.de"; classtype:attempted-recon; sid:200002188; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"huxleyfran.temp.swtest.ru"; classtype:attempted-recon; sid:200002189; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"huynguyen2k.github.io"; classtype:attempted-recon; sid:200002190; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hypegames.shop"; classtype:attempted-recon; sid:200002191; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"i-ask332.dga.jp"; classtype:attempted-recon; sid:200002192; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"i.violationspage.validationspege.workers.dev"; classtype:attempted-recon; sid:200002193; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ialvkqkadlmcdltczoqpwoociz-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200002194; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ibpm.ru"; classtype:attempted-recon; sid:200002195; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"icloud-map-live.com"; classtype:attempted-recon; sid:200002196; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"icloudstatus.com.ng"; classtype:attempted-recon; sid:200002197; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"icy.martulangbelulalng.workers.dev"; classtype:attempted-recon; sid:200002198; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"idappswallets.com"; classtype:attempted-recon; sid:200002199; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"identifiez-vous-avec-votre-compte.yolasite.com"; classtype:attempted-recon; sid:200002200; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"identifiez-vous598.yolasite.com"; classtype:attempted-recon; sid:200002201; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"identify.run-us-west2.goorm.io"; classtype:attempted-recon; sid:200002202; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"idhuman-verification.run-us-west2.goorm.io"; classtype:attempted-recon; sid:200002203; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"idnpokerweb.com"; classtype:attempted-recon; sid:200002204; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ieqdlhv.cn"; classtype:attempted-recon; sid:200002205; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iframejld.avent-media.fr"; classtype:attempted-recon; sid:200002206; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ighk.umjlrs7uci2751.workers.dev"; classtype:attempted-recon; sid:200002207; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iipvit.by"; classtype:attempted-recon; sid:200002208; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ijcda.bukkats.cn"; classtype:attempted-recon; sid:200002209; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ijeioqhawdqioqho.weebly.com"; classtype:attempted-recon; sid:200002210; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ijhca.0gb0h7z.cn"; classtype:attempted-recon; sid:200002211; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ijjd.h8nmtcc.cn"; classtype:attempted-recon; sid:200002212; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ijmna.p2y00vd.cn"; classtype:attempted-recon; sid:200002213; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ijmnc.x7o1tut.cn"; classtype:attempted-recon; sid:200002214; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ijnssa.w005zmk.cn"; classtype:attempted-recon; sid:200002215; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ijsa.x3585z7.cn"; classtype:attempted-recon; sid:200002216; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ikcda.a2g5xvs.cn"; classtype:attempted-recon; sid:200002217; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ikcsa.ajiqvjf.cn"; classtype:attempted-recon; sid:200002218; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ikdff.jmo904i.cn"; classtype:attempted-recon; sid:200002219; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ikja.lbanwqp.cn"; classtype:attempted-recon; sid:200002220; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ikjd.uk0xnp8.cn"; classtype:attempted-recon; sid:200002221; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ikjgd.rg6bzk7.cn"; classtype:attempted-recon; sid:200002222; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ikmcd.u4jdbxm.cn"; classtype:attempted-recon; sid:200002223; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ikmxaa.qcqxlrq.cn"; classtype:attempted-recon; sid:200002224; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iloveyourglasses.com"; classtype:attempted-recon; sid:200002225; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ilpconnect.org"; classtype:attempted-recon; sid:200002226; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"imersao.impulseingles.com.br"; classtype:attempted-recon; sid:200002227; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"imf0rm4t10nc3nt3r-1d3nt1tys.000webhostapp.com"; classtype:attempted-recon; sid:200002228; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"imi-ksa.jajainfo.net"; classtype:attempted-recon; sid:200002229; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"imobiliaria-cardinali-com-br.blogspot.com"; classtype:attempted-recon; sid:200002230; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"impostazionebper.000webhostapp.com"; classtype:attempted-recon; sid:200002231; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"in.deraya.org"; classtype:attempted-recon; sid:200002232; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"inaueab.com"; classtype:attempted-recon; sid:200002233; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"indo-viral2022.duckdns.org"; classtype:attempted-recon; sid:200002234; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"info.lionnets.com"; classtype:attempted-recon; sid:200002235; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"infohypesquad.com"; classtype:attempted-recon; sid:200002236; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"infopichinchaweb.webcindario.com"; classtype:attempted-recon; sid:200002237; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"informations.recovery.confiryourpage.workers.dev"; classtype:attempted-recon; sid:200002238; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"infos00001.temp.swtest.ru"; classtype:attempted-recon; sid:200002239; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"infosecplace.com"; classtype:attempted-recon; sid:200002240; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"infosprologinmatrisemomols.yolasite.com"; classtype:attempted-recon; sid:200002241; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ing.ingdirect-app.com"; classtype:attempted-recon; sid:200002242; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ingaveiculos.creatorlink.net"; classtype:attempted-recon; sid:200002243; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ingresadatosbono210.com"; classtype:attempted-recon; sid:200002244; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"inicia-bancalnterbank.com"; classtype:attempted-recon; sid:200002245; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"inna.cedymll.cn"; classtype:attempted-recon; sid:200002246; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"innca.ol90k56.cn"; classtype:attempted-recon; sid:200002247; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"innovasjon.as"; classtype:attempted-recon; sid:200002248; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"inps-ep.com"; classtype:attempted-recon; sid:200002249; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"instagram-9.blogspot.com"; classtype:attempted-recon; sid:200002250; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"instagramhelpp.agency"; classtype:attempted-recon; sid:200002251; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intellidata-analytica.com"; classtype:attempted-recon; sid:200002252; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"interbankempresahome.rankforever.com"; classtype:attempted-recon; sid:200002253; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"interbankempresas.pe-il.ru"; classtype:attempted-recon; sid:200002254; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intern.unibas-com.ch"; classtype:attempted-recon; sid:200002255; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"international-formulier.91-218-65-223.plesk.page"; classtype:attempted-recon; sid:200002256; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"internetbanking-caixa-gov.xyz"; classtype:attempted-recon; sid:200002257; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"internetbankinghelp.com"; classtype:attempted-recon; sid:200002258; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"internetservicetech.com"; classtype:attempted-recon; sid:200002259; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intexargentina.com.ar"; classtype:attempted-recon; sid:200002260; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"inthewildproductions.com"; classtype:attempted-recon; sid:200002261; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intoli.ru"; classtype:attempted-recon; sid:200002262; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intrafloraplants.com"; classtype:attempted-recon; sid:200002263; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intranet.sztpe.info"; classtype:attempted-recon; sid:200002264; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"investpl.work"; classtype:attempted-recon; sid:200002265; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iplogger.info"; classtype:attempted-recon; sid:200002266; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ironmantech.shop"; classtype:attempted-recon; sid:200002267; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"irs-gov.us-get-funds-assistance.com"; classtype:attempted-recon; sid:200002268; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"isfirsatibul.com"; classtype:attempted-recon; sid:200002269; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ismamorlin.my-place.us"; classtype:attempted-recon; sid:200002270; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"istudyalumni.com"; classtype:attempted-recon; sid:200002271; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"it-europe564598-com.filesusr.com"; classtype:attempted-recon; sid:200002272; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"it.melnikhotels.com"; classtype:attempted-recon; sid:200002273; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"itcentralsupport.net"; classtype:attempted-recon; sid:200002274; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"its.tikkycloud.com"; classtype:attempted-recon; sid:200002275; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"itsmdshahin.github.io"; classtype:attempted-recon; sid:200002276; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iuhkj.r4f4vmtlso.workers.dev"; classtype:attempted-recon; sid:200002277; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iuhs.tyopfhn.cn"; classtype:attempted-recon; sid:200002278; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iujdas.yfwxlc9.cn"; classtype:attempted-recon; sid:200002279; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iuyydd.ebeg6uk.cn"; classtype:attempted-recon; sid:200002280; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"j9w77d0.cn"; classtype:attempted-recon; sid:200002281; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jacobliston.com"; classtype:attempted-recon; sid:200002282; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jadaart.org"; classtype:attempted-recon; sid:200002283; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jagex-rewards.com"; classtype:attempted-recon; sid:200002284; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jam-023d.gitlab.io"; classtype:attempted-recon; sid:200002285; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"james8.aidaform.com"; classtype:attempted-recon; sid:200002286; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"javarockingland.com"; classtype:attempted-recon; sid:200002287; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jax.bz"; classtype:attempted-recon; sid:200002288; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jbwbzta.alfens8.cc"; classtype:attempted-recon; sid:200002289; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jeanbaileyrobor.com"; classtype:attempted-recon; sid:200002290; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jendelajogja.com"; classtype:attempted-recon; sid:200002291; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jerinja.github.io"; classtype:attempted-recon; sid:200002292; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jessicasproul.com"; classtype:attempted-recon; sid:200002293; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jetser-electrical-supply.business.site"; classtype:attempted-recon; sid:200002294; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jetstoop.top"; classtype:attempted-recon; sid:200002295; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jett.gator.site"; classtype:attempted-recon; sid:200002296; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jflkp.csb.app"; classtype:attempted-recon; sid:200002297; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jfovukvysqnglcjghfxncklqih-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200002298; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jhda.wfdyk9p.cn"; classtype:attempted-recon; sid:200002299; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jhdd.fjcslad.cn"; classtype:attempted-recon; sid:200002300; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jhff.93oe0u9.cn"; classtype:attempted-recon; sid:200002301; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jiwanramchemical.com"; classtype:attempted-recon; sid:200002302; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jjhcd.27ke98i.cn"; classtype:attempted-recon; sid:200002303; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jk99j.sbs"; classtype:attempted-recon; sid:200002304; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jkhkjjkjk.pagedemo.co"; classtype:attempted-recon; sid:200002305; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jlogine.com"; classtype:attempted-recon; sid:200002306; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jnlope.tangguakrapekpuik.link"; classtype:attempted-recon; sid:200002307; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jnnc.grnxkoj.cn"; classtype:attempted-recon; sid:200002308; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"job-type.com"; classtype:attempted-recon; sid:200002309; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jobs.job.com.bd"; classtype:attempted-recon; sid:200002310; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joecamera.net"; classtype:attempted-recon; sid:200002311; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"john-ashley.de"; classtype:attempted-recon; sid:200002312; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"join-chat-whatssap-viral-2022.duckdns.org"; classtype:attempted-recon; sid:200002313; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"join-group-wa2022.duckdns.org"; classtype:attempted-recon; sid:200002314; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"join-grub-bokep-gratis.duckdns.org"; classtype:attempted-recon; sid:200002315; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"join-grubkienzy849.duckdns.org"; classtype:attempted-recon; sid:200002316; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"join-whatsapp-tante-hot18.duckdns.org"; classtype:attempted-recon; sid:200002317; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joingrupp-bkep156.duckdns.org"; classtype:attempted-recon; sid:200002318; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joingrupterbaru-0.duckdns.org"; classtype:attempted-recon; sid:200002319; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joinlinkviral729.duckdns.org"; classtype:attempted-recon; sid:200002320; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joinssgropshot18.duckdns.org"; classtype:attempted-recon; sid:200002321; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joinssgropssney6.duckdns.org"; classtype:attempted-recon; sid:200002322; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jow-japan.or.jp"; classtype:attempted-recon; sid:200002323; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joyeriajireh.com.mx"; classtype:attempted-recon; sid:200002324; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jp-bnnk.japappoit.asdwb.xyz"; classtype:attempted-recon; sid:200002325; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jp-bnnk.japappoit.asdwd.xyz"; classtype:attempted-recon; sid:200002326; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jptechdocsign.net"; classtype:attempted-recon; sid:200002327; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jrhayley.plus.com"; classtype:attempted-recon; sid:200002328; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"juandfar.github.io"; classtype:attempted-recon; sid:200002329; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jurlebedev.ru"; classtype:attempted-recon; sid:200002330; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"justgot.gonevis.com"; classtype:attempted-recon; sid:200002331; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"justsayingbro.com"; classtype:attempted-recon; sid:200002332; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jvk.zultifarza.workers.dev"; classtype:attempted-recon; sid:200002333; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jyeue43rm95p.clickfunnels.com"; classtype:attempted-recon; sid:200002334; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jz2bab.webwave.dev"; classtype:attempted-recon; sid:200002335; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"k3ja6d.webwave.dev"; classtype:attempted-recon; sid:200002336; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kaamwalibais.co.in"; classtype:attempted-recon; sid:200002337; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kamdhenurealities.com"; classtype:attempted-recon; sid:200002338; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kargonova.com"; classtype:attempted-recon; sid:200002339; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kartaltepespor.com"; classtype:attempted-recon; sid:200002340; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kasba.in"; classtype:attempted-recon; sid:200002341; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"katanaroninchains.com"; classtype:attempted-recon; sid:200002342; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kbstitchdesigns.com"; classtype:attempted-recon; sid:200002343; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kcas.ygvlrlo.cn"; classtype:attempted-recon; sid:200002344; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kdhdf34j6dfh.dealerwebsite.com"; classtype:attempted-recon; sid:200002345; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kdlscaffolding.co.uk"; classtype:attempted-recon; sid:200002346; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kecc.com"; classtype:attempted-recon; sid:200002347; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kecmanijada.com"; classtype:attempted-recon; sid:200002348; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"keep-passw0rd-supp0rt20211129-0106.supp0rtaaqkadq2zgnizte3ltbly2etnge5yi05ntm3lty2yjcwyzywzdjhmwa.workers.dev"; classtype:attempted-recon; sid:200002349; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"keepactive-8k98-l9k8-98j8-98j78u-d3d3-fr3d34d-2.pages.dev"; classtype:attempted-recon; sid:200002350; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"keepboxactive-msoe3e3-osd2rrf432-d342f4-3f34e32edetferef.pages.dev"; classtype:attempted-recon; sid:200002351; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kevinsmovingservice.com"; classtype:attempted-recon; sid:200002352; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kex81.sbs"; classtype:attempted-recon; sid:200002353; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"key-drcp.com"; classtype:attempted-recon; sid:200002354; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kghm-invest.web.app"; classtype:attempted-recon; sid:200002355; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ki89.pckmlc0cus5667.workers.dev"; classtype:attempted-recon; sid:200002356; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kienthucykhoa.org"; classtype:attempted-recon; sid:200002357; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kimaki.001www.com"; classtype:attempted-recon; sid:200002358; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kingfaisalprize.org"; classtype:attempted-recon; sid:200002359; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kingmhd95p.temp.swtest.ru"; classtype:attempted-recon; sid:200002360; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kissapps.io"; classtype:attempted-recon; sid:200002361; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kit.mishkanhakavana.com"; classtype:attempted-recon; sid:200002362; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kjhdda.tetfeec.cn"; classtype:attempted-recon; sid:200002363; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"klaim-item-mlbb-terbaru8.duckdns.org"; classtype:attempted-recon; sid:200002364; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kleinsigns.net"; classtype:attempted-recon; sid:200002365; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"klockorochsmycken.se"; classtype:attempted-recon; sid:200002366; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"knocktheskool.in"; classtype:attempted-recon; sid:200002367; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koerich-c-empresarial.com"; classtype:attempted-recon; sid:200002368; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koji.to"; classtype:attempted-recon; sid:200002369; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kone-ali123-mon-site-web-cheetah-5.cheetah.builderall.com"; classtype:attempted-recon; sid:200002370; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"konfirmasi-identitas-2022.webnode.page"; classtype:attempted-recon; sid:200002371; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"konnect2kamadhenu.com"; classtype:attempted-recon; sid:200002372; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koteng.odoo.com"; classtype:attempted-recon; sid:200002373; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kr-bithumb.web.app"; classtype:attempted-recon; sid:200002374; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kraftongame.net"; classtype:attempted-recon; sid:200002375; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"krupije.com"; classtype:attempted-recon; sid:200002376; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"krx887.com"; classtype:attempted-recon; sid:200002377; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ksschool.org.in"; classtype:attempted-recon; sid:200002378; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kuchkuchnights.com"; classtype:attempted-recon; sid:200002379; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kurortnoye.com.ua"; classtype:attempted-recon; sid:200002380; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"l-abe.com"; classtype:attempted-recon; sid:200002381; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"l-q.in"; classtype:attempted-recon; sid:200002382; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lambdaweb.info"; classtype:attempted-recon; sid:200002383; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"laposada.roncesvalles.es"; classtype:attempted-recon; sid:200002384; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"laposte-france.web.app"; classtype:attempted-recon; sid:200002385; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lapotosinaexpress.com"; classtype:attempted-recon; sid:200002386; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"larindbr.creatorlink.net"; classtype:attempted-recon; sid:200002387; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"larvalab.to"; classtype:attempted-recon; sid:200002388; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lasyaja.github.io"; classtype:attempted-recon; sid:200002389; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"latelevitation.com"; classtype:attempted-recon; sid:200002390; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"latest-recharge-reorder.co.uk"; classtype:attempted-recon; sid:200002391; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"latestnews.pricesrakutenlogin.xyz"; classtype:attempted-recon; sid:200002392; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"latinotravel.cz"; classtype:attempted-recon; sid:200002393; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lazada889.com"; classtype:attempted-recon; sid:200002394; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lbce.lecservilbc.com"; classtype:attempted-recon; sid:200002395; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ldsplanettt.yolasite.com"; classtype:attempted-recon; sid:200002396; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"le-diablotin-rouen.com"; classtype:attempted-recon; sid:200002397; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"leadershipmail.org"; classtype:attempted-recon; sid:200002398; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"learningimpactmodel.com"; classtype:attempted-recon; sid:200002399; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"leboncoiinlbc.000webhostapp.com"; classtype:attempted-recon; sid:200002400; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"leboncoin.delivery01588.icu"; classtype:attempted-recon; sid:200002401; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lemeiesta.com"; classtype:attempted-recon; sid:200002402; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lenagruessdich.net"; classtype:attempted-recon; sid:200002403; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"leroycu.ca"; classtype:attempted-recon; sid:200002404; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lettertracing4kids.com"; classtype:attempted-recon; sid:200002405; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lexnotes.com.ng"; classtype:attempted-recon; sid:200002406; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lg-bluebadgecenter.ml"; classtype:attempted-recon; sid:200002407; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lg-onecom-io.web.app"; classtype:attempted-recon; sid:200002408; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"liberasrl.it"; classtype:attempted-recon; sid:200002409; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lihi3.cc"; classtype:attempted-recon; sid:200002410; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"linkcontract.tech"; classtype:attempted-recon; sid:200002411; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"liongear.com"; classtype:attempted-recon; sid:200002412; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lirc.cep.edu.vn"; classtype:attempted-recon; sid:200002413; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"little-frost-1a15.chrisc11004842.workers.dev"; classtype:attempted-recon; sid:200002414; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"little-rain-39c4.newdhlacceslogins.workers.dev"; classtype:attempted-recon; sid:200002415; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"little-wood-23ca.abssupdatedlogin.workers.dev"; classtype:attempted-recon; sid:200002416; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"litty.shop"; classtype:attempted-recon; sid:200002417; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"liusanchuan.github.io"; classtype:attempted-recon; sid:200002418; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"live-site.hopto.me"; classtype:attempted-recon; sid:200002419; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"live.rawfednews.com"; classtype:attempted-recon; sid:200002420; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"livechat-ronin.com"; classtype:attempted-recon; sid:200002421; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"livecryptolab.com"; classtype:attempted-recon; sid:200002422; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"livelifelimitless.com.au"; classtype:attempted-recon; sid:200002423; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ljkds.hvkmjdq.cn"; classtype:attempted-recon; sid:200002424; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lkjds.nlmwjta.cn"; classtype:attempted-recon; sid:200002425; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lloydbank-accountbreach.com"; classtype:attempted-recon; sid:200002426; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lloydbank-secure-customers.com"; classtype:attempted-recon; sid:200002427; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lloydbank-support-team.com"; classtype:attempted-recon; sid:200002428; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lloydbanking-securelogin.com"; classtype:attempted-recon; sid:200002429; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lloydsbank.deregister-payee-secure-auth.com"; classtype:attempted-recon; sid:200002430; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lloydsbank.secure-online-deregister.com"; classtype:attempted-recon; sid:200002431; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lloydsbank.secure-personal-device-login.com"; classtype:attempted-recon; sid:200002432; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lloyduk-newdevice-registered-online.com"; classtype:attempted-recon; sid:200002433; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"llsckhuhskcamuqwbonsrhwpvk-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200002434; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lnkd.dev"; classtype:attempted-recon; sid:200002435; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lnterbancape-lbk.com"; classtype:attempted-recon; sid:200002436; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lnterbank.pe.starneonsignsug.com"; classtype:attempted-recon; sid:200002437; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"localwithg.com"; classtype:attempted-recon; sid:200002438; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lockpichincha.webcindario.com"; classtype:attempted-recon; sid:200002439; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loengregkuetngferu.live"; classtype:attempted-recon; sid:200002440; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lofon-add.firebaseapp.com"; classtype:attempted-recon; sid:200002441; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loftywallet.com"; classtype:attempted-recon; sid:200002442; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"login-a5x1ir9bkd0dfo9nrbe2akijf3ux35u2gard0djpitipusxxc8.website.yandexcloud.net"; classtype:attempted-recon; sid:200002443; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"login-facebook18.webnode.page"; classtype:attempted-recon; sid:200002444; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"login-live.com-s02.net"; classtype:attempted-recon; sid:200002445; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"login-np6hh1hdf6csg7hcskopd44b7e7z4clqa8lput68g5abukevka.website.yandexcloud.net"; classtype:attempted-recon; sid:200002446; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"login-postfinance.com"; classtype:attempted-recon; sid:200002447; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"login.dbs.webdbslistinonline.com"; classtype:attempted-recon; sid:200002448; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"login.privategold.uytrtyuhij987.gowithapex.com"; classtype:attempted-recon; sid:200002449; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"login.smbc.weddirecttop.com"; classtype:attempted-recon; sid:200002450; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"logindhlaccess.dhlupdatelogin.workers.dev"; classtype:attempted-recon; sid:200002451; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"logverify-df12e-verify-1230-eu.web.app"; classtype:attempted-recon; sid:200002452; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loinesports.com"; classtype:attempted-recon; sid:200002453; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lomadesarrollos.mx"; classtype:attempted-recon; sid:200002454; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lombard11.eu"; classtype:attempted-recon; sid:200002455; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lot-lp-x.web.app"; classtype:attempted-recon; sid:200002456; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lp.vp4.me"; classtype:attempted-recon; sid:200002457; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lrs.financial"; classtype:attempted-recon; sid:200002458; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lrs.foundation"; classtype:attempted-recon; sid:200002459; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lrs.fund"; classtype:attempted-recon; sid:200002460; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ltdv1signinui.website.yandexcloud.net"; classtype:attempted-recon; sid:200002461; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lucid-lichterman.45-81-232-17.plesk.page"; classtype:attempted-recon; sid:200002462; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luciolee17.temp.swtest.ru"; classtype:attempted-recon; sid:200002463; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lucky-glitter-f89f.jimmysitt.workers.dev"; classtype:attempted-recon; sid:200002464; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lucy-walker.com"; classtype:attempted-recon; sid:200002465; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lukysepinfreefire2022.duckdns.org"; classtype:attempted-recon; sid:200002466; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lunugrcpujwcfnajuctkojawrh-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200002467; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lydab.com"; classtype:attempted-recon; sid:200002468; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m.help.insecurpage.workers.dev"; classtype:attempted-recon; sid:200002469; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m.maseocoad.top"; classtype:attempted-recon; sid:200002470; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m.mauofcg.com"; classtype:attempted-recon; sid:200002471; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m.protc.safty-pege.workers.dev"; classtype:attempted-recon; sid:200002472; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m.recovery.safetyacount.workers.dev"; classtype:attempted-recon; sid:200002473; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m.recovery.saftypageupdate.workers.dev"; classtype:attempted-recon; sid:200002474; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m.salsomascard.top"; classtype:attempted-recon; sid:200002475; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m4-appcaixia.com"; classtype:attempted-recon; sid:200002476; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m42club.com"; classtype:attempted-recon; sid:200002477; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m5bundle.com"; classtype:attempted-recon; sid:200002478; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"machineryzoneservice.com"; classtype:attempted-recon; sid:200002479; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"macjakarta.com"; classtype:attempted-recon; sid:200002480; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"macst.cc"; classtype:attempted-recon; sid:200002481; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"madamailru.temp.swtest.ru"; classtype:attempted-recon; sid:200002482; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"madens.com.pl"; classtype:attempted-recon; sid:200002483; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"madrhinoconsulting.com"; classtype:attempted-recon; sid:200002484; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maestro.my.prod.dfg152.ru"; classtype:attempted-recon; sid:200002485; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"magyar-posta.ddns.net"; classtype:attempted-recon; sid:200002486; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"magyar-posta.sytes.net"; classtype:attempted-recon; sid:200002487; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mahikapur.in"; classtype:attempted-recon; sid:200002488; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mahud.globizsapp.com"; classtype:attempted-recon; sid:200002489; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail-account-verify-f4723.web.app"; classtype:attempted-recon; sid:200002490; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail-gmxaktualisierung.yolasite.com"; classtype:attempted-recon; sid:200002491; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail-ovhcloud.web.app"; classtype:attempted-recon; sid:200002492; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail-ssocloud-srvr67yhguh.pages.dev"; classtype:attempted-recon; sid:200002493; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.enrollmoreclientsbootcamp.com"; classtype:attempted-recon; sid:200002494; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.gov-taxid.completofyours.info"; classtype:attempted-recon; sid:200002495; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.grup-dwsa-indomesia845.duckdns.org"; classtype:attempted-recon; sid:200002496; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.ims-fe.com"; classtype:attempted-recon; sid:200002497; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.kuttabalfatih.com"; classtype:attempted-recon; sid:200002498; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.santepluspharma.com"; classtype:attempted-recon; sid:200002499; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.sweetshopspecialtycoffee.com.au"; classtype:attempted-recon; sid:200002500; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.tariqalaraimi.com"; classtype:attempted-recon; sid:200002501; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.updateinfo-billingo2.com"; classtype:attempted-recon; sid:200002502; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.wheel1factory.net"; classtype:attempted-recon; sid:200002503; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.zenstream.com"; classtype:attempted-recon; sid:200002504; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck1.web.app"; classtype:attempted-recon; sid:200002505; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck10.web.app"; classtype:attempted-recon; sid:200002506; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck11.web.app"; classtype:attempted-recon; sid:200002507; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck12.web.app"; classtype:attempted-recon; sid:200002508; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck13.web.app"; classtype:attempted-recon; sid:200002509; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck14.web.app"; classtype:attempted-recon; sid:200002510; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck15.web.app"; classtype:attempted-recon; sid:200002511; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck16.web.app"; classtype:attempted-recon; sid:200002512; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck17.web.app"; classtype:attempted-recon; sid:200002513; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck18.web.app"; classtype:attempted-recon; sid:200002514; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck19.web.app"; classtype:attempted-recon; sid:200002515; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck2.web.app"; classtype:attempted-recon; sid:200002516; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck20.web.app"; classtype:attempted-recon; sid:200002517; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck4.web.app"; classtype:attempted-recon; sid:200002518; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck5.web.app"; classtype:attempted-recon; sid:200002519; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck6.web.app"; classtype:attempted-recon; sid:200002520; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck7.web.app"; classtype:attempted-recon; sid:200002521; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck8.web.app"; classtype:attempted-recon; sid:200002522; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck9.web.app"; classtype:attempted-recon; sid:200002523; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailgmxaktualiisieren.yolasite.com"; classtype:attempted-recon; sid:200002524; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailplusrolerequestedprivatemailupdates.pages.dev"; classtype:attempted-recon; sid:200002525; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailserver7656566.blob.core.windows.net"; classtype:attempted-recon; sid:200002526; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee10.web.app"; classtype:attempted-recon; sid:200002527; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee11.web.app"; classtype:attempted-recon; sid:200002528; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee12.web.app"; classtype:attempted-recon; sid:200002529; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee13.web.app"; classtype:attempted-recon; sid:200002530; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee14.web.app"; classtype:attempted-recon; sid:200002531; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee15.web.app"; classtype:attempted-recon; sid:200002532; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee16.web.app"; classtype:attempted-recon; sid:200002533; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee17.web.app"; classtype:attempted-recon; sid:200002534; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee18.web.app"; classtype:attempted-recon; sid:200002535; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee19.web.app"; classtype:attempted-recon; sid:200002536; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee20.web.app"; classtype:attempted-recon; sid:200002537; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee21.web.app"; classtype:attempted-recon; sid:200002538; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee22.web.app"; classtype:attempted-recon; sid:200002539; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee23.web.app"; classtype:attempted-recon; sid:200002540; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee24.web.app"; classtype:attempted-recon; sid:200002541; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee26.web.app"; classtype:attempted-recon; sid:200002542; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee27.web.app"; classtype:attempted-recon; sid:200002543; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee28.web.app"; classtype:attempted-recon; sid:200002544; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee29.web.app"; classtype:attempted-recon; sid:200002545; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee32.web.app"; classtype:attempted-recon; sid:200002546; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee34.web.app"; classtype:attempted-recon; sid:200002547; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee35.web.app"; classtype:attempted-recon; sid:200002548; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee40.web.app"; classtype:attempted-recon; sid:200002549; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee5.web.app"; classtype:attempted-recon; sid:200002550; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee6.web.app"; classtype:attempted-recon; sid:200002551; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee7.web.app"; classtype:attempted-recon; sid:200002552; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee8.web.app"; classtype:attempted-recon; sid:200002553; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee9.web.app"; classtype:attempted-recon; sid:200002554; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maintoken.org"; classtype:attempted-recon; sid:200002555; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mainwalletappconnect.com"; classtype:attempted-recon; sid:200002556; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"makcts-go.ru"; classtype:attempted-recon; sid:200002557; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"make-anon-keep-past.rvsla.workers.dev"; classtype:attempted-recon; sid:200002558; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mala-riba.com"; classtype:attempted-recon; sid:200002559; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"malaprontaargentina.com.br"; classtype:attempted-recon; sid:200002560; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"malehaenterprises.com"; classtype:attempted-recon; sid:200002561; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"malukutenggarakab.go.id"; classtype:attempted-recon; sid:200002562; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mandirilivinlinksystem.brizy.site"; classtype:attempted-recon; sid:200002563; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mandirilivinlinksystem2.brizy.site"; classtype:attempted-recon; sid:200002564; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mandirilivinlinksystem3.brizy.site"; classtype:attempted-recon; sid:200002565; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"manthsedty.live"; classtype:attempted-recon; sid:200002566; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"manualsync.com"; classtype:attempted-recon; sid:200002567; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mapsa.com.pe"; classtype:attempted-recon; sid:200002568; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marinthe.poingaitongamlm.link"; classtype:attempted-recon; sid:200002569; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace-axieinfinity.io"; classtype:attempted-recon; sid:200002570; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace-axlelnfiniity.com"; classtype:attempted-recon; sid:200002571; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-1b6x8r3ep.isiolo.go.ke"; classtype:attempted-recon; sid:200002572; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-29ta3qbv.isiolo.go.ke"; classtype:attempted-recon; sid:200002573; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-hzup1bae.isiolo.go.ke"; classtype:attempted-recon; sid:200002574; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-kq1oh2ae.isiolo.go.ke"; classtype:attempted-recon; sid:200002575; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-qze9zt75vm.isiolo.go.ke"; classtype:attempted-recon; sid:200002576; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-sauuvazpjo.isiolo.go.ke"; classtype:attempted-recon; sid:200002577; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-tyeuieb7.isiolo.go.ke"; classtype:attempted-recon; sid:200002578; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-wd5sulr0f5.isiolo.go.ke"; classtype:attempted-recon; sid:200002579; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-z1au8cxghl.isiolo.go.ke"; classtype:attempted-recon; sid:200002580; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplaceaxieinfiniity.com"; classtype:attempted-recon; sid:200002581; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marmardian.co.vu"; classtype:attempted-recon; sid:200002582; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marylkmatzenger.com"; classtype:attempted-recon; sid:200002583; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"masdas0932.co.vu"; classtype:attempted-recon; sid:200002584; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"masum.lawyer"; classtype:attempted-recon; sid:200002585; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"match.lookatmynewphotos.com"; classtype:attempted-recon; sid:200002586; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"matchoklahoma.com"; classtype:attempted-recon; sid:200002587; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"matelamsiska.com"; classtype:attempted-recon; sid:200002588; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"matiruys.co.vu"; classtype:attempted-recon; sid:200002589; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maxclinic.ru"; classtype:attempted-recon; sid:200002590; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maxis-winner-2020.webs.com"; classtype:attempted-recon; sid:200002591; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mayormoveis.com"; classtype:attempted-recon; sid:200002592; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mboutique.cfd"; classtype:attempted-recon; sid:200002593; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mccarthyelectrical.com"; classtype:attempted-recon; sid:200002594; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mcconcep.cluster005.ovh.net"; classtype:attempted-recon; sid:200002595; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mchganistore.solofolio.net"; classtype:attempted-recon; sid:200002596; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mdex.li"; classtype:attempted-recon; sid:200002597; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mdurucan.com"; classtype:attempted-recon; sid:200002598; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"medelinahealth.com"; classtype:attempted-recon; sid:200002599; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"medeniyetakademisi.org"; classtype:attempted-recon; sid:200002600; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediasystembusiness.xyz"; classtype:attempted-recon; sid:200002601; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mednungtanpoudan-acvwe3.ga"; classtype:attempted-recon; sid:200002602; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"medo.world"; classtype:attempted-recon; sid:200002603; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"medtamr.com"; classtype:attempted-recon; sid:200002604; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meeting-23900123090123.bitbucket.io"; classtype:attempted-recon; sid:200002605; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"memestock.xyz"; classtype:attempted-recon; sid:200002606; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mercani.pomyt.info"; classtype:attempted-recon; sid:200002607; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mercariz.xyz"; classtype:attempted-recon; sid:200002608; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meremanovegabana.website2.me"; classtype:attempted-recon; sid:200002609; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mbudeu.cn"; classtype:attempted-recon; sid:200002610; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mg0gbo1.cn"; classtype:attempted-recon; sid:200002611; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mgeukpx.cn"; classtype:attempted-recon; sid:200002612; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mglsffs.cn"; classtype:attempted-recon; sid:200002613; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mksydb.cn"; classtype:attempted-recon; sid:200002614; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mktbbr.cn"; classtype:attempted-recon; sid:200002615; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mlyffa.cn"; classtype:attempted-recon; sid:200002616; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mnfjwy.cn"; classtype:attempted-recon; sid:200002617; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mnheijt.cn"; classtype:attempted-recon; sid:200002618; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mrzcafk.cn"; classtype:attempted-recon; sid:200002619; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.msnygk.cn"; classtype:attempted-recon; sid:200002620; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericorci-logining.sfhs26r.lyb6srb.cn"; classtype:attempted-recon; sid:200002621; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meriocori-logining.2y3uio.pyqbas.cn"; classtype:attempted-recon; sid:200002622; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mestertignseekjet4.blogspot.com"; classtype:attempted-recon; sid:200002623; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mestertignseekjet5.blogspot.com"; classtype:attempted-recon; sid:200002624; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mestertignseekjet6.blogspot.com"; classtype:attempted-recon; sid:200002625; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mestredaobra.com"; classtype:attempted-recon; sid:200002626; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metalurgicagiom.com.br"; classtype:attempted-recon; sid:200002627; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamasc.club"; classtype:attempted-recon; sid:200002628; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask-connect.com"; classtype:attempted-recon; sid:200002629; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask-connect.org"; classtype:attempted-recon; sid:200002630; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask-extension.com.hsurge.com"; classtype:attempted-recon; sid:200002631; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask-wallets-protection.web.app"; classtype:attempted-recon; sid:200002632; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask-wallets.yahoosites.com"; classtype:attempted-recon; sid:200002633; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask.cam"; classtype:attempted-recon; sid:200002634; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask.io-php.com"; classtype:attempted-recon; sid:200002635; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask.kiwi"; classtype:attempted-recon; sid:200002636; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask.protocol-process.me"; classtype:attempted-recon; sid:200002637; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask.security-information.cc"; classtype:attempted-recon; sid:200002638; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask.social"; classtype:attempted-recon; sid:200002639; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask.wallets-reauth.net"; classtype:attempted-recon; sid:200002640; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamaskdownloadandroid.xyz"; classtype:attempted-recon; sid:200002641; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamassklogins-us.tumblr.com"; classtype:attempted-recon; sid:200002642; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metaversepadapp.com"; classtype:attempted-recon; sid:200002643; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meusabor.com.br"; classtype:attempted-recon; sid:200002644; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mfacebook.blogspot.com.cy"; classtype:attempted-recon; sid:200002645; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mfacebook.blogspot.lt"; classtype:attempted-recon; sid:200002646; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mfacebook.blogspot.rs"; classtype:attempted-recon; sid:200002647; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mgpskartarpur.com"; classtype:attempted-recon; sid:200002648; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mibancocrece.com.co"; classtype:attempted-recon; sid:200002649; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"micacd.elshov.com"; classtype:attempted-recon; sid:200002650; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"michaelxrandazzo.com"; classtype:attempted-recon; sid:200002651; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"michiyado.com"; classtype:attempted-recon; sid:200002652; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"microcav.square.site"; classtype:attempted-recon; sid:200002653; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"microsoftonline.pages.dev"; classtype:attempted-recon; sid:200002654; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"microsoftwebserver.mfs.gg"; classtype:attempted-recon; sid:200002655; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"micuenta01.github.io"; classtype:attempted-recon; sid:200002656; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mijnics-actualisatie.185-236-231-64.plesk.page"; classtype:attempted-recon; sid:200002657; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mikhali.com"; classtype:attempted-recon; sid:200002658; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"milanobet301.com"; classtype:attempted-recon; sid:200002659; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"militarybikers.org"; classtype:attempted-recon; sid:200002660; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"minamikaga.or.jp"; classtype:attempted-recon; sid:200002661; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mingming20160152.github.io"; classtype:attempted-recon; sid:200002662; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"miozpro.com"; classtype:attempted-recon; sid:200002663; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"miracdoviz.com"; classtype:attempted-recon; sid:200002664; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"miss-paym02.com"; classtype:attempted-recon; sid:200002665; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"missionshashank.org"; classtype:attempted-recon; sid:200002666; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjayme9jdg9izxixmjeydgg.filesusr.com"; classtype:attempted-recon; sid:200002667; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjayme9jdg9izxiymjnyza.filesusr.com"; classtype:attempted-recon; sid:200002668; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymu1heta1dgg.filesusr.com"; classtype:attempted-recon; sid:200002669; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymu1hetezmtj0aa.filesusr.com"; classtype:attempted-recon; sid:200002670; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymu1hetgym3jk.filesusr.com"; classtype:attempted-recon; sid:200002671; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymu1hetizmtl0aa.filesusr.com"; classtype:attempted-recon; sid:200002672; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymu1hetqymhro.filesusr.com"; classtype:attempted-recon; sid:200002673; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymu1hetu3dgg.filesusr.com"; classtype:attempted-recon; sid:200002674; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymu1hetuymhro.filesusr.com"; classtype:attempted-recon; sid:200002675; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymu5vdmvtymvymji5dgg.filesusr.com"; classtype:attempted-recon; sid:200002676; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymu5vdmvtymvymtexdgg.filesusr.com"; classtype:attempted-recon; sid:200002677; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymuf1z3vzdde4mtf0aa.filesusr.com"; classtype:attempted-recon; sid:200002678; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymufwcmlsmde5dgg.filesusr.com"; classtype:attempted-recon; sid:200002679; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymup1bhk0mtf0aa.filesusr.com"; classtype:attempted-recon; sid:200002680; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymup1bhk1mtr0aa.filesusr.com"; classtype:attempted-recon; sid:200002681; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymup1bhkzmtn0aa.filesusr.com"; classtype:attempted-recon; sid:200002682; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymup1bmu0mtf0aa.filesusr.com"; classtype:attempted-recon; sid:200002683; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymup1bmuymzfzda.filesusr.com"; classtype:attempted-recon; sid:200002684; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymuphbnvhcnkxmzv0aa.filesusr.com"; classtype:attempted-recon; sid:200002685; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymurly2vtymvymjiyn3ro.filesusr.com"; classtype:attempted-recon; sid:200002686; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymvnlchrlbwjlcjizmxn0.filesusr.com"; classtype:attempted-recon; sid:200002687; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mk2.ge"; classtype:attempted-recon; sid:200002688; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mkjiool.weebly.com"; classtype:attempted-recon; sid:200002689; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mnbxa.73kfer9.cn"; classtype:attempted-recon; sid:200002690; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mncxx.qbeepor.cn"; classtype:attempted-recon; sid:200002691; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mnnbx.r1rpj09.cn"; classtype:attempted-recon; sid:200002692; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiile.systemredirect-pages.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; classtype:attempted-recon; sid:200002693; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobil-singaporre.digital-online-login-opportunity.com"; classtype:attempted-recon; sid:200002694; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobile-orange-forever.yolasite.com"; classtype:attempted-recon; sid:200002695; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobile-portail.live"; classtype:attempted-recon; sid:200002696; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobile.hedgesportst.me"; classtype:attempted-recon; sid:200002697; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"moccasinyellowbetatest--josekkk.repl.co"; classtype:attempted-recon; sid:200002698; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"moccasinyellowbetatest.josekkk.repl.co"; classtype:attempted-recon; sid:200002699; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"modest-hertz.45-81-232-15.plesk.page"; classtype:attempted-recon; sid:200002700; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mon-token.com"; classtype:attempted-recon; sid:200002701; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mon.espace.lcl.fr.certosini.info"; classtype:attempted-recon; sid:200002702; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"monbudri.xyz"; classtype:attempted-recon; sid:200002703; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mondrive.xyz"; classtype:attempted-recon; sid:200002704; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"monedri.xyz"; classtype:attempted-recon; sid:200002705; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"monirshouvo.github.io"; classtype:attempted-recon; sid:200002706; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"monomobileservice.yolasite.com"; classtype:attempted-recon; sid:200002707; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"monprofilclient.web.app"; classtype:attempted-recon; sid:200002708; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"monstercarp.rn86.ru"; classtype:attempted-recon; sid:200002709; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"montenegrolandscape.com"; classtype:attempted-recon; sid:200002710; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"montrealidiomas.com.br"; classtype:attempted-recon; sid:200002711; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"monyeward.com"; classtype:attempted-recon; sid:200002712; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"morcario.xyz"; classtype:attempted-recon; sid:200002713; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"morfybox.com"; classtype:attempted-recon; sid:200002714; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mqzlsim.mindlogicinfotech.com"; classtype:attempted-recon; sid:200002715; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mrpitchman.com"; classtype:attempted-recon; sid:200002716; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"msc-doelsach.at"; classtype:attempted-recon; sid:200002717; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mscc1s.ultimatefreehost.in"; classtype:attempted-recon; sid:200002718; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"msnserviceverifivation.wordpress.com"; classtype:attempted-recon; sid:200002719; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"msofficemessagescenter-1.mfs.gg"; classtype:attempted-recon; sid:200002720; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mtngifts2021.blogspot.com"; classtype:attempted-recon; sid:200002721; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mtron.in"; classtype:attempted-recon; sid:200002722; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mtsn1kotabekasi.sch.id"; classtype:attempted-recon; sid:200002723; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"muddy-credit-ea7b.0fflce-mlcr0sfot-online-supposrts3jp-tokcloud.workers.dev"; classtype:attempted-recon; sid:200002724; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mudraloans.biz"; classtype:attempted-recon; sid:200002725; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mufg.jp.yjfszs.com"; classtype:attempted-recon; sid:200002726; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"muriiityua.krywanbobaanja.link"; classtype:attempted-recon; sid:200002727; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mxrr.com"; classtype:attempted-recon; sid:200002728; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my-bithumb.web.app"; classtype:attempted-recon; sid:200002729; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my-gmail.ir"; classtype:attempted-recon; sid:200002730; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my-site219.yolasite.com"; classtype:attempted-recon; sid:200002731; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my.jcpwb.com"; classtype:attempted-recon; sid:200002732; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my.nhs-get-pass.com"; classtype:attempted-recon; sid:200002733; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my.paydi.login-index-home.x4typfc.cn"; classtype:attempted-recon; sid:200002734; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my.paydi.logining-nexy-home.en6cnm.asia"; classtype:attempted-recon; sid:200002735; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my02billing-login.com"; classtype:attempted-recon; sid:200002736; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"myaccount.aol.wallat-billing.com.authlog.gq"; classtype:attempted-recon; sid:200002737; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mycoerver.es"; classtype:attempted-recon; sid:200002738; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mygoogleaccount.stantrade.xyz"; classtype:attempted-recon; sid:200002739; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"myjcb.cyyptoi.cn"; classtype:attempted-recon; sid:200002740; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"myjcb.thxpj.cn"; classtype:attempted-recon; sid:200002741; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mymbg-aa2e2.web.app"; classtype:attempted-recon; sid:200002742; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mymeta-securearea.plesk07.zap-webspace.com"; classtype:attempted-recon; sid:200002743; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mymetamask-clientarea.185-236-231-227.plesk.page"; classtype:attempted-recon; sid:200002744; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mymweb-owner.at.ua"; classtype:attempted-recon; sid:200002745; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mypo-delivery.com"; classtype:attempted-recon; sid:200002746; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mypsm.psm.edu.mm"; classtype:attempted-recon; sid:200002747; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"myshedbuilder.com"; classtype:attempted-recon; sid:200002748; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mytheamsauthecent.wapgem.com"; classtype:attempted-recon; sid:200002749; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"myupdates-mynetflix.com"; classtype:attempted-recon; sid:200002750; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mywalletsvalidation.com"; classtype:attempted-recon; sid:200002751; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mzqualitycleaning.com"; classtype:attempted-recon; sid:200002752; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"n-naoko-0319.github.io"; classtype:attempted-recon; sid:200002753; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"n.salsomascard.top"; classtype:attempted-recon; sid:200002754; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"n26.sa-france.fr"; classtype:attempted-recon; sid:200002755; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"n26servicetechnique.click"; classtype:attempted-recon; sid:200002756; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"n7orton.com"; classtype:attempted-recon; sid:200002757; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nab-access-breach.com"; classtype:attempted-recon; sid:200002758; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nab-alert.mobi"; classtype:attempted-recon; sid:200002759; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nab-www.303.si"; classtype:attempted-recon; sid:200002760; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"naderkhani.ir"; classtype:attempted-recon; sid:200002761; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"najboljeuslugezavas.betterservicesforyou.com"; classtype:attempted-recon; sid:200002762; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nalandaias.com"; classtype:attempted-recon; sid:200002763; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nalodke.com.ua"; classtype:attempted-recon; sid:200002764; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nanjing.itud167.cn"; classtype:attempted-recon; sid:200002765; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"napgamelienquan.net"; classtype:attempted-recon; sid:200002766; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"naranja-users.auth0.com"; classtype:attempted-recon; sid:200002767; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"native-possession-josh-asks.trycloudflare.com"; classtype:attempted-recon; sid:200002768; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nattionaliy.000webhostapp.com"; classtype:attempted-recon; sid:200002769; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"natu-mx.com"; classtype:attempted-recon; sid:200002770; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"naturalrocksand.com"; classtype:attempted-recon; sid:200002771; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"natwest.nwolb-login-auth.com"; classtype:attempted-recon; sid:200002772; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"natwest.secure-auth-personal-device.com"; classtype:attempted-recon; sid:200002773; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"natwest.secured-online-verify.com"; classtype:attempted-recon; sid:200002774; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"natwest.secured-personal-verify.com"; classtype:attempted-recon; sid:200002775; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nayablabs.com"; classtype:attempted-recon; sid:200002776; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nayameehomes.com"; classtype:attempted-recon; sid:200002777; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbcc.0bit08a.cn"; classtype:attempted-recon; sid:200002778; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbcvs.gd65y69.cn"; classtype:attempted-recon; sid:200002779; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbcxa.lctlfdq.cn"; classtype:attempted-recon; sid:200002780; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbhjxa.hblhi96.cn"; classtype:attempted-recon; sid:200002781; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbnonres.com"; classtype:attempted-recon; sid:200002782; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbxaa.b1b6nac.cn"; classtype:attempted-recon; sid:200002783; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbxas.uabzfbm.cn"; classtype:attempted-recon; sid:200002784; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbxasd.rm625b.cn"; classtype:attempted-recon; sid:200002785; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbxha.74zdws.cn"; classtype:attempted-recon; sid:200002786; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbxza.giodzij.cn"; classtype:attempted-recon; sid:200002787; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ncgroup.club"; classtype:attempted-recon; sid:200002788; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"necessitymag.com"; classtype:attempted-recon; sid:200002789; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nedbankqa.flowblocks.com"; classtype:attempted-recon; sid:200002790; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nedriw.xyz"; classtype:attempted-recon; sid:200002791; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"neftlexi.com"; classtype:attempted-recon; sid:200002792; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"negociebra.com.br"; classtype:attempted-recon; sid:200002793; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"neptuneinnovations.com"; classtype:attempted-recon; sid:200002794; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"netciti.id"; classtype:attempted-recon; sid:200002795; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"netf1ix.us-891691712-local-781652.airalgeriecanada.ca"; classtype:attempted-recon; sid:200002796; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"netfl-lixids938mailmealkas.duckdns.org"; classtype:attempted-recon; sid:200002797; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"netflix-techarmy.me"; classtype:attempted-recon; sid:200002798; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"netflixus-uwm-916726-sbi-917827.kamaliakhaddar.pk"; classtype:attempted-recon; sid:200002799; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"networksol-f35e7.web.app"; classtype:attempted-recon; sid:200002800; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"neversencommun.fr"; classtype:attempted-recon; sid:200002801; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newlifenursery.com"; classtype:attempted-recon; sid:200002802; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newrydramafestival.co.uk"; classtype:attempted-recon; sid:200002803; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newsletter.pagueonlinebra.com.br"; classtype:attempted-recon; sid:200002804; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newsodisha.in"; classtype:attempted-recon; sid:200002805; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nextgensoftbd.com"; classtype:attempted-recon; sid:200002806; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nftsmainnet.com"; classtype:attempted-recon; sid:200002807; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhattinsteel.com"; classtype:attempted-recon; sid:200002808; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhbcd.40ggify.cn"; classtype:attempted-recon; sid:200002809; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhbcd.xitgfmh.cn"; classtype:attempted-recon; sid:200002810; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhbcda.g4g5mgc.cn"; classtype:attempted-recon; sid:200002811; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhbd.yl7g7qz.cn"; classtype:attempted-recon; sid:200002812; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhbdd.ncoavvx.cn"; classtype:attempted-recon; sid:200002813; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhfactor.com"; classtype:attempted-recon; sid:200002814; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhgcs.ugvvluf.cn"; classtype:attempted-recon; sid:200002815; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhhvd.zb06w77.cn"; classtype:attempted-recon; sid:200002816; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhri.net"; classtype:attempted-recon; sid:200002817; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhs.my-vaccine-status.com"; classtype:attempted-recon; sid:200002818; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"niagarapower.com"; classtype:attempted-recon; sid:200002819; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nic-home.com"; classtype:attempted-recon; sid:200002820; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nisuper.com"; classtype:attempted-recon; sid:200002821; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nizotchauffage.bilty.be"; classtype:attempted-recon; sid:200002822; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nontonvidioviral2022nohoax.duckdns.org"; classtype:attempted-recon; sid:200002823; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"northlane.esy.es"; classtype:attempted-recon; sid:200002824; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"notife.help.institutepages.workers.dev"; classtype:attempted-recon; sid:200002825; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"notification-fb.secure-pages.workers.dev"; classtype:attempted-recon; sid:200002826; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"notificationmember.mystrikingly.com"; classtype:attempted-recon; sid:200002827; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nour-ala-nour.com"; classtype:attempted-recon; sid:200002828; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"novolimitenu.azurewebsites.net"; classtype:attempted-recon; sid:200002829; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nserviceserviceat.mystrikingly.com"; classtype:attempted-recon; sid:200002830; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nslg8.codesandbox.io"; classtype:attempted-recon; sid:200002831; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nt.embluemail.com"; classtype:attempted-recon; sid:200002832; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nueva-acropolis.cl"; classtype:attempted-recon; sid:200002833; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nutroquin.com"; classtype:attempted-recon; sid:200002834; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nw-securedfailure.com"; classtype:attempted-recon; sid:200002835; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ny989.com"; classtype:attempted-recon; sid:200002836; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nyhet.cc"; classtype:attempted-recon; sid:200002837; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"o.scicemecod.com"; classtype:attempted-recon; sid:200002838; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"o2-failure-billing-update.com"; classtype:attempted-recon; sid:200002839; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"o2-updatebillingvia.com"; classtype:attempted-recon; sid:200002840; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"o2billingauth-update.com"; classtype:attempted-recon; sid:200002841; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"o2phone-billingupdate.com"; classtype:attempted-recon; sid:200002842; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oanmce.hjwxkugs.cn"; classtype:attempted-recon; sid:200002843; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ocareportesweb.webcindario.com"; classtype:attempted-recon; sid:200002844; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ocaxvefific.webcindario.com"; classtype:attempted-recon; sid:200002845; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oceantires.com"; classtype:attempted-recon; sid:200002846; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ocioturismogalicia.com"; classtype:attempted-recon; sid:200002847; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oco.or.tz"; classtype:attempted-recon; sid:200002848; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oddplug.cfd"; classtype:attempted-recon; sid:200002849; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"odiasamaj.net"; classtype:attempted-recon; sid:200002850; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offic365.online"; classtype:attempted-recon; sid:200002851; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offic4046217.sitebuilder.name.tools"; classtype:attempted-recon; sid:200002852; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"officeee.bubbleapps.io"; classtype:attempted-recon; sid:200002853; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"officialevent.way.live"; classtype:attempted-recon; sid:200002854; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"officialliker.co"; classtype:attempted-recon; sid:200002855; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ogrodywlochy.pl"; classtype:attempted-recon; sid:200002856; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oiasasca.asiocsacszc.xyz"; classtype:attempted-recon; sid:200002857; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oiasd.herorny.cn"; classtype:attempted-recon; sid:200002858; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oicm.oobqrxh.cn"; classtype:attempted-recon; sid:200002859; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oidda.5s2iamp.cn"; classtype:attempted-recon; sid:200002860; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oijcd.qvjcddv.cn"; classtype:attempted-recon; sid:200002861; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oikca.smwceku.cn"; classtype:attempted-recon; sid:200002862; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oikcas.6b914ty.cn"; classtype:attempted-recon; sid:200002863; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oikcxa.zvvx01z.cn"; classtype:attempted-recon; sid:200002864; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oivac.com"; classtype:attempted-recon; sid:200002865; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"okcs.qj8yua.cn"; classtype:attempted-recon; sid:200002866; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"okds.bbtlcve.cn"; classtype:attempted-recon; sid:200002867; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"okep-terbaru-viral-2022.duckdns.org"; classtype:attempted-recon; sid:200002868; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"okmca.8xcrn6w.cn"; classtype:attempted-recon; sid:200002869; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"okmca.bxkfham.cn"; classtype:attempted-recon; sid:200002870; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"okmca.uwudagu.cn"; classtype:attempted-recon; sid:200002871; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"okmxa.lfgpror.cn"; classtype:attempted-recon; sid:200002872; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"okpwtu.webwave.dev"; classtype:attempted-recon; sid:200002873; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"olidooo.waca.tw"; classtype:attempted-recon; sid:200002874; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"olk.us7apye.cn"; classtype:attempted-recon; sid:200002875; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"olmnxa.wc2ikux.cn"; classtype:attempted-recon; sid:200002876; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"olx-pay-pl.pay-id22343.top"; classtype:attempted-recon; sid:200002877; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"olx.saferegulatory.com"; classtype:attempted-recon; sid:200002878; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"omesqiwines.de"; classtype:attempted-recon; sid:200002879; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"omicronvariat.pagedemo.co"; classtype:attempted-recon; sid:200002880; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oncopharma-ae.com"; classtype:attempted-recon; sid:200002881; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onecreator.info"; classtype:attempted-recon; sid:200002882; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onedrive.zhaoge.workers.dev"; classtype:attempted-recon; sid:200002883; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onee-a0488.web.app"; classtype:attempted-recon; sid:200002884; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oneisallandone.web.app"; classtype:attempted-recon; sid:200002885; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oneone-19cd8.web.app"; classtype:attempted-recon; sid:200002886; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oneone-a38ef.web.app"; classtype:attempted-recon; sid:200002887; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"online-sistem.com"; classtype:attempted-recon; sid:200002888; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlineasesor01.hostfree.pw"; classtype:attempted-recon; sid:200002889; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlineffn2.temp.swtest.ru"; classtype:attempted-recon; sid:200002890; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlysportplus.com"; classtype:attempted-recon; sid:200002891; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ooxvocalor.yolasite.com"; classtype:attempted-recon; sid:200002892; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"opansea.live"; classtype:attempted-recon; sid:200002893; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"open24.ie-tsb.email"; classtype:attempted-recon; sid:200002894; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"opticabattilana.com.ar"; classtype:attempted-recon; sid:200002895; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"optika-anda.hr"; classtype:attempted-recon; sid:200002896; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ora-n.yolasite.com"; classtype:attempted-recon; sid:200002897; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orabu.it"; classtype:attempted-recon; sid:200002898; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orange-dcr.fr"; classtype:attempted-recon; sid:200002899; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orange-security.cloud.coreoz.com"; classtype:attempted-recon; sid:200002900; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orange.iobeya.com"; classtype:attempted-recon; sid:200002901; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orange.sphinxonline.net"; classtype:attempted-recon; sid:200002902; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orange2k22.wixsite.com"; classtype:attempted-recon; sid:200002903; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orangeb191.temp.swtest.ru"; classtype:attempted-recon; sid:200002904; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orangess.contactin.bio"; classtype:attempted-recon; sid:200002905; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"org-nr.yolasite.com"; classtype:attempted-recon; sid:200002906; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orlen-inwe.web.app"; classtype:attempted-recon; sid:200002907; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orlen-x.web.app"; classtype:attempted-recon; sid:200002908; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orlen.digital"; classtype:attempted-recon; sid:200002909; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ormantencs112.odoo.com"; classtype:attempted-recon; sid:200002910; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oryxcaracalsecurity.com"; classtype:attempted-recon; sid:200002911; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"osis.world"; classtype:attempted-recon; sid:200002912; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"otomoto-h229.net"; classtype:attempted-recon; sid:200002913; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"otomoto3452.com"; classtype:attempted-recon; sid:200002914; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"otwmaxx.com"; classtype:attempted-recon; sid:200002915; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oudczfbniitcqdsrmaapdztwqo-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200002916; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ourgarden.us"; classtype:attempted-recon; sid:200002917; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"outlook1541489.webcindario.com"; classtype:attempted-recon; sid:200002918; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"outlookcom119.yolasite.com"; classtype:attempted-recon; sid:200002919; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200002920; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"p1c.servleboncoinser.com"; classtype:attempted-recon; sid:200002921; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"package2021.blogspot.ba"; classtype:attempted-recon; sid:200002922; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"package2021.blogspot.bg"; classtype:attempted-recon; sid:200002923; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"package2021.blogspot.com"; classtype:attempted-recon; sid:200002924; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"page-restrict-case22456548.help"; classtype:attempted-recon; sid:200002925; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pages-1008009999700022199021.com"; classtype:attempted-recon; sid:200002926; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pages-1008097555214021.com"; classtype:attempted-recon; sid:200002927; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pages-alert-facebook.ezyro.com"; classtype:attempted-recon; sid:200002928; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pages-community-standart-2022.co"; classtype:attempted-recon; sid:200002929; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pages-marvelous-project.webflow.io"; classtype:attempted-recon; sid:200002930; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pages-support-office-2021.gq"; classtype:attempted-recon; sid:200002931; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pages-support-office-2021.tk"; classtype:attempted-recon; sid:200002932; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pages.secure-accts.workers.dev"; classtype:attempted-recon; sid:200002933; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pagesdetectscopyrightpostingactivitiesreported.co.vu"; classtype:attempted-recon; sid:200002934; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pagos.sinpemovil.cr"; classtype:attempted-recon; sid:200002935; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paleyeer.com"; classtype:attempted-recon; sid:200002936; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"palmm.ps"; classtype:attempted-recon; sid:200002937; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancaakesvap.com"; classtype:attempted-recon; sid:200002938; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancake-sawp.com"; classtype:attempted-recon; sid:200002939; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancake.ellipsis.finance"; classtype:attempted-recon; sid:200002940; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancake7wop.com"; classtype:attempted-recon; sid:200002941; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakesawpes.com"; classtype:attempted-recon; sid:200002942; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakesfinances.info"; classtype:attempted-recon; sid:200002943; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakesvvap-finance.org"; classtype:attempted-recon; sid:200002944; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswap.finance.tradechange.in"; classtype:attempted-recon; sid:200002945; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswap.men"; classtype:attempted-recon; sid:200002946; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswap.multi-wallet.info"; classtype:attempted-recon; sid:200002947; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswap.salsasourcing.com"; classtype:attempted-recon; sid:200002948; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswapes.company"; classtype:attempted-recon; sid:200002949; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswapex.com"; classtype:attempted-recon; sid:200002950; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswapexcgn.com"; classtype:attempted-recon; sid:200002951; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswapexch.com"; classtype:attempted-recon; sid:200002952; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswapexchage.com"; classtype:attempted-recon; sid:200002953; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswapexchg.com"; classtype:attempted-recon; sid:200002954; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswappshop.blogspot.com"; classtype:attempted-recon; sid:200002955; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancaku-swap.com"; classtype:attempted-recon; sid:200002956; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancalteswap.finance"; classtype:attempted-recon; sid:200002957; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"panckaceswap.finance"; classtype:attempted-recon; sid:200002958; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancoke.com"; classtype:attempted-recon; sid:200002959; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaskin.ru.com"; classtype:attempted-recon; sid:200002960; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"panelweb-4cae2.web.app"; classtype:attempted-recon; sid:200002961; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pankaceeswap.com"; classtype:attempted-recon; sid:200002962; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pankaceswapes.finance"; classtype:attempted-recon; sid:200002963; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pankakeswap.ledgity.com"; classtype:attempted-recon; sid:200002964; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pannelpub-benin.com"; classtype:attempted-recon; sid:200002965; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pansccakeswap.finance"; classtype:attempted-recon; sid:200002966; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pantazisezopiiuurmail1.web.app"; classtype:attempted-recon; sid:200002967; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pantekkalisakitkepalaku.blogspot.com"; classtype:attempted-recon; sid:200002968; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"parcel-support018.com"; classtype:attempted-recon; sid:200002969; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pardot.assemblecommunities.com"; classtype:attempted-recon; sid:200002970; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pasarbta.info"; classtype:attempted-recon; sid:200002971; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"passionfruit4576261.brizy.site"; classtype:attempted-recon; sid:200002972; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pateltutorials.com"; classtype:attempted-recon; sid:200002973; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"path.faithbible.institute"; classtype:attempted-recon; sid:200002974; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pathospitals.com"; classtype:attempted-recon; sid:200002975; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"patient-cell-40f5.updatedlogmylogin.workers.dev"; classtype:attempted-recon; sid:200002976; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"patwise.co.in"; classtype:attempted-recon; sid:200002977; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paws.org.au"; classtype:attempted-recon; sid:200002978; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paxfulmenu.com"; classtype:attempted-recon; sid:200002979; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pay-sera.web.app"; classtype:attempted-recon; sid:200002980; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pay16-olx.pl"; classtype:attempted-recon; sid:200002981; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paymentnotificationnow.blogspot.com"; classtype:attempted-recon; sid:200002982; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paypal-online-2deposits-paymentaccept.tk"; classtype:attempted-recon; sid:200002983; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paypal-opladen.be"; classtype:attempted-recon; sid:200002984; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paypalforex.co.ke"; classtype:attempted-recon; sid:200002985; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pdf-cloud-document.weeblysite.com"; classtype:attempted-recon; sid:200002986; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pdf-sharefile-doc.weeblysite.com"; classtype:attempted-recon; sid:200002987; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pdflogincnvwo.app.link"; classtype:attempted-recon; sid:200002988; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pdfsecured.mystrikingly.com"; classtype:attempted-recon; sid:200002989; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"peaceful-black.193-70-50-31.plesk.page"; classtype:attempted-recon; sid:200002990; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pembatalanakundinonaktifkan.weebly.com"; classtype:attempted-recon; sid:200002991; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pencakecwap.com"; classtype:attempted-recon; sid:200002992; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"perfectliker.net"; classtype:attempted-recon; sid:200002993; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"peringatanakunfb2k214.webnode.com"; classtype:attempted-recon; sid:200002994; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"phantom-walletweb.app"; classtype:attempted-recon; sid:200002995; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"phantomaa.com"; classtype:attempted-recon; sid:200002996; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"phishingloginmicrosoftonlinecom.zerotrustcorp.workers.dev"; classtype:attempted-recon; sid:200002997; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"phlexx.com"; classtype:attempted-recon; sid:200002998; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"phreshphoto.com"; classtype:attempted-recon; sid:200002999; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pichincha-datos1.webcindario.com"; classtype:attempted-recon; sid:200003000; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pichincha-datos2.webcindario.com"; classtype:attempted-recon; sid:200003001; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pichincha-datos3.webcindario.com"; classtype:attempted-recon; sid:200003002; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pichincha-datos5.webcindario.com"; classtype:attempted-recon; sid:200003003; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pichinchabank.webcindario.com"; classtype:attempted-recon; sid:200003004; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pichinchacomfi.webcindario.com"; classtype:attempted-recon; sid:200003005; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pichinchaecori.webcindario.com"; classtype:attempted-recon; sid:200003006; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pichinchauser.webcindario.com"; classtype:attempted-recon; sid:200003007; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pichinchverify.webcindario.com"; classtype:attempted-recon; sid:200003008; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"picnic.industries"; classtype:attempted-recon; sid:200003009; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pics.lookatmynewphotos.com"; classtype:attempted-recon; sid:200003010; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"piermontbridge.com"; classtype:attempted-recon; sid:200003011; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"piffvancouver.com"; classtype:attempted-recon; sid:200003012; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pikaresailing.com"; classtype:attempted-recon; sid:200003013; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pikay13.github.io"; classtype:attempted-recon; sid:200003014; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pilmezorda.temp.swtest.ru"; classtype:attempted-recon; sid:200003015; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pinchinchaverify.webcindario.com"; classtype:attempted-recon; sid:200003016; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pirana.co.rs"; classtype:attempted-recon; sid:200003017; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pl-swiatowe-wiadomosci.pl"; classtype:attempted-recon; sid:200003018; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pla1060604.nichost.ru"; classtype:attempted-recon; sid:200003019; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"plan-o2-monthlypayments.com"; classtype:attempted-recon; sid:200003020; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"planetaamor.org"; classtype:attempted-recon; sid:200003021; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"plasticaindia.com"; classtype:attempted-recon; sid:200003022; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"platinumserviceac.com"; classtype:attempted-recon; sid:200003023; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playgirlgold.com"; classtype:attempted-recon; sid:200003024; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ploferta.com"; classtype:attempted-recon; sid:200003025; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"plugmailextraexpiredoldpolicynotificationscenter.pages.dev"; classtype:attempted-recon; sid:200003026; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"plwiadomosciwszystkie.pl"; classtype:attempted-recon; sid:200003027; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"po-deliver-fees.com"; classtype:attempted-recon; sid:200003028; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"po-service-page.com"; classtype:attempted-recon; sid:200003029; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"poc-rewards-program-c2dfc.web.app"; classtype:attempted-recon; sid:200003030; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"podpiska-darom.ru"; classtype:attempted-recon; sid:200003031; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pokajca.web.app"; classtype:attempted-recon; sid:200003032; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pokcda.lnizi9c.cn"; classtype:attempted-recon; sid:200003033; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"poklsa.slodddz.cn"; classtype:attempted-recon; sid:200003034; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polcas.et0bgyf.cn"; classtype:attempted-recon; sid:200003035; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polcd.op59bk5.cn"; classtype:attempted-recon; sid:200003036; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polcda.qcgjwj7.cn"; classtype:attempted-recon; sid:200003037; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"poldf.gejzesp.cn"; classtype:attempted-recon; sid:200003038; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polds.gmj6f2.cn"; classtype:attempted-recon; sid:200003039; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"poliambulatorioadriatico.it"; classtype:attempted-recon; sid:200003040; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"poligrafiapias.com"; classtype:attempted-recon; sid:200003041; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polkadot-france.fr"; classtype:attempted-recon; sid:200003042; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polkastarter.app"; classtype:attempted-recon; sid:200003043; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polsd.pa0cpof.cn"; classtype:attempted-recon; sid:200003044; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polxa.uh8dg67.cn"; classtype:attempted-recon; sid:200003045; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polygon-pro.com"; classtype:attempted-recon; sid:200003046; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polygon-secure.com"; classtype:attempted-recon; sid:200003047; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polygon-technologyes.blogspot.com"; classtype:attempted-recon; sid:200003048; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pomnxaa.181gh1c.cn"; classtype:attempted-recon; sid:200003049; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"post-ch-de.34224.info"; classtype:attempted-recon; sid:200003050; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"post-ch-de.65241.org"; classtype:attempted-recon; sid:200003051; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"post-ch.de"; classtype:attempted-recon; sid:200003052; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"post-track.ch"; classtype:attempted-recon; sid:200003053; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"posta-romana.cameleon-digital.ro"; classtype:attempted-recon; sid:200003054; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"postaledsp2.conexion.fr.savealifemw.org"; classtype:attempted-recon; sid:200003055; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"postalfees-uk.com"; classtype:attempted-recon; sid:200003056; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"postalukservice.com"; classtype:attempted-recon; sid:200003057; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"postch9192.cargo.site"; classtype:attempted-recon; sid:200003058; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"postechsuivre.ileanamlaw.com"; classtype:attempted-recon; sid:200003059; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"postnl.post-tracking-delivery.etelinfra.com"; classtype:attempted-recon; sid:200003060; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"poww.6hkjmb.cn"; classtype:attempted-recon; sid:200003061; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ppkllp.com"; classtype:attempted-recon; sid:200003062; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ppnnttcc.ppcnthsc.me"; classtype:attempted-recon; sid:200003063; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"precisionimpex.com"; classtype:attempted-recon; sid:200003064; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"preg.dspearhead.com"; classtype:attempted-recon; sid:200003065; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"preg.marketingvici.com"; classtype:attempted-recon; sid:200003066; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prepaid-leboncoin.fr"; classtype:attempted-recon; sid:200003067; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"preppingconfidence.com"; classtype:attempted-recon; sid:200003068; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prernaindustries.com"; classtype:attempted-recon; sid:200003069; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"priceless-goldstine.35-185-184-61.plesk.page"; classtype:attempted-recon; sid:200003070; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"priceless-mccarthy-8674db.netlify.app"; classtype:attempted-recon; sid:200003071; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"primarypagesmetasecure.co.vu"; classtype:attempted-recon; sid:200003072; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"primeassi5.sslblindado.com"; classtype:attempted-recon; sid:200003073; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"primecentral.jihanjiaopo6.shop"; classtype:attempted-recon; sid:200003074; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"primecentral.jixinggaozhao2.shop"; classtype:attempted-recon; sid:200003075; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"primecentral.qiourn.shop"; classtype:attempted-recon; sid:200003076; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"primeone.org"; classtype:attempted-recon; sid:200003077; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"printtoner.com.mx"; classtype:attempted-recon; sid:200003078; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"privacy-update-page-prtections-association-recovry-secu.web.id"; classtype:attempted-recon; sid:200003079; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"privacy-update-secu-recovry-page-protection-4565544.web.id"; classtype:attempted-recon; sid:200003080; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"privacy-update-secu-recovry-page-protection-comunity-45.web.id"; classtype:attempted-recon; sid:200003081; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"priyankasandokar1606.github.io"; classtype:attempted-recon; sid:200003082; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pro.icloudremovaltool.com"; classtype:attempted-recon; sid:200003083; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"procservautomatizacion.com"; classtype:attempted-recon; sid:200003084; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.anon-rest-keep-reset.sales18130.workers.dev"; classtype:attempted-recon; sid:200003085; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.anon-step-keep-object.sales18130.workers.dev"; classtype:attempted-recon; sid:200003086; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.calm-limit-671e.ralph2481.workers.dev"; classtype:attempted-recon; sid:200003087; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.dry-snow-ddc20ffice.deuceice2.workers.dev"; classtype:attempted-recon; sid:200003088; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.keep-paper-account.sales18130.workers.dev"; classtype:attempted-recon; sid:200003089; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.lively-salad-1c42.updatelogaccountprogramedrfwerwrdhsmc.workers.dev"; classtype:attempted-recon; sid:200003090; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.passtruth-truth-5df4.pass-morn-reset-todaybringsjoy.workers.dev"; classtype:attempted-recon; sid:200003091; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.steep-poetry-1ba3.updatelogaccountprogramedrfwerwrdhscsw.workers.dev"; classtype:attempted-recon; sid:200003092; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.try-murpheos-keep.sales18130.workers.dev"; classtype:attempted-recon; sid:200003093; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.twilight-darkness-9e4b.updatelogaccountprogramedrfwerwrdhscsw.workers.dev"; classtype:attempted-recon; sid:200003094; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"project1-df3e9.web.app"; classtype:attempted-recon; sid:200003095; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"projectlovewell.com"; classtype:attempted-recon; sid:200003096; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"promehedinti.ro"; classtype:attempted-recon; sid:200003097; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"promerica-sv.webcindario.com"; classtype:attempted-recon; sid:200003098; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"promericalinea01.webcindario.com"; classtype:attempted-recon; sid:200003099; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"promo.mycorporate-rewards.net"; classtype:attempted-recon; sid:200003100; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prosmate.com"; classtype:attempted-recon; sid:200003101; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prosxsiuser.myfreesites.net"; classtype:attempted-recon; sid:200003102; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prosys.poweredbygravit-e.co.uk"; classtype:attempted-recon; sid:200003103; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"protect-4d56vca.surge.sh"; classtype:attempted-recon; sid:200003104; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"proteczzguuaaardzzzpagess.000webhostapp.com"; classtype:attempted-recon; sid:200003105; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"proteczzpagezzguarddzzz.000webhostapp.com"; classtype:attempted-recon; sid:200003106; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"provodi.com"; classtype:attempted-recon; sid:200003107; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"proximus-account.azurewebsites.net"; classtype:attempted-recon; sid:200003108; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ptxx.cc"; classtype:attempted-recon; sid:200003109; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pubgmobilevn.mobi"; classtype:attempted-recon; sid:200003110; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"publish-p43452-e180057.adobeaemcloud.com"; classtype:attempted-recon; sid:200003111; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"puffing.com.pk"; classtype:attempted-recon; sid:200003112; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pulihkan-accountt20001.webnode.page"; classtype:attempted-recon; sid:200003113; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"puroxymembrane.com"; classtype:attempted-recon; sid:200003114; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pvr0k.csb.app"; classtype:attempted-recon; sid:200003115; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pydttuxozmzjmjqxayxfxhycfr-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200003116; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qbocd.csb.app"; classtype:attempted-recon; sid:200003117; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qevwisdfztymporlndsckabdil-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200003118; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qf3nt.codesandbox.io"; classtype:attempted-recon; sid:200003119; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qfw.tosex35238.workers.dev"; classtype:attempted-recon; sid:200003120; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qhj39hfxqftr.clickfunnels.com"; classtype:attempted-recon; sid:200003121; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qhmqhgnfqbcoxkwamsioilhdmv-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200003122; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qsh74pekkv5e8.clickfunnels.com"; classtype:attempted-recon; sid:200003123; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qssa.x5yrlr.cn"; classtype:attempted-recon; sid:200003124; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quinaroja.com"; classtype:attempted-recon; sid:200003125; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quotex-qx.com"; classtype:attempted-recon; sid:200003126; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qwas.nfi71vw.cn"; classtype:attempted-recon; sid:200003127; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qwea.wvhee0w.cn"; classtype:attempted-recon; sid:200003128; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qweas.hi5g95r.cn"; classtype:attempted-recon; sid:200003129; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qweas.p6rhddj.cn"; classtype:attempted-recon; sid:200003130; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qweas.zwfaclq.cn"; classtype:attempted-recon; sid:200003131; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qxluatbght.cfolks.pl"; classtype:attempted-recon; sid:200003132; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"r3c31v30n3-1d3nt1ty.000webhostapp.com"; classtype:attempted-recon; sid:200003133; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rabellartz.de"; classtype:attempted-recon; sid:200003134; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rabofree.blogspot.com"; classtype:attempted-recon; sid:200003135; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rabofree.blogspot.li"; classtype:attempted-recon; sid:200003136; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rackenfordlabs.com"; classtype:attempted-recon; sid:200003137; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"racuten.nuef.info"; classtype:attempted-recon; sid:200003138; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"radhikamd.github.io"; classtype:attempted-recon; sid:200003139; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rafbbmx.ml"; classtype:attempted-recon; sid:200003140; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"raipurrussianescorts.com"; classtype:attempted-recon; sid:200003141; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rakoten-card.buogfbizkugf.gq"; classtype:attempted-recon; sid:200003142; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rakoten-card.bycsaxwdqunhh.gq"; classtype:attempted-recon; sid:200003143; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rakoten-card.motpefhnpvyz.gq"; classtype:attempted-recon; sid:200003144; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rakoten.potex.info"; classtype:attempted-recon; sid:200003145; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"raktuen.laobanlocker.com"; classtype:attempted-recon; sid:200003146; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rakuitan-card.info"; classtype:attempted-recon; sid:200003147; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rakuten.awjoadc.cn"; classtype:attempted-recon; sid:200003148; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rakuten.card.nuosreaoms.com"; classtype:attempted-recon; sid:200003149; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rakuten.card.uosmcoua.com"; classtype:attempted-recon; sid:200003150; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rakuthn.shop"; classtype:attempted-recon; sid:200003151; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rakuttm.shop"; classtype:attempted-recon; sid:200003152; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ramgarhiamatrimonial.ca"; classtype:attempted-recon; sid:200003153; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rareelements.io"; classtype:attempted-recon; sid:200003154; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rasmer.fi"; classtype:attempted-recon; sid:200003155; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ratewatch.net"; classtype:attempted-recon; sid:200003156; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"raycargo.com"; classtype:attempted-recon; sid:200003157; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"raydiom.io"; classtype:attempted-recon; sid:200003158; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"razcjjf.ga"; classtype:attempted-recon; sid:200003159; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"razcjjf.ml"; classtype:attempted-recon; sid:200003160; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rbcmontgomery.com"; classtype:attempted-recon; sid:200003161; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rd8um.app.link"; classtype:attempted-recon; sid:200003162; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rdirtfuo6t.vov.ru"; classtype:attempted-recon; sid:200003163; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"re-direct-me.com"; classtype:attempted-recon; sid:200003164; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"re-redirection-acc-id923872635122.blogspot.com"; classtype:attempted-recon; sid:200003165; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"real-anon-keep-passing-word.rvsla.workers.dev"; classtype:attempted-recon; sid:200003166; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"realestate-page-10843446024.expresspestcontrol.co.nz"; classtype:attempted-recon; sid:200003167; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"realindiatravel.com"; classtype:attempted-recon; sid:200003168; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reconfirmpost287846656.us"; classtype:attempted-recon; sid:200003169; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recover-pages-media-problems-secur-782.web.id"; classtype:attempted-recon; sid:200003170; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recover-pages-secur-media-problems-393.web.id"; classtype:attempted-recon; sid:200003171; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recover-pages-secur-media-problems-397.web.id"; classtype:attempted-recon; sid:200003172; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recovery-chain.com"; classtype:attempted-recon; sid:200003173; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recovery-fb.secure-acct.workers.dev"; classtype:attempted-recon; sid:200003174; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"red-limit-db0e.chseonlinelogins.workers.dev"; classtype:attempted-recon; sid:200003175; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"redbysfrgroupebox.myfreesites.net"; classtype:attempted-recon; sid:200003176; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"redeem-microsoft-code.sitey.me"; classtype:attempted-recon; sid:200003177; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rediractionid547012016089540218057.blogspot.com"; classtype:attempted-recon; sid:200003178; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"redpichincha.webcindario.com"; classtype:attempted-recon; sid:200003179; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reg-3da7f.web.app"; classtype:attempted-recon; sid:200003180; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reg.chaindaohang.com"; classtype:attempted-recon; sid:200003181; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"regisdrive.xyz"; classtype:attempted-recon; sid:200003182; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"register-my-device.com"; classtype:attempted-recon; sid:200003183; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"registerdrive.xyz"; classtype:attempted-recon; sid:200003184; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reglic.in"; classtype:attempted-recon; sid:200003185; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"regularsweeps.xyz"; classtype:attempted-recon; sid:200003186; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reignbike.com"; classtype:attempted-recon; sid:200003187; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reikisadhna.com"; classtype:attempted-recon; sid:200003188; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"relevant.systems"; classtype:attempted-recon; sid:200003189; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"remittance369297292749.goshly.com"; classtype:attempted-recon; sid:200003190; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"renovkonstruksi.com"; classtype:attempted-recon; sid:200003191; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"repl-mess.myfreesites.net"; classtype:attempted-recon; sid:200003192; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"restore.exodusapp.ru"; classtype:attempted-recon; sid:200003193; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"restoredabefore-com.filesusr.com"; classtype:attempted-recon; sid:200003194; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"restorewallet-activation.net"; classtype:attempted-recon; sid:200003195; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"retiro-extracash.com"; classtype:attempted-recon; sid:200003196; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"retiro.cl"; classtype:attempted-recon; sid:200003197; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"retraiteenaction.ca"; classtype:attempted-recon; sid:200003198; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"retrospectiveplanningenforcementwestsussex.co.uk"; classtype:attempted-recon; sid:200003199; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"retrouve-particulier-mailaccord.globaltvnepal.com"; classtype:attempted-recon; sid:200003200; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rev.sfr.net.gghost.ru"; classtype:attempted-recon; sid:200003201; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"review-mynew-device.com"; classtype:attempted-recon; sid:200003202; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reviewbook.org"; classtype:attempted-recon; sid:200003203; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"revistametro.com.ar"; classtype:attempted-recon; sid:200003204; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reximane.cf"; classtype:attempted-recon; sid:200003205; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"riptide-operation.ru.com"; classtype:attempted-recon; sid:200003206; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"riveroflife.org.in"; classtype:attempted-recon; sid:200003207; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rizarichempire.com"; classtype:attempted-recon; sid:200003208; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rizkyinterior.com"; classtype:attempted-recon; sid:200003209; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rkanet.com"; classtype:attempted-recon; sid:200003210; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rkt-co.f1ss.co"; classtype:attempted-recon; sid:200003211; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rlink.vn"; classtype:attempted-recon; sid:200003212; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rmsfcc.com"; classtype:attempted-recon; sid:200003213; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rnercarl-security.co.ip.rnamso.shop"; classtype:attempted-recon; sid:200003214; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rnercarl.co.jp.merinosimo.shop"; classtype:attempted-recon; sid:200003215; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roadgo.co.uk"; classtype:attempted-recon; sid:200003216; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"robloxrun.000webhostapp.com"; classtype:attempted-recon; sid:200003217; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roccobonheur1-my-cheetah-website-copy.cheetah.builderall.com"; classtype:attempted-recon; sid:200003218; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roisnoob.github.io"; classtype:attempted-recon; sid:200003219; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rokulinktechnology.com"; classtype:attempted-recon; sid:200003220; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rolinadd.surveysparrow.com"; classtype:attempted-recon; sid:200003221; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"romanceify.com"; classtype:attempted-recon; sid:200003222; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rondalowa.blogspot.com"; classtype:attempted-recon; sid:200003223; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rondelbarrilito.com"; classtype:attempted-recon; sid:200003224; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ronin-help.com"; classtype:attempted-recon; sid:200003225; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roninwallet-connect.com"; classtype:attempted-recon; sid:200003226; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roninwallet.cm"; classtype:attempted-recon; sid:200003227; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rotimi.pandaform.com"; classtype:attempted-recon; sid:200003228; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roundcube-2c46f.web.app"; classtype:attempted-recon; sid:200003229; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roundcube-production-cf.tx1.mailhostbox.com"; classtype:attempted-recon; sid:200003230; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"routeksa.com"; classtype:attempted-recon; sid:200003231; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"royalwindsorpub.com"; classtype:attempted-recon; sid:200003232; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roygijvhluozwnflsypmewrstt-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200003233; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rplg.co"; classtype:attempted-recon; sid:200003234; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rrakutenn.co.jp.azii.cn"; classtype:attempted-recon; sid:200003235; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rrakutenn.co.jp.nanofresh.cn"; classtype:attempted-recon; sid:200003236; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rsujkblokqlyqfonpzgztejdji-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200003237; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rufoxxy.com"; classtype:attempted-recon; sid:200003238; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runescape-info.com"; classtype:attempted-recon; sid:200003239; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ruth.martulangbelulalng.workers.dev"; classtype:attempted-recon; sid:200003240; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ryanicolehoward.com"; classtype:attempted-recon; sid:200003241; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rymproducciones.com"; classtype:attempted-recon; sid:200003242; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"s-sarfati.co.il"; classtype:attempted-recon; sid:200003243; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"s.macecri.com"; classtype:attempted-recon; sid:200003244; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"s5vzr.app.link"; classtype:attempted-recon; sid:200003245; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"s787v.cn"; classtype:attempted-recon; sid:200003246; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sa.macecri.com"; classtype:attempted-recon; sid:200003247; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sadervoyages.intnet.mu"; classtype:attempted-recon; sid:200003248; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safty.summarycheck.workers.dev"; classtype:attempted-recon; sid:200003249; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"saintbarkleyshoes.com"; classtype:attempted-recon; sid:200003250; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"saitadobrasil.com.br"; classtype:attempted-recon; sid:200003251; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"saldospc.com"; classtype:attempted-recon; sid:200003252; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"saliksnas.lojaintegrada.com.br"; classtype:attempted-recon; sid:200003253; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"salmanfarsi01.github.io"; classtype:attempted-recon; sid:200003254; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"saludypension.com"; classtype:attempted-recon; sid:200003255; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"samarahonda.com"; classtype:attempted-recon; sid:200003256; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"samihalyaman.com"; classtype:attempted-recon; sid:200003257; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"samvoktor.com"; classtype:attempted-recon; sid:200003258; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sanasunty.site"; classtype:attempted-recon; sid:200003259; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sandeeppk03.github.io"; classtype:attempted-recon; sid:200003260; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sandhu.codebucketitsolutions.com"; classtype:attempted-recon; sid:200003261; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sanjilkumar.com"; classtype:attempted-recon; sid:200003262; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sankyo-rz.com"; classtype:attempted-recon; sid:200003263; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sanru.cd"; classtype:attempted-recon; sid:200003264; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"santander.secured-auth-login.com"; classtype:attempted-recon; sid:200003265; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"santanverifyfunction.com"; classtype:attempted-recon; sid:200003266; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"santepluspharma.eclatmediasolution.website"; classtype:attempted-recon; sid:200003267; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"santoshdangi.com.np"; classtype:attempted-recon; sid:200003268; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"saritapariyar.com.np"; classtype:attempted-recon; sid:200003269; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"satay-secur.reconfimations.pagedisabled.workers.dev"; classtype:attempted-recon; sid:200003270; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"satemi.com.ve"; classtype:attempted-recon; sid:200003271; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"satonteams.co.uk"; classtype:attempted-recon; sid:200003272; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"savingsfordentalcare.com"; classtype:attempted-recon; sid:200003273; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sbi.mx"; classtype:attempted-recon; sid:200003274; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sbs-siebanlagen.de"; classtype:attempted-recon; sid:200003275; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sc.macecri.com"; classtype:attempted-recon; sid:200003276; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sc.scicemecod.com"; classtype:attempted-recon; sid:200003277; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sca.scicemecod.com"; classtype:attempted-recon; sid:200003278; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sdgvsdvsdvs.blogspot.com"; classtype:attempted-recon; sid:200003279; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"se.scicemecod.com"; classtype:attempted-recon; sid:200003280; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sebat-dhl.blogspot.com"; classtype:attempted-recon; sid:200003281; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sebene27.github.io"; classtype:attempted-recon; sid:200003282; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secur-standard-media-recover-pages-problems-159.web.id"; classtype:attempted-recon; sid:200003283; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure-boncoincontrol.net"; classtype:attempted-recon; sid:200003284; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure-halifax-device.com"; classtype:attempted-recon; sid:200003285; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure-mynew-devices.com"; classtype:attempted-recon; sid:200003286; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure-runescape.xgm.rnp.mybluehost.me"; classtype:attempted-recon; sid:200003287; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure-service-gateway.com"; classtype:attempted-recon; sid:200003288; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure-zirox.s3.ap-southeast-2.amazonaws.com"; classtype:attempted-recon; sid:200003289; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.legalmetric.com"; classtype:attempted-recon; sid:200003290; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.oldschool.com-cl.ru"; classtype:attempted-recon; sid:200003291; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.oldschool.com-cu.ru"; classtype:attempted-recon; sid:200003292; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.oldschool.com-cv.ru"; classtype:attempted-recon; sid:200003293; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.oldschool.com-oz.ru"; classtype:attempted-recon; sid:200003294; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.oldschool.com-rsu.ru"; classtype:attempted-recon; sid:200003295; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-as.cz"; classtype:attempted-recon; sid:200003296; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-az.ru"; classtype:attempted-recon; sid:200003297; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-cl.ru"; classtype:attempted-recon; sid:200003298; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-co.ru"; classtype:attempted-recon; sid:200003299; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-cu.ru"; classtype:attempted-recon; sid:200003300; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-cv.ru"; classtype:attempted-recon; sid:200003301; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-or.ru"; classtype:attempted-recon; sid:200003302; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-oz.ru"; classtype:attempted-recon; sid:200003303; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-rse.ru"; classtype:attempted-recon; sid:200003304; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-rsu.ru"; classtype:attempted-recon; sid:200003305; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-vs.ru"; classtype:attempted-recon; sid:200003306; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure300.inmotionhosting.com"; classtype:attempted-recon; sid:200003307; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure303.inmotionhosting.com"; classtype:attempted-recon; sid:200003308; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure55.webhostinghub.com"; classtype:attempted-recon; sid:200003309; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure7-servr01-log-in.4nmn.com"; classtype:attempted-recon; sid:200003310; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securee37-authen21.duckdns.org"; classtype:attempted-recon; sid:200003311; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securegateway-ovhcloud.csl-sl.de"; classtype:attempted-recon; sid:200003312; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securelloyd-help-app.com"; classtype:attempted-recon; sid:200003313; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"security-page-community-standards.blogspot.com"; classtype:attempted-recon; sid:200003314; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seguridad-oca.webcindario.com"; classtype:attempted-recon; sid:200003315; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seleb-indo.duckdns.org"; classtype:attempted-recon; sid:200003316; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"selector26.gg"; classtype:attempted-recon; sid:200003317; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"selector28.gg"; classtype:attempted-recon; sid:200003318; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sem.my-drs.co.uk"; classtype:attempted-recon; sid:200003319; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sen-manole.firebaseapp.com"; classtype:attempted-recon; sid:200003320; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sendo-meso.firebaseapp.com"; classtype:attempted-recon; sid:200003321; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sendung.eyecatch.ch"; classtype:attempted-recon; sid:200003322; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sergebubnin.space"; classtype:attempted-recon; sid:200003323; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sertyxese.myfreesites.net"; classtype:attempted-recon; sid:200003324; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"server-networksolutions.web.app"; classtype:attempted-recon; sid:200003325; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"serverprotocols.com"; classtype:attempted-recon; sid:200003326; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck103.web.app"; classtype:attempted-recon; sid:200003327; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck104.web.app"; classtype:attempted-recon; sid:200003328; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck105.web.app"; classtype:attempted-recon; sid:200003329; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck107.web.app"; classtype:attempted-recon; sid:200003330; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck108.web.app"; classtype:attempted-recon; sid:200003331; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck111.web.app"; classtype:attempted-recon; sid:200003332; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck112.web.app"; classtype:attempted-recon; sid:200003333; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck117.web.app"; classtype:attempted-recon; sid:200003334; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck118.web.app"; classtype:attempted-recon; sid:200003335; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck121.web.app"; classtype:attempted-recon; sid:200003336; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck122.web.app"; classtype:attempted-recon; sid:200003337; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck123.web.app"; classtype:attempted-recon; sid:200003338; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck126.web.app"; classtype:attempted-recon; sid:200003339; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck127.web.app"; classtype:attempted-recon; sid:200003340; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck129.web.app"; classtype:attempted-recon; sid:200003341; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck13.web.app"; classtype:attempted-recon; sid:200003342; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck130.web.app"; classtype:attempted-recon; sid:200003343; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck134.web.app"; classtype:attempted-recon; sid:200003344; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck135.web.app"; classtype:attempted-recon; sid:200003345; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck137.web.app"; classtype:attempted-recon; sid:200003346; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck138.web.app"; classtype:attempted-recon; sid:200003347; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck139.web.app"; classtype:attempted-recon; sid:200003348; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck14.web.app"; classtype:attempted-recon; sid:200003349; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck140.web.app"; classtype:attempted-recon; sid:200003350; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck142.web.app"; classtype:attempted-recon; sid:200003351; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck143.web.app"; classtype:attempted-recon; sid:200003352; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck145.web.app"; classtype:attempted-recon; sid:200003353; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck149.web.app"; classtype:attempted-recon; sid:200003354; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck155.web.app"; classtype:attempted-recon; sid:200003355; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck207.web.app"; classtype:attempted-recon; sid:200003356; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck21.web.app"; classtype:attempted-recon; sid:200003357; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck23.web.app"; classtype:attempted-recon; sid:200003358; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck334.web.app"; classtype:attempted-recon; sid:200003359; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck36.web.app"; classtype:attempted-recon; sid:200003360; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck410.web.app"; classtype:attempted-recon; sid:200003361; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck429.web.app"; classtype:attempted-recon; sid:200003362; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck442.web.app"; classtype:attempted-recon; sid:200003363; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck443.web.app"; classtype:attempted-recon; sid:200003364; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck46.web.app"; classtype:attempted-recon; sid:200003365; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck54.web.app"; classtype:attempted-recon; sid:200003366; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck60.web.app"; classtype:attempted-recon; sid:200003367; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck70.web.app"; classtype:attempted-recon; sid:200003368; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck736.web.app"; classtype:attempted-recon; sid:200003369; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck74.web.app"; classtype:attempted-recon; sid:200003370; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck75.web.app"; classtype:attempted-recon; sid:200003371; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck77.web.app"; classtype:attempted-recon; sid:200003372; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck8.web.app"; classtype:attempted-recon; sid:200003373; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck87.web.app"; classtype:attempted-recon; sid:200003374; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck995.web.app"; classtype:attempted-recon; sid:200003375; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"service-lkdn2020.gacconstrutora.com.br"; classtype:attempted-recon; sid:200003376; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"serviceinfo-securehost.duckdns.org"; classtype:attempted-recon; sid:200003377; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servicepage.service-page.workers.dev"; classtype:attempted-recon; sid:200003378; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servicepichincha.webcindario.com"; classtype:attempted-recon; sid:200003379; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"services.runescape.com-as.cz"; classtype:attempted-recon; sid:200003380; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"services.runescape.com-oc.ru"; classtype:attempted-recon; sid:200003381; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"services.runescape.com-rse.ru"; classtype:attempted-recon; sid:200003382; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"services.runescape.com-rsu.ru"; classtype:attempted-recon; sid:200003383; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servicesbancaire.com"; classtype:attempted-recon; sid:200003384; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"serviciosbndigitales.com"; classtype:attempted-recon; sid:200003385; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servics.validationsecuradm.workers.dev"; classtype:attempted-recon; sid:200003386; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servinform.quadientcloud.eu"; classtype:attempted-recon; sid:200003387; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"setupmynorton.square.site"; classtype:attempted-recon; sid:200003388; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seul.unilurio.ac.mz"; classtype:attempted-recon; sid:200003389; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sevoudryserviciobomail.dudaone.com"; classtype:attempted-recon; sid:200003390; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sfc.com.vn"; classtype:attempted-recon; sid:200003391; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sfex12sec.web.app"; classtype:attempted-recon; sid:200003392; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sfirstrepublic.coms.cso.gov.tt"; classtype:attempted-recon; sid:200003393; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sfr.provad.fr"; classtype:attempted-recon; sid:200003394; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sfrpanel.lws.fr"; classtype:attempted-recon; sid:200003395; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sgtbalde991-dot-still-dynamics-321006.ue.r.appspot.com"; classtype:attempted-recon; sid:200003396; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shafischools.com"; classtype:attempted-recon; sid:200003397; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shamajastore.co.ke"; classtype:attempted-recon; sid:200003398; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shanky0.github.io"; classtype:attempted-recon; sid:200003399; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shanza.epos.com.pk"; classtype:attempted-recon; sid:200003400; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"share-eu1.hsforms.com"; classtype:attempted-recon; sid:200003401; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"share.chamaileon.io"; classtype:attempted-recon; sid:200003402; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shared-file.square.site"; classtype:attempted-recon; sid:200003403; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sharedfax815201376.wordpress.com"; classtype:attempted-recon; sid:200003404; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sharedtris.com"; classtype:attempted-recon; sid:200003405; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sharelink.sn.am"; classtype:attempted-recon; sid:200003406; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shayvardphoto.ir"; classtype:attempted-recon; sid:200003407; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shinex.lk"; classtype:attempted-recon; sid:200003408; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shirhokos-mhalskbsiaoutfew43535.duckdns.org"; classtype:attempted-recon; sid:200003409; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shirtshanger.com"; classtype:attempted-recon; sid:200003410; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shiye666.cn"; classtype:attempted-recon; sid:200003411; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shop.cmfurnituremall.com"; classtype:attempted-recon; sid:200003412; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shop.ewerest-stroi.ru"; classtype:attempted-recon; sid:200003413; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopeecoins.blogspot.com"; classtype:attempted-recon; sid:200003414; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shrutidhall.com"; classtype:attempted-recon; sid:200003415; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sidneyfcuorg.freshy.site"; classtype:attempted-recon; sid:200003416; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sign-trk.empressmd.com"; classtype:attempted-recon; sid:200003417; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"signin-gcq7uwojrw58brcckylebjuy39nk2ivt65ol39k6ut6ura94zk.website.yandexcloud.net"; classtype:attempted-recon; sid:200003418; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"signin-payeer.com"; classtype:attempted-recon; sid:200003419; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"signin.eday.ed.ws.eday.ispi.dll.signin.using.ssl.hors-stade.com"; classtype:attempted-recon; sid:200003420; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"silkroadwines.com"; classtype:attempted-recon; sid:200003421; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"silpovsatb-ua.online"; classtype:attempted-recon; sid:200003422; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"silverberrygroup.com"; classtype:attempted-recon; sid:200003423; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sim0nt0k-viral-terbaru-2022.duckdns.org"; classtype:attempted-recon; sid:200003424; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"simpkk.karanganyarkab.go.id"; classtype:attempted-recon; sid:200003425; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sindarspen.org.br"; classtype:attempted-recon; sid:200003426; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"siporados15585.blogspot.com"; classtype:attempted-recon; sid:200003427; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sirak.se"; classtype:attempted-recon; sid:200003428; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"site-4403463-3995-6112.mystrikingly.com"; classtype:attempted-recon; sid:200003429; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"site9423623.92.webydo.com"; classtype:attempted-recon; sid:200003430; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"site9423773.92.webydo.com"; classtype:attempted-recon; sid:200003431; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"site9434107.92.webydo.com"; classtype:attempted-recon; sid:200003432; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"site9548676.92.webydo.com"; classtype:attempted-recon; sid:200003433; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"site9551459.92.webydo.com"; classtype:attempted-recon; sid:200003434; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"site9552191.92.webydo.com"; classtype:attempted-recon; sid:200003435; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"site9606042.92.webydo.com"; classtype:attempted-recon; sid:200003436; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sitebrasil.azurewebsites.net"; classtype:attempted-recon; sid:200003437; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sitebuilder152832.dynadot.com"; classtype:attempted-recon; sid:200003438; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sitebuilder152935.dynadot.com"; classtype:attempted-recon; sid:200003439; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sitemodify.com"; classtype:attempted-recon; sid:200003440; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"situs-facebook-resmi21.webnode.com"; classtype:attempted-recon; sid:200003441; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"situs-layanan-pemulihan4.webnode.com"; classtype:attempted-recon; sid:200003442; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"situs-pemulihan-resmi0.webnode.com"; classtype:attempted-recon; sid:200003443; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"six-group.xyz"; classtype:attempted-recon; sid:200003444; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sk128.sbs"; classtype:attempted-recon; sid:200003445; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sklepkody.pl"; classtype:attempted-recon; sid:200003446; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"skradvanidance.business.site"; classtype:attempted-recon; sid:200003447; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"skybttv.com"; classtype:attempted-recon; sid:200003448; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"skygobank.com"; classtype:attempted-recon; sid:200003449; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"skylerclarkmusic.com"; classtype:attempted-recon; sid:200003450; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"skymavis-accountupdate.com"; classtype:attempted-recon; sid:200003451; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"skymavisupport.com"; classtype:attempted-recon; sid:200003452; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"slavamel.github.io"; classtype:attempted-recon; sid:200003453; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sleepmaskz.com"; classtype:attempted-recon; sid:200003454; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"slickparties.com"; classtype:attempted-recon; sid:200003455; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"slmkufeckf.jon-jensen.workers.dev"; classtype:attempted-recon; sid:200003456; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"slovenska-posta.sytes.net"; classtype:attempted-recon; sid:200003457; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"slowlinebag.jp"; classtype:attempted-recon; sid:200003458; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sm.scicemecod.com"; classtype:attempted-recon; sid:200003459; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sm777.csb.app"; classtype:attempted-recon; sid:200003460; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smbc-accout.com"; classtype:attempted-recon; sid:200003461; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smbc-credit.shop"; classtype:attempted-recon; sid:200003462; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smbc-veaiana.com"; classtype:attempted-recon; sid:200003463; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smbcbc.com"; classtype:attempted-recon; sid:200003464; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smbccjp.shop"; classtype:attempted-recon; sid:200003465; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smbcr.mrtka.info"; classtype:attempted-recon; sid:200003466; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smbcwodeqingguoshoujicojp.top"; classtype:attempted-recon; sid:200003467; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smeo.org.mx"; classtype:attempted-recon; sid:200003468; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smgolamalif.github.io"; classtype:attempted-recon; sid:200003469; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smirl.org"; classtype:attempted-recon; sid:200003470; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smkkesehatanjember.sch.id"; classtype:attempted-recon; sid:200003471; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smmsvocal.yolasite.com"; classtype:attempted-recon; sid:200003472; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sms-check.sc-q.top"; classtype:attempted-recon; sid:200003473; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sms-shorter.com"; classtype:attempted-recon; sid:200003474; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smsbc-info5.com"; classtype:attempted-recon; sid:200003475; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smsenligne.myfreesites.net"; classtype:attempted-recon; sid:200003476; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smsorangephonemail.myfreesites.net"; classtype:attempted-recon; sid:200003477; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smsorangesmsmessage.myfreesites.net"; classtype:attempted-recon; sid:200003478; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smss-mms.yolasite.com"; classtype:attempted-recon; sid:200003479; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smsverificationmms.myfreesites.net"; classtype:attempted-recon; sid:200003480; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smwam.coms.cso.gov.tt"; classtype:attempted-recon; sid:200003481; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"so.macecri.com"; classtype:attempted-recon; sid:200003482; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"soaringskiesrentals.com"; classtype:attempted-recon; sid:200003483; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"soci-molen.web.app"; classtype:attempted-recon; sid:200003484; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"socialpinch.com"; classtype:attempted-recon; sid:200003485; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sofe-firma.firebaseapp.com"; classtype:attempted-recon; sid:200003486; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"soft-cell-8148.updateloginprogram.workers.dev"; classtype:attempted-recon; sid:200003487; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"soft-grass-1edd.acc-update.workers.dev"; classtype:attempted-recon; sid:200003488; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sognointerno.com"; classtype:attempted-recon; sid:200003489; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"solicitarfirmaelectronica-sv.com"; classtype:attempted-recon; sid:200003490; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"solyanayakomnata.ru"; classtype:attempted-recon; sid:200003491; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sopac.org.py"; classtype:attempted-recon; sid:200003492; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"soracoes.xyz"; classtype:attempted-recon; sid:200003493; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"souaxwaoh.myfreesites.net"; classtype:attempted-recon; sid:200003494; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"soude-masi.firebaseapp.com"; classtype:attempted-recon; sid:200003495; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"soufsont.blogspot.com"; classtype:attempted-recon; sid:200003496; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"soulocaredirect.webcindario.com"; classtype:attempted-recon; sid:200003497; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"soumya252000.github.io"; classtype:attempted-recon; sid:200003498; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"souravtech.com"; classtype:attempted-recon; sid:200003499; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"southamerica-east1-hardy-magpie-334101.cloudfunctions.net"; classtype:attempted-recon; sid:200003500; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"southamerica-east1-manifest-design-330523.cloudfunctions.net"; classtype:attempted-recon; sid:200003501; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"southamerica-east1-my-project-90086352.cloudfunctions.net"; classtype:attempted-recon; sid:200003502; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"southamerica-east1-noted-minutia-330211.cloudfunctions.net"; classtype:attempted-recon; sid:200003503; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sp477389.sitebeat.site"; classtype:attempted-recon; sid:200003504; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sp701876.sitebeat.site"; classtype:attempted-recon; sid:200003505; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spacemanagerent.webcindario.com"; classtype:attempted-recon; sid:200003506; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spark.shaheenwrites.com"; classtype:attempted-recon; sid:200003507; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sparkasse-vereinsbanken.xyz"; classtype:attempted-recon; sid:200003508; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sparkasse.de.internet-filiale.co"; classtype:attempted-recon; sid:200003509; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sparxinteriors.co.zw"; classtype:attempted-recon; sid:200003510; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"specialnotice.pricesamazonlogincard.shop"; classtype:attempted-recon; sid:200003511; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spectrumstorageaccess.yahoosites.com"; classtype:attempted-recon; sid:200003512; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spentamultimedia.com"; classtype:attempted-recon; sid:200003513; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spidertvapp.com"; classtype:attempted-recon; sid:200003514; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spirit.gtwozone.com"; classtype:attempted-recon; sid:200003515; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spk-entsperren.de"; classtype:attempted-recon; sid:200003516; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spk-jahreswechsel.com"; classtype:attempted-recon; sid:200003517; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spk-secure-de.com"; classtype:attempted-recon; sid:200003518; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sport.protected-secur.workers.dev"; classtype:attempted-recon; sid:200003519; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sportshoes.top"; classtype:attempted-recon; sid:200003520; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sportybetpremium.wapka.co"; classtype:attempted-recon; sid:200003521; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spring-pond-62c4.autocreative.workers.dev"; classtype:attempted-recon; sid:200003522; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spring-pond-62c4.autocreative.workers.dev#eimaste@stinpriza.org"; classtype:attempted-recon; sid:200003523; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"squeeze-airwcmalznoun.com"; classtype:attempted-recon; sid:200003524; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"squeeze-amieazoeon.co"; classtype:attempted-recon; sid:200003525; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sr.scicemecod.com"; classtype:attempted-recon; sid:200003526; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"srisritextiles.com"; classtype:attempted-recon; sid:200003527; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"srvr-cloudmail-srvr5s5wd3.pages.dev"; classtype:attempted-recon; sid:200003528; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ssdaz.sqqaepr.cn"; classtype:attempted-recon; sid:200003529; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sse.scicemecod.com"; classtype:attempted-recon; sid:200003530; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ssia.org.sg"; classtype:attempted-recon; sid:200003531; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ssl.dsl.isl.mll.aqmst6.stockestan.ir"; classtype:attempted-recon; sid:200003532; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sso-garena.com"; classtype:attempted-recon; sid:200003533; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sswebmail-4w5twsr.web.app"; classtype:attempted-recon; sid:200003534; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stage.vannaryfowler.com"; classtype:attempted-recon; sid:200003535; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"staging.eliteautomotive.com.au"; classtype:attempted-recon; sid:200003536; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"standardupdatesupportandhelpcenter2021.ga"; classtype:attempted-recon; sid:200003537; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"starforsure.com"; classtype:attempted-recon; sid:200003538; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"starliker.net"; classtype:attempted-recon; sid:200003539; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"starsoftheindustry.com"; classtype:attempted-recon; sid:200003540; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"starttsboxfile.myfreesites.net"; classtype:attempted-recon; sid:200003541; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"static-ak-fbcdn.atspace.com"; classtype:attempted-recon; sid:200003542; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"static-dev.o2alerts.com"; classtype:attempted-recon; sid:200003543; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"static-promote.weebly.com"; classtype:attempted-recon; sid:200003544; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"status-dev.o2alerts.com"; classtype:attempted-recon; sid:200003545; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stbkcoltria.atwebpages.com"; classtype:attempted-recon; sid:200003546; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stclarechurch.net"; classtype:attempted-recon; sid:200003547; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"steamcommunites.com"; classtype:attempted-recon; sid:200003548; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"steamcommunitj.com"; classtype:attempted-recon; sid:200003549; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"steamnitrof.com"; classtype:attempted-recon; sid:200003550; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"steampoweredtrade.org"; classtype:attempted-recon; sid:200003551; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"steampoweredtrades.org"; classtype:attempted-recon; sid:200003552; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stevemadden-sverige.com"; classtype:attempted-recon; sid:200003553; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stevemaddenbutik.com"; classtype:attempted-recon; sid:200003554; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stevemaddenserbia.com"; classtype:attempted-recon; sid:200003555; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stevemaddenshoe.net"; classtype:attempted-recon; sid:200003556; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"steven-coldwellbth9965.web.app"; classtype:attempted-recon; sid:200003557; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stevencrews.com"; classtype:attempted-recon; sid:200003558; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stgrp.ru"; classtype:attempted-recon; sid:200003559; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"still-star-c948.updatelogaccountprogramedrfwerwrdhsjy.workers.dev"; classtype:attempted-recon; sid:200003560; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stimulus-claim.com"; classtype:attempted-recon; sid:200003561; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stjohnmarol.com"; classtype:attempted-recon; sid:200003562; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stjudes.in"; classtype:attempted-recon; sid:200003563; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stolizaparketa.ru"; classtype:attempted-recon; sid:200003564; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stollgroup.coms.cso.gov.tt"; classtype:attempted-recon; sid:200003565; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storage.yandexcloud.net"; classtype:attempted-recon; sid:200003566; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storenike365.top"; classtype:attempted-recon; sid:200003567; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"studio-lol.com"; classtype:attempted-recon; sid:200003568; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stylifehomedecors.com"; classtype:attempted-recon; sid:200003569; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stz-fmba.ru"; classtype:attempted-recon; sid:200003570; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"submit8099.page.link"; classtype:attempted-recon; sid:200003571; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"successgroup.org"; classtype:attempted-recon; sid:200003572; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sucses-gov.nomtiluy.top"; classtype:attempted-recon; sid:200003573; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sucuvirtcolba.com"; classtype:attempted-recon; sid:200003574; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"suelunn.com"; classtype:attempted-recon; sid:200003575; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"suiviticket.co"; classtype:attempted-recon; sid:200003576; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sukien-pubgmoblevng.ga"; classtype:attempted-recon; sid:200003577; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sultan-raza.github.io"; classtype:attempted-recon; sid:200003578; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sumpandtankcleaners.in"; classtype:attempted-recon; sid:200003579; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sunami.pagedemo.co"; classtype:attempted-recon; sid:200003580; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sunbeltmembers.com"; classtype:attempted-recon; sid:200003581; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sunge-ode.firebaseapp.com"; classtype:attempted-recon; sid:200003582; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sunshineteam.in"; classtype:attempted-recon; sid:200003583; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"super-dawn-3035.ddahluwalia.workers.dev"; classtype:attempted-recon; sid:200003584; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"supermilhas.com"; classtype:attempted-recon; sid:200003585; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"suportecxacesso2020.com"; classtype:attempted-recon; sid:200003586; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"supotsstunes.servehttp.com"; classtype:attempted-recon; sid:200003587; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"suppliers.bitshepherd.org"; classtype:attempted-recon; sid:200003588; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"support-auwebaccessjpnaikpanggung.com"; classtype:attempted-recon; sid:200003589; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"support-axiewallet.com"; classtype:attempted-recon; sid:200003590; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"support-dapps.info"; classtype:attempted-recon; sid:200003591; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"support-process-manager.com"; classtype:attempted-recon; sid:200003592; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"support-verify-mydevices.com"; classtype:attempted-recon; sid:200003593; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"support.atimazo.shop"; classtype:attempted-recon; sid:200003594; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"supportpichincha.webcindario.com"; classtype:attempted-recon; sid:200003595; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"survey18-aws.surveycenter.com"; classtype:attempted-recon; sid:200003596; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"survey18-aws.toluna.com"; classtype:attempted-recon; sid:200003597; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"surveys.adytude.com"; classtype:attempted-recon; sid:200003598; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"suspicious-williamson.193-70-50-31.plesk.page"; classtype:attempted-recon; sid:200003599; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"suumc-one.com"; classtype:attempted-recon; sid:200003600; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sv.scicemecod.com"; classtype:attempted-recon; sid:200003601; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"svelte-kdy6dk.stackblitz.io"; classtype:attempted-recon; sid:200003602; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"swanholm.net"; classtype:attempted-recon; sid:200003603; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"swannatural.com"; classtype:attempted-recon; sid:200003604; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"swap.elena.finance"; classtype:attempted-recon; sid:200003605; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"swappauto.staging.lcsolutions.it"; classtype:attempted-recon; sid:200003606; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"swedbank-apsauga.info"; classtype:attempted-recon; sid:200003607; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"swisscom.myfreesites.net"; classtype:attempted-recon; sid:200003608; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sxb1plvwcpnl489779.prod.sxb1.secureserver.net"; classtype:attempted-recon; sid:200003609; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synaxisreadymix.com"; classtype:attempted-recon; sid:200003610; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncdappconnect.com"; classtype:attempted-recon; sid:200003611; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncmultidapp.com"; classtype:attempted-recon; sid:200003612; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syr.us"; classtype:attempted-recon; sid:200003613; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sysm5rn.cn"; classtype:attempted-recon; sid:200003614; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"system-fassil-net-2-3242353453453--12344443.repl.co"; classtype:attempted-recon; sid:200003615; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"t0nline0de0login-001-site1.itempurl.com"; classtype:attempted-recon; sid:200003616; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"taher-mohamed-ahmed-saad.github.io"; classtype:attempted-recon; sid:200003617; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"taoistw345ie.co"; classtype:attempted-recon; sid:200003618; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tarik-fitness.com"; classtype:attempted-recon; sid:200003619; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"taxcare.page.link"; classtype:attempted-recon; sid:200003620; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"taxopus.com"; classtype:attempted-recon; sid:200003621; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tb915hdh89.mfs.gg"; classtype:attempted-recon; sid:200003622; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tby.eb-sites.com"; classtype:attempted-recon; sid:200003623; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tcaconnect.ac-page.com"; classtype:attempted-recon; sid:200003624; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"teamgameswild.com"; classtype:attempted-recon; sid:200003625; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"teamgoogle125590.psee.ly"; classtype:attempted-recon; sid:200003626; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"teamomni4life.com"; classtype:attempted-recon; sid:200003627; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tebapit.com"; classtype:attempted-recon; sid:200003628; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tecmachine.com.br"; classtype:attempted-recon; sid:200003629; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tecnominproductos.com"; classtype:attempted-recon; sid:200003630; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"teekitstorage.blob.core.windows.net"; classtype:attempted-recon; sid:200003631; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tejalashikaindiagrocery.com"; classtype:attempted-recon; sid:200003632; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"telecredutobcp.com"; classtype:attempted-recon; sid:200003633; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"telegramsecurityhelp.ru"; classtype:attempted-recon; sid:200003634; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tellmeliu.github.io"; classtype:attempted-recon; sid:200003635; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"templat65sldh.myfreesites.net"; classtype:attempted-recon; sid:200003636; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"temporary-url.com"; classtype:attempted-recon; sid:200003637; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"terpelsicumple.com"; classtype:attempted-recon; sid:200003638; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"terracontiles.com"; classtype:attempted-recon; sid:200003639; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"test.bayoucitybadges.org"; classtype:attempted-recon; sid:200003640; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"test.bitflye87.com"; classtype:attempted-recon; sid:200003641; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"test.dxbproductions.com"; classtype:attempted-recon; sid:200003642; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"test.webclient4.de"; classtype:attempted-recon; sid:200003643; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"texasfreedomrun.com"; classtype:attempted-recon; sid:200003644; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tgpafasfsakkk.pages.dev"; classtype:attempted-recon; sid:200003645; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theaceofspaeder.com"; classtype:attempted-recon; sid:200003646; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theaudazity.com"; classtype:attempted-recon; sid:200003647; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theavon.co.zw"; classtype:attempted-recon; sid:200003648; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thebeachleague.com"; classtype:attempted-recon; sid:200003649; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thechillipicklecanteen.com"; classtype:attempted-recon; sid:200003650; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thedecorindia.com"; classtype:attempted-recon; sid:200003651; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thedom.kg"; classtype:attempted-recon; sid:200003652; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theironinnparlour.co.uk"; classtype:attempted-recon; sid:200003653; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theneontree.in"; classtype:attempted-recon; sid:200003654; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thepointcj.com.br"; classtype:attempted-recon; sid:200003655; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thespiritualtransformation.com"; classtype:attempted-recon; sid:200003656; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thetimecenter.com"; classtype:attempted-recon; sid:200003657; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thomasdentalcentre.com"; classtype:attempted-recon; sid:200003658; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"three-retail-live.devicetradein.co.uk"; classtype:attempted-recon; sid:200003659; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tianyuiyu.uihaish.xyz"; classtype:attempted-recon; sid:200003660; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tieganford.ca"; classtype:attempted-recon; sid:200003661; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tighi.creatorlink.net"; classtype:attempted-recon; sid:200003662; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tight-samiuboc.co"; classtype:attempted-recon; sid:200003663; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tikitaps.com"; classtype:attempted-recon; sid:200003664; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tinhtrangdon.com"; classtype:attempted-recon; sid:200003665; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tinyurl.mobi"; classtype:attempted-recon; sid:200003666; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tipografieonline.ro"; classtype:attempted-recon; sid:200003667; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tirozhjewelry.com"; classtype:attempted-recon; sid:200003668; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"titelinedrillingintl.yolasite.com"; classtype:attempted-recon; sid:200003669; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tktrailerparts.com"; classtype:attempted-recon; sid:200003670; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tlatx.com"; classtype:attempted-recon; sid:200003671; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tlcbcp.com-segurospe.buzz"; classtype:attempted-recon; sid:200003672; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"to-ken.biz"; classtype:attempted-recon; sid:200003673; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"toanhoc247.edu.vn"; classtype:attempted-recon; sid:200003674; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"toddler-town.com"; classtype:attempted-recon; sid:200003675; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tongdaiviettelbienhoa.com"; classtype:attempted-recon; sid:200003676; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tooljerejin.airsite.co"; classtype:attempted-recon; sid:200003677; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"top10cheapairlinesreview.xyz"; classtype:attempted-recon; sid:200003678; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"top10songsnews.com"; classtype:attempted-recon; sid:200003679; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"topearnersafrica.com"; classtype:attempted-recon; sid:200003680; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"topskills.ru"; classtype:attempted-recon; sid:200003681; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"torccolborrachas.blogspot.com"; classtype:attempted-recon; sid:200003682; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"torrinwine.com"; classtype:attempted-recon; sid:200003683; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"touchidea.top"; classtype:attempted-recon; sid:200003684; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"touronline2022.com"; classtype:attempted-recon; sid:200003685; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tovowhuqeojweawmubmaqmqlv.hofferflow.icu"; classtype:attempted-recon; sid:200003686; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tpayleboncoin.com"; classtype:attempted-recon; sid:200003687; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"traders-joesxyz.com"; classtype:attempted-recon; sid:200003688; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tradeswarehouse.com"; classtype:attempted-recon; sid:200003689; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trams.mot.go.th"; classtype:attempted-recon; sid:200003690; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"transfertconfirmer-payalfrance.com"; classtype:attempted-recon; sid:200003691; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"triangarena-membership.ga"; classtype:attempted-recon; sid:200003692; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tribratanewsbondowoso.com"; classtype:attempted-recon; sid:200003693; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tribunbalikpapan.com"; classtype:attempted-recon; sid:200003694; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"truegrip.com"; classtype:attempted-recon; sid:200003695; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trust-wallet.com.cn"; classtype:attempted-recon; sid:200003696; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trustinpichincha.webcindario.com"; classtype:attempted-recon; sid:200003697; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trustpress.gr"; classtype:attempted-recon; sid:200003698; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trustypichincha.webcindario.com"; classtype:attempted-recon; sid:200003699; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ts3cacd.jhfshm.com"; classtype:attempted-recon; sid:200003700; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ts3cacd.rzjxbv.com"; classtype:attempted-recon; sid:200003701; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"turntekcnc.com"; classtype:attempted-recon; sid:200003702; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"twoje-zdjecia-622.herokuapp.com"; classtype:attempted-recon; sid:200003703; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tx.vc"; classtype:attempted-recon; sid:200003704; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"txwnmdsbqghviqxpglgzjrgbzv-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200003705; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"typedream.site"; classtype:attempted-recon; sid:200003706; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"typesmartlyocr.com"; classtype:attempted-recon; sid:200003707; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tyrecentre.ru"; classtype:attempted-recon; sid:200003708; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"u08qv44zu5h.typeform.com"; classtype:attempted-recon; sid:200003709; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"u1571226.cp.regruhosting.ru"; classtype:attempted-recon; sid:200003710; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"u1571630.cp.regruhosting.ru"; classtype:attempted-recon; sid:200003711; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"u1571652.cp.regruhosting.ru"; classtype:attempted-recon; sid:200003712; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"u18741649.ct.sendgrid.net"; classtype:attempted-recon; sid:200003713; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"u827857uw6.ha004.t.justns.ru"; classtype:attempted-recon; sid:200003714; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uabaiieo.com"; classtype:attempted-recon; sid:200003715; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ualsemantic.dualsemantics.net"; classtype:attempted-recon; sid:200003716; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ug7jv.sbs"; classtype:attempted-recon; sid:200003717; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uglcsonfonia.org"; classtype:attempted-recon; sid:200003718; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhasd.au6bu8m.cn"; classtype:attempted-recon; sid:200003719; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhdss.xkrx0o.cn"; classtype:attempted-recon; sid:200003720; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhfddsa.t0xpo42.cn"; classtype:attempted-recon; sid:200003721; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhhd.rox847t.cn"; classtype:attempted-recon; sid:200003722; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhhff.cnza7b8.cn"; classtype:attempted-recon; sid:200003723; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhna.5m4zhvd.cn"; classtype:attempted-recon; sid:200003724; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhnas.ib8b40d.cn"; classtype:attempted-recon; sid:200003725; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhnca.yrk1du9.cn"; classtype:attempted-recon; sid:200003726; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhncd.n26k1al.cn"; classtype:attempted-recon; sid:200003727; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhncda.xmilwwp.cn"; classtype:attempted-recon; sid:200003728; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhndd.9943s82.cn"; classtype:attempted-recon; sid:200003729; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhns.mxyzy7i.cn"; classtype:attempted-recon; sid:200003730; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhnsa.sdmpo0s.cn"; classtype:attempted-recon; sid:200003731; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhnxa.d23xsru.cn"; classtype:attempted-recon; sid:200003732; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhnxa.q83itv9.cn"; classtype:attempted-recon; sid:200003733; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhnxas.rvw56l.cn"; classtype:attempted-recon; sid:200003734; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uiuui.pagedemo.co"; classtype:attempted-recon; sid:200003735; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujcd.um2nlru.cn"; classtype:attempted-recon; sid:200003736; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujdaa.fn3m4en.cn"; classtype:attempted-recon; sid:200003737; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujds.5e8tn13.cn"; classtype:attempted-recon; sid:200003738; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhca.oioqmsh.cn"; classtype:attempted-recon; sid:200003739; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhca.xsevdat.cn"; classtype:attempted-recon; sid:200003740; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhcd.8burgvo.cn"; classtype:attempted-recon; sid:200003741; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhd.21k0qik.cn"; classtype:attempted-recon; sid:200003742; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhd.c0c4m46.cn"; classtype:attempted-recon; sid:200003743; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhd.j419kr0.cn"; classtype:attempted-recon; sid:200003744; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhd.kdsiuuc.cn"; classtype:attempted-recon; sid:200003745; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhd.zkshmxt.cn"; classtype:attempted-recon; sid:200003746; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhdca.mdwclcb.cn"; classtype:attempted-recon; sid:200003747; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhdd.cotf8p5.cn"; classtype:attempted-recon; sid:200003748; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhf.m45h2q0.cn"; classtype:attempted-recon; sid:200003749; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhff.nkxefqp.cn"; classtype:attempted-recon; sid:200003750; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhs.o2klowf.cn"; classtype:attempted-recon; sid:200003751; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujnca.wxuqxb7.cn"; classtype:attempted-recon; sid:200003752; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujnca.zgbo0g.cn"; classtype:attempted-recon; sid:200003753; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujncd.kzi68ra.cn"; classtype:attempted-recon; sid:200003754; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujncd.lw2djbm.cn"; classtype:attempted-recon; sid:200003755; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ukcare.in"; classtype:attempted-recon; sid:200003756; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"umbrellaclubla.com"; classtype:attempted-recon; sid:200003757; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unam.myfreesites.net"; classtype:attempted-recon; sid:200003758; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unbxa.byjmcpy.cn"; classtype:attempted-recon; sid:200003759; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"undefinedtrack.xyz"; classtype:attempted-recon; sid:200003760; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unga.c76sioq.cn"; classtype:attempted-recon; sid:200003761; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniassessoria.com.br"; classtype:attempted-recon; sid:200003762; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unicreditaustria.ucs.info"; classtype:attempted-recon; sid:200003763; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unifacema.edu.br"; classtype:attempted-recon; sid:200003764; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unifacvest.net"; classtype:attempted-recon; sid:200003765; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unillantas.com.sv"; classtype:attempted-recon; sid:200003766; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unionheightsresidental.com"; classtype:attempted-recon; sid:200003767; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unipo-a.web.app"; classtype:attempted-recon; sid:200003768; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unisons.store"; classtype:attempted-recon; sid:200003769; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unisonsouthayr.org.uk"; classtype:attempted-recon; sid:200003770; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniswap.ch"; classtype:attempted-recon; sid:200003771; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniswap.financial"; classtype:attempted-recon; sid:200003772; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniswap.openwallet.dev"; classtype:attempted-recon; sid:200003773; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniswap.pages.dev"; classtype:attempted-recon; sid:200003774; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniswap.seal.finance"; classtype:attempted-recon; sid:200003775; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniswap.token.im"; classtype:attempted-recon; sid:200003776; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniswap.trading"; classtype:attempted-recon; sid:200003777; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniswap.vn"; classtype:attempted-recon; sid:200003778; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniswapfinancing.info"; classtype:attempted-recon; sid:200003779; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniswaps.net"; classtype:attempted-recon; sid:200003780; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unitedalliance-online.000webhostapp.com"; classtype:attempted-recon; sid:200003781; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unitus.mk.ua"; classtype:attempted-recon; sid:200003782; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"universidadsanjuan.ac"; classtype:attempted-recon; sid:200003783; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unnca.bbh672u.cn"; classtype:attempted-recon; sid:200003784; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unnxa.pqpchqo.cn"; classtype:attempted-recon; sid:200003785; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unpocodearte.cl"; classtype:attempted-recon; sid:200003786; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unregpayee-lb.com"; classtype:attempted-recon; sid:200003787; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unsub.listhandlr.com"; classtype:attempted-recon; sid:200003788; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upbeat-dhawan.179-43-173-14.plesk.page"; classtype:attempted-recon; sid:200003789; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updateinfo-billingo2.com"; classtype:attempted-recon; sid:200003790; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updateseason.com"; classtype:attempted-recon; sid:200003791; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updatestory2022.co.vu"; classtype:attempted-recon; sid:200003792; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updatevoda-billing.com"; classtype:attempted-recon; sid:200003793; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upgrade-25gb-email.thecornerstudio.com.au"; classtype:attempted-recon; sid:200003794; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upgradedserver.online"; classtype:attempted-recon; sid:200003795; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upgradingattonlinee.weebly.com"; classtype:attempted-recon; sid:200003796; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uploadpichincha.webcindario.com"; classtype:attempted-recon; sid:200003797; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uploads.codesandbox.io"; classtype:attempted-recon; sid:200003798; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upnew.site"; classtype:attempted-recon; sid:200003799; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uppledpichincha.webcindario.com"; classtype:attempted-recon; sid:200003800; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"urbenorte.com"; classtype:attempted-recon; sid:200003801; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"urgent-halifaxlogin.com"; classtype:attempted-recon; sid:200003802; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"userboitevocalweb.flazio.com"; classtype:attempted-recon; sid:200003803; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"userinformationstoreupdatesmail.pages.dev"; classtype:attempted-recon; sid:200003804; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"usfn.net"; classtype:attempted-recon; sid:200003805; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uspsconfirm.iconoomikert.com"; classtype:attempted-recon; sid:200003806; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uspsexpressdeliveryline.com"; classtype:attempted-recon; sid:200003807; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uswowgame.net"; classtype:attempted-recon; sid:200003808; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uueer.7jgy5xe.cn"; classtype:attempted-recon; sid:200003809; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uuid-validation.run-us-west2.goorm.io"; classtype:attempted-recon; sid:200003810; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uukx0h0.cn"; classtype:attempted-recon; sid:200003811; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uyhnxx.urpzkva.cn"; classtype:attempted-recon; sid:200003812; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uyqw.dykowec.cn"; classtype:attempted-recon; sid:200003813; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uz154.sbs"; classtype:attempted-recon; sid:200003814; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"v.macecri.com"; classtype:attempted-recon; sid:200003815; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"v3r1f1c4t10ns-c3nt3rp4g3.000webhostapp.com"; classtype:attempted-recon; sid:200003816; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vaccine-status-info.com"; classtype:attempted-recon; sid:200003817; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vakif.albay-arnold.com"; classtype:attempted-recon; sid:200003818; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"valax-wallet.com"; classtype:attempted-recon; sid:200003819; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"valenciaoptometry.com"; classtype:attempted-recon; sid:200003820; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"valenteplay.com.br"; classtype:attempted-recon; sid:200003821; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"validacionpichincha.odoo.com"; classtype:attempted-recon; sid:200003822; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"validate-solana.com"; classtype:attempted-recon; sid:200003823; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"validator-fzkiy.run-us-west2.goorm.io"; classtype:attempted-recon; sid:200003824; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vallion.motiffliterature.me"; classtype:attempted-recon; sid:200003825; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vcz.gmoqkzu.cn"; classtype:attempted-recon; sid:200003826; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"velvish.com"; classtype:attempted-recon; sid:200003827; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ventas.lnterbarnk.pe.jifad.org"; classtype:attempted-recon; sid:200003828; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verfybadgeappform.com"; classtype:attempted-recon; sid:200003829; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"veri-pichincha.webcindario.com"; classtype:attempted-recon; sid:200003830; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verificaciondeprioridad.com"; classtype:attempted-recon; sid:200003831; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verification-trustwallet.4bl-eg.com"; classtype:attempted-recon; sid:200003832; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verification.fb-page.workers.dev"; classtype:attempted-recon; sid:200003833; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verificationmessage.blob.core.windows.net"; classtype:attempted-recon; sid:200003834; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verififacebookid.wixsite.com"; classtype:attempted-recon; sid:200003835; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verifiikasi-accounts.weebly.com"; classtype:attempted-recon; sid:200003836; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verifikasi-akun-anda0011.weeblysite.com"; classtype:attempted-recon; sid:200003837; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verifikasi-akun-facebook0022.weeblysite.com"; classtype:attempted-recon; sid:200003838; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verifikasi-identitas47.weebly.com"; classtype:attempted-recon; sid:200003839; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verifocaoffa.webcindario.com"; classtype:attempted-recon; sid:200003840; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vgiuhkjnm.b9u6vh5l7g1797.workers.dev"; classtype:attempted-recon; sid:200003841; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"victorarath99.github.io"; classtype:attempted-recon; sid:200003842; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videobigo.com"; classtype:attempted-recon; sid:200003843; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vietlime.vn"; classtype:attempted-recon; sid:200003844; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vietschi.de"; classtype:attempted-recon; sid:200003845; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"viettel-com-dot-c2c01-531c7.uc.r.appspot.com"; classtype:attempted-recon; sid:200003846; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vigortech.com.np"; classtype:attempted-recon; sid:200003847; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"viguohilkasdsd.izwe6g6lyc.workers.dev"; classtype:attempted-recon; sid:200003848; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vilaanimalviana.pt"; classtype:attempted-recon; sid:200003849; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vinbpcfatfnkjftetwwkucfqsi-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200003850; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vinivet.mk"; classtype:attempted-recon; sid:200003851; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vipfbtools.com"; classtype:attempted-recon; sid:200003852; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vipprofessional.net"; classtype:attempted-recon; sid:200003853; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"viral-groub.duckdns.org"; classtype:attempted-recon; sid:200003854; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"virginia-spi.com"; classtype:attempted-recon; sid:200003855; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"virtual1dattss.com"; classtype:attempted-recon; sid:200003856; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vis-stort.github.io"; classtype:attempted-recon; sid:200003857; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"visa-band.com"; classtype:attempted-recon; sid:200003858; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vishaljangale01.github.io"; classtype:attempted-recon; sid:200003859; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"visione.co.id"; classtype:attempted-recon; sid:200003860; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"visionproperty.in"; classtype:attempted-recon; sid:200003861; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vk-posters.ru"; classtype:attempted-recon; sid:200003862; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vk-vhods.co"; classtype:attempted-recon; sid:200003863; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vkjbm.4nt4nb464e6113.workers.dev"; classtype:attempted-recon; sid:200003864; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vodaupdatepayment.com"; classtype:attempted-recon; sid:200003865; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"volvocarskc.us1.list-manage.com"; classtype:attempted-recon; sid:200003866; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vps56290.servconfig.com"; classtype:attempted-recon; sid:200003867; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vqed.5xcv81zrx0530.workers.dev"; classtype:attempted-recon; sid:200003868; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vqwd.soboja1994.workers.dev"; classtype:attempted-recon; sid:200003869; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vr-banking-app.de"; classtype:attempted-recon; sid:200003870; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vr-neu.com"; classtype:attempted-recon; sid:200003871; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vr-system89394.com"; classtype:attempted-recon; sid:200003872; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vr-system98622.com"; classtype:attempted-recon; sid:200003873; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vtekllc.com"; classtype:attempted-recon; sid:200003874; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vtxmail2018.myfreesites.net"; classtype:attempted-recon; sid:200003875; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vugik.mecil33784.workers.dev"; classtype:attempted-recon; sid:200003876; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vv.macecri.com"; classtype:attempted-recon; sid:200003877; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vvjde0h0ttttf9hay.com"; classtype:attempted-recon; sid:200003878; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vvpaes-me-index.egvtpp.cn"; classtype:attempted-recon; sid:200003879; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vxdse.myfreesites.net"; classtype:attempted-recon; sid:200003880; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"w2.deraya.org"; classtype:attempted-recon; sid:200003881; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"w5aproject.s3.us-east.cloud-object-storage.appdomain.cloud"; classtype:attempted-recon; sid:200003882; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"w5czf.csb.app"; classtype:attempted-recon; sid:200003883; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wahed-koudsi2001.github.io"; classtype:attempted-recon; sid:200003884; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walkers-dot-composite-store-326315.uk.r.appspot.com"; classtype:attempted-recon; sid:200003885; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wallcertifyonmesh.com"; classtype:attempted-recon; sid:200003886; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walldesign.com.tr"; classtype:attempted-recon; sid:200003887; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wallet-connect012.web.app"; classtype:attempted-recon; sid:200003888; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wallet-reconnection.xyz"; classtype:attempted-recon; sid:200003889; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wallet.silesiacoin.com"; classtype:attempted-recon; sid:200003890; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wallet22.000webhostapp.com"; classtype:attempted-recon; sid:200003891; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletconnectonline.pages.dev"; classtype:attempted-recon; sid:200003892; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletconnectors.com"; classtype:attempted-recon; sid:200003893; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walleterrorsupport.com"; classtype:attempted-recon; sid:200003894; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletsconnex.com"; classtype:attempted-recon; sid:200003895; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletsliveconnects.net"; classtype:attempted-recon; sid:200003896; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletsreauth.org"; classtype:attempted-recon; sid:200003897; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletsvalidator.org"; classtype:attempted-recon; sid:200003898; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletsynclive.com"; classtype:attempted-recon; sid:200003899; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletvalidation.me"; classtype:attempted-recon; sid:200003900; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletvalidators.com"; classtype:attempted-recon; sid:200003901; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wallletsconnectts.com"; classtype:attempted-recon; sid:200003902; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wallsynchvalidatevd.com"; classtype:attempted-recon; sid:200003903; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wana78420.myfreesites.net"; classtype:attempted-recon; sid:200003904; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wap.bitffybtcer.club"; classtype:attempted-recon; sid:200003905; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wap.bitffybtcer.xyz"; classtype:attempted-recon; sid:200003906; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wap.bitflyer.plus"; classtype:attempted-recon; sid:200003907; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wap.bitflyer.venus.kim"; classtype:attempted-recon; sid:200003908; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wap.btcffybtcer.com"; classtype:attempted-recon; sid:200003909; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"warbonus.ru"; classtype:attempted-recon; sid:200003910; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"warningshadows.org"; classtype:attempted-recon; sid:200003911; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"warsa.bandungkab.go.id"; classtype:attempted-recon; sid:200003912; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wasites.000webhostapp.com"; classtype:attempted-recon; sid:200003913; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"we-exodus-wallet.yahoosites.com"; classtype:attempted-recon; sid:200003914; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-armas.royale-freefire1garena-bonus.com"; classtype:attempted-recon; sid:200003915; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-b4119.web.app"; classtype:attempted-recon; sid:200003916; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-e1f6d.web.app"; classtype:attempted-recon; sid:200003917; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-exoduss.com"; classtype:attempted-recon; sid:200003918; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-f6612.web.app"; classtype:attempted-recon; sid:200003919; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-ml01.web.app"; classtype:attempted-recon; sid:200003920; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-my-app.com"; classtype:attempted-recon; sid:200003921; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-online-cancel.com"; classtype:attempted-recon; sid:200003922; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-verifi01.webcindario.com"; classtype:attempted-recon; sid:200003923; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-verifi02.webcindario.com"; classtype:attempted-recon; sid:200003924; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-verifi03.webcindario.com"; classtype:attempted-recon; sid:200003925; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-verifi04.webcindario.com"; classtype:attempted-recon; sid:200003926; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-verifi05.webcindario.com"; classtype:attempted-recon; sid:200003927; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-verifi06.webcindario.com"; classtype:attempted-recon; sid:200003928; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web.bredbanque.trans.sylog.co"; classtype:attempted-recon; sid:200003929; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web.royale-freefire1garena-bonus.com"; classtype:attempted-recon; sid:200003930; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web7320.web07.bero-webspace.de"; classtype:attempted-recon; sid:200003931; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webbbb.yolasite.com"; classtype:attempted-recon; sid:200003932; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webbl.yolasite.com"; classtype:attempted-recon; sid:200003933; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webdatamltrainingdiag842.blob.core.windows.net"; classtype:attempted-recon; sid:200003934; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webdesecure.clickfunnels.com"; classtype:attempted-recon; sid:200003935; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webip.yolasite.com"; classtype:attempted-recon; sid:200003936; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webmail-2aaa0.web.app"; classtype:attempted-recon; sid:200003937; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webmail-sso8uyg.web.app"; classtype:attempted-recon; sid:200003938; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webmail.gourmer.co.in"; classtype:attempted-recon; sid:200003939; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webmail.login.access.docs67.live"; classtype:attempted-recon; sid:200003940; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webmailadmin0.myfreesites.net"; classtype:attempted-recon; sid:200003941; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webmailstoragesrvr4567-supportdev.codeanyapp.com"; classtype:attempted-recon; sid:200003942; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webpres.000webhostapp.com"; classtype:attempted-recon; sid:200003943; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webregular.xyz"; classtype:attempted-recon; sid:200003944; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webservice-verify.duckdns.org"; classtype:attempted-recon; sid:200003945; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"websitefun.club"; classtype:attempted-recon; sid:200003946; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"websiteorange.wixsite.com"; classtype:attempted-recon; sid:200003947; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webstories.eu"; classtype:attempted-recon; sid:200003948; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webvalidity.com"; classtype:attempted-recon; sid:200003949; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"well-42d74.web.app"; classtype:attempted-recon; sid:200003950; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wellsfargo-online06.herokuapp.com"; classtype:attempted-recon; sid:200003951; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"weryfikacja-facebookowa-27.herokuapp.com"; classtype:attempted-recon; sid:200003952; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"weryfikacja-facebookowa-28.herokuapp.com"; classtype:attempted-recon; sid:200003953; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"weteachbh.com"; classtype:attempted-recon; sid:200003954; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"whare.100webspace.net"; classtype:attempted-recon; sid:200003955; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wheelsofmercy.org"; classtype:attempted-recon; sid:200003956; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"whitelist-network.com"; classtype:attempted-recon; sid:200003957; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"widadkamillah.github.io"; classtype:attempted-recon; sid:200003958; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wiki.oceanreeflifegame.com"; classtype:attempted-recon; sid:200003959; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wildcard.isiolo.go.ke"; classtype:attempted-recon; sid:200003960; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"windstream-net.firebaseapp.com"; classtype:attempted-recon; sid:200003961; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"winville.biz"; classtype:attempted-recon; sid:200003962; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wireconfirmation68c10a25442a3e13.blogspot.com"; classtype:attempted-recon; sid:200003963; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wires-business-starter.webflow.io"; classtype:attempted-recon; sid:200003964; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wirtschaft.baesweiler.de"; classtype:attempted-recon; sid:200003965; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wizmi.service-now.com"; classtype:attempted-recon; sid:200003966; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wkazisan.github.io"; classtype:attempted-recon; sid:200003967; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"womancreatorofman.com"; classtype:attempted-recon; sid:200003968; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"woofle.ru"; classtype:attempted-recon; sid:200003969; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"workforcerelief.com"; classtype:attempted-recon; sid:200003970; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"workprotocoles-com.webs.com"; classtype:attempted-recon; sid:200003971; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wp-login.azurewebsites.net"; classtype:attempted-recon; sid:200003972; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wpsoar.com"; classtype:attempted-recon; sid:200003973; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wqass-index.chobqu.cn"; classtype:attempted-recon; sid:200003974; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wqass-index.dccigq.cn"; classtype:attempted-recon; sid:200003975; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wqass-index.gbswz.cn"; classtype:attempted-recon; sid:200003976; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wqass-index.jeewiki.cn"; classtype:attempted-recon; sid:200003977; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wqass-index.pygbw.cn"; classtype:attempted-recon; sid:200003978; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wrww-roblox.com"; classtype:attempted-recon; sid:200003979; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wteeoq.pfinanceiro.com.de"; classtype:attempted-recon; sid:200003980; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ww.lnterbank.pe.personas.onlinesocket.in"; classtype:attempted-recon; sid:200003981; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ww16.inpost-pl-3dsecure.clear-id.xyz"; classtype:attempted-recon; sid:200003982; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www-cursosdigitalesmx-com.filesusr.com"; classtype:attempted-recon; sid:200003983; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www-degelyehuda-org-il.filesusr.com"; classtype:attempted-recon; sid:200003984; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www-europe564598-com.filesusr.com"; classtype:attempted-recon; sid:200003985; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www-europessign-com.filesusr.com"; classtype:attempted-recon; sid:200003986; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www-key-com.test.edgekey.net"; classtype:attempted-recon; sid:200003987; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www-mufg-jp.handicraft.ltd"; classtype:attempted-recon; sid:200003988; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www-mufg-jp.kaiqi.ink"; classtype:attempted-recon; sid:200003989; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www-wattsapcom.duckdns.org"; classtype:attempted-recon; sid:200003990; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www2.rakutan.co.jploginffd9dfg7.carwork.cn"; classtype:attempted-recon; sid:200003991; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www2.rakutan.co.jploginffd9dfg7h.iotbaas.cn"; classtype:attempted-recon; sid:200003992; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www2.rakutan.co.jploginvcx8ds.nanoart.cn"; classtype:attempted-recon; sid:200003993; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www2.rakuten-card.co.jp.wzsrc.cn"; classtype:attempted-recon; sid:200003994; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www2.rakutenn.co.jp.nanopark.cn"; classtype:attempted-recon; sid:200003995; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www2.rakutenn.co.jp.zgyo.cn"; classtype:attempted-recon; sid:200003996; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www3.lejournaldugrandparis.fr"; classtype:attempted-recon; sid:200003997; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www3.plenainclusion.org"; classtype:attempted-recon; sid:200003998; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wxsohu.com"; classtype:attempted-recon; sid:200003999; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"x.macecri.com"; classtype:attempted-recon; sid:200004000; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"x.scicemecod.com"; classtype:attempted-recon; sid:200004001; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xcas.xoh29oz.cn"; classtype:attempted-recon; sid:200004002; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xcasd.7vo6bt.cn"; classtype:attempted-recon; sid:200004003; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xcasd.b204uje.cn"; classtype:attempted-recon; sid:200004004; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xcasd.yikn2gd.cn"; classtype:attempted-recon; sid:200004005; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xcryptocars.blogspot.com"; classtype:attempted-recon; sid:200004006; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xcvdsd.page.link"; classtype:attempted-recon; sid:200004007; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xhgs.epgegxj.cn"; classtype:attempted-recon; sid:200004008; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xiajs.0dow0l.cn"; classtype:attempted-recon; sid:200004009; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xid-human-validation.run-us-west2.goorm.io"; classtype:attempted-recon; sid:200004010; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xj333.mjt.lu"; classtype:attempted-recon; sid:200004011; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xj33s.mjt.lu"; classtype:attempted-recon; sid:200004012; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xj33w.mjt.lu"; classtype:attempted-recon; sid:200004013; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xj3pr.mjt.lu"; classtype:attempted-recon; sid:200004014; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xj45g.mjt.lu"; classtype:attempted-recon; sid:200004015; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xj45o.mjt.lu"; classtype:attempted-recon; sid:200004016; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xj4og.mjt.lu"; classtype:attempted-recon; sid:200004017; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xjm7s.mjt.lu"; classtype:attempted-recon; sid:200004018; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xjmr7.mjt.lu"; classtype:attempted-recon; sid:200004019; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xjpyyds.pem4yp3.cn"; classtype:attempted-recon; sid:200004020; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xkljfg.ml"; classtype:attempted-recon; sid:200004021; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xn--gmal-sya.com"; classtype:attempted-recon; sid:200004022; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xn--instagam-sf0d.com"; classtype:attempted-recon; sid:200004023; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xn--ltappen-80a.se"; classtype:attempted-recon; sid:200004024; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xn--metamsk-lwa.link"; classtype:attempted-recon; sid:200004025; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xn--rpondeur-sfr2-bhb.yolasite.com"; classtype:attempted-recon; sid:200004026; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xqr3i.mjt.lu"; classtype:attempted-recon; sid:200004027; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xqr3n.mjt.lu"; classtype:attempted-recon; sid:200004028; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xqr3u.mjt.lu"; classtype:attempted-recon; sid:200004029; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xrx6r.mjt.lu"; classtype:attempted-recon; sid:200004030; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xrxh1.mjt.lu"; classtype:attempted-recon; sid:200004031; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xrxh2.mjt.lu"; classtype:attempted-recon; sid:200004032; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xrxhl.mjt.lu"; classtype:attempted-recon; sid:200004033; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xsbrookshhjx.top"; classtype:attempted-recon; sid:200004034; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xtio.ch"; classtype:attempted-recon; sid:200004035; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xtw42.mjt.lu"; classtype:attempted-recon; sid:200004036; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xx.macecri.com"; classtype:attempted-recon; sid:200004037; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xxaas.tp00jv9.cn"; classtype:attempted-recon; sid:200004038; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xxasd.sf29hrg.cn"; classtype:attempted-recon; sid:200004039; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xxx-com-dot-c2c01-531c7.uc.r.appspot.com"; classtype:attempted-recon; sid:200004040; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xyproject.xtensio.com"; classtype:attempted-recon; sid:200004041; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xzasd.uz64g3.cn"; classtype:attempted-recon; sid:200004042; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@bghgcd.psuxscm.cn"; classtype:attempted-recon; sid:200004043; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@bhgxa.eo76sni.cn"; classtype:attempted-recon; sid:200004044; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@cdas.nxzigco.cn"; classtype:attempted-recon; sid:200004045; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@cxasd.easghbl.cn"; classtype:attempted-recon; sid:200004046; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@hghgda.erjl0hx.cn"; classtype:attempted-recon; sid:200004047; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@inna.cedymll.cn"; classtype:attempted-recon; sid:200004048; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@jhdd.fjcslad.cn"; classtype:attempted-recon; sid:200004049; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@kjhdda.tetfeec.cn"; classtype:attempted-recon; sid:200004050; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@lkjds.nlmwjta.cn"; classtype:attempted-recon; sid:200004051; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@nhbcda.g4g5mgc.cn"; classtype:attempted-recon; sid:200004052; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@poklsa.slodddz.cn"; classtype:attempted-recon; sid:200004053; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@qweas.p6rhddj.cn"; classtype:attempted-recon; sid:200004054; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@ssdaz.sqqaepr.cn"; classtype:attempted-recon; sid:200004055; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@uhncda.xmilwwp.cn"; classtype:attempted-recon; sid:200004056; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@uhnxa.q83itv9.cn"; classtype:attempted-recon; sid:200004057; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@ujdaa.fn3m4en.cn"; classtype:attempted-recon; sid:200004058; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@ujds.5e8tn13.cn"; classtype:attempted-recon; sid:200004059; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@ujhdca.mdwclcb.cn"; classtype:attempted-recon; sid:200004060; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@uyhnxx.urpzkva.cn"; classtype:attempted-recon; sid:200004061; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@zxas.2nd0g8.cn"; classtype:attempted-recon; sid:200004062; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@zxass.jbkyj0o.cn"; classtype:attempted-recon; sid:200004063; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoopoweredservice.duckdns.org"; classtype:attempted-recon; sid:200004064; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahuomall.square.site"; classtype:attempted-recon; sid:200004065; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yairix.github.io"; classtype:attempted-recon; sid:200004066; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yalena.me"; classtype:attempted-recon; sid:200004067; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yaqoobi.org"; classtype:attempted-recon; sid:200004068; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yaranfayez.com"; classtype:attempted-recon; sid:200004069; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yayanti.com"; classtype:attempted-recon; sid:200004070; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ybdaa.oqsgm9r.cn"; classtype:attempted-recon; sid:200004071; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ybggd.fjgjoux.cn"; classtype:attempted-recon; sid:200004072; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yellow-surf-7b04.voiceovermade-today.workers.dev"; classtype:attempted-recon; sid:200004073; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yerelyonetim.net"; classtype:attempted-recon; sid:200004074; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ygbda.ffeufka.cn"; classtype:attempted-recon; sid:200004075; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yhbca.pfs8ylv.cn"; classtype:attempted-recon; sid:200004076; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yhbndd.ryyswjn.cn"; classtype:attempted-recon; sid:200004077; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yhcd.gabprnx.cn"; classtype:attempted-recon; sid:200004078; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yhddf.vtf23ic.cn"; classtype:attempted-recon; sid:200004079; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yhdff.iw6fwu.cn"; classtype:attempted-recon; sid:200004080; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yhnbd.5u3z9i2.cn"; classtype:attempted-recon; sid:200004081; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yhncd.3ycuxr1.cn"; classtype:attempted-recon; sid:200004082; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yiaswqjdtcyeqpvyqthijepeai-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200004083; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ykyevmqxaktnfgrtuufymkhnce-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200004084; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yma1ll0g0n.odoo.com"; classtype:attempted-recon; sid:200004085; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ynbgdc.woprkzp.cn"; classtype:attempted-recon; sid:200004086; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ynbxa.pvgulkz.cn"; classtype:attempted-recon; sid:200004087; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yndda.m117s1s.cn"; classtype:attempted-recon; sid:200004088; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yogeshwarwiremesh.com"; classtype:attempted-recon; sid:200004089; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"youknowar.com"; classtype:attempted-recon; sid:200004090; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"young-snow-7447.tcheviron5269.workers.dev"; classtype:attempted-recon; sid:200004091; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"youreasygoing2022.co.vu"; classtype:attempted-recon; sid:200004092; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yqlpeitost.duckdns.org"; classtype:attempted-recon; sid:200004093; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yuhjjkss.web.app"; classtype:attempted-recon; sid:200004094; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yumpai.cn"; classtype:attempted-recon; sid:200004095; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"z.macecri.com"; classtype:attempted-recon; sid:200004096; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"z.scicemecod.com"; classtype:attempted-recon; sid:200004097; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"z0massegurabclp1.shreeramwoodindustries.com"; classtype:attempted-recon; sid:200004098; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"z2qje.codesandbox.io"; classtype:attempted-recon; sid:200004099; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"z3voicrxxvs.typeform.com"; classtype:attempted-recon; sid:200004100; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zackselectronics.co.zw"; classtype:attempted-recon; sid:200004101; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zaktualizacja-platnosci.netfxtv.co.pl"; classtype:attempted-recon; sid:200004102; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zasd.yhxmd30.cn"; classtype:attempted-recon; sid:200004103; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zb2-home.web.app"; classtype:attempted-recon; sid:200004104; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zenvinyl.com"; classtype:attempted-recon; sid:200004105; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zepe.io"; classtype:attempted-recon; sid:200004106; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zeroquiz.com"; classtype:attempted-recon; sid:200004107; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zgyyds.mm5p1ch.cn"; classtype:attempted-recon; sid:200004108; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zgyyds.nebl4zw.cn"; classtype:attempted-recon; sid:200004109; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zhrmghgyyds.h0tlexl.cn"; classtype:attempted-recon; sid:200004110; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zjzj6688.yihang.ren"; classtype:attempted-recon; sid:200004111; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zmpcoaca.cyou"; classtype:attempted-recon; sid:200004112; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zmpcoacu.cyou"; classtype:attempted-recon; sid:200004113; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zmpcoado.cyou"; classtype:attempted-recon; sid:200004114; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zoho-online.web.app"; classtype:attempted-recon; sid:200004115; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zoho-validationserv.web.app"; classtype:attempted-recon; sid:200004116; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zonalnterbank.com"; classtype:attempted-recon; sid:200004117; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zonmca.hxljatvw.cn"; classtype:attempted-recon; sid:200004118; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zshrvvo.cn"; classtype:attempted-recon; sid:200004119; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zuiunsya.com"; classtype:attempted-recon; sid:200004120; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zxas.2nd0g8.cn"; classtype:attempted-recon; sid:200004121; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zxas.hs0rgq8.cn"; classtype:attempted-recon; sid:200004122; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zxass.jbkyj0o.cn"; classtype:attempted-recon; sid:200004123; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zxcas.ywqfz8.cn"; classtype:attempted-recon; sid:200004124; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zxcaspx.aghwlup.cn"; classtype:attempted-recon; sid:200004125; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zxcnash.seufhsk.cn"; classtype:attempted-recon; sid:200004126; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zxcod.01l241.cn"; classtype:attempted-recon; sid:200004127; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zxcuashs.e0n0gh5.cn"; classtype:attempted-recon; sid:200004128; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zxdlbny.cn"; classtype:attempted-recon; sid:200004129; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zxnahs.3cze6ri.cn"; classtype:attempted-recon; sid:200004130; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zz.macecri.com"; classtype:attempted-recon; sid:200004131; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/comcast/xfinity.php?d1193169ba22c33594765d16035661b1=&amp\;email=a@a.c&amp\;.rand=login.xfinity.com.aspx"; endswith; nocase; http.host; content:"0333fa5.netsolhost.com"; classtype:attempted-recon; sid:200004132; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ameli-assurance/remboursement/login/"; endswith; nocase; http.host; content:"045a3c0.wcomhost.com"; classtype:attempted-recon; sid:200004133; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ameli-assurance/remboursement/login/iframe-page2.html"; endswith; nocase; http.host; content:"045a3c0.wcomhost.com"; classtype:attempted-recon; sid:200004134; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ameli-assurance/remboursement/login"; endswith; nocase; http.host; content:"048d7b4.wcomhost.com"; classtype:attempted-recon; sid:200004135; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ameli-assurance/remboursement/login/"; endswith; nocase; http.host; content:"048d7b4.wcomhost.com"; classtype:attempted-recon; sid:200004136; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ads/c/"; endswith; nocase; http.host; content:"108ideashop.com"; classtype:attempted-recon; sid:200004137; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbva/592cf4/425bdbd3-91cf-4e9f-9498-7a06b3ad75ec/?test=1"; endswith; nocase; http.host; content:"28ecne20f9u.securetnet.com"; classtype:attempted-recon; sid:200004138; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0%5c"; endswith; nocase; http.host; content:"377080202567359722137708020256735972.blogspot.com"; classtype:attempted-recon; sid:200004139; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tnrxs"; endswith; nocase; http.host; content:"3c5.com"; classtype:attempted-recon; sid:200004140; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/themes/3rdst/8-login-form/"; endswith; nocase; http.host; content:"3rdstreetmarket.com"; classtype:attempted-recon; sid:200004141; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0%5c"; endswith; nocase; http.host; content:"8010361370310234068010361370310234.blogspot.com"; classtype:attempted-recon; sid:200004142; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openpc/directlogin.do"; endswith; nocase; http.host; content:"a-q-f.com"; classtype:attempted-recon; sid:200004143; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/servicelogin?passive=1209600&continue=https://sites.google.com/view/viewbill-bt-1/bt&followup=https://sites.google.com/view/viewbill-bt-1/bt"; endswith; nocase; http.host; content:"accounts.google.com"; classtype:attempted-recon; sid:200004144; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/1lordman1man3/oscman2.html&followup=https://storage.cloud.google.com/1lordman1man3/oscman2.html"; endswith; nocase; http.host; content:"accounts.google.com"; classtype:attempted-recon; sid:200004145; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/appspotv450i7r8h9vf9y6yt8uiuft58f7uf5yye36u0jtyf78uuyfyy/index.html&followup=https://storage.cloud.google.com/appspotv450i7r8h9vf9y6yt8uiuft58f7uf5yye36u0jtyf78uuyfyy/index.html"; endswith; nocase; http.host; content:"accounts.google.com"; classtype:attempted-recon; sid:200004146; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/employt44to49cclrlolcrl94lnlxo.appspot.com/index.html&followup=https://storage.cloud.google.com/employt44to49cclrlolcrl94lnlxo.appspot.com/index.html"; endswith; nocase; http.host; content:"accounts.google.com"; classtype:attempted-recon; sid:200004147; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/maintainancecomponeta.appspot.com/mineindex.html&followup=https://storage.cloud.google.com/maintainancecomponeta.appspot.com/mineindex.html"; endswith; nocase; http.host; content:"accounts.google.com"; classtype:attempted-recon; sid:200004148; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/officpcpspbcncuser.appspot.com/index.htm&followup=https://storage.cloud.google.com/officpcpspbcncuser.appspot.com/index.htm"; endswith; nocase; http.host; content:"accounts.google.com"; classtype:attempted-recon; sid:200004149; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/poopnoomprops-oo987700ok/newrbindex.html&followup=https://storage.cloud.google.com/poopnoomprops-oo987700ok/newrbindex.html"; endswith; nocase; http.host; content:"accounts.google.com"; classtype:attempted-recon; sid:200004150; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?page_id=758"; endswith; nocase; http.host; content:"activartransferenciainternacional.com"; classtype:attempted-recon; sid:200004151; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/en/bellcocreditunion/"; endswith; nocase; http.host; content:"admin.fifoundry.net"; classtype:attempted-recon; sid:200004152; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2005/03/colourful-life-of-aij.html"; endswith; nocase; http.host; content:"aijcs.blogspot.com"; classtype:attempted-recon; sid:200004153; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ion"; endswith; nocase; http.host; content:"alconexport.com"; classtype:attempted-recon; sid:200004154; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ion/"; endswith; nocase; http.host; content:"alconexport.com"; classtype:attempted-recon; sid:200004155; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/venus_gardose_talke_com/_layouts/15/wopiframe.aspx?guestaccesstoken=8extkunxrkqozifs2sycqmk4ox0ntao7cizsavm5mjc=&amp\;docid=1_14abcf62971634e6b8387df30ef7d978b&amp\;wdformid={83a6cfc0-5689-4aa4-ab13-96952b8999ba}&amp\;action=formsubmit"; endswith; nocase; http.host; content:"alfredtalkelogisticservices-my.sharepoint.com"; classtype:attempted-recon; sid:200004156; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blog/wp-content/themes/10/"; endswith; nocase; http.host; content:"alinachopra.com"; classtype:attempted-recon; sid:200004157; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/our/ourtime/ourtime.html"; endswith; nocase; http.host; content:"ambrosecourt.com"; classtype:attempted-recon; sid:200004158; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/njk/25_40_24_5e_40_26_40_26_28_29_23_23_5e_23_24_26_5e_25_26_40_5e_28_23_26.html"; endswith; nocase; http.host; content:"ams3.digitaloceanspaces.com"; classtype:attempted-recon; sid:200004159; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jps/webmail_reset.htm"; endswith; nocase; http.host; content:"anekaslot.com"; classtype:attempted-recon; sid:200004160; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/"; endswith; nocase; http.host; content:"api-freewallet.com"; classtype:attempted-recon; sid:200004161; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oexchange/0.8/wrap/opengraph?url=ahr0chm6ly93zxetnmrlodiud2vilmfwcc8znzg1mje5lze1lziwmjfjdw5plmn6nto1nibbttu6ntygqu13zwjtyxn0zxi5lze1lziwmjeznzg1mjfjdw5plmn6nto1nibbttu6ntygqu13zwjtyxn0zxiznzg1mje5lze1lziwmjfjdw5plmn6nto1nibbttu6ntygqu0znzg1mjf3zwjtyxn0zxi5lze1lziwmjfjdw5plmn6nto1nibbttm3oduymtu6ntygqu13zwjtyxn0zxiznzg1mjejd2vibwfzdgvyqgn1bmkuy3o="; endswith; nocase; http.host; content:"api.addthis.com"; classtype:attempted-recon; sid:200004162; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/b9fu9axf9rcv7bhjp80fpcm8zna5wcwi"; endswith; nocase; http.host; content:"app.box.com"; classtype:attempted-recon; sid:200004163; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/x6agocx9zvj049azirk4aw3xrqdedqhl"; endswith; nocase; http.host; content:"app.box.com"; classtype:attempted-recon; sid:200004164; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/ymr0ltw3hmn8icxebz16gjhcyhqa49w4"; endswith; nocase; http.host; content:"app.box.com"; classtype:attempted-recon; sid:200004165; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public/form/mnzdivok"; endswith; nocase; http.host; content:"app.pipefy.com"; classtype:attempted-recon; sid:200004166; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public/form/xlfe4rw2"; endswith; nocase; http.host; content:"app.pipefy.com"; classtype:attempted-recon; sid:200004167; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p/cmxgsj"; endswith; nocase; http.host; content:"app.simplenote.com"; classtype:attempted-recon; sid:200004168; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/publish/xhrdvc"; endswith; nocase; http.host; content:"app.simplenote.com"; classtype:attempted-recon; sid:200004169; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6dfhh1yrol"; endswith; nocase; http.host; content:"appurl.io"; classtype:attempted-recon; sid:200004170; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lsmho6dyl-"; endswith; nocase; http.host; content:"appurl.io"; classtype:attempted-recon; sid:200004171; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wywajnlbtl"; endswith; nocase; http.host; content:"appurl.io"; classtype:attempted-recon; sid:200004172; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/at&t/"; endswith; nocase; http.host; content:"att-yahoo.meculinkvolt.com"; classtype:attempted-recon; sid:200004173; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"azeioaz.blogspot.com"; classtype:attempted-recon; sid:200004174; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/index.html"; endswith; nocase; http.host; content:"baovesusonglcxt.com"; classtype:attempted-recon; sid:200004175; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/listeners/ae/n-nv6588123/ae/ae/verify/sms.php"; endswith; nocase; http.host; content:"bardaiconnect.com"; classtype:attempted-recon; sid:200004176; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"baritasonte.blogspot.com"; classtype:attempted-recon; sid:200004177; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/_layouts/15/wopiframe.aspx?guestaccesstoken=d96ydzq8vuilprdurtucov60qbtyz20222a95vav4da%3d&docid=1_1f81a6ca97d114a5f8e9829362518b16d&wdformid=%7b11b3b6fc%2d6e67%2d434d%2da029%2d3afe98d81a11%7d&action=formsubmit"; endswith; nocase; http.host; content:"bdsfa.sharepoint.com"; classtype:attempted-recon; sid:200004178; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/_layouts/15/wopiframe.aspx?guestaccesstoken=d96ydzq8vuilprdurtucov60qbtyz20222a95vav4da%3d&docid=1_1f81a6ca97d114a5f8e9829362518b16d&wdformid=%7b11b3b6fc%2d6e67%2d434d%2da029%2d3afe98d81a11%7d&action=formsubmit&cid=57d50783-8fd3-4515-8ab3-24c639533fdf"; endswith; nocase; http.host; content:"bdsfa.sharepoint.com"; classtype:attempted-recon; sid:200004179; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mp/china/index.php?login=sindy.zhu@swift.com"; endswith; nocase; http.host; content:"bendmytrend.com"; classtype:attempted-recon; sid:200004180; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fr3kf"; endswith; nocase; http.host; content:"bit.do"; classtype:attempted-recon; sid:200004181; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frxsz"; endswith; nocase; http.host; content:"bit.do"; classtype:attempted-recon; sid:200004182; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fs7cb"; endswith; nocase; http.host; content:"bit.do"; classtype:attempted-recon; sid:200004183; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fs8cx"; endswith; nocase; http.host; content:"bit.do"; classtype:attempted-recon; sid:200004184; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fsf6l"; endswith; nocase; http.host; content:"bit.do"; classtype:attempted-recon; sid:200004185; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftahp"; endswith; nocase; http.host; content:"bit.do"; classtype:attempted-recon; sid:200004186; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3ijwsm2"; endswith; nocase; http.host; content:"bit.ly."; classtype:attempted-recon; sid:200004187; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2iz03nf"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004188; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2kduy2u"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004189; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2nog4ow?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004190; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2nwrbgj"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004191; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2oq6dhz"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004192; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2p28z0h"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004193; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2q7fcpg"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004194; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2uwvcnh"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004195; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2vuwbzk"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004196; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2wqlrea"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004197; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2zaee65"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004198; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2zejaht"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004199; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2zomh31?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004200; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/30ceyfq"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004201; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/30dwddq"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004202; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/30vy89r"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004203; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/319qtui"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004204; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/31cwtqd?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004205; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/31d3mp6?facebook_service"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004206; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/31xebzq"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004207; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/32xotak?l=www.bancoripley.cl"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004208; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33ipjf7"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004209; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33pcwtj"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004210; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/34mhgdg"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004211; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/37r8zo3"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004212; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/38xmo4d"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004213; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/392hszz"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004214; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3aetm80"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004215; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3afo6kx"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004216; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3an4lcn"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004217; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3aqvwmn"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004218; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3bdkpfx?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004219; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3bmjhx1?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004220; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3bq4stv?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004221; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3bsgkin"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004222; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3bvwofv?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004223; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3c7nozm"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004224; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3ca8owp?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004225; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3cahvv5help-center-notice-comunity"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004226; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3clopj4"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004227; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3cpqerq"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004228; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3cvl6ir"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004229; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3czqfzo?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004230; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3d7ezub?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004231; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3dj0r1p"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004232; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3dky0ds?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004233; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3e3wjwp"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004234; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3eeiwqv"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004235; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3ego3xw?redirect=system"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004236; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3eoqvcn"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004237; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3eptccr"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004238; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3exbeuu?i=www.bancoripley.cl"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004239; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3fb9f8f"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004240; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3fd8key"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004241; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3fk3blu"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004242; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3fmvby5?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004243; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3fyg9rf"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004244; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3guiinq?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004245; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3gxztog"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004246; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3gyfnlm?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004247; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3hvucnu"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004248; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3hwhrlr"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004249; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3i8tjul"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004250; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3jow35g?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004251; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3jqfusj?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004252; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3jqmbfu"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004253; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3jsnadf?i=www.bancoripley.cl"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004254; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3jvodhm?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004255; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3jxszq1?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004256; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3k2aaqc?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004257; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3kdifqr"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004258; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3kueruz"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004259; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3kxfgbu"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004260; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3l4jpqg?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004261; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3ldovbh"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004262; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3lgmoqh"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004263; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3mgij5v"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004264; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3mkihc9"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004265; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3mrtcap"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004266; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3mryk6q"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004267; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3mvat1h?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004268; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3mwnmia?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004269; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3nddkta"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004270; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3nkpgzq"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004271; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3nvr2mn"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004272; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3phrfct"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004273; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3pqid6z?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004274; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3qc8jtv"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004275; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3qplrme"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004276; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3r49apq?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004277; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3r8xxmg?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004278; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3rd3dgx"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004279; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3reovvv"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004280; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3rkzqb5"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004281; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3rucafb?confirmations"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004282; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3s7gmhf"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004283; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3sdxkuf"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004284; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3tkk6kn"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004285; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3tks2um"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004286; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3tzc89x"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004287; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3vtbyq5"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004288; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3vyh0x9"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004289; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3w8ru6g?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004290; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3wb6m3i"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004291; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3xhfy9m?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004292; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3xkuef1?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004293; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3xrdvez?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004294; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3yatzv9?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004295; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3zbrsmk?|=www.bancoripley.cl"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004296; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3zv9bif"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004297; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bancamps-web"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004298; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/click-confirm"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004299; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coinspot-claim-bonus"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004300; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/community-details"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004301; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/confirm-click"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004302; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edoardopolaccoufficiale"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004303; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-13orange"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004304; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-14orange"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004305; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/id-lockpages"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004306; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/id-locksystem"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004307; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info-details-notification"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004308; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ip13-orange"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004309; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ip14-orange"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004310; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lrs-gov1"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004311; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main-pages"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004312; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mr-pin"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004313; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orange-id13"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004314; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orange-id2"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004315; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orange-id3"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004316; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orange-id4"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004317; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/page-infromation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004318; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pandemicreliefpackage"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004319; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/policy-pages"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004320; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/portale-mps-attivazione"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004321; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/recoveryform"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004322; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/verifikasipemblokiran_id"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004323; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/#/"; endswith; nocase; http.host; content:"bitflyertt.com"; classtype:attempted-recon; sid:200004324; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2p3bbbs"; endswith; nocase; http.host; content:"bitly.com"; classtype:attempted-recon; sid:200004325; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3aolo2y"; endswith; nocase; http.host; content:"bitly.com"; classtype:attempted-recon; sid:200004326; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3bqoevf"; endswith; nocase; http.host; content:"bitly.com"; classtype:attempted-recon; sid:200004327; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3g1epw3"; endswith; nocase; http.host; content:"bitly.com"; classtype:attempted-recon; sid:200004328; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3jrtmmu"; endswith; nocase; http.host; content:"bitly.com"; classtype:attempted-recon; sid:200004329; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3koilft"; endswith; nocase; http.host; content:"bitly.com"; classtype:attempted-recon; sid:200004330; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3xmjxs4"; endswith; nocase; http.host; content:"bitly.com"; classtype:attempted-recon; sid:200004331; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taxirsxcy"; endswith; nocase; http.host; content:"bitly.com"; classtype:attempted-recon; sid:200004332; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/en/wallets/"; endswith; nocase; http.host; content:"bitwayconnect.com"; classtype:attempted-recon; sid:200004333; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/accounts_blackbearcc_co_uk/_layouts/15/onedrive.aspx?id=%2fpersonal%2faccounts%5fblackbearcc%5fco%5fuk%2fdocuments%2fngb%20urgente%20substanti%c3%able%20update%20%5f%20voorstel%2epdf&amp\;parent=%2fpersonal%2faccounts%5fblackbearcc%5fco%5fuk%2fdocuments&amp\;originalpath=ahr0chm6ly9ibgfja2jlyxjjy2nvdwstbxkuc2hhcmvwb2ludc5jb20vomi6l2cvcgvyc29uywwvywnjb3vudhnfymxhy2tizwfyy2nfy29fdwsvrve5as01b19mukjbcutzeunhv3eznw9ccfbtmze3b2fsrnrgnhpzuenbvlfiqt9ydgltzt1tqjzyquroodjvzw"; endswith; nocase; http.host; content:"blackbearcccouk-my.sharepoint.com"; classtype:attempted-recon; sid:200004334; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sella/info.html"; endswith; nocase; http.host; content:"bluehorse.in"; classtype:attempted-recon; sid:200004335; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/012dsd_fiestamart_com/_layouts/15/wopiframe.aspx?guestaccesstoken=t3v5ldmmhrtlw5cyiohlp9z4yo7ufnrop9j1plyfdkm%3d&docid=1_1d89d259f7e704301aca26ac4dbabaa8d&wdformid=%7bfeb771e5%2d93ee%2d4015%2d8e87%2dd1c30d0f406a%7d&action=formsubmit&cid=f609fe16-56c4-4e2b-a964-75e250d31c99"; endswith; nocase; http.host; content:"bodegalatinacorp-my.sharepoint.com"; classtype:attempted-recon; sid:200004336; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nlozan9lgoapq"; endswith; nocase; http.host; content:"bom.to"; classtype:attempted-recon; sid:200004337; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?aplicar"; endswith; nocase; http.host; content:"bonomequedoencasa.blogspot.com"; classtype:attempted-recon; sid:200004338; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s9x"; endswith; nocase; http.host; content:"bpl.kr"; classtype:attempted-recon; sid:200004339; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2r9pyocy"; endswith; nocase; http.host; content:"bre.is"; classtype:attempted-recon; sid:200004340; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/content/7fde14dcc130f933dfa5c0283d776eb9/?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; endswith; nocase; http.host; content:"capstroyinvest.com"; classtype:attempted-recon; sid:200004341; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/content/c0e9ccedb57ca77a45d83f9bde98224b/?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; endswith; nocase; http.host; content:"capstroyinvest.com"; classtype:attempted-recon; sid:200004342; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/content/c0e9ccedb57ca77a45d83f9bde98224b?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; endswith; nocase; http.host; content:"capstroyinvest.com"; classtype:attempted-recon; sid:200004343; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/content/c4957ef2c1f1801d0506e35cc3b5a6a8/?user=3d{{email}}&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; endswith; nocase; http.host; content:"capstroyinvest.com"; classtype:attempted-recon; sid:200004344; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/content/c4957ef2c1f1801d0506e35cc3b5a6a8?user=3d{{email}}&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; endswith; nocase; http.host; content:"capstroyinvest.com"; classtype:attempted-recon; sid:200004345; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/content/d190a3ceefc52c12869c2bee7b9ed710/?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; endswith; nocase; http.host; content:"capstroyinvest.com"; classtype:attempted-recon; sid:200004346; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/content/d190a3ceefc52c12869c2bee7b9ed710?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; endswith; nocase; http.host; content:"capstroyinvest.com"; classtype:attempted-recon; sid:200004347; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/content/fcc3a33269bb5f281754c49ab86c3d4e/?user=3d{{email}}&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; endswith; nocase; http.host; content:"capstroyinvest.com"; classtype:attempted-recon; sid:200004348; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/files/1/0533/5367/6992/t/3/assets/home.html"; endswith; nocase; http.host; content:"cdn.shopify.com"; classtype:attempted-recon; sid:200004349; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/index.php?option=com_content&view=article&id=67"; endswith; nocase; http.host; content:"centromedicoviladomat.com"; classtype:attempted-recon; sid:200004350; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2021/02/blog-post_12.html"; endswith; nocase; http.host; content:"chronopostvalidation.blogspot.com"; classtype:attempted-recon; sid:200004351; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proxy/rdh-rjsrv9zzrx57iscgov74o1gka4qjdfj01qr7v8-pkjgyvn50tivt7pzqgm5kuqdmonqle3f8eq_t8f4xl6jdozabmf2lxy-888ai8hdji633rg"; endswith; nocase; http.host; content:"ci3.googleusercontent.com"; classtype:attempted-recon; sid:200004352; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proxy/djc3ckf7jcnj8l0duyaqyjwffeskzbccy9spjiauj_jwrplgw0ahyaf1xozvm6n_fjn8q1-2vkhqqujjr1en3qej703lyxxujt6tto-ttwsl6hgsggp3ehcc"; endswith; nocase; http.host; content:"ci4.googleusercontent.com"; classtype:attempted-recon; sid:200004353; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proxy/zjba9cvtmkfnoveyofx6gqong0kqi3s69d9o2y32fmu_gankb59tj-rb79bolx0bwbsemnonfhh2esy9olfdp-20gybztkzstfhfheqrrjuefxwiwkqws29wxm6tdobikwz-qkzfphpaldfr"; endswith; nocase; http.host; content:"ci4.googleusercontent.com"; classtype:attempted-recon; sid:200004354; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/eric_cimsltd_com/_layouts/15/wopiframe.aspx?guestaccesstoken=wnhqsp58ikn1qzzozpe2oiw%2fmizdr53wegdbyscml7y%3d&amp\;docid=1_1207bcf2f71094b5cb97dcb5bea3e1a3a&amp\;wdformid=%7bd98de46a%2d2777%2d417f%2dbbcf%2d5f08c8244727%7d&amp\;action=formsubmit"; endswith; nocase; http.host; content:"cimslp-my.sharepoint.com"; classtype:attempted-recon; sid:200004355; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yc8bd&post=665308711_37&cc_key"; endswith; nocase; http.host; content:"clck.ru"; classtype:attempted-recon; sid:200004356; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yzuft&post=665308711_32&cc_key"; endswith; nocase; http.host; content:"clck.ru"; classtype:attempted-recon; sid:200004357; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/icp/relay.php?r=57372110&amp\;msgid=807563&amp\;act=af7a&amp\;c=1365247&amp\;destination=https://www.linkedin.com/&amp\;cf=17638&amp\;v=6023ca6bc5e4f8b8568ed04ff6a646a7d7757336e750d772ecc1cb2b3b6063b4"; endswith; nocase; http.host; content:"click.icptrack.com"; classtype:attempted-recon; sid:200004358; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?qs=6541641088c869552ced792d84ee93eabf075e23cd5eba83a7d07a40ad9cf2ce36c931984719b9df7de658999defbc87f999ec46970a0280"; endswith; nocase; http.host; content:"click.message.fruit.com"; classtype:attempted-recon; sid:200004359; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/#moreinfo@widomaker.com"; endswith; nocase; http.host; content:"cloud-dot-chaser-331005.uk.r.appspot.com"; classtype:attempted-recon; sid:200004360; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste/c4tl1sfout2tbkhn5810/raw"; endswith; nocase; http.host; content:"codepasta.app"; classtype:attempted-recon; sid:200004361; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/#investor-relations@cyient.com"; endswith; nocase; http.host; content:"cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev"; classtype:attempted-recon; sid:200004362; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?!=%25_col_email%20address_%25"; endswith; nocase; http.host; content:"community-die.blogspot.com"; classtype:attempted-recon; sid:200004363; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:b:/g/personal/infonoreply_communitychurch_tv/eburrky2tklimiiiqf0ia5kbbhkaxaypf06-08wf9wjebq?e=w5jmrb"; endswith; nocase; http.host; content:"communitychurch-my.sharepoint.com"; classtype:attempted-recon; sid:200004364; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/discounts_services/writing/loginform2d0e.php"; endswith; nocase; http.host; content:"confabint.com"; classtype:attempted-recon; sid:200004365; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/userbcc/indexx.html"; endswith; nocase; http.host; content:"consultorioveterinario7colinas.pt"; classtype:attempted-recon; sid:200004366; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/js/crop/cm"; endswith; nocase; http.host; content:"createchsoft.com"; classtype:attempted-recon; sid:200004367; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004368; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?.rand=13inboxlight.aspx?n=1774256418"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004369; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?.rand=13inboxlight.aspx?n=1774256418&amp\;email=jackdavis@eureliosollutions.com&amp\;fid=1&amp\;fid=4&amp\;rand=13inboxlightaspxn.1774256418"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004370; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004371; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004372; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;amp"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004373; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;amp\;ampopensource:observable-35835700-0d08-4c25-a188-b8312ba00a941067515"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004374; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;ampopensource:observable-35835700-0d08-4c25-a188-b8312ba00a941067515"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004375; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;fid.4.1252899642&amp\;fid=1&amp\;fav.1&amp\;rand.13inboxlight.aspxn.1774256418&amp\;fid.1252899642&amp\;fid.1&amp\;fav.1&amp\;email=&amp\;.rand=13inboxlight.aspx?n=1774256418&amp\;fid=4"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004376; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;fid.4.1252899642&amp\;fid=4&amp\;fav.1&amp\;rand.13inboxlight.aspxn.1774256418&amp\;fid.1252899642&amp\;fid.1&amp\;email=jsmith@imaphost.com&amp\;.rand=13inboxlight.aspx?n=1774256418"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004377; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13inboxlight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=jackdavis@eureliosollutions.com&.rand=13inboxlight.aspx?n=1774256418&fid=4"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004378; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct?email=jackdavis@eureliosollutions.com"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004379; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/images/verify/update/y.html"; endswith; nocase; http.host; content:"creativeingredient.com"; classtype:attempted-recon; sid:200004380; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2011/02/habbo-crediti-gratis-sicuro-100.html"; endswith; nocase; http.host; content:"creditiperhabbogratissicuro100.blogspot.com"; classtype:attempted-recon; sid:200004381; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"cusstomerservicee.blogspot.com"; classtype:attempted-recon; sid:200004382; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2isbc3k"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004383; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3yqokjg"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004384; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3yy01ci"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004385; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4ypfq09"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004386; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5yhe1qn"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004387; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7yqfwsn"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004388; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aynunsk"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004389; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayw5mev"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004390; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bundu4e?id/help/pages?ref=cr"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004391; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/byqp8mx"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004392; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/claiminc"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004393; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ctmlfil"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004394; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cyni5cc"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004395; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cyqucr4"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004396; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dkvkq49/"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004397; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gyqdc7m"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004398; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ingdirect-es"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004399; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iyn1owx"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004400; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kiiataa"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004401; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mynrk6q"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004402; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ny0rjd4"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004403; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nynglzu"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004404; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nyxbpmv"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004405; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oyqykkh"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004406; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ptl7kd8"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004407; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/py2rr2z"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004408; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pyqptqe"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004409; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pywuwcj"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004410; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qyc4svc"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004411; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qymd2vc"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004412; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rykpt4j"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004413; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ryzqc5o"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004414; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyq6jn2"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004415; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uybigpf"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004416; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uydktcc"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004417; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uyqji5z"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004418; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uyx0po9"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004419; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wyc154r"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004420; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xynjuem"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004421; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ytv0uzv"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004422; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oglp"; endswith; nocase; http.host; content:"cy.tc"; classtype:attempted-recon; sid:200004423; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/#?act=cl&pid=34515_md&uid=1&vid=25&ofid=1615&lid=126&cid=17171"; endswith; nocase; http.host; content:"d854c624d7.gesundheitundschonheit.com"; classtype:attempted-recon; sid:200004424; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/online/showdocument?documentid=1fce937a-ba39-4053-a83a-f07711ad8efd&invitationid=82f3e840-cd11-4da4-8579-304bd7e930b0"; endswith; nocase; http.host; content:"digisigner.com"; classtype:attempted-recon; sid:200004425; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vszcwxk6nifthkg32wjxfjgq9yc-jjujkbsumqeeau8uw7xkcutyp0tbgux2mvwu8iqfrxxlunajob8/pub"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004426; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vt_xl-m0ff8yqqhzhgseahgwejo0znh9re6w0qvgbe0qfe084hrebjjg673htphdnvbcdnq6agehncq/pub?mobilelogin"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004427; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vth3iya0ov7p49rk9ejozgqnueuk8fna2mky389hertlwx4mnoyhl1mlhnwbz8sxnsqtk8i5uysmq68/pub?embedded=true"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004428; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vts9czxqycsgi-quifs7m1mqjzmlcjlccnhw3dsahdss5ymnpy6y0vsgwvf3piu6js22ydjyew1oyo_/pub?embedded=true"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004429; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/12467akksjbdxtns1aefg-fo9hlxamtxynf5brvbz5tc/viewform?edit_requested=true"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004430; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/1fpyjsolbptidxpf23lqom1jghfw7qrvbbbfxxi82pzg/viewform?edit_requested=true"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004431; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsc-xysogohjsbzmcnoded8ooar2gz1c5zxobgk8envh3jbpow/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004432; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsc0yyqlieizg0nzouznvhsjfags1h9qi5hpdw3qlgbivm501q/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004433; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsc4bagzjzmstbnjhy7zpy5zsx-xrn7reoouolv54luk5tihha/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004434; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsc8uc5aztlek3s6dqtk1etorhez5m2yvubyw5qmfkpisrelcq/viewform?usp=pp_url"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004435; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsc_enqwhhv1jnvzy55mb4ghvjd4wcz9plnolh2eoitk7qgbra/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004436; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsc_f0pxmnwzrtbck6u06fdzocmhgzvjzlc8cu7c9b456fhccq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004437; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscaoiohhbm7suyz9ol9o9ueunbxn6donxrfjge2cevdw_8jmw/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004438; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscc30j0zmjvz0ct-wi59yhnz9gimpj3snofe5vkbovmeykomg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004439; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscc98m5fw4ifog0zeiuquxitizmisrgsdvyxvtxsppunpkwzq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004440; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscclmqirehqtkm3vl4u9gm2zv6xfvrddbrgke9fmsfujqbboq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004441; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscd8t8sjgxqrsa6dq5kjpmrpsxkvi4bl38sfdu7wa3sl32elg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004442; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscda1to5ru4sjeeujg3ki2bimklprvsec6u43kpvhbfyhrldw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004443; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscda1to5ru4sjeeujg3ki2bimklprvsec6u43kpvhbfyhrldw/viewform?usp=sf_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004444; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscdct8mue2qq3syjr4tnntol30jfdk8vwpco6yjh7dxnq5nyg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004445; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscdct8mue2qq3syjr4tnntol30jfdk8vwpco6yjh7dxnq5nyg/viewform?usp=sf_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004446; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscdkcb2saiqfhtrh2inewegl56-jrv0e_ncfubvdmdprxpzfq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004447; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscdkcb2saiqfhtrh2inewegl56-jrv0e_ncfubvdmdprxpzfq/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004448; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsceoxsfawdsbd2r-jk2sppywnv1bchzjjcw2xkcj7oqkwqriw/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004449; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscf9u8nrld-zvu6clr4jcwnw0buqrykdldtzoullbxy8kc1ta/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004450; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscfh2njwrve6_rkxxy1yz83keoeekd4maqcnd-ivq7rkg0uca/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004451; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscfmdl3il-2rcplfeq-12jtre1mwsgbnmh2nhoj9xoflmplew/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004452; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscirilop6_iti0zvvrlsbk8zfaeo-f10otlhj9k5liyervk4g/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004453; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscjtat4fmstlxz3hbfkg4qyi-epfdmun7_avcqwvgscoydytw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004454; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscjvnhykksssaw-kycyrl6ywg_r3fdjuyqhk2mrmxcpgwfxoa/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004455; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscmzyecgbuuccfs_5e5axn9hpruzskqmvseedm0xz1qrqb5vg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004456; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscn6xxq_xvtivggy_4rkibou1i27e0kpiimikafpaavki1vsq/viewform?usp=send_form&usp=embed_facebook"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004457; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscphvypdecdasu-iqnvt4bvkiu5g1fioskjyfi9gk2z69cemq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004458; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscqbbsvkpxnasqgeazpzwxp1ln7qzdurt-nqn4azqa7q14euw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004459; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscrgopduxv2yg9memppi-dzfii70kq8hr8pi5zn9o_5amr3xa/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004460; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscrmsgjymaojts0bfneswvnfekiw6zya5rzyqoa1ydp5wkcrw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004461; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscuttypbph1iazuis8aa6xvrlmagwglmdcrrg8g2oymskvbva/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004462; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscuzwqncl3qs7cwfb7jlimpdueycxy0mv6zknp0uubdbkcu3w/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004463; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscvp9muuu33wgba4h5kugaleeh0onrqzug-b6n5aj5werrmaw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004464; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscvqmhqgwbubzxdynzgvlbmmziyagdiadz2eyhc-s-ro8ndfq/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004465; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscxgbsqs0_gphf4vziykyu_g5rgytw2s9fir3lyfar7kaixew/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004466; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscxgbsqs0_gphf4vziykyu_g5rgytw2s9fir3lyfar7kaixew/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004467; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscz4uf8dtvwhgxggkzsbbhjcgu9npgc6agxpy5o2fwpo6tv5q/viewform?usp=sf_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004468; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsczp3nbsyvoj5-wf-7k4xshjczyxvdc-lc679urtbl_k-9x8q/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004469; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsd1x00gqusaavdvp5ualsrctsjb80y9oy7yln6wwani40srpw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004470; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsd1x00gqusaavdvp5ualsrctsjb80y9oy7yln6wwani40srpw/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004471; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsd3x6brnru3toiionptordwmc4zorxcky1ebpmeg6bb4jfuca/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004472; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsd7jgegqudsjg7blscqgfvdftyvlno6xreg6wjuxl0hnfbwtw/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;gxids=7628"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004473; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsd8_xzmknrntxwpeg8bvmvbbzmjsfgejo-vngsmyjx1dnidsg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004474; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsd8vkw5fxeroe_pxa7n5cdfpukhahbg_7k7sg0iuosh_xsyoa/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004475; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsd9poeb_wmgffgg8taw4z_np0kdbo32gr35k1zxizj7lcdela/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004476; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsd_c4wpt0zzouwt5lr9p5kn5cylz3ananv1hlix6u_h36w1rg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004477; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsda4flfi-1_gvwqnbb1dcxz_mb5omo9t2oc-vslzfgh6avrag/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004478; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdbgprbyowwcugqslasnoo-sbqcrgi6ppycsytvsw2_dwfeug/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004479; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdce9c1bqexlzlu9rojtuwtaatyeeshywbkmuiobrw_a-_mga/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004480; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdce9c1bqexlzlu9rojtuwtaatyeeshywbkmuiobrw_a-_mga/viewform?usp=pp_url"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004481; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdcznggxnwia2ct8kmxid1tdqhgerhnmixukxuj7nmq1lqsma/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004482; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdfarxg-0eurkyimsg-ukgl4mbtgvwfhe1wzbdxmb7oaosnyg/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004483; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdfyxb1kjjvkaiwbbpbgr0dfaq1xx2ehhzbxnt3adndssy1yw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004484; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdfyxb1kjjvkaiwbbpbgr0dfaq1xx2ehhzbxnt3adndssy1yw/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004485; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdgxybkn7btnmkuuyyoe0rlbw8kmdgbwejv6l52fjbm9vledg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004486; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdinjm_qvdbv3roybqi073rm1pujmrrs7lid7c3qk-4xwweew/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004487; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdlwgxgjcqz_53lnvyfaiibnkptndldhs4vd0c__6lufv81zq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004488; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdmsww4edj2yofwdenmvl3uvyibigishgajtsfa7chvcan0wg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004489; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdmsww4edj2yofwdenmvl3uvyibigishgajtsfa7chvcan0wg/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004490; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdnngh7an2vfxw1k7cotxcb24wwne2qcm3j5deelwsn676z2q/viewform?usp=pp_url"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004491; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdpetadtoy4qkid3frxtq_jkthudhyvm17bkmb8iqonismzvw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004492; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdvo-nueiprck-o5gw7-bnmsz9jvwlyspeqfhfr2g2osbsrba/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004493; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdvwkczn_rxvn1522z1mcojbs40ymrctyizpyuv72_0wbypgq/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004494; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdwbz5hapgqojwjyndeeyjxamg0wnaj3kolh3fb6xf4c-fxjw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004495; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdwbz5hapgqojwjyndeeyjxamg0wnaj3kolh3fb6xf4c-fxjw/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004496; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdxm-rwnv41p3wdcbtetukrctoakvuoe1h_uy8jgnxy7kldza/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004497; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdy1071rbhheyidjzo6fw5busqot5eunllw_thawo6udamfaq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004498; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdybqflfptobqslhflytic3g936bnojaljztk6ct1d5mjvnnw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004499; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdyygc4-s_a1dcdvcf9z9n1yhvz2dnehdr2aij-bcetxe2csg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004500; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdzrubbm3nrqdzjs6q7phutjgmn-dm8zquphjg9ge31q7bdhg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004501; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlse3-zgmg83lctfks0egmambwonybkscrvxix--n1azwngkphg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004502; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlse5htthgifmniezokiypnjjhanvkvlehsrk9esgcpoauqutiw/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004503; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlse8ds15kxxdcrhfspcfrbvy6sbdhp0e4540zzmhhvzouewvka/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004504; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlse_mo9pzgdahzdgz0wctr7lm0cqm_zwos8ljc4cqgtvnqfmfq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004505; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseaoj1gseoc72inocx9jofb1nqgqm81_firdsookdvnd4fz3q/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004506; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsebpakzyvtprhygwe23jlsdieyoca0jtiyy-f68nqwofparww/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004507; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsebyedalhc7exqq5fljf8x1akbwz0h8l8ojbx5nx3go7bh3sa/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004508; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsebyedalhc7exqq5fljf8x1akbwz0h8l8ojbx5nx3go7bh3sa/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004509; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseck8-g3um70ihw-ajfait5whcec3qdowobizswz8_-et_jkq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004510; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsed7ckwpjf0hndj7zb3qtjmirtkv6pwcrmhplptuczapfmdew/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004511; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseerl98zqhhsjdo_vwhfzft3njmrw-es6isa689uqc2opalkg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004512; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsefdjhvlb8j4f16k5uewfckrm6sxun7mb8kmt6hnsw4twzb1a/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004513; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsefv5nkokmsxbkw84jsid2gwxxq8hhcvvajj-hjwl43irewza/viewform?vc=0&amp\;c=0&amp\;w=1"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004514; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseggxi9u9oxdijtvvfpdkom7-bau-dstzgnovfyndrhxtk_ew/viewform?fbzx=450838898210045776"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004515; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseht4cdltkad8967jjarcb5nafonbaw3dtpynth9mdk94hf-q/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004516; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseirld9oyigwxmec2bc-ax4yd-m-rhezlne00aminsjf0uteq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004517; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseja63wnjv6158neslzqwlnlui4yluhb0nlou-vx0ehpwkexg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004518; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsejavlqdkikylynqlg6p7kyfu4qnlyy31opnfttucuhgmek4a/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004519; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsekx9ewwwdcej4qewpnqgzq3bzhqogrop2ui9vxaeswphzyvq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004520; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsemwyrvcln1ql8uxd0dsiswveuehikz5hwalfeni7jjfaefmg/viewform?usp=sf_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004521; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseoz9zpmm0c0fjksklv-p1hsrwsuybmj6bvbd_fkewzzcv_ea/viewform?usp=pp_url"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004522; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsepe4jevfm3mjc-vndxuq_9wjpc7afrjadkxvp8czawh27cqg/viewform?usp=sf_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004523; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseq5h3-5stw3bwnpoi6g-gfwcgej7q82incdm01dd1lf182iq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004524; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseqdx2wgybdxlhascsuopq1xqsmwrxjf4erl_cpmvtt96dq_g/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004525; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlser-b6q--nvif2fj7nbn88dh8lj-s2yfbgjyuygwsacbhm6lw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004526; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsesuqyiwovf64ujl8ewzqpw-vq7_ljhh96vouros2rqn1vunw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004527; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseszgantjzuxgteg0dsiizzmadcwjbjqcsri5nidod2rd2_lg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004528; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlset42bzecl3yrdnnffv6f7kecxpd1sy4rbh3h3govwg1k1z1w/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004529; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseumxp-wga1x873upqxmi_hx8nbbllh12zzmxia1xuqp2mgbq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004530; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsevpkt1byhl-oqjptw8wbecnm7-iqnax-mz8zd-mxp0fol3jg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004531; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsewr7-ksdpydhc1tv8tkcxrlad8zrf3q_uqt-rj9a_fmmzxya/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004532; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsewr7-ksdpydhc1tv8tkcxrlad8zrf3q_uqt-rj9a_fmmzxya/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004533; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsewymtg0_yxlw9-prz205ldklpt1q0_aklvlput4ndg_coetq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004534; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsf-exsf9vm0rleksdp46wa2dfca3dhphayf4tl4rktjvmgguw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004535; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsf32hx6ujsi_gqji38udpamxxxnhyrx8qhmqcqnteinj_0cmg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004536; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsf43dgkrjoe0kbhyqzxvaswkmbstzlu6x-40xi-sxxgfevhww/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004537; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsf9wlt_kxvre3b2hhpi0hcx4zia83c9bbkabo4w15nfekvwuw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004538; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfacaqo8c7hsu7mr6zkbsfulv8m710ke2qna_7tyusomgmtjw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004539; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfacaqo8c7hsu7mr6zkbsfulv8m710ke2qna_7tyusomgmtjw/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004540; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfanborkr2ivrhpsjdnvnb-jktwkjbuub3wnsxb-md7haddsq/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004541; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfbu-bfa-om2nk21gbc1gbbeoy4veybh7qcrj8jw7nwthmh_w/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004542; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfeoy_w3jwkkz8psgsw4nrja9tmg2lx0x0nvtmv38k0hjzzmq/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004543; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfgomlcpbyhodks1bwjmx6f5jr0tqwhngun_juf2qk0jp8dbq/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004544; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfgrkvxsp4vv3h2jpge8n2rwi_acvt3o91y4av8-nbjpc0xxw/viewform?c=0&amp\;w=1"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004545; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfhzli805cycnlai887dfo6ra8bwbwjbc8uehmv5amiaqdbyq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004546; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfjpx-sxpejnp_q2fmfu0jy8oqoesrx9wbrqplcychw9luupa/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004547; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfjsgjhbjke-mlmni8cfg1tacz-hdpvmy5j2br9upjr1f7nda/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004548; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfjsgjhbjke-mlmni8cfg1tacz-hdpvmy5j2br9upjr1f7nda/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004549; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfk9fn6xlhju27dzlzxp6nzvjlaqbtzb3uf20uakw6ddguvnw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004550; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfk9fn6xlhju27dzlzxp6nzvjlaqbtzb3uf20uakw6ddguvnw/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004551; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfk9hpkld9-qwaxs8b0cpslaw2-oomu6bcwpxkmp-fo8kr3ew/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004552; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfksirdejkit-tdeiwrnkf00ygsqdsqth0hmwydiqdik10tna/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004553; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfnjyzbmw-pd1byw4b4opoksx2cealounsnhg5fjc3fk1qocq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004554; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfnlsbejsiacubkj2geltmn7slefoweeczuagp3jfmfkijg4a/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004555; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsforgq2zksc0soenei1m7xcow9surjrynoh6ppsku6_kxvdpw/viewform?usp=sf_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004556; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfp1eukgsktriyraz2csynqwfwtv6ehlnbszu69dbxz9lirtq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004557; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfp1eukgsktriyraz2csynqwfwtv6ehlnbszu69dbxz9lirtq/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004558; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfpvmlfha5uwdz_4bnvq19l2mctpltose6aszym6w9ls0hxza/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004559; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfqpqpbuxrrc0ubvtbrr86nxa4pt68zft0bm_2ufdvt1tzvuw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004560; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfrzt6zpkhgtvzqutkypqtjffxaucn3evqpf6ytbqug3t41yw/viewform?usp=pp_urlorganization"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004561; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfsia_g4fb5yg_cu8fjuxcndbgqz1setzfedm0cw0eaonb57g/viewform?usp=sf_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004562; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsftriyys-rvphnbmh6v6lyimxjy3rpog8xvtb3v1agqhawiva/viewform?usp=sf_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004563; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfuzr1yx2exrzt3ysxszgcawjpp45t9gz3nqtkvhfqslxw_ig/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004564; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfvgwgijgampx2qfseard_pb2bcyonllojnjhrv9qxb8vpeva/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004565; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfvgwgijgampx2qfseard_pb2bcyonllojnjhrv9qxb8vpeva/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004566; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfvhavjlgw4__-x0qdg5tbot5uo9vkn4csn8mx3lpvkdah8ag/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004567; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfwbcfrxuktidm2ctjalngebxbx4k_dijxbekg2y-naausaqw/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004568; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfwdsuczwrih_wnciwh_qjpg1v5p-qk8zyjjoccpbhmyeygrq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004569; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfygwrauuzg0kcnd6w_s42qneyhqpha0zs1rift0akntmlugq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004570; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfzhyjvw1nn6bvqhbwmd3rcrm6gukuzir5u9tmsszmcrr8nyw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004571; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/presentation/d/e/2pacx-1vrp2k-b45tcwcadgwzkulyaqrs1f9vfjs3y19o6fs_7p34ymzwuascr7lkuijhc83-o6fmsbbvehcf2/pub?start=false&amp\;loop=false&amp\;delayms=3000&amp\;slide=id.p"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004572; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2013/12/thereal_dv"; endswith; nocase; http.host; content:"dodgersdigest.com"; classtype:attempted-recon; sid:200004573; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/19zpw90jgon3j5merxi1pauvkjdmx8nfq/edit"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004574; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1bcdyitw2vo5jp6yrbdmiy8cfrkcf4tby/view?usp=drive_web"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004575; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1c5o9_y8_octsepwyojfarn1k-kj4d9fe"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004576; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1cppgzjnodnftsks_w82um_b_ctgzn-ah/edit"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004577; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1fdgs5g6fqqkudcl2meym63ua3yu0o-tb/view?usp=drive_web"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004578; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1fsvmjkcq7ennrsfdufkcxshfhnda_fui/view"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004579; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1ginbnlpvt7kpfnog9a68fqmn7k3aivui"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004580; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1hdvx7j89h5l7yz39idgzhqji93jnkl_c/view"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004581; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1jixb69t_nw9tmkhvfrejkfzof3d-ijet/view"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004582; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1jvfh6wq9ea9kxr1shhwbh3pecflqzppc/edit"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004583; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1mg5asnyoeet7qsg2n0d_2paxc3j7wx3k/edit"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004584; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1qf58h-1lunq1pubplwdhwd3uooj_vjxa/view"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004585; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1robiosanbh8doqa7yuiewn3akz4094ho/edit"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004586; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/alldomain/domain/dmain/index.php?i=i&amp\;0=abuse@optusnet.com.au"; endswith; nocase; http.host; content:"ecomcrew.staging.wpengine.com"; classtype:attempted-recon; sid:200004587; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/angela_ure_ecusltd_co_uk/_layouts/15/wopiframe.aspx?guestaccesstoken=umwosbguhwaqic3hhtqfly7zjwf8oggrcn6d%2bggohoc%3d&docid=1_1956f6e254d71417a89981b2a1c8d0a99&wdformid=%7be61ca4f5-c461-425a-a52e-4598e7b699e5%7d&action=formsubmit&cid=4ab9a2a7-7cf4-43ae-8149-ffead8d66e7b"; endswith; nocase; http.host; content:"ecusltd-my.sharepoint.com"; classtype:attempted-recon; sid:200004588; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/marco_eeverywhere_com/_layouts/15/onedrive.aspx?id=/personal/marco_eeverywhere_com/documents/documents&amp\;originalpath=ahr0chm6ly9lzxzlcnl3agvyzs1tes5zagfyzxbvaw50lmnvbs86zjovcc9tyxjjby9fcwhvbeq1x3hltknorzbdmdvvmgjvvujoy1z3b25futjvejhtlwxqrg9svwvrp3j0aw1lpvduaunytfu4mlvn"; endswith; nocase; http.host; content:"eeverywhere-my.sharepoint.com"; classtype:attempted-recon; sid:200004589; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m&#61\;0"; endswith; nocase; http.host; content:"eleoelswka.blogspot.com"; classtype:attempted-recon; sid:200004590; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=t6t%2fhn1dkbyhlyx%2beimbazufa43rrgz6%2faaaewnocdi%3d&docid=1_18168db23429e45f29fdf2e7be120efc4&wdformid=%7bb9970f62%2d44c3%2d4d09%2d9929%2d6e1eb652da57%7d&action=formsubmit"; endswith; nocase; http.host; content:"ersfilter-my.sharepoint.com"; classtype:attempted-recon; sid:200004591; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=6ywmlbqi9%20sjfgzhadhvte2gyowjf83iqbjrjehik4s=&amp\;docid=1_135f7008dfbfa44e6b09dab0eb165b997&amp\;wdformid={e037f2d9-5daa-4916-ba03-eb11d0aa6dea}&amp\;action=formsubmit"; endswith; nocase; http.host; content:"ersfilter-my.sharepoint.com"; classtype:attempted-recon; sid:200004592; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=6ywmlbqi9%2bsjfgzhadhvte2gyowjf83iqbjrjehik4s%3d&docid=1_135f7008dfbfa44e6b09dab0eb165b997&wdformid=%7be037f2d9%2d5daa%2d4916%2dba03%2deb11d0aa6dea%7d&action=formsubmit"; endswith; nocase; http.host; content:"ersfilter-my.sharepoint.com"; classtype:attempted-recon; sid:200004593; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/takesurvey?tt=/p9xlsw/pwa97qdwq8ubbg%3d%3d"; endswith; nocase; http.host; content:"eu.questionpro.com"; classtype:attempted-recon; sid:200004594; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t/ab3uufjzb3vk20"; endswith; nocase; http.host; content:"eu.questionpro.com"; classtype:attempted-recon; sid:200004595; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?fbclid=iwar3cu_8pblosqw-rwa7evcrs5jpl6zvzkou0qrf7vl9oqge4h2ctmcxrdyk"; endswith; nocase; http.host; content:"eurobankovnikredit.com"; classtype:attempted-recon; sid:200004596; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shard/s339/client/snv?noteguid=f48e12fd-48da-e57f-8e76-cdf6e4054e1d&amp\;notekey=02a9fa6bd051dc6b4581ee3b617b3f88&amp\;sn=https://www.evernote.com/shard/s339/sh/f48e12fd-48da-e57f-8e76-cdf6e4054e1d/02a9fa6bd051dc6b4581ee3b617b3f88&amp\;title=optus%20webmail"; endswith; nocase; http.host; content:"evernote.com"; classtype:attempted-recon; sid:200004597; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shard/s446/client/snv?noteguid=4dc119ab-57d6-b8e0-4fcb-c11c0a637b94&notekey=9ddb3753cb700b0c86a78176be71f4f5&sn=https%3a%2f%2fwww.evernote.com%2fshard%2fs446%2fsh%2f4dc119ab-57d6-b8e0-4fcb-c11c0a637b94%2f9ddb3753cb700b0c86a78176be71f4f5&title=you%2bhave%2breceived%2ban%2binvoice."; endswith; nocase; http.host; content:"evernote.com"; classtype:attempted-recon; sid:200004598; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shard/s446/sh/4dc119ab-57d6-b8e0-4fcb-c11c0a637b94/9ddb3753cb700b0c86a78176be71f4f5"; endswith; nocase; http.host; content:"evernote.com"; classtype:attempted-recon; sid:200004599; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/jameswaterston_everythingmobilelimited_onmicrosoft_com/_layouts/15/onedrive.aspx"; endswith; nocase; http.host; content:"everythingmobilelimited-my.sharepoint.com"; classtype:attempted-recon; sid:200004600; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/tim_hansen_excelelectrical_com/_layouts/15/onedrive.aspx?id=/personal/tim_hansen_excelelectrical_com/documents/open%20to%20view%20shared%20document%20in%20hitech%20sharepoint&amp\;originalpath=ahr0chm6ly9legnlbgvszwn0cmljywwwlw15lnnoyxjlcg9pbnquy29tlzpmoi9nl3blcnnvbmfsl3rpbv9oyw5zzw5fzxhjzwxlbgvjdhjpy2fsx2nvbs9fa2zoazdydndfaettvl9pwulkctdzmejlveeyr3awzwjnsdfkrgdjrfdfttznp3j0aw1lpunrvevzrwxcmlvn"; endswith; nocase; http.host; content:"excelelectrical0-my.sharepoint.com"; classtype:attempted-recon; sid:200004601; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r?us_privacy=&amp\;a=p-w_ayumw3pzr2w&amp\;labels=_qc.clk,_click.adserver.rtb,_click.rand.60541&amp\;rtbip=192.184.70.137&amp\;rtbdata2=eaaaiencvf9odwdnzxrzx1e0mjfftwfuywdlzf9tzxj2awnlimofncj-jtiws_b-ohnodhrwczovl3d3dy5syxcuy29twihbt0llsefpmvdcvwi0vmdxvi1julfbztjdullinvfzuuitwjdutjfpdu3bfukaayfd3aqeoaebqahv4fyeugeawahq-aniadv5u4til9obfllxavhtz0fpaghnqs1sufktuvntqkhlaarzydroawsyaviznracclocbmc4ronaagliagdqas7hhvv4n_fmqqhgagdoagd4agckaxywlnb1yi0xmjyxotkyndq0odazodc1mamaqamasgmejmh7angd_dgd4gmpcc13x0fzdu13m1baujj36gmfcngfefryawu5mjeymfgdaiaeayoedxf1yw50y2fzdc1xyzhybajvuw&amp\;redirecturl3=https://www.cbtnuggets.com/?utm_source=quantcast&amp\;utm_medium=prospecting&amp\;utm_campaign=general_us&amp\;utm_term=testimonial&amp\;qc_campaign=cbt_nuggets_q421_managed_service&amp\;qc_adid=2078771"; endswith; nocase; http.host; content:"exch.quantserve.com"; classtype:attempted-recon; sid:200004602; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/remote/mandate/4jya9anuerrpmikrph7-j5pl9nyz_uw1bc7q1vvmmhw"; endswith; nocase; http.host; content:"exchange4free.com"; classtype:attempted-recon; sid:200004603; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rrefeeieoj.html?erectrcsq@*cthiytvcdx$zsxycuikjmkjivee$terdtygjyvtrre"; endswith; nocase; http.host; content:"explorebathurst.com.au"; classtype:attempted-recon; sid:200004604; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gvrmpushnotification/nbproject/private/fbapps/melis/"; endswith; nocase; http.host; content:"fbapps.milestoneinternet.com"; classtype:attempted-recon; sid:200004605; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/customercare/_layouts/15/wopiframe.aspx?guestaccesstoken=ce%2fd5uzxeu8hlntd6e5v18nttv4whxgmlwyudt4igom%3d&docid=1_1eb5df03726a240859b223a44b8b16724&wdformid=%7bb8008e00-21bc-4a4a-91dc-1e1b63610c96%7d&action=formsubmit&cid=c766f7bd-9562-4c9e-a9b0-75cf38b33e48"; endswith; nocase; http.host; content:"fclighting.sharepoint.com"; classtype:attempted-recon; sid:200004606; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/investorway"; endswith; nocase; http.host; content:"feeds.feedburner.com"; classtype:attempted-recon; sid:200004607; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//?m=0"; endswith; nocase; http.host; content:"ferferfccezs.blogspot.com"; classtype:attempted-recon; sid:200004608; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"ferferfrefe.blogspot.com"; classtype:attempted-recon; sid:200004609; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jelxwqrcrvhj&amp\;ijosing&amp\;kontakt@wmb-walther.de.html"; endswith; nocase; http.host; content:"fifit.co.uk"; classtype:attempted-recon; sid:200004610; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f/75h75hd7v"; endswith; nocase; http.host; content:"files.fm"; classtype:attempted-recon; sid:200004611; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/biyugbhiuhgy7o900-h9oh98h9-987.appspot.com/o/vnmbvuyt8-8y98yh0%3d890y8iuh9yyh%2f5rtyfghtfyu67-9876trfc%3d9ygv.htm?alt=media&amp\;token=dce6f041-19ff-4e8a-8012-1cfdac4cf369#bv@pplsi.com"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004612; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/dr-clin-c4f68.appspot.com/o/drweb.html?alt=media&amp\;token=09293ba9-0738-41ea-9cf3-67cb43af2b88&amp\;x=famacas-cfa0appspotappspotmacas-macas-vfwefsaxsppspotcfa0ps&amp\;prox=p2000isolation@aaa.kr"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004613; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/dr-clin-c4f68.appspot.com/o/drweb.html?alt=media&amp\;token=09293ba9-0738-41ea-9cf3-67cb43af2b88&amp\;x=famacas-cfa0appspotappspotmacas-macas-vfwefsaxsppspotcfa0ps&amp\;prox=yourname@yourcompany.com"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004614; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/goo2-ac630.appspot.com/o/goo%20(2).html?alt=media&amp\;token=2d1281a2-3364-420f-a3b5-c693b7bda1f2#a@b.com"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004615; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/macryti-109.appspot.com/o/kp-oe0%2fbtt-hash.html?alt=media&amp\;token=02abe8bd-5141-4b5a-a7d4-08120e5f43dd#choiteng@motenghaiplc.com"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004616; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/ntachi-e1dbe.appspot.com/o/hgigieiciejceinhviejrie95489349%20(19).html?alt=media&amp\;token=5901e369-e71e-416b-9688-b21c62e31587#m.couvee@colasit.nl"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004617; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/odrv-3c4a4.appspot.com/o/index1.html?alt=media&amp\;token=11958c2a-34a6-4ed1-a1b5-081ec066cb95&amp\;data=zxzhbi5ncmvzagftqg1py2hlbglulmnvbq=="; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004618; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/outlook-4c0f2.appspot.com/o/books%2fwebmail.htm?alt=media&amp\;token=216401d2-aba7-42f4-8fd5-9b672cade830#abuse@optusnet.com.au"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004619; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/outlook-4c0f2.appspot.com/o/books%2fwebmail.htm?alt=media&amp\;token=216401d2-aba7-42f4-8fd5-9b672cade830#tiekimas@tidlo.lt"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004620; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/rei-rezuio-rexire-565.appspot.com/o/%40%40%40indexv-vb-vau-ry-8%252fbv-yu-er-8f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%20-%20copy.html?alt=media&amp\;token=da92acdd-870d-4049-b9ac-f0d373777f06#info@legalshield.com"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004621; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/rei-rezuio-rexire-565.appspot.com/o/%40%40%40indexv-vb-vau-ry-8%252fbv-yu-er-8f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%20-%20copy.html?alt=media&amp\;token=da92acdd-870d-4049-b9ac-f0d373777f06#support@legalshieldcorp.com"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004622; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/rned-a824v.appspot.com/o/gen%252findex2oli.html?alt=media&amp\;token=828c2259-c86f-442e-91a0-8d43a1fe7d8b#abuse@optusnet.com.au"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004623; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/tei-neriou-reuix-678.appspot.com/o/%40%40%40indexv-vb-veu-ry-8%25433%2569.html?alt=media&amp\;token=6b0a9c43-8711-491b-9f40-50ad280ffb32#ggradnigo@prepaidlegal.com"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004624; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mc.html"; endswith; nocase; http.host; content:"flavena.co.rs"; classtype:attempted-recon; sid:200004625; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btinternetwebmail"; endswith; nocase; http.host; content:"flow.page"; classtype:attempted-recon; sid:200004626; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bttelecoommunication"; endswith; nocase; http.host; content:"flow.page"; classtype:attempted-recon; sid:200004627; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hdhdhdeue"; endswith; nocase; http.host; content:"flow.page"; classtype:attempted-recon; sid:200004628; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hjbsvjhfb"; endswith; nocase; http.host; content:"flow.page"; classtype:attempted-recon; sid:200004629; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jhgcfghj"; endswith; nocase; http.host; content:"flow.page"; classtype:attempted-recon; sid:200004630; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mnkpo"; endswith; nocase; http.host; content:"flow.page"; classtype:attempted-recon; sid:200004631; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nicszdbaiodi"; endswith; nocase; http.host; content:"flow.page"; classtype:attempted-recon; sid:200004632; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p/vf7vfv9ky?fc=0"; endswith; nocase; http.host; content:"flowcode.com"; classtype:attempted-recon; sid:200004633; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/page/btinternetwebmail"; endswith; nocase; http.host; content:"flowcode.com"; classtype:attempted-recon; sid:200004634; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/page/btisojtuf"; endswith; nocase; http.host; content:"flowcode.com"; classtype:attempted-recon; sid:200004635; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/page/bttelecommunicaation"; endswith; nocase; http.host; content:"flowcode.com"; classtype:attempted-recon; sid:200004636; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/page/bttelecoommunication"; endswith; nocase; http.host; content:"flowcode.com"; classtype:attempted-recon; sid:200004637; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/page/hjbsvjhfb"; endswith; nocase; http.host; content:"flowcode.com"; classtype:attempted-recon; sid:200004638; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/page/mnkpo"; endswith; nocase; http.host; content:"flowcode.com"; classtype:attempted-recon; sid:200004639; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1mqqu8exzgpptqpl8"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004640; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3cyoxmwxqkbfpt2v5"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004641; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8epxhwdapiab7mfw7"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004642; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9bwawhpz5vi7ilpe6"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004643; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akohiguxjs9wlpu28?sllqm"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004644; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b7lqaal42juffiw1a"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004645; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bfz2l7i3wvrp5heb9"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004646; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dncj4btc56n1n71n8"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004647; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edtu6r7rqxqyegcf6"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004648; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/egj66jkgwkcd3aat8"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004649; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eozlrnnf7jh84xdp8"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004650; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fzlons3fgnjdqdd19?omgbfzrazhlppbtx"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004651; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goerpntl5tfeumdz6"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004652; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gr4b9sxradtcj7or7"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004653; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guptjarp2xatzbvo8"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004654; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iai7pzm4pxyb145i9"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004655; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jnkkauxwwbfhtuqz9?hkgotygikyoujp"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004656; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jzxtb9auexgjcewfa"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004657; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kehch96avaku7oey7?akowgmooutpwa"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004658; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nvljeb1quzaovd8u5"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004659; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/puadbxscibgw5ma79?xfccuwmmhgwrwztd"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004660; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qhwastfqxg1yehi77"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004661; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qzopkn9aj2gzaw2g6"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004662; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruaxzqjjzghi8rar9"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004663; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rwpcmhm8vtfa7f4m8"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004664; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sj21ehdebhkcpvfv6"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004665; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smufgmyhduckbq6ka?fjxhgyroek"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004666; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uqzzznxv4cfhu3yr9"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004667; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v5xtnywt5s6zvpp27"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004668; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v7k2chwbcca59vz27"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004669; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w6uh9p66tdq6l1m66"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004670; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x3aasffazsrl8pcr9"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004671; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x8hybjggubfftabw8"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004672; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xxccjhuzjtg4pr3y8"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004673; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xxjqmu6luzkpnalg6"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004674; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yfxkceytox2zuyvb6"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004675; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pages/responsepage.aspx?id=60hhzfbtoe-qdzpnyrluyo-ivxb0mexgqufvg5tcyifunzg5uknzne1irjzvt1y3slewrepwnflmvs4u"; endswith; nocase; http.host; content:"forms.office.com"; classtype:attempted-recon; sid:200004676; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pages/responsepage.aspx?id=dqsikwdsw0yxejajblztrqaaaaaaaaaaaao__tdasqlurfrqmjzxneyxn0g3vexutfvzq0mztu9fms4u"; endswith; nocase; http.host; content:"forms.office.com"; classtype:attempted-recon; sid:200004677; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pages/responsepage.aspx?id=dqsikwdsw0yxejajblztrqaaaaaaaaaaaao__thg5xvuodnbwtvytzhwwdnctknvovo4tldctexmvi4u"; endswith; nocase; http.host; content:"forms.office.com"; classtype:attempted-recon; sid:200004678; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pages/responsepage.aspx?id=jrbxvx3x9keewcq72hm6fnkqekonandcsjd9av060h5urepumvvgmks2te41rfewmlletulvufnuqy4u"; endswith; nocase; http.host; content:"forms.office.com"; classtype:attempted-recon; sid:200004679; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmaingt/server.html"; endswith; nocase; http.host; content:"fra1.digitaloceanspaces.com"; classtype:attempted-recon; sid:200004680; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m&#61\;0"; endswith; nocase; http.host; content:"frdezeredaresafin.blogspot.com"; classtype:attempted-recon; sid:200004681; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"fredsamasont.blogspot.com"; classtype:attempted-recon; sid:200004682; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fewn4zq5fegh6bf3qpasy44v&amp\;persistence=1&amp\;checksum=3d7975c121a1d514f1b3a9facb177a78f25e1326da6497ae9cf35e33ba436119"; endswith; nocase; http.host; content:"go.skimresources.com"; classtype:attempted-recon; sid:200004683; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fewn4zx501vbg1xj6vr2hk10&amp\;persistence=1&amp\;checksum=fc555be29c86e6e13177069b7632770b2cb9f30b36d229624f37be1cb2475704"; endswith; nocase; http.host; content:"go.skimresources.com"; classtype:attempted-recon; sid:200004684; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fexfpq10qje7acrftnz6v4zb&amp\;persistence=1&amp\;checksum=5916a09fb5c03e4187a58ae7221dbc20e8568b5840df4b6f3eb57227975bd2ce"; endswith; nocase; http.host; content:"go.skimresources.com"; classtype:attempted-recon; sid:200004685; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fey1pewqgha9bqebgbvwe95n&amp\;persistence=1&amp\;checksum=3fefba73b68799e5152bf7031ce8a7b1a300456243ee123a27f6efca31d9f055"; endswith; nocase; http.host; content:"go.skimresources.com"; classtype:attempted-recon; sid:200004686; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fez46yyrvh6f0bbehn8h419h&amp\;persistence=1&amp\;checksum=069f46345ac935567ad562a3d64a332066064c97f8feae803d555f9cc820c561"; endswith; nocase; http.host; content:"go.skimresources.com"; classtype:attempted-recon; sid:200004687; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fezncfbjbj86yneatjn0qvt4&amp\;persistence=1&amp\;checksum=8142350e161acc6cb246be1d05d596973a1d3ac50af1f3594ee9ea462c87a4ef"; endswith; nocase; http.host; content:"go.skimresources.com"; classtype:attempted-recon; sid:200004688; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01ff06m6n2q43m6zcaqrh8xpm2&amp\;persistence=1&amp\;checksum=26e140f8abae23dd0c8dd547390a4deb9fc54b1acf3539d8aa44fb19e04902ef"; endswith; nocase; http.host; content:"go.skimresources.com"; classtype:attempted-recon; sid:200004689; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01ff0qxy635yfpkrdaxav47j5k&amp\;persistence=1&amp\;checksum=cb2e0f7328d6ffea0e15a24046095a0bb98d27d4488e822bea4b181763f2eb0b"; endswith; nocase; http.host; content:"go.skimresources.com"; classtype:attempted-recon; sid:200004690; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/js/thickbox/connexion/connexion/app/cdn/?fmfcgzgljlrvjdlwthjpssjfsnvbwgbbfmfcgzgljltdnhmxflbfwpzhjxchnhhqfmfcgzgkzqqhdhckrlvrtkvlbxfdwlclfmfcgzgkzqqhdhckrlvrtkvlbxfdwlclfmfcgzgkzqqhdhckrlvrtkvlbxfdwlcl"; endswith; nocase; http.host; content:"golfloslagos.com"; classtype:attempted-recon; sid:200004691; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/url?q=http%3a%2f%2fbit.do%2ffr6ci&sa=d&sntz=1&usg=afqjcne7joz-iz-adrzkrxcihj8t9fs9qw"; endswith; nocase; http.host; content:"google.com"; classtype:attempted-recon; sid:200004692; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/url?q=http%3a%2f%2fbit.do%2ffsgjq&amp\;sa=d&amp\;sntz=1&amp\;usg=afqjcngvqc30z-4hiaizv03gpwblwu3vnw"; endswith; nocase; http.host; content:"google.com"; classtype:attempted-recon; sid:200004693; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/url?q=http://srv-auth.web.app/upd/index.html%23%5b%5b-email-%5d%5d&amp\;source=gmail&amp\;ust=1607952068298000&amp\;usg=afqjcnet34jepejaewvja8unv7ycds1vjg"; endswith; nocase; http.host; content:"google.com"; classtype:attempted-recon; sid:200004694; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/url?q=https://393512dfd8544c98be9a40f2f67df8bd.svc.dynamics.com/t/r/a7uua5shyiplufx4zj7f6u2clgtguiagoxngfoio4am?clientid%3d70000%23%5bemail%5d%2b00-70000&amp\;source=gmail&amp\;ust=1636719774661000&amp\;usg=aovvaw2fsk8htfwhsfqapvbu674n"; endswith; nocase; http.host; content:"google.com"; classtype:attempted-recon; sid:200004695; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/url?q=https://passionfruit4576261.brizy.site/&amp\;source=gmail&amp\;ust=1608664764243000&amp\;usg=afqjcnghljnr1tyn8j4c1ijid09ra9ehdq"; endswith; nocase; http.host; content:"google.com"; classtype:attempted-recon; sid:200004696; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/url?q=https://us4-usndr.com/ru/mail_link_tracker?hash%3d6k5ar5ciusdx1q1tdgm8atcrexmonyy3xdfiogu7zr6gb6gtthpqk7fm8tz4gzkjftg9oouu31eqdro67dtgwnn5x1p3ziiieq8rykja%26url%3dahr0chm6ly90lm1ll2fhegnvbw11bml0eq~~%26uid%3dndmwndy3nw~~%26ucs%3dd93ed45d47070739243d9b678dd03e93&amp\;source=gmail&amp\;ust=1607288611770000&amp\;usg=afqjcngo5kdwx08p-bg6mzdtluzdjhtzxw"; endswith; nocase; http.host; content:"google.com"; classtype:attempted-recon; sid:200004697; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fp?u=https://tinyurl.com/32xz989f&grqid=zbk35vud&s=1&hl=id-id"; endswith; nocase; http.host; content:"googleweblight.com"; classtype:attempted-recon; sid:200004698; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i?u=a894ec7f.46t33454t4.pages.dev?user=masoli@legalshieldassociate.com"; endswith; nocase; http.host; content:"googleweblight.com"; classtype:attempted-recon; sid:200004699; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i?u=b4e921f0.sso-mailsrvr-4344e5teed.pages.dev?user=abuse@gmail.com"; endswith; nocase; http.host; content:"googleweblight.com"; classtype:attempted-recon; sid:200004700; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/tspencer_gormanusa_com/_layouts/15/wopiframe.aspx?guestaccesstoken=wgfwcmmssvdsofa7ljviwaj85tleclug2xbvoqwlmp0%3d&amp\;docid=1_12424441d8c29412bb868684e5cb74e47&amp\;wdformid=%7b992e319a%2dbe72%2d460b%2db6b4%2d2d3fcf789fc5%7d&amp\;action=formsubmit"; endswith; nocase; http.host; content:"gormanusa-my.sharepoint.com"; classtype:attempted-recon; sid:200004701; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/out/408?jobid=29207&u=princed.de?id=8400239909"; endswith; nocase; http.host; content:"gradcracker.com"; classtype:attempted-recon; sid:200004702; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2021/12/hafslund.html"; endswith; nocase; http.host; content:"hafslundno.blogspot.com"; classtype:attempted-recon; sid:200004703; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1kzic"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004704; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4ds15"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004705; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6qnhc"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004706; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dghpp"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004707; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f1itl"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004708; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fmjiu"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004709; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g9yl5"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004710; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i51rh"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004711; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lmiyt"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004712; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m8ikv"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004713; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o0ugq"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004714; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ta0lq"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004715; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ue2ho"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004716; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urq2m"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004717; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vfywl"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004718; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w27iz"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004719; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xegru"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004720; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zlbow"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004721; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2021/12/window.html"; endswith; nocase; http.host; content:"hangovertest1.blogspot.com"; classtype:attempted-recon; sid:200004722; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yuhgbfvdfvbtytrvdfbgt.html"; endswith; nocase; http.host; content:"heaterintwintersz.ams3.digitaloceanspaces.com"; classtype:attempted-recon; sid:200004723; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mz4yho"; endswith; nocase; http.host; content:"hm.ru"; classtype:attempted-recon; sid:200004724; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zeland.html"; endswith; nocase; http.host; content:"homeentertainmentexpo.com"; classtype:attempted-recon; sid:200004725; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/themes/engines/ira.xml"; endswith; nocase; http.host; content:"house18.info"; classtype:attempted-recon; sid:200004726; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/''''''''''''''''''''''''''''''''/"; endswith; nocase; http.host; content:"hpnepgnmwrgdrrsdshzrvyirlx-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200004727; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?https://trimurl.co/0wsx7z"; endswith; nocase; http.host; content:"href.li"; classtype:attempted-recon; sid:200004728; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?https://www.rkat2.2r-p.xyz/"; endswith; nocase; http.host; content:"href.li"; classtype:attempted-recon; sid:200004729; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?https://ykm.de/f4b990c239777330"; endswith; nocase; http.host; content:"href.li"; classtype:attempted-recon; sid:200004730; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//ykm.de/f4b990c239777330"; endswith; nocase; http.host; content:"href.li?https:"; classtype:attempted-recon; sid:200004731; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgav30ruohf"; endswith; nocase; http.host; content:"ht.ly"; classtype:attempted-recon; sid:200004732; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shoh30rwmdj?10/13/2021"; endswith; nocase; http.host; content:"ht.ly"; classtype:attempted-recon; sid:200004733; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ebuse/servic"; endswith; nocase; http.host; content:"i-m.mx"; classtype:attempted-recon; sid:200004734; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webaccountupdate/stockholmsuniversitet/"; endswith; nocase; http.host; content:"i-m.mx"; classtype:attempted-recon; sid:200004735; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mdkea5ckpozm/click-here-to-start"; endswith; nocase; http.host; content:"ifyufyujk.quip.com"; classtype:attempted-recon; sid:200004736; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/pginet_groupe-igs_fr/_layouts/15/wopiframe.aspx?guestaccesstoken=o1ljzjnq70g8yg6w%2fce3ec9zu3%2bg6ck6ibkmhwt3wl0%3d&amp\;docid=1_1c2a91e87cc7a4ffb85611d8ebf31f653&amp\;wdformid=%7bcdf56303%2d9250%2d4cf1%2d8370%2db3f9a84cd714%7d&amp\;action=formsubmit"; endswith; nocase; http.host; content:"igsasso-my.sharepoint.com"; classtype:attempted-recon; sid:200004737; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/free/4t6u/bt"; endswith; nocase; http.host; content:"im-creator.com"; classtype:attempted-recon; sid:200004738; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/free/kennymoore12/btinternet"; endswith; nocase; http.host; content:"im-creator.com"; classtype:attempted-recon; sid:200004739; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/free/kfouo/btcommmms"; endswith; nocase; http.host; content:"im-creator.com"; classtype:attempted-recon; sid:200004740; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/free/msw0rd/att_word"; endswith; nocase; http.host; content:"im-creator.com"; classtype:attempted-recon; sid:200004741; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/viewer/vbid-fa0f29d5-fpsjmms8"; endswith; nocase; http.host; content:"im-creator.com"; classtype:attempted-recon; sid:200004742; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/survey/27415/source=39-4621"; endswith; nocase; http.host; content:"imagematch300.com"; classtype:attempted-recon; sid:200004743; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/viewer/vbid-fa0f29d5-fpsjmms8"; endswith; nocase; http.host; content:"imcreator.com"; classtype:attempted-recon; sid:200004744; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/appmanager/renouvellement-automatique-obligatoire/ovh/managerweb-ovhdepartmenttechniqueovh/web.index.html5400configuration_hosting_database/web-ovh/vh/?user-agent=mozilla/5.0+(windows+nt+10.0\;+win64\;+x64)+applewebkit/537.36+(khtml,+like+gecko)+chrome/86.0.4240.75+safari/537.36"; endswith; nocase; http.host; content:"improvproject.com"; classtype:attempted-recon; sid:200004745; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/free/emailupdatee/owaweb"; endswith; nocase; http.host; content:"imxprs.com"; classtype:attempted-recon; sid:200004746; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/free/outlookwebaccessupgrade/outlookwebaccessupgrade"; endswith; nocase; http.host; content:"imxprs.com"; classtype:attempted-recon; sid:200004747; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/free/webmaiil/accounttportal"; endswith; nocase; http.host; content:"imxprs.com"; classtype:attempted-recon; sid:200004748; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/maint/?hash=a2fyaw5hywxtzwlkyxjpymvpcm9aag90bwfpbc5jb20="; endswith; nocase; http.host; content:"insurance2019.moneynet.com.tw"; classtype:attempted-recon; sid:200004749; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/areawebmps"; endswith; nocase; http.host; content:"is.gd"; classtype:attempted-recon; sid:200004750; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clnhxv"; endswith; nocase; http.host; content:"is.gd"; classtype:attempted-recon; sid:200004751; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t1xeia"; endswith; nocase; http.host; content:"is.gd"; classtype:attempted-recon; sid:200004752; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/34vpnqn?muriitya"; endswith; nocase; http.host; content:"j.mp"; classtype:attempted-recon; sid:200004753; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3arx6oo"; endswith; nocase; http.host; content:"j.mp"; classtype:attempted-recon; sid:200004754; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3gydg8x?/supporrecovery"; endswith; nocase; http.host; content:"j.mp"; classtype:attempted-recon; sid:200004755; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3i22f5g?jnlope"; endswith; nocase; http.host; content:"j.mp"; classtype:attempted-recon; sid:200004756; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3kkkf0n"; endswith; nocase; http.host; content:"j.mp"; classtype:attempted-recon; sid:200004757; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/themes/swww04/?key=azhoi,email={email}"; endswith; nocase; http.host; content:"jobtima.com"; classtype:attempted-recon; sid:200004758; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/65g2g"; endswith; nocase; http.host; content:"jtbtigers.com"; classtype:attempted-recon; sid:200004759; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/jdonahue_k12_com/_layouts/15/wopiframe.aspx?guestaccesstoken=jxndynkzmynao0nofzmhz4t%2fk%2br%2fg7qir2agrjo42ha%3d&docid=1_12252b23331654ef4bf8ef978a8eb83ee&wdformid=%7b2711d93c%2d7591%2d4baa%2db377%2dcf40ba8c7343%7d&action=formsubmit"; endswith; nocase; http.host; content:"k12inc-my.sharepoint.com"; classtype:attempted-recon; sid:200004760; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c07czi"; endswith; nocase; http.host; content:"kutt.it"; classtype:attempted-recon; sid:200004761; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l3leph"; endswith; nocase; http.host; content:"kutt.it"; classtype:attempted-recon; sid:200004762; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l?u=https://claimthirdpaymnet.page.link/mvfa?trackingid=4rcleqvo&signature=newsletter"; endswith; nocase; http.host; content:"l.wl.co"; classtype:attempted-recon; sid:200004763; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l?u=https://claimthirdpaymnet.page.link/mvfa?trackingid=xx6dnmzz&signature=newsletter"; endswith; nocase; http.host; content:"l.wl.co"; classtype:attempted-recon; sid:200004764; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l?u=https://is.gd/f0iqhg?trackingid=kzg8g3od&signature=newsletter"; endswith; nocase; http.host; content:"l.wl.co"; classtype:attempted-recon; sid:200004765; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l?u=https://is.gd/vohpj6?trackingid=rt6fxwgl&signature=newsletter"; endswith; nocase; http.host; content:"l.wl.co"; classtype:attempted-recon; sid:200004766; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l?u=https://parg.co/bewg?trackingid=egqfrhlp&signature=newsletter"; endswith; nocase; http.host; content:"l.wl.co"; classtype:attempted-recon; sid:200004767; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l?u=https://submit.irs.completeyourdata.info/?claim"; endswith; nocase; http.host; content:"l.wl.co"; classtype:attempted-recon; sid:200004768; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=cvhzehjl&signature=newsletter"; endswith; nocase; http.host; content:"l.wl.co"; classtype:attempted-recon; sid:200004769; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=nwb0pxlg&signature=newsletter"; endswith; nocase; http.host; content:"l.wl.co"; classtype:attempted-recon; sid:200004770; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=wqdypvka&signature=newsletter"; endswith; nocase; http.host; content:"l.wl.co"; classtype:attempted-recon; sid:200004771; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/match_login/match.com/match/login1876.html"; endswith; nocase; http.host; content:"lifeiswhatyoumakeofit.com"; classtype:attempted-recon; sid:200004772; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqg9x"; endswith; nocase; http.host; content:"lihi1.cc"; classtype:attempted-recon; sid:200004773; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uh2xv"; endswith; nocase; http.host; content:"lihi1.cc"; classtype:attempted-recon; sid:200004774; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slink?code=ek5cbk8g"; endswith; nocase; http.host; content:"linkedin.com"; classtype:attempted-recon; sid:200004775; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/url?a=https://u25098085.ct.sendgrid.net/ls/click?upn=4o0yybebwwobmwye6nfxf74k9v8ctniui1j2zge2nz95e9lyg4bkzyeqhmb7dtwcz7ioun-2bn1j8mpzi-2fpiiskt0bhpz08nwukegu0uqqki2h1s5yghctgcifqu-2bw1xclixrd_0qvnbxqwscekttpgl5skkts6yu-2batmdqkyh3bke4v1frfd55qka72zddyevzyat2nxv1k3yz6k8mwivrnsgvysy0wagfn8g5lfrsekexaptnpwfu0cediip-2bx7vwnyo9s20tqt2-2bj-2bvkbnfrh9uuad9j9stqo-2bcbol-2fjxsacxht5mztqgwx1c5d6x4fkpu32hmnetd1eimxhhfmzkxiukogw4aalovfcjsym0u8gjpy-3d&amp\;c=e,1,2vluk9dfc0eb8l7-rios2j4nvvlmg8fu0rs0_haoaqpf_7ary6vt_oiimum26g-03mgzmsvdmzlfwohfhlogn3z77jluyi415qw9iw3dptggs_9sfqsq4a,,&amp\;typo=1"; endswith; nocase; http.host; content:"linkprotect.cudasvc.com"; classtype:attempted-recon; sid:200004776; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2oj172"; endswith; nocase; http.host; content:"linkr.bio"; classtype:attempted-recon; sid:200004777; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5254ov"; endswith; nocase; http.host; content:"linkr.bio"; classtype:attempted-recon; sid:200004778; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9o5vz8"; endswith; nocase; http.host; content:"linkr.bio"; classtype:attempted-recon; sid:200004779; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attservice365"; endswith; nocase; http.host; content:"linkr.bio"; classtype:attempted-recon; sid:200004780; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bt.home"; endswith; nocase; http.host; content:"linkr.bio"; classtype:attempted-recon; sid:200004781; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btinternet"; endswith; nocase; http.host; content:"linkr.bio"; classtype:attempted-recon; sid:200004782; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w1vl9o"; endswith; nocase; http.host; content:"linkr.bio"; classtype:attempted-recon; sid:200004783; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attmailserver"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004784; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attonlineservice"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004785; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attverificationpro"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004786; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btinternettt"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004787; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d.emery1"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004788; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dannygeez"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004789; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/feetesuqshailhkaia"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004790; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftggtgrtt"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004791; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keedkudi"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004792; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mobicomgb"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004793; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nbvkl"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004794; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plkjh"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004795; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pubgxmetrodus"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004796; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/savermail.yahoo"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004797; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/service.orange"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004798; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teccalicious"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004799; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yah00nccx"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004800; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/czarina-cabalza_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=bcxwl3a7ttskgw2polh3cucg2dfe77pbj2gkmixkizs%3d&docid=1_1b87bddf46e1144efadb39c587acdadae&wdformid=%7b5b4e96cf%2d1bcd%2d468f%2da845%2d09b4d8027bc2%7d&action=formsubmit"; endswith; nocase; http.host; content:"livenmitac-my.sharepoint.com"; classtype:attempted-recon; sid:200004801; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/czarina-cabalza_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=bcxwl3a7ttskgw2polh3cucg2dfe77pbj2gkmixkizs=&amp\;docid=1_1b87bddf46e1144efadb39c587acdadae&amp\;wdformid={5b4e96cf-1bcd-468f-a845-09b4d8027bc2}&amp\;action=formsubmit"; endswith; nocase; http.host; content:"livenmitac-my.sharepoint.com"; classtype:attempted-recon; sid:200004802; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/czarina-cabalza_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=fnyckzjagh3z%2bl1cadcdqxot6rfyhmeonulx7ksc7pq%3d&docid=1_15129478f60da40db8395b5675832ef56&wdformid=%7b000c8ab1%2dcbc8%2d44e3%2dac19%2d0015f01b771e%7d&action=formsubmit"; endswith; nocase; http.host; content:"livenmitac-my.sharepoint.com"; classtype:attempted-recon; sid:200004803; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/hannah-daly_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=ia5uzzon3iviku4f3pxemyhhabfwkpdjirpftfear%2fk%3d&docid=1_169208e425ed84fea9fd294a6886d67e9&wdformid=%7b06255f86%2d4bf9%2d4ee8%2dbd7e%2dfef81913a79b%7d&action=formsubmit"; endswith; nocase; http.host; content:"livenmitac-my.sharepoint.com"; classtype:attempted-recon; sid:200004804; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/hannah-daly_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=ia5uzzon3iviku4f3pxemyhhabfwkpdjirpftfear/k=&amp\;docid=1_169208e425ed84fea9fd294a6886d67e9&amp\;wdformid={06255f86-4bf9-4ee8-bd7e-fef81913a79b}&amp\;action=formsubmit"; endswith; nocase; http.host; content:"livenmitac-my.sharepoint.com"; classtype:attempted-recon; sid:200004805; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d8ruzprc"; endswith; nocase; http.host; content:"lnkd.in"; classtype:attempted-recon; sid:200004806; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/di6hueus"; endswith; nocase; http.host; content:"lnkd.in"; classtype:attempted-recon; sid:200004807; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dn4fff29"; endswith; nocase; http.host; content:"lnkd.in"; classtype:attempted-recon; sid:200004808; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edxjbzfy"; endswith; nocase; http.host; content:"lnkd.in"; classtype:attempted-recon; sid:200004809; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emruebe2"; endswith; nocase; http.host; content:"lnkd.in"; classtype:attempted-recon; sid:200004810; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eqjcnf2u"; endswith; nocase; http.host; content:"lnkd.in"; classtype:attempted-recon; sid:200004811; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gib6fpsz"; endswith; nocase; http.host; content:"lnkd.in"; classtype:attempted-recon; sid:200004812; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/home/?6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d"; endswith; nocase; http.host; content:"login.xfinity.meculinkvolt.com"; classtype:attempted-recon; sid:200004813; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2021/02/blog-post.html"; endswith; nocase; http.host; content:"magyarpoosta.blogspot.com"; classtype:attempted-recon; sid:200004814; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/forms/form1.html"; endswith; nocase; http.host; content:"mail.hfcfit.com"; classtype:attempted-recon; sid:200004815; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/179.32.144.1585349/sucursalpersonas.transaccionesbancolombia.com/mua"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004816; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/179.32.144.1585349/sucursalpersonas.transaccionesbancolombia.com/mua/"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004817; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/181.143.31.2028037/sucursalpersonas.transaccionesbancolombia.com/mua"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004818; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/181.143.31.2028037/sucursalpersonas.transaccionesbancolombia.com/mua/"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004819; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/186.154.25.1064023/sucursalpersonas.transaccionesbancolombia.com/mua"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004820; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/186.154.25.1064023/sucursalpersonas.transaccionesbancolombia.com/mua/"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004821; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/190.27.90.2077221/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004822; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/190.61.55.2105806/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004823; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/191.110.122.835718/sucursalpersonas.transaccionesbancolombia.com/mua"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004824; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/191.110.122.835718/sucursalpersonas.transaccionesbancolombia.com/mua/"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004825; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/191.95.152.1287758/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004826; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/201.233.42.1501206/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004827; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1gne6"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004828; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6w9qj"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004829; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/77srn"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004830; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g50gq"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004831; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hfldu"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004832; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ibyyn"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004833; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ij3t9"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004834; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jlrbo"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004835; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qpwha"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004836; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reu8w"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004837; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sb6ww"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004838; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linkredirect?authuser=0&amp\;dest=https%3a%2f%2flinktr.ee%2fpaypai.serviceid?idtrack=kzsykctt"; endswith; nocase; http.host; content:"meet.google.com"; classtype:attempted-recon; sid:200004839; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p/cp/0ccc3066dc2bcd17/c?mi_u=87923176&mi_origin=&url=http://email.stickercanada.com/t?entity_type=2&entity_id=32534&email_pref_id=34785928&sent_id=1600423397&service_id=22668&redirect_url=https:/relievehotmailonly.cloudns.cl/imagineme/ionos.php"; endswith; nocase; http.host; content:"mi.jetblue.com"; classtype:attempted-recon; sid:200004840; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2020/11/fiyatlar.html"; endswith; nocase; http.host; content:"milanno342.blogspot.com"; classtype:attempted-recon; sid:200004841; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvtygtgvrv.html?ggcdraewqaszxfdxcgchjbjnhbgvfcdrxtcyvbuninhbygtfcrx"; endswith; nocase; http.host; content:"monstercarp.rn86.ru"; classtype:attempted-recon; sid:200004842; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/form/60deff002ca34f5aa4985ab3"; endswith; nocase; http.host; content:"my.forms.app"; classtype:attempted-recon; sid:200004843; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/form/6112452ca3f6e60d511bad0d"; endswith; nocase; http.host; content:"my.forms.app"; classtype:attempted-recon; sid:200004844; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leboncoin-service/confirmationpaiement-1"; endswith; nocase; http.host; content:"my.forms.app"; classtype:attempted-recon; sid:200004845; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/_layouts/15/wopiframe.aspx?guestaccesstoken=xvdowzk%2bkm4wndrziofnpfcj8fb8rkrsqt%2bkybvollg%3d&docid=1_16fb1a2a3e2f9468aa7cebc35874c9da0&wdformid=%7b95111770-0103-492b-8c70-e9625f96b49a%7d&action=formsubmit&cid=4d02a372-8b83-4120-84b5-1d9a2a3492dd"; endswith; nocase; http.host; content:"myparc.sharepoint.com"; classtype:attempted-recon; sid:200004846; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/ginger_gingerfountain_com/_layouts/15/wopiframe.aspx?guestaccesstoken=gpys8ex7ys1urrzbfeasvlexkodtrovmmcpn%2brsnebs%3d&amp\;docid=1_1882b07b5eb5643d2bdaa63426324ef0e&amp\;wdformid=%7b9bd54af1%2dee16%2d4e07%2d8d62%2d6e9b76e47512%7d&amp\;action=formsubmit&amp\;cid=9adf3e74-8cc1-4e36-b545-c9165fcafde7"; endswith; nocase; http.host; content:"netorg6600800-my.sharepoint.com"; classtype:attempted-recon; sid:200004847; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/leon_leongavartin_com/_layouts/15/wopiframe.aspx?guestaccesstoken=rpanwaz3gooz0d20j9wu7zzskog8p5egpbt4oc5j5bq%3d&docid=1_137b486a2059c4fc7b670d2ddb8f27254&wdformid=%7b07fe213f%2d4079%2d45b9%2db73f%2dfa9809248dd7%7d&action=formsubmit"; endswith; nocase; http.host; content:"netorgft2223515-my.sharepoint.com"; classtype:attempted-recon; sid:200004848; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bancos/interbank"; endswith; nocase; http.host; content:"nexoinmobiliario.pe"; classtype:attempted-recon; sid:200004849; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/examination/admitpanel/filemanager/5365678587"; endswith; nocase; http.host; content:"nihmt.com"; classtype:attempted-recon; sid:200004850; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2021/02/blog-post.html"; endswith; nocase; http.host; content:"norwayposten.blogspot.com"; classtype:attempted-recon; sid:200004851; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n/axjt4zimmriy/b/cherishppps-20210930-1214/o/spaceblack.html"; endswith; nocase; http.host; content:"objectstorage.us-phoenix-1.oraclecloud.com"; classtype:attempted-recon; sid:200004852; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"oiazeiuiazolme.blogspot.com"; classtype:attempted-recon; sid:200004853; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/forms/view/zalxyved/a9adea36-d163-4d46-a3de-0e990d86e78e"; endswith; nocase; http.host; content:"online.visual-paradigm.com"; classtype:attempted-recon; sid:200004854; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ions/index.php?email=redacted@abuse.ionos.com"; endswith; nocase; http.host; content:"onlinecasinospark.com"; classtype:attempted-recon; sid:200004855; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ondedrive/onedrive/rolex/index.php"; endswith; nocase; http.host; content:"oraclemart.com"; classtype:attempted-recon; sid:200004856; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''"; endswith; nocase; http.host; content:"oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200004857; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/walletconnect/"; endswith; nocase; http.host; content:"pancakeswapsupport.co"; classtype:attempted-recon; sid:200004858; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"paozeia.blogspot.com"; classtype:attempted-recon; sid:200004859; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2021/02/blog-post.html"; endswith; nocase; http.host; content:"paypal-inc-userupdatenuber7925570844.blogspot.com"; classtype:attempted-recon; sid:200004860; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-mails/"; endswith; nocase; http.host; content:"pilgrimapp.com"; classtype:attempted-recon; sid:200004861; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/pasi_puumalainen_plytec_fi/_layouts/15/wopiframe.aspx?sourcedoc={8f0414f2-e7a8-46f4-a2bb-d38353ed20d6}&amp\;action=default&amp\;originalpath=ahr0chm6ly9wbhl0zwnmas1tes5zagfyzxbvaw50lmnvbs86bzovzy9wzxjzb25hbc9wyxnpx3b1dw1hbgfpbmvux3bsexrly19mas9fdklvqkktbzvfukdvcnzuzzfqdelowui1vgg5bxf2ltjlvl9mohvka09sb2pnp3j0aw1lpxvysjgtvnb2mtbn"; endswith; nocase; http.host; content:"plytecfi-my.sharepoint.com"; classtype:attempted-recon; sid:200004862; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/att/citi"; endswith; nocase; http.host; content:"pplastmart.com"; classtype:attempted-recon; sid:200004863; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fia8mx"; endswith; nocase; http.host; content:"ppt.cc"; classtype:attempted-recon; sid:200004864; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fva4wx"; endswith; nocase; http.host; content:"ppt.cc"; classtype:attempted-recon; sid:200004865; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fvakzx"; endswith; nocase; http.host; content:"ppt.cc"; classtype:attempted-recon; sid:200004866; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fvllvx"; endswith; nocase; http.host; content:"ppt.cc"; classtype:attempted-recon; sid:200004867; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/survey/t/?title=bt-broadband-and-private-policy-support_20"; endswith; nocase; http.host; content:"proprofs.com"; classtype:attempted-recon; sid:200004868; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emailfwd/show.php?usernum=350311855&amp\;formid=3879"; endswith; nocase; http.host; content:"pub5.bravenet.com"; classtype:attempted-recon; sid:200004869; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pfbgzhkd"; endswith; nocase; http.host; content:"pxlme.me"; classtype:attempted-recon; sid:200004870; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vn79myoi"; endswith; nocase; http.host; content:"pxlme.me"; classtype:attempted-recon; sid:200004871; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d%2f&action=formsubmit"; endswith; nocase; http.host; content:"qualitasc-my.sharepoint.com"; classtype:attempted-recon; sid:200004872; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d%3e%2f&action=formsubmit"; endswith; nocase; http.host; content:"qualitasc-my.sharepoint.com"; classtype:attempted-recon; sid:200004873; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d&action=formsubmit"; endswith; nocase; http.host; content:"qualitasc-my.sharepoint.com"; classtype:attempted-recon; sid:200004874; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jeh2aebbsh97"; endswith; nocase; http.host; content:"quip.com"; classtype:attempted-recon; sid:200004875; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qv7malu8n7cz/you-have-some-messages-pending"; endswith; nocase; http.host; content:"quip.com"; classtype:attempted-recon; sid:200004876; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/77ll23ween.html"; endswith; nocase; http.host; content:"r3g34.fra1.digitaloceanspaces.com"; classtype:attempted-recon; sid:200004877; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2020?m=1"; endswith; nocase; http.host; content:"rabofree.blogspot.com"; classtype:attempted-recon; sid:200004878; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"reamaam.blogspot.com"; classtype:attempted-recon; sid:200004879; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j7107dr"; endswith; nocase; http.host; content:"rebrand.ly"; classtype:attempted-recon; sid:200004880; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z83ig2n?rb.routing.mode=proxy&amp\;rb.routing.signature=123%20836"; endswith; nocase; http.host; content:"rebrand.ly"; classtype:attempted-recon; sid:200004881; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"redatofadesafe.blogspot.com"; classtype:attempted-recon; sid:200004882; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?key=bbb516d91daee20498798694a42dd559&u=https://lrs.financial/eesuri6?l5oyrhkwq"; endswith; nocase; http.host; content:"redirect.viglink.com"; classtype:attempted-recon; sid:200004883; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"reikreitel.blogspot.com"; classtype:attempted-recon; sid:200004884; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v01iebe3vicvgirviexv4sbdve1r03f.html"; endswith; nocase; http.host; content:"release-held-messageshee.fra1.digitaloceanspaces.com"; classtype:attempted-recon; sid:200004885; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/renew-global-entry"; endswith; nocase; http.host; content:"renew.trusted-travelers-online.com"; classtype:attempted-recon; sid:200004886; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xeknoz?confirmation"; endswith; nocase; http.host; content:"reurl.cc"; classtype:attempted-recon; sid:200004887; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xgmxr1"; endswith; nocase; http.host; content:"reurl.cc"; classtype:attempted-recon; sid:200004888; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2d0jazx1eky5/click-here-to-verify-your-email"; endswith; nocase; http.host; content:"rezunz.quip.com"; classtype:attempted-recon; sid:200004889; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2021/02/blog-post.html"; endswith; nocase; http.host; content:"riderctposten.blogspot.com"; classtype:attempted-recon; sid:200004890; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/''''''''''''''''''''''''''''''''"; endswith; nocase; http.host; content:"roygijvhluozwnflsypmewrstt-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200004891; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruralaccoun/alibaba.com/portal.php?email=june3354@naver.com"; endswith; nocase; http.host; content:"ruralaccounting.com.au"; classtype:attempted-recon; sid:200004892; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/-rb9g"; endswith; nocase; http.host; content:"s.id"; classtype:attempted-recon; sid:200004893; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crsqh"; endswith; nocase; http.host; content:"s.id"; classtype:attempted-recon; sid:200004894; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ytk-r"; endswith; nocase; http.host; content:"s.id"; classtype:attempted-recon; sid:200004895; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bvqs45qsd4azdqzz/a.html"; endswith; nocase; http.host; content:"s3-us-west-2.amazonaws.com"; classtype:attempted-recon; sid:200004896; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/progressivebank-uat/index.html"; endswith; nocase; http.host; content:"s3.amazonaws.com"; classtype:attempted-recon; sid:200004897; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realtrue.html"; endswith; nocase; http.host; content:"s973454980238668645789827366497203975890547864598033674329.fra1.digitaloceanspaces.com"; classtype:attempted-recon; sid:200004898; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carli_lamell.html"; endswith; nocase; http.host; content:"sanclemente.cl"; classtype:attempted-recon; sid:200004899; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p/la-banque-postale.html"; endswith; nocase; http.host; content:"sandert12.blogspot.com"; classtype:attempted-recon; sid:200004900; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbot"; endswith; nocase; http.host; content:"sateegourmet.com"; classtype:attempted-recon; sid:200004901; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"sefonta.blogspot.com"; classtype:attempted-recon; sid:200004902; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p/postenno_9.html"; endswith; nocase; http.host; content:"seonewsservic.blogspot.com"; classtype:attempted-recon; sid:200004903; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6gwvve65243s9/eer442.html"; endswith; nocase; http.host; content:"sgp1.digitaloceanspaces.com"; classtype:attempted-recon; sid:200004904; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1fni_ent2sao6wqv0vzdn7g8nl9d"; endswith; nocase; http.host; content:"share.hsforms.com"; classtype:attempted-recon; sid:200004905; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/basic.php?k=d63621ef3dc01735479befc13f97ec7fdb68991d"; endswith; nocase; http.host; content:"shared-document.com"; classtype:attempted-recon; sid:200004906; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nqgu1"; endswith; nocase; http.host; content:"shorturl.at"; classtype:attempted-recon; sid:200004907; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/jh_silitrade_com/_layouts/15/wopiframe.aspx?guestaccesstoken=8vzaur%2f5gb%2fwmmsfdszlpfueeb0ml%2fzkiljmp9hfa0o%3d&amp\;docid=1_14a3d3f238b844155b59bb08023697365&amp\;wdformid=%7b3395edb6%2d941b%2d49a6%2dbd04%2dc039ca27bb2b%7d&amp\;action=formsubmit"; endswith; nocase; http.host; content:"silitrade-my.sharepoint.com"; classtype:attempted-recon; sid:200004908; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p/3cd35d"; endswith; nocase; http.host; content:"simp.ly"; classtype:attempted-recon; sid:200004909; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p/h45c89"; endswith; nocase; http.host; content:"simp.ly"; classtype:attempted-recon; sid:200004910; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/publish/xhrdvc"; endswith; nocase; http.host; content:"simp.ly"; classtype:attempted-recon; sid:200004911; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/sy4norton.com/setup/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004912; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newservices.website/orange-mobiles/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004913; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/e9d24c72/23524457"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004914; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/habbotuttogratis"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004915; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/habbotuttogratis/assignments"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004916; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/libretyreserve"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004917; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/libretyreserve/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004918; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/protectedinmprovmnt44/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004919; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/safetycheck427064200647221/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004920; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/verifycheckpointpaqes/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004921; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/08ie-securepage-facebook"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004922; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/0iey-securepage-facebook"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004923; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/2-orangebank-salva/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004924; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/3-orangebank-vetch/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004925; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/4-orangebank-toto/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004926; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/65h7t65ygtdw5f4/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004927; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/aattt/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004928; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/abuse-privacy/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004929; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/access-office-docxpdf-call-net/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004930; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/airplanecost/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004931; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/alert-app-pages/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004932; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/app-mobile-uuid/recovery"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004933; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/appsconfirms"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004934; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/asdfghjklhgfdsdfgh/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004935; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/att-managements/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004936; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/attemail56/home?authuser=3"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004937; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/attfeatures/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004938; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/attyahooohroffice231/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004939; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/audio-call-net/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004940; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/audio-mp-vm/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004941; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/authentification-orangebank-eu/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004942; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/awspage"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004943; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/banquepostalebanqueetassurance/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004944; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/bdbhdhbdhbd/home?authuser=2"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004945; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/benachrichtigung-sparkasse/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004946; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/bt-cloud-voice-review-voice/bt-voice-cloud"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004947; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/bt-clould-preview000112/voice010101010bt-cloud?authuser=8"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004948; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/bt-interne/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004949; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/bt-mail-690/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004950; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/bt-pdf-receipt-payment/www-bt-pdf?authuser=8"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004951; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/bt-voice1010010/bt-voicemesaage10120201002?authuser=8"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004952; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/bt-web-com32/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004953; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btbtbtbtbtbtcomm/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004954; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btbusinessx/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004955; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btcloudpaymentinvoice202000/httpsbtcloudvm-voice-new?authuser=1"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004956; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btcoms/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004957; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btconnectbusiness/btconnect"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004958; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btconnectmailserver/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004959; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btconnectted/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004960; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btconnnect/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004961; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btinternetco/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004962; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btmv-voice-notice011/btvoicemessage?authuser=8"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004963; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btnvm-urgentnotice/btvmnew-note?authuser=1"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004964; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btsbusinessbill/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004965; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btserver22/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004966; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/bttbusinesssss/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004967; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btvoivemessage/bt-home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004968; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/capitaloneloginus/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004969; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/chabillacoat/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004970; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/clickheretoverifyyouracount/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004971; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/clickpagenewlogin2021"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004972; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/coinsbuysellswapcryptocurrency/?fbclid=iwar2isl9xfxxgcxtftml2hmcl_dglhshlkfkpdotycyqu-qjqqfdqm9whtfm"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004973; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/comfimobiekdofl/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004974; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/community-pages-app/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004975; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/confirmation-orangabank/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004976; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/connectolo/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004977; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/continue6363gd/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004978; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ctz03"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004979; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/currentlyserver/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004980; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/dfffrreeer/home?authuser=3"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004981; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/dffvderr/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004982; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/dfghjhckuyf/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004983; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/dfghjhl/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004984; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/dkdfkazii-ofoqisjaz1wk/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004985; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/dkekkeole/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004986; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/dumes/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004987; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/dvrbtrethy5642qwrfvd/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004988; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/espace-orange-vocal/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004989; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/espace-vocalorange-ref0325/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004990; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/espacemessagerieorangesms/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004991; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/etyajdnxnskoeprlwyaxbdhfkrituy/btconnect"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004992; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ewyy65/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004993; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ewyy65/home?authuser=3"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004994; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/feelblessed/bt-business"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004995; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/fhgfbythfrsv/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004996; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/fhgfjhfj/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004997; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/form-recovery/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004998; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/form-recovery/details"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004999; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/gdhbfcxzx"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005000; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/hbxchx"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005001; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/hccwc/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005002; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/home-bt-updates/bt-com"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005003; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/home-pages-recovery/details"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005004; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/htvvss/home?authuser=3"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005005; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/identificaton-10777502102022/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005006; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ii-securepage-facebook"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005007; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/invoice-payment-pdf/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005008; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/invoicehomepdf/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005009; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/invoicescan365pdf/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005010; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/jcnvvn/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005011; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/jmjmnhvdc/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005012; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/labred-authentification-source/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005013; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/leafadd/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005014; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/log-inpagenew"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005015; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/mcwdbvefjberjrwgnwriviwr/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005016; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/messor/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005017; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/mobile-apps-pages/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005018; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/mobile-redirect-system"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005019; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/mv-voicepage/home?authuser=8"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005020; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/mycoinwallet/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005021; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/necrologieinfosfroravocal/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005022; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/newbtmissedcall/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005023; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/newuploadpage"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005024; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/newvoicemail/home?authuser=1"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005025; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/nextprojectpage"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005026; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/nextprojectpage2022"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005027; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/noticeplaypagenew2021"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005028; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/noticepublicpagenew2021"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005029; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/notifcationnoticesystempage"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005030; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/nouveau-sms-message-vocal/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005031; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ob-seccurite/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005032; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ob-securite/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005033; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ob-securites/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005034; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ob-service/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005035; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/offiice-voice-com/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005036; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/onlinefifthercheckaccout/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005037; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orange-b-securite/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005038; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orange-forfaits-et-mobiles"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005039; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangeb-190/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005040; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangeb171/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005041; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangeb221/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005042; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangeba/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005043; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangeban/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005044; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangebank-r/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005045; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangebank-sc/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005046; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangebank-secure-secure/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005047; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangebanksecurite/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005048; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangebannk/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005049; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangeibank/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005050; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangeinfosvocalnews/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005051; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangemyconnect/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005052; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/oranggebank/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005053; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangiebank/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005054; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/pagenewlogin2022"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005055; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/pages-identificaton-1000050210/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005056; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/pass-press/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005057; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/paypal-customer-services/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005058; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/paypal-loginn/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005059; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/pfherjwlsnmcyelwudy/home?authuser=3"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005060; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/pleasecheckpoint2021"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005061; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/postacerticodplusaccaccueil/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005062; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/protonmailservice/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005063; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/quickteamservice/yahoo-com"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005064; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/reactivationhelp2021/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005065; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/redirect-acctpages-uuid/details"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005066; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/redirectme-to/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005067; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/retttt/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005068; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/reviewappspagerviicee/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005069; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/reviewappspagerviiceee"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005070; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/rg9eur94uwe9d/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005071; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/richcoff/bt-business"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005072; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/rimekahsdjg/summary_page"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005073; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/salimkaso/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005074; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/sbcglobalm/home?authuser=1"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005075; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securbtcomms/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005076; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/secure-bt-homevoice01010120/home?authuser=8"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005077; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/secure-ob-/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005078; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/secure-ob/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005079; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securebtcomms/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005080; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securebtcommss/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005081; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securebusinessbtsecurbt/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005082; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securiplus0101/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005083; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securite-ob-service/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005084; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securite-obank/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005085; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securitee-ob/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005086; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securites-ob/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005087; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securmybusinessbtsecurbt/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005088; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securree/home?authuser=1"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005089; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securritee-ob/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005090; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/serv-ob/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005091; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/serv-obank/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005092; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/serveur-communication-box/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005093; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/service-orangebank-fr/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005094; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/service-orangebank-securi/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005095; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/service-securite-ob/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005096; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/servicenewlogin"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005097; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/shgeudh/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005098; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ski03/strona-g%c5%82%c3%b3wna"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005099; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/soeyankandi5/bt-business"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005100; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/szdgsdhgd"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005101; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/thenewstartpage2021"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005102; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/update-allreadypage"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005103; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/updatesecure"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005104; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/updatingnewpage"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005105; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/upgrade-bt/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005106; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/utututttu/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005107; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/v-ob/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005108; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/venmo-loginusa/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005109; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/vfbjf/btconnect"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005110; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/view-your-billonline/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005111; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/viewyourbilll/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005112; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/viewyournewbill/bt-business-btconnect"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005113; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/vjsdhdfidjasi/btconnect"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005114; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/webespaceclient-ref8/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005115; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/webmailcooom/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005116; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/xcccjcdhasks/btconnect"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005117; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/xmicrosoftoficew/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005118; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/xsvgcxsgvdhg/home?authuser=4"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005119; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/xvhfefef/bt-business"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005120; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/yah000/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005121; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/yahooend/yahoo"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005122; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/yahoomailingdesk/yahoo-com"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005123; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/yahooscott/yahoo"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005124; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/yourbillnotification/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005125; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/yt89ougjio/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005126; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ztt5zazu/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200005127; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/webmail.cpanel.net/user/cp.user.sign_in/auth/cpanel_mailbox/index.htm"; endswith; nocase; http.host; content:"skart.co.in"; classtype:attempted-recon; sid:200005128; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"solatresont.blogspot.com"; classtype:attempted-recon; sid:200005129; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"soufatanse.blogspot.com"; classtype:attempted-recon; sid:200005130; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"soufsont.blogspot.com"; classtype:attempted-recon; sid:200005131; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stt-c625a3f2c2"; endswith; nocase; http.host; content:"sprw.io"; classtype:attempted-recon; sid:200005132; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:b:/g/personal/mandyb_steiner_co_za/exxq1passetnrojoe83fzboboxufoggwb7uvmyfqbionla?e=4:su8jhq&amp\;at=9"; endswith; nocase; http.host; content:"steinercoza-my.sharepoint.com"; classtype:attempted-recon; sid:200005133; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/themes/twentyfifteen/css/read/chinavali/index.php?email=jsmith@imaphost.com"; endswith; nocase; http.host; content:"stolizaparketa.ru"; classtype:attempted-recon; sid:200005134; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1lordman1man3/oscman2.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005135; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/acc03lzzl4m3izm03iauserpowa.appspot.com/index.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005136; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/algebraic-pact-316913.appspot.com/index.html#jbell@legalshield.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005137; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anaagc040gdyacgd0dyuser.appspot.com/index.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005138; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ciat3tdtttd53c3e5userp.appspot.com/index.html#jr@legalshield.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005139; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ciat3tdtttd53c3e5userp.appspot.com/index.html#paul@legalshield.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005140; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientid4dunptjlryzrift3nrlomi160gqntzgznajujcnbszq8w/index.htm"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005141; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dhngw6p6rwrwnuv6vnuse.appspot.com/index.html#brianvillacarlos@legalshieldcorp.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005142; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g58t3e588ddgmdeddauth.appspot.com/index.html#jim-shelvy@legalshield.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005143; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gu1r0utjruhjkukrxhauser.appspot.com/index.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005144; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/indettn/pdflmanco.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005145; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/indettn/zdewaman.html#example@example.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005146; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkkqkl633qn6kq3lqssiiddnenen.appspot.com/index.html#jbell@legalshield.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005147; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkkqkl633qn6kq3lqssiiddnenen.appspot.com/index.html#t.voit@legalshield.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005148; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logon_id63757945b-32c6-49b0-83e6-1d93765276e7/"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005149; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logon_id63757945b-32c6-49b0-83e6-1d93765276e7/index.html#martin.manasek@ruk.cuni.cz"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005150; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maintainancecomponeta.appspot.com/index.html#a@b.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005151; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maintainancecomponeta.appspot.com/kayindex.html#eimaste@stinpriza.org"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005152; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maintainancecomponeta.appspot.com/myowngeneral.html#eimaste@stinpriza.org"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005153; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maintainancecomponeta.appspot.com/newmineindex.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005154; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/owuddqd9dqqdddq9qd0caerq.appspot.com/index.html#stevewilliamson@legalshield.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005155; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/projerroro0h5j5ro0jrrj.appspot.com/index.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005156; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/q90qqqar22r229r292euser.appspot.com/index.html"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005157; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/q90qqqar22r229r292euser.appspot.com/index.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005158; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rrdar99rt9qraraq99euser.appspot.com/index.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005159; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s0pts0apttxpp00atarrauth.appspot.com/index.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005160; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/staging.maintainancecomponeta.appspot.com/fcocnew.html"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005161; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/staging.maintainancecomponeta.appspot.com/nvhdjgtpl8txagtoccpyscuekxctc7j3kpg5bbugwqv0kemeas313lqehufuifcl6el9vtvomhrfbjbpxbg6qrnsg5sz3dyaiqor%2c%2520ffx6khej2lavfftroaizcq99hjdn3f4hs6gdeg2qodfyhobl8zonx6lez2dafyafc6spylufytfvuzn1jsioh4u6xpsbsqxqgh.html#icann@tecnocratica.net"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005162; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/staging.maintainancecomponeta.appspot.com/sydlasgendomain.html#winnie@soupro.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005163; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user517497679326978.appspot.com/index.html"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005164; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uth0uax3t3uh30ttna0nnuser.appspot.com/index.html#jbell@legalshield.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005165; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yyw77ywnn68weyew6euserq.appspot.com/index.html#rosalefua@legalshield.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200005166; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/03a6c481bbd83f8/df225c198d58561#un/68425_md/2/16247/3955/23/19171"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005167; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1827435283/1827435283.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005168; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abjsfatitvyrobprkawlycsckcwrvnntndjwbgoqjiswdbkhhlyxnbv/cli123.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005169; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abuabomvnediarrfgxamrtqcoehnpskugrmafutqnhugsbzossviqfv/cli123.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005170; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/acwuwxxomzzlrrfuyssheahvokqfunqvlbjnjrbyfsmbbmdppwimvbd/cli123.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005171; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbss-urltest-public/docomo_20210726_01.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005172; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbss-urltest-public/docomo_20210910_01.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005173; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbss-urltest-public/docomo_20210910_02.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005174; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bionat/xdaysonde1.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005175; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bionat/xdragon1.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005176; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bionat/xgmx1.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005177; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bionat/xiphoneswiss1.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005178; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bionat/xketode1.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005179; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bionat/xlena1.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005180; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bionat/xps5de1.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005181; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bionat/xspar1.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005182; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buckettt01/redirect%20newslettersreply.shop.html#rd/u8888idsyy65301cvmt1247244psw23077wujo1715"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005183; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document-check/sign.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005184; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inboxino/brand.html#cl/13669_md/1/788/1401/22/1025434"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005185; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inboxino/brand.html#cl/13695_md/1/788/1401/109/376564"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005186; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inboxino/brand.html#un/13664_md/1/455/1401/112/814109"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005187; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inboxino/brand.html#un/13695_md/1/788/1401/25/339407"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005188; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sstoragert/linkqs.html#cl/19939_md/1/4441/3808/112/984664"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005189; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sstoragert/linkqs.html#un/19995_md/1/4542/3682/112/984664"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005190; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ylffhg/redireck.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005191; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p/authentifier-transcash.html"; endswith; nocase; http.host; content:"suivi-coupon-recharge.blogspot.com"; classtype:attempted-recon; sid:200005192; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/usroutput/themeset1_2021-12-21-23-15-13/"; endswith; nocase; http.host; content:"sunnylandingpages.com"; classtype:attempted-recon; sid:200005193; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/adrian_ramos_superpark_com_hk/_layouts/15/wopiframe.aspx?guestaccesstoken=vofjngnui%2fslbameorlq62qlg8mcdnpo1dizu6i%2bc1m%3d&amp\;docid=1_124bbb2f682ca4c7daba6cec6ee34dfb9&amp\;wdformid=%7ba85c8abe%2d68be%2d43dd%2d91f3%2db397386186be%7d&amp\;action=formsubmit"; endswith; nocase; http.host; content:"superpark-my.sharepoint.com"; classtype:attempted-recon; sid:200005194; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/form/608bca7586919c70a2066ef7"; endswith; nocase; http.host; content:"surveyheart.com"; classtype:attempted-recon; sid:200005195; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/2vze"; endswith; nocase; http.host; content:"surveylegend.com"; classtype:attempted-recon; sid:200005196; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/pranjali_chandurkar_nmims_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=668cyp4s%2fwcmx8rj223bvjfwdvtryffzfpyarbrueha%3d&amp\;docid=1_1916b69db182644fead12e874cad930c4&amp\;wdformid=%7bcd4093b9%2ddfae%2d49f1%2dadde%2df32fbe93b271%7d&amp\;action=formsubmit"; endswith; nocase; http.host; content:"svkmmumbai-my.sharepoint.com"; classtype:attempted-recon; sid:200005197; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/index.html"; endswith; nocase; http.host; content:"swisscoat.com.cn"; classtype:attempted-recon; sid:200005198; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/about-us/netflix/9001ca429212011f4a4fda6c778cc318/account"; endswith; nocase; http.host; content:"synapse-project.com"; classtype:attempted-recon; sid:200005199; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/about-us/netflix/9001ca429212011f4a4fda6c778cc318/account/"; endswith; nocase; http.host; content:"synapse-project.com"; classtype:attempted-recon; sid:200005200; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public/dapp"; endswith; nocase; http.host; content:"synmultiwallet.com"; classtype:attempted-recon; sid:200005201; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6b3rxfp90m"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005202; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8mptsau4zq?amp=1"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005203; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9ooxxstzmb?amp=1?trackingid=ftiikjly&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005204; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9ooxxstzmb?trackingid=lxr1lc3e&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005205; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ef7oipwfto"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005206; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fy2lasfqae?trackingid=agbl0dxn&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005207; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fy2lasfqae?trackingid=dhrt9pxv&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005208; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fy2lasfqae?trackingid=mhrdlxok&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005209; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fy2lasfqae?trackingid=s5kqcb1o&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005210; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ge6k1ctsmd?trackingid=3pc2vgmn&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005211; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ge6k1ctsmd?trackingid=n13hzxpy&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005212; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ge6k1ctsmd?trackingid=ocfgjhka&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005213; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ge6k1ctsmd?trackingid=ohj6ctus&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005214; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lkcd0mnequ"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005215; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/timonfvymu?trackingid=67yzc2bv&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005216; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/timonfvymu?trackingid=cybyidfp&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005217; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zrd6j5rq4u?amp=1"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005218; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zwuq6zjpdj"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005219; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/helton.law/outlook.office.com/"; endswith; nocase; http.host; content:"tasteentertainment.com"; classtype:attempted-recon; sid:200005220; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/system32/procesosdeseguridadhb/170.51.165.16679791/agregar/telefono/contacto/logonoperacionservlet.html"; endswith; nocase; http.host; content:"tecsuport.com.br"; classtype:attempted-recon; sid:200005221; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2021/03/blog-post_48.html"; endswith; nocase; http.host; content:"telenorkandklimsupoort.blogspot.com"; classtype:attempted-recon; sid:200005222; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/form.htm"; endswith; nocase; http.host; content:"thedigirocket.com"; classtype:attempted-recon; sid:200005223; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2021/11/1/1and1/index.php"; endswith; nocase; http.host; content:"thelibrarysamui.com"; classtype:attempted-recon; sid:200005224; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-track/parceverification9887id=291250485"; endswith; nocase; http.host; content:"themcsoft.com"; classtype:attempted-recon; sid:200005225; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ing587388"; endswith; nocase; http.host; content:"tiny.one"; classtype:attempted-recon; sid:200005226; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ing67454"; endswith; nocase; http.host; content:"tiny.one"; classtype:attempted-recon; sid:200005227; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reuswnzc"; endswith; nocase; http.host; content:"tiny.one"; classtype:attempted-recon; sid:200005228; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/48rzxpne"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005229; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4wcw6fcu"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005230; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btinternet56"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005231; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evyu688y"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005232; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nycgovtgrant"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005233; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uha4nvtf"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005234; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y8mcrhhp"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005235; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yxb48kqj"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005236; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yxry9vf5"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005237; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yyvm8qr5"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005238; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/truist.com/"; endswith; nocase; http.host; content:"topearnersafrica.com"; classtype:attempted-recon; sid:200005239; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h/v6/link-track/1.0/1612678003989072-e5f6d8cc-499b-ea4f-85f1-8b23ad935661/1612677988/2f5895837f8d3f0a667c6b92ad41f652/8af273ac431e289838c8bf7c490185f3/3fe2530ffaa60580b73b9eec6af02f4d?redirect_uri=http://amazon.com"; endswith; nocase; http.host; content:"tr.cloudmagic.com"; classtype:attempted-recon; sid:200005240; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h/v6/link-track/1.0/1614590779401122-8e06125c-4b23-d643-3068-601cab9bec04/1614590763/2f5895837f8d3f0a667c6b92ad41f652/31367888a66bf6f98973a200c83075bb/3fe2530ffaa60580b73b9eec6af02f4d?redirect_uri=http://amazon.com"; endswith; nocase; http.host; content:"tr.cloudmagic.com"; classtype:attempted-recon; sid:200005241; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/?bn=35405429\;cpdir=https://tmmny.csb.app/.wewrewew.ahr0chm6ly9pbnzlc3rpbmdpbmdvzc5vcmcvqvbjmjq3.yw1izxiuzml0dg9uqhnwyxjrlmnvlm56"; endswith; nocase; http.host; content:"track.adform.net"; classtype:attempted-recon; sid:200005242; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=1"; endswith; nocase; http.host; content:"transcash-fr-v.blogspot.com"; classtype:attempted-recon; sid:200005243; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webapp/tribratanews/public/js/hughesnet.com/index.php"; endswith; nocase; http.host; content:"tribratanewsbondowoso.com"; classtype:attempted-recon; sid:200005244; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lsjpgw?verification-online-service"; endswith; nocase; http.host; content:"u.to"; classtype:attempted-recon; sid:200005245; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unrpgg"; endswith; nocase; http.host; content:"u.to"; classtype:attempted-recon; sid:200005246; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wsddga"; endswith; nocase; http.host; content:"u.to"; classtype:attempted-recon; sid:200005247; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pbi_pbi1151/login/remote/071108407/6"; endswith; nocase; http.host; content:"ucbonline.com"; classtype:attempted-recon; sid:200005248; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=e%2f5p4lmr7oxtbuuzst9ihpacebtz%2bhbogl5i950bhau%3d&docid=1_151b39d9e7dd54cfba500875349d3beb6&wdformid=%7bda6fcad9%2d9684%2d43af%2db959%2de2fa774eaba6%7d&action=formsubmit"; endswith; nocase; http.host; content:"umconnectumt-my.sharepoint.com"; classtype:attempted-recon; sid:200005249; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=h2b5qkvlooc%2bfvhpo6qkbxdfdzwzpa7doqhaikfrj08%3d&docid=1_1cab74931edec4bf39e6f4768e7830a02&wdformid=%7b6a702647%2db560%2d40c5%2d8890%2d109ec5ad9bc5%7d&action=formsubmit"; endswith; nocase; http.host; content:"umconnectumt-my.sharepoint.com"; classtype:attempted-recon; sid:200005250; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=inau9tsjk5bvaoypx%2fgfkvgo0iz4rq47kvts4tkb8yq%3d&docid=1_19c7a48ea3a0448c78765a480857920f0&wdformid=%7bd8f70a7d%2d4204%2d4a87%2da88e%2dbad6b0e4129e%7d&action=formsubmit"; endswith; nocase; http.host; content:"umconnectumt-my.sharepoint.com"; classtype:attempted-recon; sid:200005251; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=inau9tsjk5bvaoypx/gfkvgo0iz4rq47kvts4tkb8yq=&amp\;docid=1_19c7a48ea3a0448c78765a480857920f0&amp\;wdformid={d8f70a7d-4204-4a87-a88e-bad6b0e4129e}&amp\;action=formsubmit"; endswith; nocase; http.host; content:"umconnectumt-my.sharepoint.com"; classtype:attempted-recon; sid:200005252; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=uh9hjveaooebgqolme%2f5qft71pw2stg2ojiiqxebzce%3d&docid=1_11e28ca5d86c6416f926736ea3e8ad885&wdformid=%7b70256f91%2df178%2d4e5f%2d847a%2df748294a79c9%7d&action=formsubmit"; endswith; nocase; http.host; content:"umconnectumt-my.sharepoint.com"; classtype:attempted-recon; sid:200005253; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wine"; endswith; nocase; http.host; content:"umeacademy.com"; classtype:attempted-recon; sid:200005254; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wptracking/tracking2/tracking/tracking.php"; endswith; nocase; http.host; content:"uniga.ac.id"; classtype:attempted-recon; sid:200005255; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0lxgmv"; endswith; nocase; http.host; content:"url.gratis"; classtype:attempted-recon; sid:200005256; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kcornwall/email-verification/notice/account_login/login.html#accounting@utu.fi"; endswith; nocase; http.host; content:"users.tpg.com.au"; classtype:attempted-recon; sid:200005257; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1pxak"; endswith; nocase; http.host; content:"v.ht"; classtype:attempted-recon; sid:200005258; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yogs"; endswith; nocase; http.host; content:"v.ht"; classtype:attempted-recon; sid:200005259; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rd/c56498tvifh29711728hupj8172asy17489blob7311"; endswith; nocase; http.host; content:"vaiddzed.cc"; classtype:attempted-recon; sid:200005260; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drupal-7.56/scripts/bp"; endswith; nocase; http.host; content:"velvet.by"; classtype:attempted-recon; sid:200005261; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drupal-7.56/scripts/bp/"; endswith; nocase; http.host; content:"velvet.by"; classtype:attempted-recon; sid:200005262; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"veredesafs.blogspot.com"; classtype:attempted-recon; sid:200005263; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"vetrfedsonte.blogspot.com"; classtype:attempted-recon; sid:200005264; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2021/03/blog-post.html"; endswith; nocase; http.host; content:"viamobte.blogspot.com"; classtype:attempted-recon; sid:200005265; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/61e168ca67f4550de805d006/interactive-content-secured-document"; endswith; nocase; http.host; content:"view.genial.ly"; classtype:attempted-recon; sid:200005266; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/61e168ca67f4550de805d006/interactive-content-untitled-genially"; endswith; nocase; http.host; content:"view.genial.ly"; classtype:attempted-recon; sid:200005267; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"vivaterouna.blogspot.com"; classtype:attempted-recon; sid:200005268; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?cc_key=&amp\;post=%7brandom_number_5%7d_1&amp\;to=http://18.118.206.123/index.php?key=%7brandom_letternumberuplow_5%7d,email=%7bemail%7d"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005269; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=1qg10"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005270; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=3efeh"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005271; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=cylqz"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005272; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=dmyfj"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005273; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=dvexh"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005274; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=fhqja"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005275; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=g9dzz"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005276; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=qq74g"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005277; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=v0de0,email=kflove23@icloud.com&post=11981_1&cc_key"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005278; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=zzbtj"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005279; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=ccugr"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005280; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=mb1wu"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005281; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=meixj"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005282; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=toboe"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005283; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=tyzud"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005284; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=u7tfm,email=resurgita@icloud.com&post=35252_1&cc_key"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005285; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=v5t6m,email=robertgoby@icloud.com&post=24927_1&cc_key"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005286; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=vgy1e"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005287; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=znbui"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005288; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2fhumanity06.com%2fwp-content%2fthemes%2fapi.html"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005289; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2frois-zkxzx.run.goorm.io/safe-browser/"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005290; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2fwww.allovisite.com%2fwp-content%2fplugins%2fapi.html"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005291; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2fwww.allovisite.com%2fwp-content%2fplugins%2fapi.html&post=693378694_2&cc_key"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005292; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https%3a%2f%2fmsq-health.com%2fimages%2fonehealth%2fsound%2faudio&post=696668869_2&cc_key=/odmibxru/tsiqjhleqcj"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005293; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https%3a%2f%2fsapphireinternationalschool.com%2falbum%2fimages%2fsound%2faudio&post=690576696_17&cc_key=/lhgesiqipz/ksbqekez2fa"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005294; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://api.safebrowser-antidrop.com/ai.html?key=ppsyk"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005295; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://arroketainsificansion.com/r/cairdiembos"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005296; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://drmustafaalagamy.com/css/rajahutandil2"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005297; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://laprospergroup.com/wp-admin/assets/?key=8oyrd,email={email}"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005298; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://rendelparis.com/wp-admin/assets?key=isvbt,email={email}"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005299; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://sahara-distribution.com/wp-admin/dir"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005300; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://www.marmum.ae/css/?key=ibxa"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005301; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://www.marmum.ae/css/?key=ksor"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005302; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://www.marmum.ae/css/?key=lzqm"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005303; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://www.marmum.ae/css/?key=yihv"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005304; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://www.newlifenursery.com/assets/rdt.html?key=lwhi1"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005305; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8jdu/sb6/index.php?_"; endswith; nocase; http.host; content:"wallieget.com"; classtype:attempted-recon; sid:200005306; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8jdu/sb6/index.php?_&amp\;_"; endswith; nocase; http.host; content:"wallieget.com"; classtype:attempted-recon; sid:200005307; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8jdu/sb6/index.php?_&amp\;_&amp\;_"; endswith; nocase; http.host; content:"wallieget.com"; classtype:attempted-recon; sid:200005308; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o2/a/f5s4y/0"; endswith; nocase; http.host; content:"warriorplus.com"; classtype:attempted-recon; sid:200005309; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upgrade/"; endswith; nocase; http.host; content:"webmail.serviceunit.co.uk"; classtype:attempted-recon; sid:200005310; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/themes/sketch/js/sf_trash/c45b222914e3c78d"; endswith; nocase; http.host; content:"webuyworkshopequipment.com"; classtype:attempted-recon; sid:200005311; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/themes/sketch/js/sf_trash/c45b222914e3c78d/"; endswith; nocase; http.host; content:"webuyworkshopequipment.com"; classtype:attempted-recon; sid:200005312; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/secure/wells"; endswith; nocase; http.host; content:"whitmansasphalt.com"; classtype:attempted-recon; sid:200005313; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/secure/wells/"; endswith; nocase; http.host; content:"whitmansasphalt.com"; classtype:attempted-recon; sid:200005314; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/@bt_home"; endswith; nocase; http.host; content:"withkoji.com"; classtype:attempted-recon; sid:200005315; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/@bt_internet"; endswith; nocase; http.host; content:"withkoji.com"; classtype:attempted-recon; sid:200005316; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/@bt_service_alert."; endswith; nocase; http.host; content:"withkoji.com"; classtype:attempted-recon; sid:200005317; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/@bt_teem"; endswith; nocase; http.host; content:"withkoji.com"; classtype:attempted-recon; sid:200005318; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/@bt_update"; endswith; nocase; http.host; content:"withkoji.com"; classtype:attempted-recon; sid:200005319; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/@bt_upgrade"; endswith; nocase; http.host; content:"withkoji.com"; classtype:attempted-recon; sid:200005320; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/@btinternet"; endswith; nocase; http.host; content:"withkoji.com"; classtype:attempted-recon; sid:200005321; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/pklewis_k12_wv_us/_layouts/15/wopiframe.aspx?guestaccesstoken=tqintdtuii%2bam%2fbqmtnjkenggs2dptoi8hs2jqftjkq%3d&docid=1_1446052cffa4c4871bd24bb98fe86ed6d&wdformid=%7bdf30d25d%2d0b59%2d47e5%2d956e%2dc601397ea4d7%7d&action=formsubmit&cid=57cdb8ab-426b-4eff-a51f-903ee3684f96"; endswith; nocase; http.host; content:"wvk12-my.sharepoint.com"; classtype:attempted-recon; sid:200005322; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/pklewis_k12_wv_us/_layouts/15/wopiframe.aspx?guestaccesstoken=tqintdtuii%2bam%2fbqmtnjkenggs2dptoi8hs2jqftjkq%3d&docid=1_1446052cffa4c4871bd24bb98fe86ed6d&wdformid=%7bdf30d25d%2d0b59%2d47e5%2d956e%2dc601397ea4d7%7d&action=formsubmit&cid=57cdb8ab-426b-4eff-a51f-903ee3684f96"; endswith; nocase; http.host; content:"wvk12-my.sharepoint.com"; classtype:attempted-recon; sid:200005323; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oih3b8"; endswith; nocase; http.host; content:"xip.li"; classtype:attempted-recon; sid:200005324; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fire/dhl/load.php?0=aw5mb0btzxrhbg9naxmuy29t&amp\;guce_referrer=ahr0chm6ly9sb2dpbi55ywhvby5jb20v&amp\;guce_referrer_sig=aqaaaba99nmgr9inqoyu5mi3asjqfyjcpatd_a8modgjxpnxynmo8n5zxdi8ezv7gfypzosc_rpmz0hyfdck0olmxnmb6tpfznd5enc"; endswith; nocase; http.host; content:"znbint.com"; classtype:attempted-recon; sid:200005325; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kms8u47zlxwk"; endswith; nocase; http.host; content:"zpr.io"; classtype:attempted-recon; sid:200005326; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mxvzwlcdizyq"; endswith; nocase; http.host; content:"zpr.io"; classtype:attempted-recon; sid:200005327; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nckeqquhrpuf"; endswith; nocase; http.host; content:"zpr.io"; classtype:attempted-recon; sid:200005328; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa186.web.app"; classtype:attempted-recon; sid:200000917; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa187.web.app"; classtype:attempted-recon; sid:200000918; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa188.web.app"; classtype:attempted-recon; sid:200000919; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa189.web.app"; classtype:attempted-recon; sid:200000920; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa19.web.app"; classtype:attempted-recon; sid:200000921; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa191.web.app"; classtype:attempted-recon; sid:200000922; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa193.web.app"; classtype:attempted-recon; sid:200000923; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa194.web.app"; classtype:attempted-recon; sid:200000924; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa195.web.app"; classtype:attempted-recon; sid:200000925; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa198.web.app"; classtype:attempted-recon; sid:200000926; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa20.web.app"; classtype:attempted-recon; sid:200000927; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa201.web.app"; classtype:attempted-recon; sid:200000928; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa202.web.app"; classtype:attempted-recon; sid:200000929; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa204.web.app"; classtype:attempted-recon; sid:200000930; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa205.web.app"; classtype:attempted-recon; sid:200000931; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa206.web.app"; classtype:attempted-recon; sid:200000932; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa208.web.app"; classtype:attempted-recon; sid:200000933; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa209.web.app"; classtype:attempted-recon; sid:200000934; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa21.web.app"; classtype:attempted-recon; sid:200000935; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa211.web.app"; classtype:attempted-recon; sid:200000936; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa212.web.app"; classtype:attempted-recon; sid:200000937; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa213.web.app"; classtype:attempted-recon; sid:200000938; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa214.web.app"; classtype:attempted-recon; sid:200000939; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa215.web.app"; classtype:attempted-recon; sid:200000940; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa216.web.app"; classtype:attempted-recon; sid:200000941; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa217.web.app"; classtype:attempted-recon; sid:200000942; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa218.web.app"; classtype:attempted-recon; sid:200000943; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa219.web.app"; classtype:attempted-recon; sid:200000944; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa220.web.app"; classtype:attempted-recon; sid:200000945; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa221.web.app"; classtype:attempted-recon; sid:200000946; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa222.web.app"; classtype:attempted-recon; sid:200000947; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa223.web.app"; classtype:attempted-recon; sid:200000948; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa225.web.app"; classtype:attempted-recon; sid:200000949; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa226.web.app"; classtype:attempted-recon; sid:200000950; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa227.web.app"; classtype:attempted-recon; sid:200000951; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa228.web.app"; classtype:attempted-recon; sid:200000952; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa229.web.app"; classtype:attempted-recon; sid:200000953; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa230.web.app"; classtype:attempted-recon; sid:200000954; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa231.web.app"; classtype:attempted-recon; sid:200000955; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa232.web.app"; classtype:attempted-recon; sid:200000956; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa233.web.app"; classtype:attempted-recon; sid:200000957; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa234.web.app"; classtype:attempted-recon; sid:200000958; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa235.web.app"; classtype:attempted-recon; sid:200000959; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa237.web.app"; classtype:attempted-recon; sid:200000960; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa239.web.app"; classtype:attempted-recon; sid:200000961; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa240.web.app"; classtype:attempted-recon; sid:200000962; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa241.web.app"; classtype:attempted-recon; sid:200000963; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa242.web.app"; classtype:attempted-recon; sid:200000964; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa244.web.app"; classtype:attempted-recon; sid:200000965; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa245.web.app"; classtype:attempted-recon; sid:200000966; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa246.web.app"; classtype:attempted-recon; sid:200000967; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa247.web.app"; classtype:attempted-recon; sid:200000968; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa248.web.app"; classtype:attempted-recon; sid:200000969; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa249.web.app"; classtype:attempted-recon; sid:200000970; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa25.web.app"; classtype:attempted-recon; sid:200000971; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa251.web.app"; classtype:attempted-recon; sid:200000972; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa252.web.app"; classtype:attempted-recon; sid:200000973; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa253.web.app"; classtype:attempted-recon; sid:200000974; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa256.web.app"; classtype:attempted-recon; sid:200000975; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa257.web.app"; classtype:attempted-recon; sid:200000976; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa258.web.app"; classtype:attempted-recon; sid:200000977; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa260.web.app"; classtype:attempted-recon; sid:200000978; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa263.web.app"; classtype:attempted-recon; sid:200000979; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa264.web.app"; classtype:attempted-recon; sid:200000980; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa265.web.app"; classtype:attempted-recon; sid:200000981; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa266.web.app"; classtype:attempted-recon; sid:200000982; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa267.web.app"; classtype:attempted-recon; sid:200000983; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa269.web.app"; classtype:attempted-recon; sid:200000984; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa270.web.app"; classtype:attempted-recon; sid:200000985; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa273.web.app"; classtype:attempted-recon; sid:200000986; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa274.web.app"; classtype:attempted-recon; sid:200000987; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa276.web.app"; classtype:attempted-recon; sid:200000988; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa278.web.app"; classtype:attempted-recon; sid:200000989; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa279.web.app"; classtype:attempted-recon; sid:200000990; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa280.web.app"; classtype:attempted-recon; sid:200000991; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa281.web.app"; classtype:attempted-recon; sid:200000992; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa282.web.app"; classtype:attempted-recon; sid:200000993; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa283.web.app"; classtype:attempted-recon; sid:200000994; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa284.web.app"; classtype:attempted-recon; sid:200000995; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa285.web.app"; classtype:attempted-recon; sid:200000996; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa287.web.app"; classtype:attempted-recon; sid:200000997; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa29.web.app"; classtype:attempted-recon; sid:200000998; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa290.web.app"; classtype:attempted-recon; sid:200000999; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa292.web.app"; classtype:attempted-recon; sid:200001000; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa293.web.app"; classtype:attempted-recon; sid:200001001; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa294.web.app"; classtype:attempted-recon; sid:200001002; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa295.web.app"; classtype:attempted-recon; sid:200001003; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa296.web.app"; classtype:attempted-recon; sid:200001004; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa297.web.app"; classtype:attempted-recon; sid:200001005; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa299.web.app"; classtype:attempted-recon; sid:200001006; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa300.web.app"; classtype:attempted-recon; sid:200001007; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa301.web.app"; classtype:attempted-recon; sid:200001008; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa302.web.app"; classtype:attempted-recon; sid:200001009; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa303.web.app"; classtype:attempted-recon; sid:200001010; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa304.web.app"; classtype:attempted-recon; sid:200001011; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa305.web.app"; classtype:attempted-recon; sid:200001012; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa307.web.app"; classtype:attempted-recon; sid:200001013; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa308.web.app"; classtype:attempted-recon; sid:200001014; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa310.web.app"; classtype:attempted-recon; sid:200001015; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa311.web.app"; classtype:attempted-recon; sid:200001016; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa312.web.app"; classtype:attempted-recon; sid:200001017; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa313.web.app"; classtype:attempted-recon; sid:200001018; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa315.web.app"; classtype:attempted-recon; sid:200001019; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa318.web.app"; classtype:attempted-recon; sid:200001020; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa319.web.app"; classtype:attempted-recon; sid:200001021; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa32.web.app"; classtype:attempted-recon; sid:200001022; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa320.web.app"; classtype:attempted-recon; sid:200001023; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa321.web.app"; classtype:attempted-recon; sid:200001024; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa322.web.app"; classtype:attempted-recon; sid:200001025; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa323.web.app"; classtype:attempted-recon; sid:200001026; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa325.web.app"; classtype:attempted-recon; sid:200001027; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa326.web.app"; classtype:attempted-recon; sid:200001028; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa327.web.app"; classtype:attempted-recon; sid:200001029; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa328.web.app"; classtype:attempted-recon; sid:200001030; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa329.web.app"; classtype:attempted-recon; sid:200001031; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa330.web.app"; classtype:attempted-recon; sid:200001032; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa331.web.app"; classtype:attempted-recon; sid:200001033; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa332.web.app"; classtype:attempted-recon; sid:200001034; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa333.web.app"; classtype:attempted-recon; sid:200001035; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa334.web.app"; classtype:attempted-recon; sid:200001036; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa335.web.app"; classtype:attempted-recon; sid:200001037; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa336.web.app"; classtype:attempted-recon; sid:200001038; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa337.web.app"; classtype:attempted-recon; sid:200001039; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa338.web.app"; classtype:attempted-recon; sid:200001040; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa339.web.app"; classtype:attempted-recon; sid:200001041; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa340.web.app"; classtype:attempted-recon; sid:200001042; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa341.web.app"; classtype:attempted-recon; sid:200001043; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa342.web.app"; classtype:attempted-recon; sid:200001044; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa343.web.app"; classtype:attempted-recon; sid:200001045; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa344.web.app"; classtype:attempted-recon; sid:200001046; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa346.web.app"; classtype:attempted-recon; sid:200001047; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa347.web.app"; classtype:attempted-recon; sid:200001048; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa348.web.app"; classtype:attempted-recon; sid:200001049; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa350.web.app"; classtype:attempted-recon; sid:200001050; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa351.web.app"; classtype:attempted-recon; sid:200001051; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa352.web.app"; classtype:attempted-recon; sid:200001052; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa353.web.app"; classtype:attempted-recon; sid:200001053; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa354.web.app"; classtype:attempted-recon; sid:200001054; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa355.web.app"; classtype:attempted-recon; sid:200001055; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa356.web.app"; classtype:attempted-recon; sid:200001056; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa357.web.app"; classtype:attempted-recon; sid:200001057; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa358.web.app"; classtype:attempted-recon; sid:200001058; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa359.web.app"; classtype:attempted-recon; sid:200001059; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa36.web.app"; classtype:attempted-recon; sid:200001060; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa360.web.app"; classtype:attempted-recon; sid:200001061; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa361.web.app"; classtype:attempted-recon; sid:200001062; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa363.web.app"; classtype:attempted-recon; sid:200001063; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa364.web.app"; classtype:attempted-recon; sid:200001064; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa365.web.app"; classtype:attempted-recon; sid:200001065; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa367.web.app"; classtype:attempted-recon; sid:200001066; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa368.web.app"; classtype:attempted-recon; sid:200001067; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa369.web.app"; classtype:attempted-recon; sid:200001068; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa37.web.app"; classtype:attempted-recon; sid:200001069; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa370.web.app"; classtype:attempted-recon; sid:200001070; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa371.web.app"; classtype:attempted-recon; sid:200001071; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa372.web.app"; classtype:attempted-recon; sid:200001072; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa374.web.app"; classtype:attempted-recon; sid:200001073; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa375.web.app"; classtype:attempted-recon; sid:200001074; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa376.web.app"; classtype:attempted-recon; sid:200001075; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa377.web.app"; classtype:attempted-recon; sid:200001076; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa378.web.app"; classtype:attempted-recon; sid:200001077; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa379.web.app"; classtype:attempted-recon; sid:200001078; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa38.web.app"; classtype:attempted-recon; sid:200001079; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa380.web.app"; classtype:attempted-recon; sid:200001080; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa381.web.app"; classtype:attempted-recon; sid:200001081; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa382.web.app"; classtype:attempted-recon; sid:200001082; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa383.web.app"; classtype:attempted-recon; sid:200001083; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa384.web.app"; classtype:attempted-recon; sid:200001084; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa385.web.app"; classtype:attempted-recon; sid:200001085; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa386.web.app"; classtype:attempted-recon; sid:200001086; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa387.web.app"; classtype:attempted-recon; sid:200001087; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa390.web.app"; classtype:attempted-recon; sid:200001088; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa392.web.app"; classtype:attempted-recon; sid:200001089; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa393.web.app"; classtype:attempted-recon; sid:200001090; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa394.web.app"; classtype:attempted-recon; sid:200001091; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa395.web.app"; classtype:attempted-recon; sid:200001092; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa396.web.app"; classtype:attempted-recon; sid:200001093; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa397.web.app"; classtype:attempted-recon; sid:200001094; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa398.web.app"; classtype:attempted-recon; sid:200001095; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa40.web.app"; classtype:attempted-recon; sid:200001096; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa400.web.app"; classtype:attempted-recon; sid:200001097; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa401.web.app"; classtype:attempted-recon; sid:200001098; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa403.web.app"; classtype:attempted-recon; sid:200001099; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa405.web.app"; classtype:attempted-recon; sid:200001100; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa407.web.app"; classtype:attempted-recon; sid:200001101; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa408.web.app"; classtype:attempted-recon; sid:200001102; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa409.web.app"; classtype:attempted-recon; sid:200001103; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa41.web.app"; classtype:attempted-recon; sid:200001104; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa410.web.app"; classtype:attempted-recon; sid:200001105; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa411.web.app"; classtype:attempted-recon; sid:200001106; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa412.web.app"; classtype:attempted-recon; sid:200001107; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa413.web.app"; classtype:attempted-recon; sid:200001108; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa414.web.app"; classtype:attempted-recon; sid:200001109; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa415.web.app"; classtype:attempted-recon; sid:200001110; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa417.web.app"; classtype:attempted-recon; sid:200001111; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa418.web.app"; classtype:attempted-recon; sid:200001112; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa419.web.app"; classtype:attempted-recon; sid:200001113; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa42.web.app"; classtype:attempted-recon; sid:200001114; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa420.web.app"; classtype:attempted-recon; sid:200001115; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa421.web.app"; classtype:attempted-recon; sid:200001116; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa422.web.app"; classtype:attempted-recon; sid:200001117; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa423.web.app"; classtype:attempted-recon; sid:200001118; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa424.web.app"; classtype:attempted-recon; sid:200001119; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa425.web.app"; classtype:attempted-recon; sid:200001120; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa426.web.app"; classtype:attempted-recon; sid:200001121; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa427.web.app"; classtype:attempted-recon; sid:200001122; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa429.web.app"; classtype:attempted-recon; sid:200001123; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa43.web.app"; classtype:attempted-recon; sid:200001124; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa430.web.app"; classtype:attempted-recon; sid:200001125; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa431.web.app"; classtype:attempted-recon; sid:200001126; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa433.web.app"; classtype:attempted-recon; sid:200001127; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa434.web.app"; classtype:attempted-recon; sid:200001128; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa435.web.app"; classtype:attempted-recon; sid:200001129; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa436.web.app"; classtype:attempted-recon; sid:200001130; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa437.web.app"; classtype:attempted-recon; sid:200001131; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa438.web.app"; classtype:attempted-recon; sid:200001132; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa439.web.app"; classtype:attempted-recon; sid:200001133; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa44.web.app"; classtype:attempted-recon; sid:200001134; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa440.web.app"; classtype:attempted-recon; sid:200001135; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa442.web.app"; classtype:attempted-recon; sid:200001136; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa443.web.app"; classtype:attempted-recon; sid:200001137; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa444.web.app"; classtype:attempted-recon; sid:200001138; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa445.web.app"; classtype:attempted-recon; sid:200001139; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa446.web.app"; classtype:attempted-recon; sid:200001140; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa447.web.app"; classtype:attempted-recon; sid:200001141; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa449.web.app"; classtype:attempted-recon; sid:200001142; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa450.web.app"; classtype:attempted-recon; sid:200001143; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa451.web.app"; classtype:attempted-recon; sid:200001144; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa452.web.app"; classtype:attempted-recon; sid:200001145; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa453.web.app"; classtype:attempted-recon; sid:200001146; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa455.web.app"; classtype:attempted-recon; sid:200001147; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa456.web.app"; classtype:attempted-recon; sid:200001148; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa459.web.app"; classtype:attempted-recon; sid:200001149; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa46.web.app"; classtype:attempted-recon; sid:200001150; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa460.web.app"; classtype:attempted-recon; sid:200001151; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa462.web.app"; classtype:attempted-recon; sid:200001152; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa463.web.app"; classtype:attempted-recon; sid:200001153; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa464.web.app"; classtype:attempted-recon; sid:200001154; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa465.web.app"; classtype:attempted-recon; sid:200001155; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa466.web.app"; classtype:attempted-recon; sid:200001156; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa469.web.app"; classtype:attempted-recon; sid:200001157; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa47.web.app"; classtype:attempted-recon; sid:200001158; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa470.web.app"; classtype:attempted-recon; sid:200001159; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa471.web.app"; classtype:attempted-recon; sid:200001160; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa472.web.app"; classtype:attempted-recon; sid:200001161; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa473.web.app"; classtype:attempted-recon; sid:200001162; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa474.web.app"; classtype:attempted-recon; sid:200001163; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa475.web.app"; classtype:attempted-recon; sid:200001164; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa476.web.app"; classtype:attempted-recon; sid:200001165; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa477.web.app"; classtype:attempted-recon; sid:200001166; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa479.web.app"; classtype:attempted-recon; sid:200001167; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa480.web.app"; classtype:attempted-recon; sid:200001168; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa481.web.app"; classtype:attempted-recon; sid:200001169; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa483.web.app"; classtype:attempted-recon; sid:200001170; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa484.web.app"; classtype:attempted-recon; sid:200001171; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa485.web.app"; classtype:attempted-recon; sid:200001172; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa486.web.app"; classtype:attempted-recon; sid:200001173; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa487.web.app"; classtype:attempted-recon; sid:200001174; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa49.web.app"; classtype:attempted-recon; sid:200001175; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa490.web.app"; classtype:attempted-recon; sid:200001176; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa491.web.app"; classtype:attempted-recon; sid:200001177; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa492.web.app"; classtype:attempted-recon; sid:200001178; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa493.web.app"; classtype:attempted-recon; sid:200001179; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa494.web.app"; classtype:attempted-recon; sid:200001180; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa495.web.app"; classtype:attempted-recon; sid:200001181; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa496.web.app"; classtype:attempted-recon; sid:200001182; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa497.web.app"; classtype:attempted-recon; sid:200001183; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa498.web.app"; classtype:attempted-recon; sid:200001184; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa50.web.app"; classtype:attempted-recon; sid:200001185; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa500.web.app"; classtype:attempted-recon; sid:200001186; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa502.web.app"; classtype:attempted-recon; sid:200001187; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa506.web.app"; classtype:attempted-recon; sid:200001188; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa507.web.app"; classtype:attempted-recon; sid:200001189; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa508.web.app"; classtype:attempted-recon; sid:200001190; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa509.web.app"; classtype:attempted-recon; sid:200001191; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa51.web.app"; classtype:attempted-recon; sid:200001192; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa511.web.app"; classtype:attempted-recon; sid:200001193; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa514.web.app"; classtype:attempted-recon; sid:200001194; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa515.web.app"; classtype:attempted-recon; sid:200001195; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa516.web.app"; classtype:attempted-recon; sid:200001196; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa517.web.app"; classtype:attempted-recon; sid:200001197; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa518.web.app"; classtype:attempted-recon; sid:200001198; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa519.web.app"; classtype:attempted-recon; sid:200001199; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa52.web.app"; classtype:attempted-recon; sid:200001200; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa520.web.app"; classtype:attempted-recon; sid:200001201; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa522.web.app"; classtype:attempted-recon; sid:200001202; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa523.web.app"; classtype:attempted-recon; sid:200001203; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa525.web.app"; classtype:attempted-recon; sid:200001204; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa526.web.app"; classtype:attempted-recon; sid:200001205; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa527.web.app"; classtype:attempted-recon; sid:200001206; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa528.web.app"; classtype:attempted-recon; sid:200001207; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa529.web.app"; classtype:attempted-recon; sid:200001208; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa53.web.app"; classtype:attempted-recon; sid:200001209; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa530.web.app"; classtype:attempted-recon; sid:200001210; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa531.web.app"; classtype:attempted-recon; sid:200001211; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa532.web.app"; classtype:attempted-recon; sid:200001212; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa533.web.app"; classtype:attempted-recon; sid:200001213; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa536.web.app"; classtype:attempted-recon; sid:200001214; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa537.web.app"; classtype:attempted-recon; sid:200001215; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa538.web.app"; classtype:attempted-recon; sid:200001216; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa539.web.app"; classtype:attempted-recon; sid:200001217; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa54.web.app"; classtype:attempted-recon; sid:200001218; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa541.web.app"; classtype:attempted-recon; sid:200001219; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa542.web.app"; classtype:attempted-recon; sid:200001220; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa543.web.app"; classtype:attempted-recon; sid:200001221; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa545.web.app"; classtype:attempted-recon; sid:200001222; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa546.web.app"; classtype:attempted-recon; sid:200001223; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa547.web.app"; classtype:attempted-recon; sid:200001224; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa549.web.app"; classtype:attempted-recon; sid:200001225; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa550.web.app"; classtype:attempted-recon; sid:200001226; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa551.web.app"; classtype:attempted-recon; sid:200001227; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa553.web.app"; classtype:attempted-recon; sid:200001228; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa555.web.app"; classtype:attempted-recon; sid:200001229; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa556.web.app"; classtype:attempted-recon; sid:200001230; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa557.web.app"; classtype:attempted-recon; sid:200001231; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa558.web.app"; classtype:attempted-recon; sid:200001232; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa559.web.app"; classtype:attempted-recon; sid:200001233; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa56.web.app"; classtype:attempted-recon; sid:200001234; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa560.web.app"; classtype:attempted-recon; sid:200001235; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa561.web.app"; classtype:attempted-recon; sid:200001236; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa562.web.app"; classtype:attempted-recon; sid:200001237; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa564.web.app"; classtype:attempted-recon; sid:200001238; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa566.web.app"; classtype:attempted-recon; sid:200001239; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa567.web.app"; classtype:attempted-recon; sid:200001240; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa568.web.app"; classtype:attempted-recon; sid:200001241; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa569.web.app"; classtype:attempted-recon; sid:200001242; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa57.web.app"; classtype:attempted-recon; sid:200001243; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa570.web.app"; classtype:attempted-recon; sid:200001244; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa571.web.app"; classtype:attempted-recon; sid:200001245; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa572.web.app"; classtype:attempted-recon; sid:200001246; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa574.web.app"; classtype:attempted-recon; sid:200001247; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa575.web.app"; classtype:attempted-recon; sid:200001248; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa576.web.app"; classtype:attempted-recon; sid:200001249; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa577.web.app"; classtype:attempted-recon; sid:200001250; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa578.web.app"; classtype:attempted-recon; sid:200001251; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa579.web.app"; classtype:attempted-recon; sid:200001252; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa581.web.app"; classtype:attempted-recon; sid:200001253; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa582.web.app"; classtype:attempted-recon; sid:200001254; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa583.web.app"; classtype:attempted-recon; sid:200001255; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa586.web.app"; classtype:attempted-recon; sid:200001256; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa587.web.app"; classtype:attempted-recon; sid:200001257; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa588.web.app"; classtype:attempted-recon; sid:200001258; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa589.web.app"; classtype:attempted-recon; sid:200001259; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa59.web.app"; classtype:attempted-recon; sid:200001260; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa592.web.app"; classtype:attempted-recon; sid:200001261; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa593.web.app"; classtype:attempted-recon; sid:200001262; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa597.web.app"; classtype:attempted-recon; sid:200001263; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa598.web.app"; classtype:attempted-recon; sid:200001264; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa60.web.app"; classtype:attempted-recon; sid:200001265; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa600.web.app"; classtype:attempted-recon; sid:200001266; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa601.web.app"; classtype:attempted-recon; sid:200001267; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa602.web.app"; classtype:attempted-recon; sid:200001268; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa603.web.app"; classtype:attempted-recon; sid:200001269; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa604.web.app"; classtype:attempted-recon; sid:200001270; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa605.web.app"; classtype:attempted-recon; sid:200001271; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa607.web.app"; classtype:attempted-recon; sid:200001272; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa608.web.app"; classtype:attempted-recon; sid:200001273; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa609.web.app"; classtype:attempted-recon; sid:200001274; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa610.web.app"; classtype:attempted-recon; sid:200001275; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa612.web.app"; classtype:attempted-recon; sid:200001276; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa613.web.app"; classtype:attempted-recon; sid:200001277; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa614.web.app"; classtype:attempted-recon; sid:200001278; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa618.web.app"; classtype:attempted-recon; sid:200001279; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa619.web.app"; classtype:attempted-recon; sid:200001280; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa62.web.app"; classtype:attempted-recon; sid:200001281; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa620.web.app"; classtype:attempted-recon; sid:200001282; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa621.web.app"; classtype:attempted-recon; sid:200001283; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa623.web.app"; classtype:attempted-recon; sid:200001284; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa624.web.app"; classtype:attempted-recon; sid:200001285; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa625.web.app"; classtype:attempted-recon; sid:200001286; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa626.web.app"; classtype:attempted-recon; sid:200001287; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa627.web.app"; classtype:attempted-recon; sid:200001288; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa628.web.app"; classtype:attempted-recon; sid:200001289; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa629.web.app"; classtype:attempted-recon; sid:200001290; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa63.web.app"; classtype:attempted-recon; sid:200001291; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa630.web.app"; classtype:attempted-recon; sid:200001292; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa631.web.app"; classtype:attempted-recon; sid:200001293; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa632.web.app"; classtype:attempted-recon; sid:200001294; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa633.web.app"; classtype:attempted-recon; sid:200001295; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa634.web.app"; classtype:attempted-recon; sid:200001296; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa635.web.app"; classtype:attempted-recon; sid:200001297; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa636.web.app"; classtype:attempted-recon; sid:200001298; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa637.web.app"; classtype:attempted-recon; sid:200001299; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa638.web.app"; classtype:attempted-recon; sid:200001300; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa639.web.app"; classtype:attempted-recon; sid:200001301; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa64.web.app"; classtype:attempted-recon; sid:200001302; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa640.web.app"; classtype:attempted-recon; sid:200001303; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa642.web.app"; classtype:attempted-recon; sid:200001304; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa643.web.app"; classtype:attempted-recon; sid:200001305; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa644.web.app"; classtype:attempted-recon; sid:200001306; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa645.web.app"; classtype:attempted-recon; sid:200001307; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa646.web.app"; classtype:attempted-recon; sid:200001308; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa647.web.app"; classtype:attempted-recon; sid:200001309; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa648.web.app"; classtype:attempted-recon; sid:200001310; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa649.web.app"; classtype:attempted-recon; sid:200001311; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa65.web.app"; classtype:attempted-recon; sid:200001312; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa650.web.app"; classtype:attempted-recon; sid:200001313; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa651.web.app"; classtype:attempted-recon; sid:200001314; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa652.web.app"; classtype:attempted-recon; sid:200001315; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa653.web.app"; classtype:attempted-recon; sid:200001316; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa654.web.app"; classtype:attempted-recon; sid:200001317; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa655.web.app"; classtype:attempted-recon; sid:200001318; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa660.web.app"; classtype:attempted-recon; sid:200001319; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa661.web.app"; classtype:attempted-recon; sid:200001320; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa662.web.app"; classtype:attempted-recon; sid:200001321; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa663.web.app"; classtype:attempted-recon; sid:200001322; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa664.web.app"; classtype:attempted-recon; sid:200001323; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa665.web.app"; classtype:attempted-recon; sid:200001324; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa666.web.app"; classtype:attempted-recon; sid:200001325; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa667.web.app"; classtype:attempted-recon; sid:200001326; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa668.web.app"; classtype:attempted-recon; sid:200001327; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa669.web.app"; classtype:attempted-recon; sid:200001328; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa671.web.app"; classtype:attempted-recon; sid:200001329; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa672.web.app"; classtype:attempted-recon; sid:200001330; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa673.web.app"; classtype:attempted-recon; sid:200001331; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa675.web.app"; classtype:attempted-recon; sid:200001332; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa677.web.app"; classtype:attempted-recon; sid:200001333; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa678.web.app"; classtype:attempted-recon; sid:200001334; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa679.web.app"; classtype:attempted-recon; sid:200001335; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa68.web.app"; classtype:attempted-recon; sid:200001336; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa680.web.app"; classtype:attempted-recon; sid:200001337; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa681.web.app"; classtype:attempted-recon; sid:200001338; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa682.web.app"; classtype:attempted-recon; sid:200001339; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa684.web.app"; classtype:attempted-recon; sid:200001340; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa685.web.app"; classtype:attempted-recon; sid:200001341; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa689.web.app"; classtype:attempted-recon; sid:200001342; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa69.web.app"; classtype:attempted-recon; sid:200001343; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa690.web.app"; classtype:attempted-recon; sid:200001344; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa691.web.app"; classtype:attempted-recon; sid:200001345; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa692.web.app"; classtype:attempted-recon; sid:200001346; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa693.web.app"; classtype:attempted-recon; sid:200001347; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa694.web.app"; classtype:attempted-recon; sid:200001348; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa696.web.app"; classtype:attempted-recon; sid:200001349; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa697.web.app"; classtype:attempted-recon; sid:200001350; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa698.web.app"; classtype:attempted-recon; sid:200001351; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa699.web.app"; classtype:attempted-recon; sid:200001352; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa70.web.app"; classtype:attempted-recon; sid:200001353; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa700.web.app"; classtype:attempted-recon; sid:200001354; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa701.web.app"; classtype:attempted-recon; sid:200001355; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa702.web.app"; classtype:attempted-recon; sid:200001356; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa703.web.app"; classtype:attempted-recon; sid:200001357; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa704.web.app"; classtype:attempted-recon; sid:200001358; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa706.web.app"; classtype:attempted-recon; sid:200001359; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa708.web.app"; classtype:attempted-recon; sid:200001360; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa709.web.app"; classtype:attempted-recon; sid:200001361; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa71.web.app"; classtype:attempted-recon; sid:200001362; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa711.web.app"; classtype:attempted-recon; sid:200001363; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa713.web.app"; classtype:attempted-recon; sid:200001364; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa714.web.app"; classtype:attempted-recon; sid:200001365; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa715.web.app"; classtype:attempted-recon; sid:200001366; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa716.web.app"; classtype:attempted-recon; sid:200001367; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa717.web.app"; classtype:attempted-recon; sid:200001368; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa718.web.app"; classtype:attempted-recon; sid:200001369; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa719.web.app"; classtype:attempted-recon; sid:200001370; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa72.web.app"; classtype:attempted-recon; sid:200001371; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa721.web.app"; classtype:attempted-recon; sid:200001372; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa722.web.app"; classtype:attempted-recon; sid:200001373; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa724.web.app"; classtype:attempted-recon; sid:200001374; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa725.web.app"; classtype:attempted-recon; sid:200001375; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa726.web.app"; classtype:attempted-recon; sid:200001376; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa727.web.app"; classtype:attempted-recon; sid:200001377; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa729.web.app"; classtype:attempted-recon; sid:200001378; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa730.web.app"; classtype:attempted-recon; sid:200001379; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa731.web.app"; classtype:attempted-recon; sid:200001380; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa732.web.app"; classtype:attempted-recon; sid:200001381; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa733.web.app"; classtype:attempted-recon; sid:200001382; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa734.web.app"; classtype:attempted-recon; sid:200001383; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa735.web.app"; classtype:attempted-recon; sid:200001384; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa736.web.app"; classtype:attempted-recon; sid:200001385; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa737.web.app"; classtype:attempted-recon; sid:200001386; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa738.web.app"; classtype:attempted-recon; sid:200001387; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa739.web.app"; classtype:attempted-recon; sid:200001388; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa74.web.app"; classtype:attempted-recon; sid:200001389; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa740.web.app"; classtype:attempted-recon; sid:200001390; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa742.web.app"; classtype:attempted-recon; sid:200001391; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa743.web.app"; classtype:attempted-recon; sid:200001392; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa744.web.app"; classtype:attempted-recon; sid:200001393; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa746.web.app"; classtype:attempted-recon; sid:200001394; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa749.web.app"; classtype:attempted-recon; sid:200001395; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa75.web.app"; classtype:attempted-recon; sid:200001396; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa750.web.app"; classtype:attempted-recon; sid:200001397; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa752.web.app"; classtype:attempted-recon; sid:200001398; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa753.web.app"; classtype:attempted-recon; sid:200001399; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa754.web.app"; classtype:attempted-recon; sid:200001400; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa755.web.app"; classtype:attempted-recon; sid:200001401; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa757.web.app"; classtype:attempted-recon; sid:200001402; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa758.web.app"; classtype:attempted-recon; sid:200001403; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa759.web.app"; classtype:attempted-recon; sid:200001404; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa761.web.app"; classtype:attempted-recon; sid:200001405; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa762.web.app"; classtype:attempted-recon; sid:200001406; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa764.web.app"; classtype:attempted-recon; sid:200001407; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa765.web.app"; classtype:attempted-recon; sid:200001408; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa766.web.app"; classtype:attempted-recon; sid:200001409; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa767.web.app"; classtype:attempted-recon; sid:200001410; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa768.web.app"; classtype:attempted-recon; sid:200001411; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa769.web.app"; classtype:attempted-recon; sid:200001412; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa77.web.app"; classtype:attempted-recon; sid:200001413; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa770.web.app"; classtype:attempted-recon; sid:200001414; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa771.web.app"; classtype:attempted-recon; sid:200001415; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa772.web.app"; classtype:attempted-recon; sid:200001416; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa773.web.app"; classtype:attempted-recon; sid:200001417; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa774.web.app"; classtype:attempted-recon; sid:200001418; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa775.web.app"; classtype:attempted-recon; sid:200001419; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa776.web.app"; classtype:attempted-recon; sid:200001420; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa777.web.app"; classtype:attempted-recon; sid:200001421; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa778.web.app"; classtype:attempted-recon; sid:200001422; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa779.web.app"; classtype:attempted-recon; sid:200001423; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa78.web.app"; classtype:attempted-recon; sid:200001424; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa780.web.app"; classtype:attempted-recon; sid:200001425; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa782.web.app"; classtype:attempted-recon; sid:200001426; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa783.web.app"; classtype:attempted-recon; sid:200001427; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa784.web.app"; classtype:attempted-recon; sid:200001428; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa785.web.app"; classtype:attempted-recon; sid:200001429; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa786.web.app"; classtype:attempted-recon; sid:200001430; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa788.web.app"; classtype:attempted-recon; sid:200001431; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa789.web.app"; classtype:attempted-recon; sid:200001432; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa79.web.app"; classtype:attempted-recon; sid:200001433; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa790.web.app"; classtype:attempted-recon; sid:200001434; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa793.web.app"; classtype:attempted-recon; sid:200001435; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa794.web.app"; classtype:attempted-recon; sid:200001436; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa796.web.app"; classtype:attempted-recon; sid:200001437; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa797.web.app"; classtype:attempted-recon; sid:200001438; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa798.web.app"; classtype:attempted-recon; sid:200001439; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa799.web.app"; classtype:attempted-recon; sid:200001440; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa80.web.app"; classtype:attempted-recon; sid:200001441; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa800.web.app"; classtype:attempted-recon; sid:200001442; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa801.web.app"; classtype:attempted-recon; sid:200001443; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa802.web.app"; classtype:attempted-recon; sid:200001444; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa804.web.app"; classtype:attempted-recon; sid:200001445; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa806.web.app"; classtype:attempted-recon; sid:200001446; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa807.web.app"; classtype:attempted-recon; sid:200001447; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa808.web.app"; classtype:attempted-recon; sid:200001448; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa809.web.app"; classtype:attempted-recon; sid:200001449; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa81.web.app"; classtype:attempted-recon; sid:200001450; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa810.web.app"; classtype:attempted-recon; sid:200001451; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa813.web.app"; classtype:attempted-recon; sid:200001452; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa814.web.app"; classtype:attempted-recon; sid:200001453; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa815.web.app"; classtype:attempted-recon; sid:200001454; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa816.web.app"; classtype:attempted-recon; sid:200001455; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa817.web.app"; classtype:attempted-recon; sid:200001456; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa818.web.app"; classtype:attempted-recon; sid:200001457; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa819.web.app"; classtype:attempted-recon; sid:200001458; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa82.web.app"; classtype:attempted-recon; sid:200001459; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa820.web.app"; classtype:attempted-recon; sid:200001460; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa821.web.app"; classtype:attempted-recon; sid:200001461; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa822.web.app"; classtype:attempted-recon; sid:200001462; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa823.web.app"; classtype:attempted-recon; sid:200001463; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa824.web.app"; classtype:attempted-recon; sid:200001464; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa826.web.app"; classtype:attempted-recon; sid:200001465; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa827.web.app"; classtype:attempted-recon; sid:200001466; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa828.web.app"; classtype:attempted-recon; sid:200001467; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa829.web.app"; classtype:attempted-recon; sid:200001468; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa83.web.app"; classtype:attempted-recon; sid:200001469; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa830.web.app"; classtype:attempted-recon; sid:200001470; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa831.web.app"; classtype:attempted-recon; sid:200001471; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa832.web.app"; classtype:attempted-recon; sid:200001472; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa833.web.app"; classtype:attempted-recon; sid:200001473; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa834.web.app"; classtype:attempted-recon; sid:200001474; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa835.web.app"; classtype:attempted-recon; sid:200001475; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa837.web.app"; classtype:attempted-recon; sid:200001476; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa839.web.app"; classtype:attempted-recon; sid:200001477; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa84.web.app"; classtype:attempted-recon; sid:200001478; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa840.web.app"; classtype:attempted-recon; sid:200001479; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa841.web.app"; classtype:attempted-recon; sid:200001480; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa842.web.app"; classtype:attempted-recon; sid:200001481; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa843.web.app"; classtype:attempted-recon; sid:200001482; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa844.web.app"; classtype:attempted-recon; sid:200001483; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa846.web.app"; classtype:attempted-recon; sid:200001484; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa85.web.app"; classtype:attempted-recon; sid:200001485; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa851.web.app"; classtype:attempted-recon; sid:200001486; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa852.web.app"; classtype:attempted-recon; sid:200001487; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa853.web.app"; classtype:attempted-recon; sid:200001488; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa855.web.app"; classtype:attempted-recon; sid:200001489; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa856.web.app"; classtype:attempted-recon; sid:200001490; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa857.web.app"; classtype:attempted-recon; sid:200001491; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa858.web.app"; classtype:attempted-recon; sid:200001492; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa86.web.app"; classtype:attempted-recon; sid:200001493; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa860.web.app"; classtype:attempted-recon; sid:200001494; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa861.web.app"; classtype:attempted-recon; sid:200001495; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa862.web.app"; classtype:attempted-recon; sid:200001496; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa863.web.app"; classtype:attempted-recon; sid:200001497; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa864.web.app"; classtype:attempted-recon; sid:200001498; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa866.web.app"; classtype:attempted-recon; sid:200001499; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa867.web.app"; classtype:attempted-recon; sid:200001500; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa868.web.app"; classtype:attempted-recon; sid:200001501; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa869.web.app"; classtype:attempted-recon; sid:200001502; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa87.web.app"; classtype:attempted-recon; sid:200001503; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa870.web.app"; classtype:attempted-recon; sid:200001504; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa871.web.app"; classtype:attempted-recon; sid:200001505; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa872.web.app"; classtype:attempted-recon; sid:200001506; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa873.web.app"; classtype:attempted-recon; sid:200001507; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa874.web.app"; classtype:attempted-recon; sid:200001508; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa877.web.app"; classtype:attempted-recon; sid:200001509; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa878.web.app"; classtype:attempted-recon; sid:200001510; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa879.web.app"; classtype:attempted-recon; sid:200001511; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa88.web.app"; classtype:attempted-recon; sid:200001512; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa880.web.app"; classtype:attempted-recon; sid:200001513; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa881.web.app"; classtype:attempted-recon; sid:200001514; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa882.web.app"; classtype:attempted-recon; sid:200001515; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa884.web.app"; classtype:attempted-recon; sid:200001516; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa886.web.app"; classtype:attempted-recon; sid:200001517; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa888.web.app"; classtype:attempted-recon; sid:200001518; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa889.web.app"; classtype:attempted-recon; sid:200001519; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa89.web.app"; classtype:attempted-recon; sid:200001520; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa890.web.app"; classtype:attempted-recon; sid:200001521; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa891.web.app"; classtype:attempted-recon; sid:200001522; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa892.web.app"; classtype:attempted-recon; sid:200001523; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa894.web.app"; classtype:attempted-recon; sid:200001524; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa895.web.app"; classtype:attempted-recon; sid:200001525; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa896.web.app"; classtype:attempted-recon; sid:200001526; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa897.web.app"; classtype:attempted-recon; sid:200001527; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa898.web.app"; classtype:attempted-recon; sid:200001528; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa899.web.app"; classtype:attempted-recon; sid:200001529; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa90.web.app"; classtype:attempted-recon; sid:200001530; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa900.web.app"; classtype:attempted-recon; sid:200001531; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa901.web.app"; classtype:attempted-recon; sid:200001532; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa902.web.app"; classtype:attempted-recon; sid:200001533; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa903.web.app"; classtype:attempted-recon; sid:200001534; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa904.web.app"; classtype:attempted-recon; sid:200001535; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa906.web.app"; classtype:attempted-recon; sid:200001536; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa907.web.app"; classtype:attempted-recon; sid:200001537; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa908.web.app"; classtype:attempted-recon; sid:200001538; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa909.web.app"; classtype:attempted-recon; sid:200001539; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa91.web.app"; classtype:attempted-recon; sid:200001540; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa910.web.app"; classtype:attempted-recon; sid:200001541; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa912.web.app"; classtype:attempted-recon; sid:200001542; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa913.web.app"; classtype:attempted-recon; sid:200001543; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa917.web.app"; classtype:attempted-recon; sid:200001544; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa918.web.app"; classtype:attempted-recon; sid:200001545; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa92.web.app"; classtype:attempted-recon; sid:200001546; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa920.web.app"; classtype:attempted-recon; sid:200001547; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa921.web.app"; classtype:attempted-recon; sid:200001548; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa922.web.app"; classtype:attempted-recon; sid:200001549; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa923.web.app"; classtype:attempted-recon; sid:200001550; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa924.web.app"; classtype:attempted-recon; sid:200001551; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa926.web.app"; classtype:attempted-recon; sid:200001552; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa927.web.app"; classtype:attempted-recon; sid:200001553; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa929.web.app"; classtype:attempted-recon; sid:200001554; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa930.web.app"; classtype:attempted-recon; sid:200001555; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa932.web.app"; classtype:attempted-recon; sid:200001556; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa935.web.app"; classtype:attempted-recon; sid:200001557; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa937.web.app"; classtype:attempted-recon; sid:200001558; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa938.web.app"; classtype:attempted-recon; sid:200001559; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa940.web.app"; classtype:attempted-recon; sid:200001560; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa941.web.app"; classtype:attempted-recon; sid:200001561; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa942.web.app"; classtype:attempted-recon; sid:200001562; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa943.web.app"; classtype:attempted-recon; sid:200001563; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa944.web.app"; classtype:attempted-recon; sid:200001564; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa945.web.app"; classtype:attempted-recon; sid:200001565; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa946.web.app"; classtype:attempted-recon; sid:200001566; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa947.web.app"; classtype:attempted-recon; sid:200001567; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa949.web.app"; classtype:attempted-recon; sid:200001568; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa95.web.app"; classtype:attempted-recon; sid:200001569; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa950.web.app"; classtype:attempted-recon; sid:200001570; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa952.web.app"; classtype:attempted-recon; sid:200001571; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa953.web.app"; classtype:attempted-recon; sid:200001572; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa954.web.app"; classtype:attempted-recon; sid:200001573; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa955.web.app"; classtype:attempted-recon; sid:200001574; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa958.web.app"; classtype:attempted-recon; sid:200001575; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa959.web.app"; classtype:attempted-recon; sid:200001576; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa96.web.app"; classtype:attempted-recon; sid:200001577; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa961.web.app"; classtype:attempted-recon; sid:200001578; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa962.web.app"; classtype:attempted-recon; sid:200001579; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa963.web.app"; classtype:attempted-recon; sid:200001580; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa964.web.app"; classtype:attempted-recon; sid:200001581; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa966.web.app"; classtype:attempted-recon; sid:200001582; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa967.web.app"; classtype:attempted-recon; sid:200001583; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa97.web.app"; classtype:attempted-recon; sid:200001584; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa970.web.app"; classtype:attempted-recon; sid:200001585; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa973.web.app"; classtype:attempted-recon; sid:200001586; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa974.web.app"; classtype:attempted-recon; sid:200001587; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa975.web.app"; classtype:attempted-recon; sid:200001588; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa976.web.app"; classtype:attempted-recon; sid:200001589; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa977.web.app"; classtype:attempted-recon; sid:200001590; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa979.web.app"; classtype:attempted-recon; sid:200001591; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa98.web.app"; classtype:attempted-recon; sid:200001592; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa980.web.app"; classtype:attempted-recon; sid:200001593; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa982.web.app"; classtype:attempted-recon; sid:200001594; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa984.web.app"; classtype:attempted-recon; sid:200001595; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa985.web.app"; classtype:attempted-recon; sid:200001596; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa986.web.app"; classtype:attempted-recon; sid:200001597; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa987.web.app"; classtype:attempted-recon; sid:200001598; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa988.web.app"; classtype:attempted-recon; sid:200001599; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa989.web.app"; classtype:attempted-recon; sid:200001600; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa99.web.app"; classtype:attempted-recon; sid:200001601; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa990.web.app"; classtype:attempted-recon; sid:200001602; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa991.web.app"; classtype:attempted-recon; sid:200001603; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa993.web.app"; classtype:attempted-recon; sid:200001604; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa995.web.app"; classtype:attempted-recon; sid:200001605; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa996.web.app"; classtype:attempted-recon; sid:200001606; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"domainserverlawa999.web.app"; classtype:attempted-recon; sid:200001607; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"donaidrsilcio.com"; classtype:attempted-recon; sid:200001608; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"doooog.cn"; classtype:attempted-recon; sid:200001609; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dopeydog.co.nz"; classtype:attempted-recon; sid:200001610; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dorouscom.com"; classtype:attempted-recon; sid:200001611; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"douuodwoman.com"; classtype:attempted-recon; sid:200001612; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dowaba-s2dhl.blogspot.com"; classtype:attempted-recon; sid:200001613; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"doz.tode.cz"; classtype:attempted-recon; sid:200001614; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dpasdasfasfasfas.pages.dev"; classtype:attempted-recon; sid:200001615; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dpd-pl.566868.space"; classtype:attempted-recon; sid:200001616; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dpd-redelivery-uk.com"; classtype:attempted-recon; sid:200001617; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dpmasdaskj.pages.dev"; classtype:attempted-recon; sid:200001618; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dr-joannepeeler.com"; classtype:attempted-recon; sid:200001619; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dr3aq.byethost32.com"; classtype:attempted-recon; sid:200001620; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dreamhacker.pro"; classtype:attempted-recon; sid:200001621; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dreamotion-jp.com"; classtype:attempted-recon; sid:200001622; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"drivingschoolglasgow.co.uk"; classtype:attempted-recon; sid:200001623; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"drmarciovaleriano.com.br"; classtype:attempted-recon; sid:200001624; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dsgcbeonline.com"; classtype:attempted-recon; sid:200001625; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dskedirekt.web.app"; classtype:attempted-recon; sid:200001626; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dsp2codemdp.t.justns.ru"; classtype:attempted-recon; sid:200001627; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dtpprtmwbtudyquwgytcqcthzc-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200001628; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dtrpsystasfasgas.pages.dev"; classtype:attempted-recon; sid:200001629; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dukhovnist.in.ua"; classtype:attempted-recon; sid:200001630; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"durecorpperu.com"; classtype:attempted-recon; sid:200001631; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dwrat.andalous.org"; classtype:attempted-recon; sid:200001632; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dwvwq.cwfc.workers.dev"; classtype:attempted-recon; sid:200001633; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dydex.org"; classtype:attempted-recon; sid:200001634; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dyn.co"; classtype:attempted-recon; sid:200001635; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dynastyclinic.ae"; classtype:attempted-recon; sid:200001636; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"e-cassare.org"; classtype:attempted-recon; sid:200001637; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"e4ff557e.sso-secure-mail04wtwdw4.pages.dev"; classtype:attempted-recon; sid:200001638; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"e4ra.byethost8.com"; classtype:attempted-recon; sid:200001639; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"e63q45f9h5fr.clickfunnels.com"; classtype:attempted-recon; sid:200001640; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eagleeyeapparel.com"; classtype:attempted-recon; sid:200001641; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"earth01.info"; classtype:attempted-recon; sid:200001642; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"easywalletfix.net"; classtype:attempted-recon; sid:200001643; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"easywalletsfix.com"; classtype:attempted-recon; sid:200001644; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eba0200d0c.nxcli.net"; classtype:attempted-recon; sid:200001645; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ebay-de.ad49103.xyz"; classtype:attempted-recon; sid:200001646; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ebay.com.dashboard-seller.center"; classtype:attempted-recon; sid:200001647; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eberhardtedwige.wixsite.com"; classtype:attempted-recon; sid:200001648; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ebuddynews.com"; classtype:attempted-recon; sid:200001649; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ec.snadc-oecddo.com"; classtype:attempted-recon; sid:200001650; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ecogreenjanitorial.com"; classtype:attempted-recon; sid:200001651; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ecomcrew.staging.wpengine.com"; classtype:attempted-recon; sid:200001652; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ecosteelsolution.ro"; classtype:attempted-recon; sid:200001653; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"edje.com"; classtype:attempted-recon; sid:200001654; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"edukickmexico.com"; classtype:attempted-recon; sid:200001655; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ee-sms.co.uk"; classtype:attempted-recon; sid:200001656; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ee.scicemecod.com"; classtype:attempted-recon; sid:200001657; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"efarms.com.ng"; classtype:attempted-recon; sid:200001658; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eharmonyservice.com"; classtype:attempted-recon; sid:200001659; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ekabel.hu"; classtype:attempted-recon; sid:200001660; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ekbofexjlnsdsfaqxbcfpnfift-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200001661; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ekobebe.cn"; classtype:attempted-recon; sid:200001662; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"electrocoolhvacr.com"; classtype:attempted-recon; sid:200001663; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"electronicanehuen.com"; classtype:attempted-recon; sid:200001664; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"elektroonline.pl"; classtype:attempted-recon; sid:200001665; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ellatinodigital.com"; classtype:attempted-recon; sid:200001666; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"elomo.ro"; classtype:attempted-recon; sid:200001667; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eluniversallatinworld.com"; classtype:attempted-recon; sid:200001668; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"email302.com"; classtype:attempted-recon; sid:200001669; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"emailsettings.webflow.io"; classtype:attempted-recon; sid:200001670; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"emailwebaccess.co.uk"; classtype:attempted-recon; sid:200001671; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"embarquefloripa.com.br"; classtype:attempted-recon; sid:200001672; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"emlink.me"; classtype:attempted-recon; sid:200001673; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"emojis.bons.bar"; classtype:attempted-recon; sid:200001674; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"emojis.dels.bar"; classtype:attempted-recon; sid:200001675; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"emsi-lobo.firebaseapp.com"; classtype:attempted-recon; sid:200001676; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"en-template-solicito-16414253314897.onepage.website"; classtype:attempted-recon; sid:200001677; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enbolivia.com"; classtype:attempted-recon; sid:200001678; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"encryptdrive.booogle.net"; classtype:attempted-recon; sid:200001679; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"engcamp.org"; classtype:attempted-recon; sid:200001680; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enoman.fqzsdgtg.cn"; classtype:attempted-recon; sid:200001681; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"erinaflorist.com"; classtype:attempted-recon; sid:200001682; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ershamshad.github.io"; classtype:attempted-recon; sid:200001683; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"escortinraipur.com"; classtype:attempted-recon; sid:200001684; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eseax.ws"; classtype:attempted-recon; sid:200001685; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"esfdesentakip.com"; classtype:attempted-recon; sid:200001686; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eshetkari.com"; classtype:attempted-recon; sid:200001687; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"esi-texas.com"; classtype:attempted-recon; sid:200001688; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"esinnovativeinteriors.com"; classtype:attempted-recon; sid:200001689; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"establecimientoscolonia-uy.com"; classtype:attempted-recon; sid:200001690; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"estorneaqui.blogspot.com"; classtype:attempted-recon; sid:200001691; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"etc-co-jp.f2ss.co"; classtype:attempted-recon; sid:200001692; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"etc-co-jp.f3ss.co"; classtype:attempted-recon; sid:200001693; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"etc-meisfrq.xyz"; classtype:attempted-recon; sid:200001694; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"etc-uhfjk.monster"; classtype:attempted-recon; sid:200001695; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"etc.jp.anzhanfrp.cn"; classtype:attempted-recon; sid:200001696; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"etc.kcjis.com"; classtype:attempted-recon; sid:200001697; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"etc.oxqk.cn"; classtype:attempted-recon; sid:200001698; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"etc.synwy.cn"; classtype:attempted-recon; sid:200001699; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eth-coinwallet.net"; classtype:attempted-recon; sid:200001700; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eth.coinscout.cc"; classtype:attempted-recon; sid:200001701; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ethnictrendz.com"; classtype:attempted-recon; sid:200001702; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ets.jwr.pa-fakfak.go.id"; classtype:attempted-recon; sid:200001703; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eucriomeumundo.com"; classtype:attempted-recon; sid:200001704; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eugnerally-wixsite-com.filesusr.com"; classtype:attempted-recon; sid:200001705; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eusa-lombo.firebaseapp.com"; classtype:attempted-recon; sid:200001706; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"evashoes.com.ua"; classtype:attempted-recon; sid:200001707; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"even-besar-banget.duckdns.org"; classtype:attempted-recon; sid:200001708; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"even-ff-gratisterbaru2022.duckdns.org"; classtype:attempted-recon; sid:200001709; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"event-ff-bundle-baru.duckdns.org"; classtype:attempted-recon; sid:200001710; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"event-freefire728.duckdns.org"; classtype:attempted-recon; sid:200001711; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"event-freeskkinmlbb.duckdns.org"; classtype:attempted-recon; sid:200001712; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"event-garenafreefire263.duckdns.org"; classtype:attempted-recon; sid:200001713; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eventclaimsff0.duckdns.org"; classtype:attempted-recon; sid:200001714; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eventspinfreefire2022.duckdns.org"; classtype:attempted-recon; sid:200001715; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"everestmotors.com.np"; classtype:attempted-recon; sid:200001716; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"evo-revolutioncups.com"; classtype:attempted-recon; sid:200001717; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"evolbithman.web.app"; classtype:attempted-recon; sid:200001718; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"excel-cloud-document-2021.square.site"; classtype:attempted-recon; sid:200001719; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"excelhana.com"; classtype:attempted-recon; sid:200001720; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exchange-pancakeswaps.com"; classtype:attempted-recon; sid:200001721; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exchangedictionary.com"; classtype:attempted-recon; sid:200001722; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exodlus.net"; classtype:attempted-recon; sid:200001723; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exodus-2022.com"; classtype:attempted-recon; sid:200001724; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exodus.com-wallet-signin.com"; classtype:attempted-recon; sid:200001725; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exodus.com-web-wallet-online.com"; classtype:attempted-recon; sid:200001726; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exodus.com.tccaponline.com"; classtype:attempted-recon; sid:200001727; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exoduspool.io"; classtype:attempted-recon; sid:200001728; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exondus-lokin.com"; classtype:attempted-recon; sid:200001729; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exploretrace.xyz"; classtype:attempted-recon; sid:200001730; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"expocid.mx"; classtype:attempted-recon; sid:200001731; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"extracash-interlbankonline.com"; classtype:attempted-recon; sid:200001732; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"extracloud.com.au"; classtype:attempted-recon; sid:200001733; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ezblox.site"; classtype:attempted-recon; sid:200001734; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ezssausage.com"; classtype:attempted-recon; sid:200001735; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"f2f.co.jp"; classtype:attempted-recon; sid:200001736; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"f6fr7.codesandbox.io"; classtype:attempted-recon; sid:200001737; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"f9w1lned0ruqblxi6jahwotak.filesusr.com"; classtype:attempted-recon; sid:200001738; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"faccebook.azurewebsites.net"; classtype:attempted-recon; sid:200001739; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook--videos----app----today.blogspot.com"; classtype:attempted-recon; sid:200001740; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook-0.se.ke"; classtype:attempted-recon; sid:200001741; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook-accts.pages-recovery.workers.dev"; classtype:attempted-recon; sid:200001742; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook-login.tbit.vn"; classtype:attempted-recon; sid:200001743; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook.com-4tfgonrlym.isiolo.go.ke"; classtype:attempted-recon; sid:200001744; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook.com-j706zmy49r.isiolo.go.ke"; classtype:attempted-recon; sid:200001745; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook.com-qze9zt75vm.isiolo.go.ke"; classtype:attempted-recon; sid:200001746; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook.com-r51znzih8i.isiolo.go.ke"; classtype:attempted-recon; sid:200001747; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook.com-zxsrf038k.isiolo.go.ke"; classtype:attempted-recon; sid:200001748; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook.eventspinff.wtf"; classtype:attempted-recon; sid:200001749; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook.kingstopup.com"; classtype:attempted-recon; sid:200001750; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook.whcserverbox.com"; classtype:attempted-recon; sid:200001751; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook8facebook.blogspot.com"; classtype:attempted-recon; sid:200001752; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebookk.azurewebsites.net"; classtype:attempted-recon; sid:200001753; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebookphisher.herokuapp.com"; classtype:attempted-recon; sid:200001754; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebooks.azurewebsites.net"; classtype:attempted-recon; sid:200001755; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"faic.in"; classtype:attempted-recon; sid:200001756; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"faizankhan0408.github.io"; classtype:attempted-recon; sid:200001757; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"falling-scene-3ac3.updatelogaccountprogramedrfwerwrdhskk.workers.dev#winnie@soupro.com"; classtype:attempted-recon; sid:200001758; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fancy-rain-22bf.vakagew948.workers.dev"; classtype:attempted-recon; sid:200001759; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fantech.co.il"; classtype:attempted-recon; sid:200001760; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fanxtv.info"; classtype:attempted-recon; sid:200001761; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fassilneit.ultimatefreehost.in"; classtype:attempted-recon; sid:200001762; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fassilnet.ultimatefreehost.in"; classtype:attempted-recon; sid:200001763; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fassilnet5.ultimatefreehost.in"; classtype:attempted-recon; sid:200001764; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fax.gruppobiesse.it"; classtype:attempted-recon; sid:200001765; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fb-case-id-28031803-fcdc-48af.web.app"; classtype:attempted-recon; sid:200001766; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fb-pages.proteksion-help.workers.dev"; classtype:attempted-recon; sid:200001767; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fb.10004682.review"; classtype:attempted-recon; sid:200001768; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fb.expressturkeyi.com"; classtype:attempted-recon; sid:200001769; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fb7927.bget.ru"; classtype:attempted-recon; sid:200001770; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fdasd.2e4jept.cn"; classtype:attempted-recon; sid:200001771; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fdhgf.xyz"; classtype:attempted-recon; sid:200001772; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"federalaccesscredit.com"; classtype:attempted-recon; sid:200001773; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fedner.net"; classtype:attempted-recon; sid:200001774; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fer-brooks.top"; classtype:attempted-recon; sid:200001775; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"feriadempleos.com"; classtype:attempted-recon; sid:200001776; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ferienhof-gempel.de"; classtype:attempted-recon; sid:200001777; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ff-anivesary225.duckdns.org"; classtype:attempted-recon; sid:200001778; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ff-member-ganena.com"; classtype:attempted-recon; sid:200001779; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ff-membership-garena.com"; classtype:attempted-recon; sid:200001780; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ff-membershipz-garena.ga"; classtype:attempted-recon; sid:200001781; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ff.members.garera.vn"; classtype:attempted-recon; sid:200001782; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ffim-event-2022.duckdns.org"; classtype:attempted-recon; sid:200001783; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fghjr74rhudfguhtfguji.blogspot.com"; classtype:attempted-recon; sid:200001784; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fi.uy"; classtype:attempted-recon; sid:200001785; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fiber10.iaasdns.com"; classtype:attempted-recon; sid:200001786; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fidelitybank-mn.net"; classtype:attempted-recon; sid:200001787; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fighting40s.com"; classtype:attempted-recon; sid:200001788; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fikir.id"; classtype:attempted-recon; sid:200001789; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fileundelete.net"; classtype:attempted-recon; sid:200001790; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"filtrosmil.com.br"; classtype:attempted-recon; sid:200001791; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"finalfantasyguide.co.uk"; classtype:attempted-recon; sid:200001792; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"finiiishingedgex.tk"; classtype:attempted-recon; sid:200001793; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fir-9s-0s.web.app"; classtype:attempted-recon; sid:200001794; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"firstsourcesbus.com"; classtype:attempted-recon; sid:200001795; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fixi.rest"; classtype:attempted-recon; sid:200001796; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fixingtodaymailuserupdates.pages.dev"; classtype:attempted-recon; sid:200001797; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fixwalletissues.com"; classtype:attempted-recon; sid:200001798; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flcancer39-px.rtrk.com"; classtype:attempted-recon; sid:200001799; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flowerfactoryonline.com"; classtype:attempted-recon; sid:200001800; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fluksrv.mycpanel.rs"; classtype:attempted-recon; sid:200001801; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fmwebapp.azurewebsites.net"; classtype:attempted-recon; sid:200001802; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"foliar.pl"; classtype:attempted-recon; sid:200001803; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"foma-ura-lote.firebaseapp.com"; classtype:attempted-recon; sid:200001804; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"foor1.com"; classtype:attempted-recon; sid:200001805; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"for-pakage-delevry.tragaroleary.com"; classtype:attempted-recon; sid:200001806; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"foresta-mod.firebaseapp.com"; classtype:attempted-recon; sid:200001807; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"forhimself9999.co.vu"; classtype:attempted-recon; sid:200001808; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"formbuddy.com"; classtype:attempted-recon; sid:200001809; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"forms.formium.io"; classtype:attempted-recon; sid:200001810; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"formtools.com"; classtype:attempted-recon; sid:200001811; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"forum-dofus.com.co"; classtype:attempted-recon; sid:200001812; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fpalpha.myportfolio.com"; classtype:attempted-recon; sid:200001813; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fpmaam.org"; classtype:attempted-recon; sid:200001814; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fr-europe564598-com.filesusr.com"; classtype:attempted-recon; sid:200001815; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"frankfurtertsparkasse.web.app"; classtype:attempted-recon; sid:200001816; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"free-covid-19-stimulus-bonus.nethouse.ru"; classtype:attempted-recon; sid:200001817; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"free-firecoderedem.blogspot.com"; classtype:attempted-recon; sid:200001818; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"free-mail4.yolasite.com"; classtype:attempted-recon; sid:200001819; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freefire.pontorecargajogo.com"; classtype:attempted-recon; sid:200001820; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freefiredot-comerhadiah.duckdns.org"; classtype:attempted-recon; sid:200001821; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freefireevent-codashop2022.duckdns.org"; classtype:attempted-recon; sid:200001822; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freeitemff-allreward.duckdns.org"; classtype:attempted-recon; sid:200001823; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freeliker.net"; classtype:attempted-recon; sid:200001824; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freereward-ff.duckdns.org"; classtype:attempted-recon; sid:200001825; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"frefire-membership-garena.sukienfreefire2021.top"; classtype:attempted-recon; sid:200001826; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freg-nine.pt"; classtype:attempted-recon; sid:200001827; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"friendsofnechockey.com"; classtype:attempted-recon; sid:200001828; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fromtheofficial.pricesrakutenlogin.top"; classtype:attempted-recon; sid:200001829; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftx-ca.com"; classtype:attempted-recon; sid:200001830; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftx-exchangex.com"; classtype:attempted-recon; sid:200001831; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftx-me.com"; classtype:attempted-recon; sid:200001832; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftx-register-pro.world"; classtype:attempted-recon; sid:200001833; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftx-register.biz"; classtype:attempted-recon; sid:200001834; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftx-register.website"; classtype:attempted-recon; sid:200001835; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftx-signup.click"; classtype:attempted-recon; sid:200001836; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftx.com.vn"; classtype:attempted-recon; sid:200001837; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftx.cool"; classtype:attempted-recon; sid:200001838; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ftxbonus.site"; classtype:attempted-recon; sid:200001839; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funiswap.exchange"; classtype:attempted-recon; sid:200001840; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"furgonetka-1.pl"; classtype:attempted-recon; sid:200001841; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fusionrestobar.cl"; classtype:attempted-recon; sid:200001842; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"futurebits.in"; classtype:attempted-recon; sid:200001843; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fwztmgr.cn"; classtype:attempted-recon; sid:200001844; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fxhalifax.com"; classtype:attempted-recon; sid:200001845; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fxxmpavktyihgyqitmuaimubui-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200001846; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"g-mtcc.com"; classtype:attempted-recon; sid:200001847; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"g.greatsubstance.com.my"; classtype:attempted-recon; sid:200001848; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ga.teesmith.shop"; classtype:attempted-recon; sid:200001849; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gabrielamims.com"; classtype:attempted-recon; sid:200001850; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gagaclinic.com"; classtype:attempted-recon; sid:200001851; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gakrvwufrvhxjaabezdbltlhff-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200001852; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gallciaonllne.webcindario.com"; classtype:attempted-recon; sid:200001853; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"garena-xacminhtaikhoan.com"; classtype:attempted-recon; sid:200001854; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gasunige.mfs.gg"; classtype:attempted-recon; sid:200001855; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gbunggrup-pmrsatu13.duckdns.org"; classtype:attempted-recon; sid:200001856; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gedfdfsd.eu"; classtype:attempted-recon; sid:200001857; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"geg.li"; classtype:attempted-recon; sid:200001858; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"generali-italia-ag.hrweb.it"; classtype:attempted-recon; sid:200001859; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"genie-alba.firebaseapp.com"; classtype:attempted-recon; sid:200001860; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getapps.vip"; classtype:attempted-recon; sid:200001861; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getimpacteipay.com"; classtype:attempted-recon; sid:200001862; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getitapprovedacceptourterms2021.pages.dev"; classtype:attempted-recon; sid:200001863; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getlikesfree.com"; classtype:attempted-recon; sid:200001864; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gfxx.creatorlink.net"; classtype:attempted-recon; sid:200001865; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ghorana.com"; classtype:attempted-recon; sid:200001866; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gif-discorde.com"; classtype:attempted-recon; sid:200001867; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"giris-papara.net"; classtype:attempted-recon; sid:200001868; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"girleatsworld.org"; classtype:attempted-recon; sid:200001869; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200001870; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"glogo.org"; classtype:attempted-recon; sid:200001871; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"glsword.com"; classtype:attempted-recon; sid:200001872; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gmailposteingangi.de"; classtype:attempted-recon; sid:200001873; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gmgroupllc.co"; classtype:attempted-recon; sid:200001874; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gmxmailme.yolasite.com"; classtype:attempted-recon; sid:200001875; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"go.simplify.co.nz"; classtype:attempted-recon; sid:200001876; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"go24link.com"; classtype:attempted-recon; sid:200001877; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"goldenlasgidi10.web.app"; classtype:attempted-recon; sid:200001878; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"golkondaresorts.com"; classtype:attempted-recon; sid:200001879; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"goo-gl.me"; classtype:attempted-recon; sid:200001880; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"good12345.tripod.com"; classtype:attempted-recon; sid:200001881; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gorol-cost.web.app"; classtype:attempted-recon; sid:200001882; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gorol-investor.web.app"; classtype:attempted-recon; sid:200001883; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gosafes.com"; classtype:attempted-recon; sid:200001884; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gosteveshawtraining.com"; classtype:attempted-recon; sid:200001885; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gov.pl-covid.pl"; classtype:attempted-recon; sid:200001886; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gramarcales.com.br"; classtype:attempted-recon; sid:200001887; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"greekinfra.com"; classtype:attempted-recon; sid:200001888; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"greenclasses.in"; classtype:attempted-recon; sid:200001889; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grosshandel-mevida.de"; classtype:attempted-recon; sid:200001890; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"group-wa-1.duckdns.org"; classtype:attempted-recon; sid:200001891; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"groworldinternational.com"; classtype:attempted-recon; sid:200001892; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grp02.member.mycld-rakuten.info"; classtype:attempted-recon; sid:200001893; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grubnatajadeh12.duckdns.org"; classtype:attempted-recon; sid:200001894; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grubterbarukk037.duckdns.org"; classtype:attempted-recon; sid:200001895; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grubviralterbaru65c.duckdns.org"; classtype:attempted-recon; sid:200001896; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gruo-wa-okep-dewasa-2022.duckdns.org"; classtype:attempted-recon; sid:200001897; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grup-bokep-terbaru555.duckdns.org"; classtype:attempted-recon; sid:200001898; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grup-whatsapp121.duckdns.org"; classtype:attempted-recon; sid:200001899; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grup-whatsappbokep1.duckdns.org"; classtype:attempted-recon; sid:200001900; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grup-whatsappbokep2.duckdns.org"; classtype:attempted-recon; sid:200001901; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grup2022ssx.duckdns.org"; classtype:attempted-recon; sid:200001902; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grupofsp.com.br"; classtype:attempted-recon; sid:200001903; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gruposanpio.com"; classtype:attempted-recon; sid:200001904; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grupwhatsaap-viral-2022.duckdns.org"; classtype:attempted-recon; sid:200001905; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grupwhatsappnobar-2022.duckdns.org"; classtype:attempted-recon; sid:200001906; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gscommunityspirit.greenschool.org"; classtype:attempted-recon; sid:200001907; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gstsolutions.online"; classtype:attempted-recon; sid:200001908; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gtw420.com"; classtype:attempted-recon; sid:200001909; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gunatanahku.perkimtan.sumbarprov.go.id"; classtype:attempted-recon; sid:200001910; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gurukanth.com"; classtype:attempted-recon; sid:200001911; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gwenet.org"; classtype:attempted-recon; sid:200001912; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"habbocreditosparati.blogspot.com"; classtype:attempted-recon; sid:200001913; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"haftteam.ir"; classtype:attempted-recon; sid:200001914; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hahdaeupdate.es.tl"; classtype:attempted-recon; sid:200001915; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"halaisabudhabi.com"; classtype:attempted-recon; sid:200001916; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"halifax-securelink.com"; classtype:attempted-recon; sid:200001917; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"halisdurum.com"; classtype:attempted-recon; sid:200001918; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"haliuk-secure-device.com"; classtype:attempted-recon; sid:200001919; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"handakai.github.io"; classtype:attempted-recon; sid:200001920; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hangovertest1.blogspot.com"; classtype:attempted-recon; sid:200001921; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hans-ledlite.com"; classtype:attempted-recon; sid:200001922; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"happycabbagechicago.us"; classtype:attempted-recon; sid:200001923; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"haroldhazard1-wixsite-com.filesusr.com"; classtype:attempted-recon; sid:200001924; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hasseanhannitybeenwaterboarded.com"; classtype:attempted-recon; sid:200001925; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"haunlimited.org"; classtype:attempted-recon; sid:200001926; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hcnprdvz.azureedge.net"; classtype:attempted-recon; sid:200001927; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hdmediahub.club"; classtype:attempted-recon; sid:200001928; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"heinthu1.github.io"; classtype:attempted-recon; sid:200001929; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hellenic-postbank.com"; classtype:attempted-recon; sid:200001930; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"help-account-bxsfe.ondigitalocean.app"; classtype:attempted-recon; sid:200001931; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"help-identity-recoveri-support-center.web.id"; classtype:attempted-recon; sid:200001932; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"help-notice-center-identity-6532.web.id"; classtype:attempted-recon; sid:200001933; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"help.insecur.saftyalert.workers.dev"; classtype:attempted-recon; sid:200001934; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"help.validation-page.workers.dev"; classtype:attempted-recon; sid:200001935; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"helpingcentere.com"; classtype:attempted-recon; sid:200001936; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"henan.vxim58i.cn"; classtype:attempted-recon; sid:200001937; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hermes.parcel-tracker.com"; classtype:attempted-recon; sid:200001938; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hetershaven.net"; classtype:attempted-recon; sid:200001939; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"heuristic-gagarin.45-88-108-231.plesk.page"; classtype:attempted-recon; sid:200001940; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hgda.db0u4hs.cn"; classtype:attempted-recon; sid:200001941; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hgdaa.lfoxcct.cn"; classtype:attempted-recon; sid:200001942; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hghgda.erjl0hx.cn"; classtype:attempted-recon; sid:200001943; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hhdd.mzhemfi.cn"; classtype:attempted-recon; sid:200001944; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hi.switchy.io"; classtype:attempted-recon; sid:200001945; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hidzzs.com"; classtype:attempted-recon; sid:200001946; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hifly01721.top"; classtype:attempted-recon; sid:200001947; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hifly06356.top"; classtype:attempted-recon; sid:200001948; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hifly31916.top"; classtype:attempted-recon; sid:200001949; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hifly32053.top"; classtype:attempted-recon; sid:200001950; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hifly38926.top"; classtype:attempted-recon; sid:200001951; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hifly39091.top"; classtype:attempted-recon; sid:200001952; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hifly61215.top"; classtype:attempted-recon; sid:200001953; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hifly71191.top"; classtype:attempted-recon; sid:200001954; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"himalayansherpa.com.au"; classtype:attempted-recon; sid:200001955; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"himbauane.blogspot.com"; classtype:attempted-recon; sid:200001956; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hitman71hd-wixsite-com.filesusr.com"; classtype:attempted-recon; sid:200001957; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hockian.com"; classtype:attempted-recon; sid:200001958; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"holobeam.000webhostapp.com"; classtype:attempted-recon; sid:200001959; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"home.ei1ns.de"; classtype:attempted-recon; sid:200001960; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"home.myfairpoint.net"; classtype:attempted-recon; sid:200001961; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"homepichilinea2.webcindario.com"; classtype:attempted-recon; sid:200001962; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"homesinlogin.com"; classtype:attempted-recon; sid:200001963; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hostnix.net"; classtype:attempted-recon; sid:200001964; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hostpoint.ch.17a902ef.tcorner.fr"; classtype:attempted-recon; sid:200001965; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hotbrooks.com"; classtype:attempted-recon; sid:200001966; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hotel-pontos.gr"; classtype:attempted-recon; sid:200001967; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hoteltigerplus.com"; classtype:attempted-recon; sid:200001968; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hounbvc-c7661.web.app"; classtype:attempted-recon; sid:200001969; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"houseofscotland.com.au"; classtype:attempted-recon; sid:200001970; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hpnepgnmwrgdrrsdshzrvyirlx-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200001971; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hpplotters.in"; classtype:attempted-recon; sid:200001972; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hs-giveaways.ca"; classtype:attempted-recon; sid:200001973; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ht-cargo.com.vn"; classtype:attempted-recon; sid:200001974; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"htlgroup.com.my"; classtype:attempted-recon; sid:200001975; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httpcom-0d4tol437.isiolo.go.ke"; classtype:attempted-recon; sid:200001976; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httpeugnerally-wixsite-com.filesusr.com"; classtype:attempted-recon; sid:200001977; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"https-scert-con04.xyz"; classtype:attempted-recon; sid:200001978; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"https-scert-srv02.xyz"; classtype:attempted-recon; sid:200001979; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"https-scert-srv06.xyz"; classtype:attempted-recon; sid:200001980; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"https-scert-srv08.xyz"; classtype:attempted-recon; sid:200001981; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httpsfaceb00k.com-r51znzih8l.isiolo.go.ke"; classtype:attempted-recon; sid:200001982; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httpsfacebo0k.com-r51znzlh8i.isiolo.go.ke"; classtype:attempted-recon; sid:200001983; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httpsfacebook.com-r51znzih8i.isiolo.go.ke"; classtype:attempted-recon; sid:200001984; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httpsfacebook.com-r51znzlh8i.isiolo.go.ke"; classtype:attempted-recon; sid:200001985; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httpsmarketplace.facebook.com-wd5sulr0f5.isiolo.go.ke"; classtype:attempted-recon; sid:200001986; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hubcare.co.in"; classtype:attempted-recon; sid:200001987; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hulu-com-activate.sitey.me"; classtype:attempted-recon; sid:200001988; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hulu-hulu-com-activate.sitey.me"; classtype:attempted-recon; sid:200001989; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hulu.sitey.me"; classtype:attempted-recon; sid:200001990; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"humc.in"; classtype:attempted-recon; sid:200001991; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hutoknepper.de"; classtype:attempted-recon; sid:200001992; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"huxleyfran.temp.swtest.ru"; classtype:attempted-recon; sid:200001993; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"huynguyen2k.github.io"; classtype:attempted-recon; sid:200001994; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hypegames.shop"; classtype:attempted-recon; sid:200001995; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"i-ask332.dga.jp"; classtype:attempted-recon; sid:200001996; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"i.violationspage.validationspege.workers.dev"; classtype:attempted-recon; sid:200001997; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ialvkqkadlmcdltczoqpwoociz-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200001998; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ibpm.ru"; classtype:attempted-recon; sid:200001999; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"icloud-map-live.com"; classtype:attempted-recon; sid:200002000; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"icy.martulangbelulalng.workers.dev"; classtype:attempted-recon; sid:200002001; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"idappswallets.com"; classtype:attempted-recon; sid:200002002; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"identifiez-vous-avec-votre-compte.yolasite.com"; classtype:attempted-recon; sid:200002003; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"identifiez-vous598.yolasite.com"; classtype:attempted-recon; sid:200002004; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"identify.run-us-west2.goorm.io"; classtype:attempted-recon; sid:200002005; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"idhuman-verification.run-us-west2.goorm.io"; classtype:attempted-recon; sid:200002006; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"idnpokerweb.com"; classtype:attempted-recon; sid:200002007; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ieqdlhv.cn"; classtype:attempted-recon; sid:200002008; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iframejld.avent-media.fr"; classtype:attempted-recon; sid:200002009; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ighk.umjlrs7uci2751.workers.dev"; classtype:attempted-recon; sid:200002010; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iipvit.by"; classtype:attempted-recon; sid:200002011; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ijcda.bukkats.cn"; classtype:attempted-recon; sid:200002012; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ijhca.0gb0h7z.cn"; classtype:attempted-recon; sid:200002013; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ijjd.h8nmtcc.cn"; classtype:attempted-recon; sid:200002014; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ijmna.p2y00vd.cn"; classtype:attempted-recon; sid:200002015; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ijmnc.x7o1tut.cn"; classtype:attempted-recon; sid:200002016; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ijnssa.w005zmk.cn"; classtype:attempted-recon; sid:200002017; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ijsa.x3585z7.cn"; classtype:attempted-recon; sid:200002018; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ikcda.a2g5xvs.cn"; classtype:attempted-recon; sid:200002019; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ikcsa.ajiqvjf.cn"; classtype:attempted-recon; sid:200002020; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ikdff.jmo904i.cn"; classtype:attempted-recon; sid:200002021; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ikja.lbanwqp.cn"; classtype:attempted-recon; sid:200002022; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ikjcd.p1z98hl.cn"; classtype:attempted-recon; sid:200002023; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ikjd.uk0xnp8.cn"; classtype:attempted-recon; sid:200002024; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ikjgd.rg6bzk7.cn"; classtype:attempted-recon; sid:200002025; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ikmcd.u4jdbxm.cn"; classtype:attempted-recon; sid:200002026; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ikmxaa.qcqxlrq.cn"; classtype:attempted-recon; sid:200002027; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ilooksrare.com"; classtype:attempted-recon; sid:200002028; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iloveyourglasses.com"; classtype:attempted-recon; sid:200002029; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ilpconnect.org"; classtype:attempted-recon; sid:200002030; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"image-pict-ig.duckdns.org"; classtype:attempted-recon; sid:200002031; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"imersao.impulseingles.com.br"; classtype:attempted-recon; sid:200002032; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"imf0rm4t10nc3nt3r-1d3nt1tys.000webhostapp.com"; classtype:attempted-recon; sid:200002033; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"imobiliaria-cardinali-com-br.blogspot.com"; classtype:attempted-recon; sid:200002034; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"impostazionebper.000webhostapp.com"; classtype:attempted-recon; sid:200002035; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"in.deraya.org"; classtype:attempted-recon; sid:200002036; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"indo-viral2022.duckdns.org"; classtype:attempted-recon; sid:200002037; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"info.lionnets.com"; classtype:attempted-recon; sid:200002038; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"infohypesquad.com"; classtype:attempted-recon; sid:200002039; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"infopichinchaweb.webcindario.com"; classtype:attempted-recon; sid:200002040; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"information.safeamazoncardweb.cyou"; classtype:attempted-recon; sid:200002041; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"informations.recovery.confiryourpage.workers.dev"; classtype:attempted-recon; sid:200002042; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"infos00001.temp.swtest.ru"; classtype:attempted-recon; sid:200002043; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"infosecplace.com"; classtype:attempted-recon; sid:200002044; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"infosprologinmatrisemomols.yolasite.com"; classtype:attempted-recon; sid:200002045; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ing.ingdirect-app.com"; classtype:attempted-recon; sid:200002046; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ingaveiculos.creatorlink.net"; classtype:attempted-recon; sid:200002047; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ingresadatosbono210.com"; classtype:attempted-recon; sid:200002048; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"inicia-bancalnterbank.com"; classtype:attempted-recon; sid:200002049; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"inna.cedymll.cn"; classtype:attempted-recon; sid:200002050; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"innca.ol90k56.cn"; classtype:attempted-recon; sid:200002051; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"innovasjon.as"; classtype:attempted-recon; sid:200002052; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"inps-ep.com"; classtype:attempted-recon; sid:200002053; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"instahelppbaddge.ml"; classtype:attempted-recon; sid:200002054; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intellidata-analytica.com"; classtype:attempted-recon; sid:200002055; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"interbankempresas.pe-il.ru"; classtype:attempted-recon; sid:200002056; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"interbankhomeweb.fullcircleteam.com"; classtype:attempted-recon; sid:200002057; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intern.unibas-com.ch"; classtype:attempted-recon; sid:200002058; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"international-formulier.91-218-65-223.plesk.page"; classtype:attempted-recon; sid:200002059; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"internetbanking-caixa-gov.xyz"; classtype:attempted-recon; sid:200002060; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"internetbankinghelp.com"; classtype:attempted-recon; sid:200002061; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"internetservicetech.com"; classtype:attempted-recon; sid:200002062; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intesalife.ie"; classtype:attempted-recon; sid:200002063; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intexargentina.com.ar"; classtype:attempted-recon; sid:200002064; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"inthewildproductions.com"; classtype:attempted-recon; sid:200002065; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intoli.ru"; classtype:attempted-recon; sid:200002066; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intrafloraplants.com"; classtype:attempted-recon; sid:200002067; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intranet.sztpe.info"; classtype:attempted-recon; sid:200002068; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"investpl.work"; classtype:attempted-recon; sid:200002069; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iplogger.info"; classtype:attempted-recon; sid:200002070; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iqwea.soxr0u1.cn"; classtype:attempted-recon; sid:200002071; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ironmantech.shop"; classtype:attempted-recon; sid:200002072; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"irs-gov-supportcenters.com"; classtype:attempted-recon; sid:200002073; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"irs.gov-coronavirus-pandemic-tax-refund-submission.com"; classtype:attempted-recon; sid:200002074; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ise.com.ar"; classtype:attempted-recon; sid:200002075; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"isfirsatibul.com"; classtype:attempted-recon; sid:200002076; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ismamorlin.my-place.us"; classtype:attempted-recon; sid:200002077; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"isntagranmeta.pagedemo.co"; classtype:attempted-recon; sid:200002078; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"istudyalumni.com"; classtype:attempted-recon; sid:200002079; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"it-europe564598-com.filesusr.com"; classtype:attempted-recon; sid:200002080; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"it.melnikhotels.com"; classtype:attempted-recon; sid:200002081; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"itcentralsupport.net"; classtype:attempted-recon; sid:200002082; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"its.tikkycloud.com"; classtype:attempted-recon; sid:200002083; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"itsmdshahin.github.io"; classtype:attempted-recon; sid:200002084; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iuhkj.r4f4vmtlso.workers.dev"; classtype:attempted-recon; sid:200002085; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iuhs.tyopfhn.cn"; classtype:attempted-recon; sid:200002086; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iujdas.yfwxlc9.cn"; classtype:attempted-recon; sid:200002087; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iuyydd.ebeg6uk.cn"; classtype:attempted-recon; sid:200002088; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"j9w77d0.cn"; classtype:attempted-recon; sid:200002089; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jacco.co.jp-service-tranid-0001-00001m.jtlctj.cn"; classtype:attempted-recon; sid:200002090; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jacco.co.jp-service-tranid-0001-00001m.jxbehx.cn"; classtype:attempted-recon; sid:200002091; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jacco.co.jp-service-tranid-0001-00001m.qyb59bk.cn"; classtype:attempted-recon; sid:200002092; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jacco.co.jp-service-tranid-0001-00001m.v8vxqi.cn"; classtype:attempted-recon; sid:200002093; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jacco.co.jp-service-tranid-0001-00001m.v9iasv.cn"; classtype:attempted-recon; sid:200002094; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jacco.co.jp-service-tranid-0001-00001m.vjsj3y.cn"; classtype:attempted-recon; sid:200002095; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jacobliston.com"; classtype:attempted-recon; sid:200002096; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jadaart.org"; classtype:attempted-recon; sid:200002097; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jagex-rewards.com"; classtype:attempted-recon; sid:200002098; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jam-023d.gitlab.io"; classtype:attempted-recon; sid:200002099; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"james8.aidaform.com"; classtype:attempted-recon; sid:200002100; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"javarockingland.com"; classtype:attempted-recon; sid:200002101; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jax.bz"; classtype:attempted-recon; sid:200002102; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jbwbzta.alfens8.cc"; classtype:attempted-recon; sid:200002103; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jeanbaileyrobor.com"; classtype:attempted-recon; sid:200002104; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jendelajogja.com"; classtype:attempted-recon; sid:200002105; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jerinja.github.io"; classtype:attempted-recon; sid:200002106; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jetser-electrical-supply.business.site"; classtype:attempted-recon; sid:200002107; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jett.gator.site"; classtype:attempted-recon; sid:200002108; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jflkp.csb.app"; classtype:attempted-recon; sid:200002109; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jfovukvysqnglcjghfxncklqih-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200002110; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jhda.wfdyk9p.cn"; classtype:attempted-recon; sid:200002111; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jhdd.fjcslad.cn"; classtype:attempted-recon; sid:200002112; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jhff.93oe0u9.cn"; classtype:attempted-recon; sid:200002113; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jhnd.0drhnjk.cn"; classtype:attempted-recon; sid:200002114; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jiwanramchemical.com"; classtype:attempted-recon; sid:200002115; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jjhcd.27ke98i.cn"; classtype:attempted-recon; sid:200002116; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jk99j.sbs"; classtype:attempted-recon; sid:200002117; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jlogine.com"; classtype:attempted-recon; sid:200002118; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jmcna.jiwayjc.cn"; classtype:attempted-recon; sid:200002119; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jmfykd.cyou"; classtype:attempted-recon; sid:200002120; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jncba.diiqsmm.cn"; classtype:attempted-recon; sid:200002121; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jnlope.tangguakrapekpuik.link"; classtype:attempted-recon; sid:200002122; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jnnc.grnxkoj.cn"; classtype:attempted-recon; sid:200002123; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"job-type.com"; classtype:attempted-recon; sid:200002124; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jobs.job.com.bd"; classtype:attempted-recon; sid:200002125; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joecamera.net"; classtype:attempted-recon; sid:200002126; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"john-ashley.de"; classtype:attempted-recon; sid:200002127; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"join-group-1.duckdns.org"; classtype:attempted-recon; sid:200002128; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"join-gruo-waku282.duckdns.org"; classtype:attempted-recon; sid:200002129; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joinedprice.com"; classtype:attempted-recon; sid:200002130; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joingrupku183.duckdns.org"; classtype:attempted-recon; sid:200002131; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joingrupp-bkep156.duckdns.org"; classtype:attempted-recon; sid:200002132; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joingrupterbaru-0.duckdns.org"; classtype:attempted-recon; sid:200002133; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joinlinkviral729.duckdns.org"; classtype:attempted-recon; sid:200002134; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joinssgropshot18.duckdns.org"; classtype:attempted-recon; sid:200002135; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joinssgropssney6.duckdns.org"; classtype:attempted-recon; sid:200002136; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jow-japan.or.jp"; classtype:attempted-recon; sid:200002137; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joyeriajireh.com.mx"; classtype:attempted-recon; sid:200002138; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jp-auid.com"; classtype:attempted-recon; sid:200002139; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jp.mercari.omany.buzz"; classtype:attempted-recon; sid:200002140; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jptechdocsign.net"; classtype:attempted-recon; sid:200002141; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jrhayley.plus.com"; classtype:attempted-recon; sid:200002142; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"juandfar.github.io"; classtype:attempted-recon; sid:200002143; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jurisgeneral.com"; classtype:attempted-recon; sid:200002144; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jurlebedev.ru"; classtype:attempted-recon; sid:200002145; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"juscook.com"; classtype:attempted-recon; sid:200002146; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"justgot.gonevis.com"; classtype:attempted-recon; sid:200002147; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"justsayingbro.com"; classtype:attempted-recon; sid:200002148; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jvk.zultifarza.workers.dev"; classtype:attempted-recon; sid:200002149; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jyeue43rm95p.clickfunnels.com"; classtype:attempted-recon; sid:200002150; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jz2bab.webwave.dev"; classtype:attempted-recon; sid:200002151; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"k3ja6d.webwave.dev"; classtype:attempted-recon; sid:200002152; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kaamwalibais.co.in"; classtype:attempted-recon; sid:200002153; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kachinas.be"; classtype:attempted-recon; sid:200002154; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kamdhenurealities.com"; classtype:attempted-recon; sid:200002155; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kargonova.com"; classtype:attempted-recon; sid:200002156; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kartaltepespor.com"; classtype:attempted-recon; sid:200002157; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kasba.in"; classtype:attempted-recon; sid:200002158; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"katanaroninchains.com"; classtype:attempted-recon; sid:200002159; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kbstitchdesigns.com"; classtype:attempted-recon; sid:200002160; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kcas.ygvlrlo.cn"; classtype:attempted-recon; sid:200002161; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kdhdf34j6dfh.dealerwebsite.com"; classtype:attempted-recon; sid:200002162; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kdlscaffolding.co.uk"; classtype:attempted-recon; sid:200002163; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kecc.com"; classtype:attempted-recon; sid:200002164; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kecmanijada.com"; classtype:attempted-recon; sid:200002165; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kedai-gamers.com"; classtype:attempted-recon; sid:200002166; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"keep-passw0rd-supp0rt20211129-0106.supp0rtaaqkadq2zgnizte3ltbly2etnge5yi05ntm3lty2yjcwyzywzdjhmwa.workers.dev"; classtype:attempted-recon; sid:200002167; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"keepactive-8k98-l9k8-98j8-98j78u-d3d3-fr3d34d-2.pages.dev"; classtype:attempted-recon; sid:200002168; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"keepboxactive-msoe3e3-osd2rrf432-d342f4-3f34e32edetferef.pages.dev"; classtype:attempted-recon; sid:200002169; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kenanhusovic.com"; classtype:attempted-recon; sid:200002170; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kevinsmovingservice.com"; classtype:attempted-recon; sid:200002171; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kex81.sbs"; classtype:attempted-recon; sid:200002172; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"key-drcp.com"; classtype:attempted-recon; sid:200002173; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kghm-invest.web.app"; classtype:attempted-recon; sid:200002174; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ki89.pckmlc0cus5667.workers.dev"; classtype:attempted-recon; sid:200002175; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kienthucykhoa.org"; classtype:attempted-recon; sid:200002176; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kimaki.001www.com"; classtype:attempted-recon; sid:200002177; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kingfaisalprize.org"; classtype:attempted-recon; sid:200002178; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kingmhd95p.temp.swtest.ru"; classtype:attempted-recon; sid:200002179; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kissapps.io"; classtype:attempted-recon; sid:200002180; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kit.mishkanhakavana.com"; classtype:attempted-recon; sid:200002181; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kjhdda.tetfeec.cn"; classtype:attempted-recon; sid:200002182; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"klaim-item-mlbb-terbaru8.duckdns.org"; classtype:attempted-recon; sid:200002183; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kleinsigns.net"; classtype:attempted-recon; sid:200002184; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"klockorochsmycken.se"; classtype:attempted-recon; sid:200002185; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"knocktheskool.in"; classtype:attempted-recon; sid:200002186; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koerich-c-empresarial.com"; classtype:attempted-recon; sid:200002187; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koji.to"; classtype:attempted-recon; sid:200002188; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kone-ali123-mon-site-web-cheetah-5.cheetah.builderall.com"; classtype:attempted-recon; sid:200002189; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"konfirmasi-identitas-2022.webnode.page"; classtype:attempted-recon; sid:200002190; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"konnect2kamadhenu.com"; classtype:attempted-recon; sid:200002191; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koteng.odoo.com"; classtype:attempted-recon; sid:200002192; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kr-bithumb.web.app"; classtype:attempted-recon; sid:200002193; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"krupije.com"; classtype:attempted-recon; sid:200002194; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"krx887.com"; classtype:attempted-recon; sid:200002195; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ksschool.org.in"; classtype:attempted-recon; sid:200002196; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kuchkuchnights.com"; classtype:attempted-recon; sid:200002197; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kurortnoye.com.ua"; classtype:attempted-recon; sid:200002198; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ky79.com"; classtype:attempted-recon; sid:200002199; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"l-abe.com"; classtype:attempted-recon; sid:200002200; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"l-q.in"; classtype:attempted-recon; sid:200002201; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lambdaweb.info"; classtype:attempted-recon; sid:200002202; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"laposada.roncesvalles.es"; classtype:attempted-recon; sid:200002203; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"laposte-france.web.app"; classtype:attempted-recon; sid:200002204; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lapotosinaexpress.com"; classtype:attempted-recon; sid:200002205; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"larindbr.creatorlink.net"; classtype:attempted-recon; sid:200002206; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"larvalab.to"; classtype:attempted-recon; sid:200002207; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lasyaja.github.io"; classtype:attempted-recon; sid:200002208; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"latelevitation.com"; classtype:attempted-recon; sid:200002209; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"latest-recharge-reorder.co.uk"; classtype:attempted-recon; sid:200002210; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"latestnews.pricesrakutenlogin.xyz"; classtype:attempted-recon; sid:200002211; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"latinotravel.cz"; classtype:attempted-recon; sid:200002212; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lazada889.com"; classtype:attempted-recon; sid:200002213; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lbce.lecservilbc.com"; classtype:attempted-recon; sid:200002214; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ldsplanettt.yolasite.com"; classtype:attempted-recon; sid:200002215; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"le-diablotin-rouen.com"; classtype:attempted-recon; sid:200002216; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"leadershipmail.org"; classtype:attempted-recon; sid:200002217; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"learningimpactmodel.com"; classtype:attempted-recon; sid:200002218; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"leboncoiinlbc.000webhostapp.com"; classtype:attempted-recon; sid:200002219; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"leboncoin.delivery01588.icu"; classtype:attempted-recon; sid:200002220; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lefaf77683.temp.swtest.ru"; classtype:attempted-recon; sid:200002221; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lemeiesta.com"; classtype:attempted-recon; sid:200002222; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lenagruessdich.net"; classtype:attempted-recon; sid:200002223; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"leroycu.ca"; classtype:attempted-recon; sid:200002224; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"letoptuswebmail-9b69f0.ingress-comporellon.easywp.com"; classtype:attempted-recon; sid:200002225; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lettertracing4kids.com"; classtype:attempted-recon; sid:200002226; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lexnotes.com.ng"; classtype:attempted-recon; sid:200002227; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lg-onecom-io.web.app"; classtype:attempted-recon; sid:200002228; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"liberasrl.it"; classtype:attempted-recon; sid:200002229; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lihi3.cc"; classtype:attempted-recon; sid:200002230; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"linkgrupkakak-disini.duckdns.org"; classtype:attempted-recon; sid:200002231; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"liongear.com"; classtype:attempted-recon; sid:200002232; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lirc.cep.edu.vn"; classtype:attempted-recon; sid:200002233; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"little-frost-1a15.chrisc11004842.workers.dev"; classtype:attempted-recon; sid:200002234; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"little-rain-39c4.newdhlacceslogins.workers.dev"; classtype:attempted-recon; sid:200002235; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"little-wood-23ca.abssupdatedlogin.workers.dev"; classtype:attempted-recon; sid:200002236; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"litty.shop"; classtype:attempted-recon; sid:200002237; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"liusanchuan.github.io"; classtype:attempted-recon; sid:200002238; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"live-site.hopto.me"; classtype:attempted-recon; sid:200002239; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"live.rawfednews.com"; classtype:attempted-recon; sid:200002240; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"livechat-ronin.com"; classtype:attempted-recon; sid:200002241; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"livecryptolab.com"; classtype:attempted-recon; sid:200002242; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"livelifelimitless.com.au"; classtype:attempted-recon; sid:200002243; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ljkds.hvkmjdq.cn"; classtype:attempted-recon; sid:200002244; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lkjds.nlmwjta.cn"; classtype:attempted-recon; sid:200002245; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lloydbank-accountbreach.com"; classtype:attempted-recon; sid:200002246; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lloydbank-secure-customers.com"; classtype:attempted-recon; sid:200002247; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lloydbank-support-team.com"; classtype:attempted-recon; sid:200002248; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lloydbanking-securelogin.com"; classtype:attempted-recon; sid:200002249; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lloydsbank.deregister-payee-secure-auth.com"; classtype:attempted-recon; sid:200002250; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lloydsbank.secure-online-deregister.com"; classtype:attempted-recon; sid:200002251; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lloydsbank.secure-personal-device-login.com"; classtype:attempted-recon; sid:200002252; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lloyduk-newdevice-registered-online.com"; classtype:attempted-recon; sid:200002253; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"llsckhuhskcamuqwbonsrhwpvk-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200002254; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lmbanang.pgryuangbtusngka.link"; classtype:attempted-recon; sid:200002255; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lnkd.dev"; classtype:attempted-recon; sid:200002256; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lnterbancape-lbk.com"; classtype:attempted-recon; sid:200002257; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lnterbank.pe.starneonsignsug.com"; classtype:attempted-recon; sid:200002258; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"local-postoffice-deliver.com"; classtype:attempted-recon; sid:200002259; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"localwithg.com"; classtype:attempted-recon; sid:200002260; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lockpichincha.webcindario.com"; classtype:attempted-recon; sid:200002261; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loengregkuetngferu.live"; classtype:attempted-recon; sid:200002262; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lofon-add.firebaseapp.com"; classtype:attempted-recon; sid:200002263; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loftywallet.com"; classtype:attempted-recon; sid:200002264; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"logfuliz.web.app"; classtype:attempted-recon; sid:200002265; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"login-a5x1ir9bkd0dfo9nrbe2akijf3ux35u2gard0djpitipusxxc8.website.yandexcloud.net"; classtype:attempted-recon; sid:200002266; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"login-facebook18.webnode.page"; classtype:attempted-recon; sid:200002267; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"login-live.com-s02.net"; classtype:attempted-recon; sid:200002268; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"login-np6hh1hdf6csg7hcskopd44b7e7z4clqa8lput68g5abukevka.website.yandexcloud.net"; classtype:attempted-recon; sid:200002269; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"login-postfinance.com"; classtype:attempted-recon; sid:200002270; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"login-singaporee.apply-now-online-digital.com"; classtype:attempted-recon; sid:200002271; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"login.dbs.webdbslistinonline.com"; classtype:attempted-recon; sid:200002272; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"login.privategold.uytrtyuhij987.gowithapex.com"; classtype:attempted-recon; sid:200002273; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"logindhlaccess.dhlupdatelogin.workers.dev"; classtype:attempted-recon; sid:200002274; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loginnewatt.weebly.com"; classtype:attempted-recon; sid:200002275; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"logverify-df12e-verify-1230-eu.web.app"; classtype:attempted-recon; sid:200002276; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loinesports.com"; classtype:attempted-recon; sid:200002277; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lomadesarrollos.mx"; classtype:attempted-recon; sid:200002278; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lombard11.eu"; classtype:attempted-recon; sid:200002279; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lot-lp-x.web.app"; classtype:attempted-recon; sid:200002280; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"love.gos-box.com"; classtype:attempted-recon; sid:200002281; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lp.vp4.me"; classtype:attempted-recon; sid:200002282; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lrs.financial"; classtype:attempted-recon; sid:200002283; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lrs.foundation"; classtype:attempted-recon; sid:200002284; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lrs.fund"; classtype:attempted-recon; sid:200002285; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ltdv1signinui.website.yandexcloud.net"; classtype:attempted-recon; sid:200002286; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lucid-lichterman.45-81-232-17.plesk.page"; classtype:attempted-recon; sid:200002287; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luciolee17.temp.swtest.ru"; classtype:attempted-recon; sid:200002288; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lucky-glitter-f89f.jimmysitt.workers.dev"; classtype:attempted-recon; sid:200002289; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lucy-walker.com"; classtype:attempted-recon; sid:200002290; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lukysepinfreefire2022.duckdns.org"; classtype:attempted-recon; sid:200002291; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lunugrcpujwcfnajuctkojawrh-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200002292; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lydab.com"; classtype:attempted-recon; sid:200002293; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m.help.insecurpage.workers.dev"; classtype:attempted-recon; sid:200002294; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m.maseocoad.top"; classtype:attempted-recon; sid:200002295; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m.mauofcg.com"; classtype:attempted-recon; sid:200002296; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m.protc.safty-pege.workers.dev"; classtype:attempted-recon; sid:200002297; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m.recovery.safetyacount.workers.dev"; classtype:attempted-recon; sid:200002298; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m.recovery.saftypageupdate.workers.dev"; classtype:attempted-recon; sid:200002299; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m.salsomascard.top"; classtype:attempted-recon; sid:200002300; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"m42club.com"; classtype:attempted-recon; sid:200002301; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"machineryzoneservice.com"; classtype:attempted-recon; sid:200002302; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"macjakarta.com"; classtype:attempted-recon; sid:200002303; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"macst.cc"; classtype:attempted-recon; sid:200002304; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"madens.com.pl"; classtype:attempted-recon; sid:200002305; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"madrhinoconsulting.com"; classtype:attempted-recon; sid:200002306; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maestro.my.prod.dfg152.ru"; classtype:attempted-recon; sid:200002307; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"magyar-posta.ddns.net"; classtype:attempted-recon; sid:200002308; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"magyar-posta.sytes.net"; classtype:attempted-recon; sid:200002309; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mahikapur.in"; classtype:attempted-recon; sid:200002310; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mahud.globizsapp.com"; classtype:attempted-recon; sid:200002311; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail-account-verify-f4723.web.app"; classtype:attempted-recon; sid:200002312; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail-gmxaktualisierung.yolasite.com"; classtype:attempted-recon; sid:200002313; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail-ovhcloud.web.app"; classtype:attempted-recon; sid:200002314; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail-ssocloud-srvr67yhguh.pages.dev"; classtype:attempted-recon; sid:200002315; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.atlanticeconcrete.com"; classtype:attempted-recon; sid:200002316; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.enrollmoreclientsbootcamp.com"; classtype:attempted-recon; sid:200002317; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.ims-fe.com"; classtype:attempted-recon; sid:200002318; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.kenanhusovic.com"; classtype:attempted-recon; sid:200002319; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.kuttabalfatih.com"; classtype:attempted-recon; sid:200002320; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.santepluspharma.com"; classtype:attempted-recon; sid:200002321; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.sweetshopspecialtycoffee.com.au"; classtype:attempted-recon; sid:200002322; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.updateinfo-billingo2.com"; classtype:attempted-recon; sid:200002323; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.wellsfargous.duckdns.org"; classtype:attempted-recon; sid:200002324; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.wheel1factory.net"; classtype:attempted-recon; sid:200002325; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mail.zenstream.com"; classtype:attempted-recon; sid:200002326; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck1.web.app"; classtype:attempted-recon; sid:200002327; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck10.web.app"; classtype:attempted-recon; sid:200002328; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck11.web.app"; classtype:attempted-recon; sid:200002329; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck12.web.app"; classtype:attempted-recon; sid:200002330; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck13.web.app"; classtype:attempted-recon; sid:200002331; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck14.web.app"; classtype:attempted-recon; sid:200002332; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck15.web.app"; classtype:attempted-recon; sid:200002333; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck16.web.app"; classtype:attempted-recon; sid:200002334; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck17.web.app"; classtype:attempted-recon; sid:200002335; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck18.web.app"; classtype:attempted-recon; sid:200002336; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck19.web.app"; classtype:attempted-recon; sid:200002337; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck2.web.app"; classtype:attempted-recon; sid:200002338; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck20.web.app"; classtype:attempted-recon; sid:200002339; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck4.web.app"; classtype:attempted-recon; sid:200002340; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck5.web.app"; classtype:attempted-recon; sid:200002341; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck6.web.app"; classtype:attempted-recon; sid:200002342; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck7.web.app"; classtype:attempted-recon; sid:200002343; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck8.web.app"; classtype:attempted-recon; sid:200002344; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maildomaiincheck9.web.app"; classtype:attempted-recon; sid:200002345; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailgmxaktualiisieren.yolasite.com"; classtype:attempted-recon; sid:200002346; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailplusrolerequestedprivatemailupdates.pages.dev"; classtype:attempted-recon; sid:200002347; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailserver7656566.blob.core.windows.net"; classtype:attempted-recon; sid:200002348; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee10.web.app"; classtype:attempted-recon; sid:200002349; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee11.web.app"; classtype:attempted-recon; sid:200002350; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee12.web.app"; classtype:attempted-recon; sid:200002351; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee14.web.app"; classtype:attempted-recon; sid:200002352; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee16.web.app"; classtype:attempted-recon; sid:200002353; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee17.web.app"; classtype:attempted-recon; sid:200002354; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee19.web.app"; classtype:attempted-recon; sid:200002355; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee20.web.app"; classtype:attempted-recon; sid:200002356; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee21.web.app"; classtype:attempted-recon; sid:200002357; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee22.web.app"; classtype:attempted-recon; sid:200002358; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee24.web.app"; classtype:attempted-recon; sid:200002359; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee26.web.app"; classtype:attempted-recon; sid:200002360; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee27.web.app"; classtype:attempted-recon; sid:200002361; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee28.web.app"; classtype:attempted-recon; sid:200002362; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee29.web.app"; classtype:attempted-recon; sid:200002363; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee34.web.app"; classtype:attempted-recon; sid:200002364; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee35.web.app"; classtype:attempted-recon; sid:200002365; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee40.web.app"; classtype:attempted-recon; sid:200002366; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee6.web.app"; classtype:attempted-recon; sid:200002367; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee7.web.app"; classtype:attempted-recon; sid:200002368; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mailupdattee8.web.app"; classtype:attempted-recon; sid:200002369; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mainbugerrorfixing.com"; classtype:attempted-recon; sid:200002370; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mainmobilerectify.live"; classtype:attempted-recon; sid:200002371; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mainsbscrestore.com"; classtype:attempted-recon; sid:200002372; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maintoken.org"; classtype:attempted-recon; sid:200002373; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"makcts-go.ru"; classtype:attempted-recon; sid:200002374; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"make-anon-keep-past.rvsla.workers.dev"; classtype:attempted-recon; sid:200002375; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mala-riba.com"; classtype:attempted-recon; sid:200002376; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"malaprontaargentina.com.br"; classtype:attempted-recon; sid:200002377; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"malehaenterprises.com"; classtype:attempted-recon; sid:200002378; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"malukutenggarakab.go.id"; classtype:attempted-recon; sid:200002379; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mamasitasont.blogspot.com"; classtype:attempted-recon; sid:200002380; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mandirilivinlinksystem.brizy.site"; classtype:attempted-recon; sid:200002381; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mandirilivinlinksystem3.brizy.site"; classtype:attempted-recon; sid:200002382; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"manualsync.com"; classtype:attempted-recon; sid:200002383; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maotun.xyz"; classtype:attempted-recon; sid:200002384; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mapsa.com.pe"; classtype:attempted-recon; sid:200002385; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marifilmines.ca"; classtype:attempted-recon; sid:200002386; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marinthe.poingaitongamlm.link"; classtype:attempted-recon; sid:200002387; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace-axieinfinity.io"; classtype:attempted-recon; sid:200002388; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace-axlelnfiniity.com"; classtype:attempted-recon; sid:200002389; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-1b6x8r3ep.isiolo.go.ke"; classtype:attempted-recon; sid:200002390; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-29ta3qbv.isiolo.go.ke"; classtype:attempted-recon; sid:200002391; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-hzup1bae.isiolo.go.ke"; classtype:attempted-recon; sid:200002392; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-izkbuxmx.isiolo.go.ke"; classtype:attempted-recon; sid:200002393; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-kq1oh2ae.isiolo.go.ke"; classtype:attempted-recon; sid:200002394; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-milt5ssm.isiolo.go.ke"; classtype:attempted-recon; sid:200002395; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-qze9zt75vm.isiolo.go.ke"; classtype:attempted-recon; sid:200002396; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-sauuvazpjo.isiolo.go.ke"; classtype:attempted-recon; sid:200002397; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-tyeuieb7.isiolo.go.ke"; classtype:attempted-recon; sid:200002398; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-wd5sulr0f5.isiolo.go.ke"; classtype:attempted-recon; sid:200002399; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplace.facebook.com-z1au8cxghl.isiolo.go.ke"; classtype:attempted-recon; sid:200002400; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketplaceaxieinfiniity.com"; classtype:attempted-recon; sid:200002401; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"masdas0932.co.vu"; classtype:attempted-recon; sid:200002402; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"masum.lawyer"; classtype:attempted-recon; sid:200002403; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"match.lookatmynewphotos.com"; classtype:attempted-recon; sid:200002404; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"matchoklahoma.com"; classtype:attempted-recon; sid:200002405; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"matelamsiska.com"; classtype:attempted-recon; sid:200002406; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"matiruys.co.vu"; classtype:attempted-recon; sid:200002407; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maxclinic.ru"; classtype:attempted-recon; sid:200002408; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"maxis-winner-2020.webs.com"; classtype:attempted-recon; sid:200002409; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mayormoveis.com"; classtype:attempted-recon; sid:200002410; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mboutique.cfd"; classtype:attempted-recon; sid:200002411; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mccarthyelectrical.com"; classtype:attempted-recon; sid:200002412; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mcconcep.cluster005.ovh.net"; classtype:attempted-recon; sid:200002413; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mchganistore.solofolio.net"; classtype:attempted-recon; sid:200002414; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mdex.li"; classtype:attempted-recon; sid:200002415; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mdurucan.com"; classtype:attempted-recon; sid:200002416; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"medelinahealth.com"; classtype:attempted-recon; sid:200002417; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"medeniyetakademisi.org"; classtype:attempted-recon; sid:200002418; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediasystembusiness.xyz"; classtype:attempted-recon; sid:200002419; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mednungtanpoudan-acvwe3.ga"; classtype:attempted-recon; sid:200002420; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"medo.world"; classtype:attempted-recon; sid:200002421; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"medtamr.com"; classtype:attempted-recon; sid:200002422; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meeting-23900123090123.bitbucket.io"; classtype:attempted-recon; sid:200002423; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"memestock.xyz"; classtype:attempted-recon; sid:200002424; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mercani.pomyt.info"; classtype:attempted-recon; sid:200002425; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mercariz.xyz"; classtype:attempted-recon; sid:200002426; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meremanovegabana.website2.me"; classtype:attempted-recon; sid:200002427; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mbudeu.cn"; classtype:attempted-recon; sid:200002428; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mednljn.cn"; classtype:attempted-recon; sid:200002429; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mgeukpx.cn"; classtype:attempted-recon; sid:200002430; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mglsffs.cn"; classtype:attempted-recon; sid:200002431; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mglxyul.cn"; classtype:attempted-recon; sid:200002432; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mhgqdtv.cn"; classtype:attempted-recon; sid:200002433; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mjrsrfo.cn"; classtype:attempted-recon; sid:200002434; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mktbbr.cn"; classtype:attempted-recon; sid:200002435; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mkxbqnu.cn"; classtype:attempted-recon; sid:200002436; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mlyffa.cn"; classtype:attempted-recon; sid:200002437; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mmsfzys.cn"; classtype:attempted-recon; sid:200002438; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mnfjwy.cn"; classtype:attempted-recon; sid:200002439; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mnheijt.cn"; classtype:attempted-recon; sid:200002440; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.msnygk.cn"; classtype:attempted-recon; sid:200002441; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mtlrnzu.cn"; classtype:attempted-recon; sid:200002442; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mukkwvc.cn"; classtype:attempted-recon; sid:200002443; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mericarir.mxsoecl.cn"; classtype:attempted-recon; sid:200002444; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meriocori-logining.2y3uio.pyqbas.cn"; classtype:attempted-recon; sid:200002445; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mestertignseekjet4.blogspot.com"; classtype:attempted-recon; sid:200002446; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mestertignseekjet5.blogspot.com"; classtype:attempted-recon; sid:200002447; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mestertignseekjet6.blogspot.com"; classtype:attempted-recon; sid:200002448; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mestredaobra.com"; classtype:attempted-recon; sid:200002449; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meta-support-centers.ml"; classtype:attempted-recon; sid:200002450; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metalurgicagiom.com.br"; classtype:attempted-recon; sid:200002451; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamasc.club"; classtype:attempted-recon; sid:200002452; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask-connect.com"; classtype:attempted-recon; sid:200002453; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask-connect.org"; classtype:attempted-recon; sid:200002454; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask-extension.com.hsurge.com"; classtype:attempted-recon; sid:200002455; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask-wallets-protection.web.app"; classtype:attempted-recon; sid:200002456; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask-wallets.yahoosites.com"; classtype:attempted-recon; sid:200002457; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask.cam"; classtype:attempted-recon; sid:200002458; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask.io-php.com"; classtype:attempted-recon; sid:200002459; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask.kiwi"; classtype:attempted-recon; sid:200002460; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask.loan"; classtype:attempted-recon; sid:200002461; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask.protocol-process.me"; classtype:attempted-recon; sid:200002462; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask.security-information.cc"; classtype:attempted-recon; sid:200002463; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask.social"; classtype:attempted-recon; sid:200002464; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamask.wallets-reauth.net"; classtype:attempted-recon; sid:200002465; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamaskdownloadandroid.xyz"; classtype:attempted-recon; sid:200002466; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamaskextension.xyz"; classtype:attempted-recon; sid:200002467; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metamassklogins-us.tumblr.com"; classtype:attempted-recon; sid:200002468; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"metaversepadapp.com"; classtype:attempted-recon; sid:200002469; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meusabor.com.br"; classtype:attempted-recon; sid:200002470; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mfacebook.blogspot.com.cy"; classtype:attempted-recon; sid:200002471; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mfacebook.blogspot.lt"; classtype:attempted-recon; sid:200002472; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mfacebook.blogspot.rs"; classtype:attempted-recon; sid:200002473; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mgpskartarpur.com"; classtype:attempted-recon; sid:200002474; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mgrandroyale.com"; classtype:attempted-recon; sid:200002475; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mibancocrece.com.co"; classtype:attempted-recon; sid:200002476; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"micacd.elshov.com"; classtype:attempted-recon; sid:200002477; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"michiyado.com"; classtype:attempted-recon; sid:200002478; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"microcav.square.site"; classtype:attempted-recon; sid:200002479; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"microsoftonline.pages.dev"; classtype:attempted-recon; sid:200002480; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"microsoftwebserver.mfs.gg"; classtype:attempted-recon; sid:200002481; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"micuenta01.github.io"; classtype:attempted-recon; sid:200002482; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"midasbuy1st.com"; classtype:attempted-recon; sid:200002483; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"midsposc2.com"; classtype:attempted-recon; sid:200002484; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mijnics-actualisatie.185-236-231-64.plesk.page"; classtype:attempted-recon; sid:200002485; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mikayelxhovakimyan.com"; classtype:attempted-recon; sid:200002486; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"milanobet301.com"; classtype:attempted-recon; sid:200002487; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"militarybikers.org"; classtype:attempted-recon; sid:200002488; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mingming20160152.github.io"; classtype:attempted-recon; sid:200002489; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"miozpro.com"; classtype:attempted-recon; sid:200002490; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"miracdoviz.com"; classtype:attempted-recon; sid:200002491; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"miss-paym02.com"; classtype:attempted-recon; sid:200002492; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"missionshashank.org"; classtype:attempted-recon; sid:200002493; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjayme9jdg9izxixmjeydgg.filesusr.com"; classtype:attempted-recon; sid:200002494; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjayme9jdg9izxiymjnyza.filesusr.com"; classtype:attempted-recon; sid:200002495; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymu1heta1dgg.filesusr.com"; classtype:attempted-recon; sid:200002496; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymu1hetezmtj0aa.filesusr.com"; classtype:attempted-recon; sid:200002497; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymu1hetgym3jk.filesusr.com"; classtype:attempted-recon; sid:200002498; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymu1hetizmtl0aa.filesusr.com"; classtype:attempted-recon; sid:200002499; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymu1hetqymhro.filesusr.com"; classtype:attempted-recon; sid:200002500; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymu1hetu3dgg.filesusr.com"; classtype:attempted-recon; sid:200002501; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymu1hetuymhro.filesusr.com"; classtype:attempted-recon; sid:200002502; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymu5vdmvtymvymji5dgg.filesusr.com"; classtype:attempted-recon; sid:200002503; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymu5vdmvtymvymtexdgg.filesusr.com"; classtype:attempted-recon; sid:200002504; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymuf1z3vzdde4mtf0aa.filesusr.com"; classtype:attempted-recon; sid:200002505; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymufwcmlsmde5dgg.filesusr.com"; classtype:attempted-recon; sid:200002506; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymup1bhk0mtf0aa.filesusr.com"; classtype:attempted-recon; sid:200002507; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymup1bhk1mtr0aa.filesusr.com"; classtype:attempted-recon; sid:200002508; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymup1bhkzmtn0aa.filesusr.com"; classtype:attempted-recon; sid:200002509; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymup1bmu0mtf0aa.filesusr.com"; classtype:attempted-recon; sid:200002510; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymup1bmuymzfzda.filesusr.com"; classtype:attempted-recon; sid:200002511; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymuphbnvhcnkxmzv0aa.filesusr.com"; classtype:attempted-recon; sid:200002512; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymurly2vtymvymjiyn3ro.filesusr.com"; classtype:attempted-recon; sid:200002513; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mjaymvnlchrlbwjlcjizmxn0.filesusr.com"; classtype:attempted-recon; sid:200002514; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mk2.ge"; classtype:attempted-recon; sid:200002515; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mkjiool.weebly.com"; classtype:attempted-recon; sid:200002516; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mnbxa.73kfer9.cn"; classtype:attempted-recon; sid:200002517; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mnbxcas.zm7wwar.cn"; classtype:attempted-recon; sid:200002518; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mncxx.qbeepor.cn"; classtype:attempted-recon; sid:200002519; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mnnbx.r1rpj09.cn"; classtype:attempted-recon; sid:200002520; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mnncxa.fwffsyt.cn"; classtype:attempted-recon; sid:200002521; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiile.systemredirect-pages.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link"; classtype:attempted-recon; sid:200002522; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobile-orange-forever.yolasite.com"; classtype:attempted-recon; sid:200002523; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobile-portail.live"; classtype:attempted-recon; sid:200002524; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobile.hedgesportst.me"; classtype:attempted-recon; sid:200002525; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"moccasinyellowbetatest.josekkk.repl.co"; classtype:attempted-recon; sid:200002526; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"modest-hertz.45-81-232-15.plesk.page"; classtype:attempted-recon; sid:200002527; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"moiksys.com"; classtype:attempted-recon; sid:200002528; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mon-token.com"; classtype:attempted-recon; sid:200002529; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mon.espace.lcl.fr.certosini.info"; classtype:attempted-recon; sid:200002530; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"monbudri.xyz"; classtype:attempted-recon; sid:200002531; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mondrive.xyz"; classtype:attempted-recon; sid:200002532; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"monedri.xyz"; classtype:attempted-recon; sid:200002533; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"monirshouvo.github.io"; classtype:attempted-recon; sid:200002534; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"monomobileservice.yolasite.com"; classtype:attempted-recon; sid:200002535; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"monprofilclient.web.app"; classtype:attempted-recon; sid:200002536; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"monstercarp.rn86.ru"; classtype:attempted-recon; sid:200002537; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"montenegrolandscape.com"; classtype:attempted-recon; sid:200002538; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"montrealidiomas.com.br"; classtype:attempted-recon; sid:200002539; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"monyeward.com"; classtype:attempted-recon; sid:200002540; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"morcario.xyz"; classtype:attempted-recon; sid:200002541; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"morfybox.com"; classtype:attempted-recon; sid:200002542; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"movil.particulares-secure.com"; classtype:attempted-recon; sid:200002543; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mqzlsim.mindlogicinfotech.com"; classtype:attempted-recon; sid:200002544; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mrpitchman.com"; classtype:attempted-recon; sid:200002545; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"msc-doelsach.at"; classtype:attempted-recon; sid:200002546; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mscc1s.ultimatefreehost.in"; classtype:attempted-recon; sid:200002547; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"msnserviceverifivation.wordpress.com"; classtype:attempted-recon; sid:200002548; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"msofficemessagescenter-1.mfs.gg"; classtype:attempted-recon; sid:200002549; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mtngifts2021.blogspot.com"; classtype:attempted-recon; sid:200002550; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mtron.in"; classtype:attempted-recon; sid:200002551; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mtsn1kotabekasi.sch.id"; classtype:attempted-recon; sid:200002552; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"muddy-credit-ea7b.0fflce-mlcr0sfot-online-supposrts3jp-tokcloud.workers.dev"; classtype:attempted-recon; sid:200002553; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mudraloans.biz"; classtype:attempted-recon; sid:200002554; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mufg.jp.yjfszs.com"; classtype:attempted-recon; sid:200002555; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"muriiityua.krywanbobaanja.link"; classtype:attempted-recon; sid:200002556; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mxrr.com"; classtype:attempted-recon; sid:200002557; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my-bithumb.web.app"; classtype:attempted-recon; sid:200002558; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my-gmail.ir"; classtype:attempted-recon; sid:200002559; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my-site219.yolasite.com"; classtype:attempted-recon; sid:200002560; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my.jcpwb.com"; classtype:attempted-recon; sid:200002561; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my.nhs-get-pass.com"; classtype:attempted-recon; sid:200002562; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my.paydi.login-index-home.x4typfc.cn"; classtype:attempted-recon; sid:200002563; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my02billing-login.com"; classtype:attempted-recon; sid:200002564; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mybeii.live"; classtype:attempted-recon; sid:200002565; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mycoerver.es"; classtype:attempted-recon; sid:200002566; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mygoogleaccount.stantrade.xyz"; classtype:attempted-recon; sid:200002567; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"myjcb.cyyptoi.cn"; classtype:attempted-recon; sid:200002568; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"myjcb.thxpj.cn"; classtype:attempted-recon; sid:200002569; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mymbg-aa2e2.web.app"; classtype:attempted-recon; sid:200002570; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mymeta-securearea.plesk07.zap-webspace.com"; classtype:attempted-recon; sid:200002571; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mymweb-owner.at.ua"; classtype:attempted-recon; sid:200002572; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mypo-delivery.com"; classtype:attempted-recon; sid:200002573; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mypsm.psm.edu.mm"; classtype:attempted-recon; sid:200002574; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"myshedbuilder.com"; classtype:attempted-recon; sid:200002575; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mytheamsauthecent.wapgem.com"; classtype:attempted-recon; sid:200002576; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"myupdates-mynetflix.com"; classtype:attempted-recon; sid:200002577; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mywalletsvalidation.com"; classtype:attempted-recon; sid:200002578; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mzqualitycleaning.com"; classtype:attempted-recon; sid:200002579; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"n-naoko-0319.github.io"; classtype:attempted-recon; sid:200002580; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"n.salsomascard.top"; classtype:attempted-recon; sid:200002581; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"n26.sa-france.fr"; classtype:attempted-recon; sid:200002582; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"n7orton.com"; classtype:attempted-recon; sid:200002583; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nab-access-breach.com"; classtype:attempted-recon; sid:200002584; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nab-alert.mobi"; classtype:attempted-recon; sid:200002585; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nab-www.303.si"; classtype:attempted-recon; sid:200002586; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"naderkhani.ir"; classtype:attempted-recon; sid:200002587; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"najboljeuslugezavas.betterservicesforyou.com"; classtype:attempted-recon; sid:200002588; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nalandaias.com"; classtype:attempted-recon; sid:200002589; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nanjing.itud167.cn"; classtype:attempted-recon; sid:200002590; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"napgamelienquan.net"; classtype:attempted-recon; sid:200002591; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"naranja-users.auth0.com"; classtype:attempted-recon; sid:200002592; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"native-possession-josh-asks.trycloudflare.com"; classtype:attempted-recon; sid:200002593; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nattionaliy.000webhostapp.com"; classtype:attempted-recon; sid:200002594; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"natu-mx.com"; classtype:attempted-recon; sid:200002595; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"naturalrocksand.com"; classtype:attempted-recon; sid:200002596; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"natwest.nwolb-login-auth.com"; classtype:attempted-recon; sid:200002597; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"natwest.secure-auth-personal-device.com"; classtype:attempted-recon; sid:200002598; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"natwest.secured-online-verify.com"; classtype:attempted-recon; sid:200002599; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"natwest.secured-personal-verify.com"; classtype:attempted-recon; sid:200002600; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nayablabs.com"; classtype:attempted-recon; sid:200002601; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nayameehomes.com"; classtype:attempted-recon; sid:200002602; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbcc.0bit08a.cn"; classtype:attempted-recon; sid:200002603; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbcd.xiu58rl.cn"; classtype:attempted-recon; sid:200002604; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbcvs.gd65y69.cn"; classtype:attempted-recon; sid:200002605; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbcxa.lctlfdq.cn"; classtype:attempted-recon; sid:200002606; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbcxas.551awvr.cn"; classtype:attempted-recon; sid:200002607; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbhjxa.hblhi96.cn"; classtype:attempted-recon; sid:200002608; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbnonres.com"; classtype:attempted-recon; sid:200002609; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbxaa.b1b6nac.cn"; classtype:attempted-recon; sid:200002610; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbxas.uabzfbm.cn"; classtype:attempted-recon; sid:200002611; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbxasd.rm625b.cn"; classtype:attempted-recon; sid:200002612; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbxha.74zdws.cn"; classtype:attempted-recon; sid:200002613; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nbxza.giodzij.cn"; classtype:attempted-recon; sid:200002614; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ncgroup.club"; classtype:attempted-recon; sid:200002615; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"necessitymag.com"; classtype:attempted-recon; sid:200002616; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nedbankqa.flowblocks.com"; classtype:attempted-recon; sid:200002617; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nedriw.xyz"; classtype:attempted-recon; sid:200002618; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"negociebra.com.br"; classtype:attempted-recon; sid:200002619; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"neptuneinnovations.com"; classtype:attempted-recon; sid:200002620; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"netciti.id"; classtype:attempted-recon; sid:200002621; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"netflix-techarmy.me"; classtype:attempted-recon; sid:200002622; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"netflixus-uwm-916726-sbi-917827.kamaliakhaddar.pk"; classtype:attempted-recon; sid:200002623; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"networksol-f35e7.web.app"; classtype:attempted-recon; sid:200002624; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"neversencommun.fr"; classtype:attempted-recon; sid:200002625; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newlifenursery.com"; classtype:attempted-recon; sid:200002626; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newrydramafestival.co.uk"; classtype:attempted-recon; sid:200002627; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newsletter.pagueonlinebra.com.br"; classtype:attempted-recon; sid:200002628; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newsodisha.in"; classtype:attempted-recon; sid:200002629; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nextgensoftbd.com"; classtype:attempted-recon; sid:200002630; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nftsmainnet.com"; classtype:attempted-recon; sid:200002631; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhattinsteel.com"; classtype:attempted-recon; sid:200002632; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhbcd.40ggify.cn"; classtype:attempted-recon; sid:200002633; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhbcd.xitgfmh.cn"; classtype:attempted-recon; sid:200002634; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhbcda.g4g5mgc.cn"; classtype:attempted-recon; sid:200002635; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhbd.yl7g7qz.cn"; classtype:attempted-recon; sid:200002636; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhbdd.ncoavvx.cn"; classtype:attempted-recon; sid:200002637; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhfactor.com"; classtype:attempted-recon; sid:200002638; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhgcs.ugvvluf.cn"; classtype:attempted-recon; sid:200002639; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhhvd.zb06w77.cn"; classtype:attempted-recon; sid:200002640; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhri.net"; classtype:attempted-recon; sid:200002641; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nhs.my-vaccine-status.com"; classtype:attempted-recon; sid:200002642; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"niagarapower.com"; classtype:attempted-recon; sid:200002643; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nic-home.com"; classtype:attempted-recon; sid:200002644; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nizotchauffage.bilty.be"; classtype:attempted-recon; sid:200002645; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nodesconnection.com"; classtype:attempted-recon; sid:200002646; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"northlane.esy.es"; classtype:attempted-recon; sid:200002647; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"notife.help.institutepages.workers.dev"; classtype:attempted-recon; sid:200002648; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"notification-fb.secure-pages.workers.dev"; classtype:attempted-recon; sid:200002649; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"notificationmember.mystrikingly.com"; classtype:attempted-recon; sid:200002650; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nour-ala-nour.com"; classtype:attempted-recon; sid:200002651; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"novolimitenu.azurewebsites.net"; classtype:attempted-recon; sid:200002652; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nserviceserviceat.mystrikingly.com"; classtype:attempted-recon; sid:200002653; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nslg8.codesandbox.io"; classtype:attempted-recon; sid:200002654; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nt.embluemail.com"; classtype:attempted-recon; sid:200002655; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nueva-acropolis.cl"; classtype:attempted-recon; sid:200002656; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nutroquin.com"; classtype:attempted-recon; sid:200002657; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nw-securedfailure.com"; classtype:attempted-recon; sid:200002658; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ny989.com"; classtype:attempted-recon; sid:200002659; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nyhet.cc"; classtype:attempted-recon; sid:200002660; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"o.scicemecod.com"; classtype:attempted-recon; sid:200002661; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"o2-failure-billing-update.com"; classtype:attempted-recon; sid:200002662; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"o2-updatebillingvia.com"; classtype:attempted-recon; sid:200002663; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"o2billingauth-update.com"; classtype:attempted-recon; sid:200002664; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"o2phone-billingupdate.com"; classtype:attempted-recon; sid:200002665; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oanmce.hjwxkugs.cn"; classtype:attempted-recon; sid:200002666; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ocareportesweb.webcindario.com"; classtype:attempted-recon; sid:200002667; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ocaxvefific.webcindario.com"; classtype:attempted-recon; sid:200002668; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oceantires.com"; classtype:attempted-recon; sid:200002669; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ocioturismogalicia.com"; classtype:attempted-recon; sid:200002670; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oco.or.tz"; classtype:attempted-recon; sid:200002671; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oddplug.cfd"; classtype:attempted-recon; sid:200002672; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"odiasamaj.net"; classtype:attempted-recon; sid:200002673; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offic365.online"; classtype:attempted-recon; sid:200002674; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offic4046217.sitebuilder.name.tools"; classtype:attempted-recon; sid:200002675; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"officeee.bubbleapps.io"; classtype:attempted-recon; sid:200002676; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"officialevent.way.live"; classtype:attempted-recon; sid:200002677; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"officialliker.co"; classtype:attempted-recon; sid:200002678; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ogrodywlochy.pl"; classtype:attempted-recon; sid:200002679; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oiasasca.asiocsacszc.xyz"; classtype:attempted-recon; sid:200002680; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oiasd.herorny.cn"; classtype:attempted-recon; sid:200002681; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oicm.oobqrxh.cn"; classtype:attempted-recon; sid:200002682; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oidda.5s2iamp.cn"; classtype:attempted-recon; sid:200002683; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oijcd.qvjcddv.cn"; classtype:attempted-recon; sid:200002684; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oikca.smwceku.cn"; classtype:attempted-recon; sid:200002685; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oikcas.6b914ty.cn"; classtype:attempted-recon; sid:200002686; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oikcd.uf27ce8.cn"; classtype:attempted-recon; sid:200002687; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oikcxa.zvvx01z.cn"; classtype:attempted-recon; sid:200002688; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oivac.com"; classtype:attempted-recon; sid:200002689; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"okcs.qj8yua.cn"; classtype:attempted-recon; sid:200002690; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"okds.bbtlcve.cn"; classtype:attempted-recon; sid:200002691; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"okep-viral-terbaru-terhist-2022.duckdns.org"; classtype:attempted-recon; sid:200002692; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"okmca.8xcrn6w.cn"; classtype:attempted-recon; sid:200002693; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"okmca.bxkfham.cn"; classtype:attempted-recon; sid:200002694; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"okmca.uwudagu.cn"; classtype:attempted-recon; sid:200002695; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"okmxa.lfgpror.cn"; classtype:attempted-recon; sid:200002696; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"okpwtu.webwave.dev"; classtype:attempted-recon; sid:200002697; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ol-run1.online"; classtype:attempted-recon; sid:200002698; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"olidooo.waca.tw"; classtype:attempted-recon; sid:200002699; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"olk.us7apye.cn"; classtype:attempted-recon; sid:200002700; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"olmnxa.wc2ikux.cn"; classtype:attempted-recon; sid:200002701; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"omesqiwines.de"; classtype:attempted-recon; sid:200002702; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oncopharma-ae.com"; classtype:attempted-recon; sid:200002703; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onecreator.info"; classtype:attempted-recon; sid:200002704; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onedrive.zhaoge.workers.dev"; classtype:attempted-recon; sid:200002705; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onee-a0488.web.app"; classtype:attempted-recon; sid:200002706; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oneisallandone.web.app"; classtype:attempted-recon; sid:200002707; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oneone-19cd8.web.app"; classtype:attempted-recon; sid:200002708; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oneone-a38ef.web.app"; classtype:attempted-recon; sid:200002709; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"online-sistem.com"; classtype:attempted-recon; sid:200002710; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlineasesor01.hostfree.pw"; classtype:attempted-recon; sid:200002711; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlinebanking.unrecognised-new-payee.com"; classtype:attempted-recon; sid:200002712; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlineffn2.temp.swtest.ru"; classtype:attempted-recon; sid:200002713; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlineislemlersayfasivkfgirisicom.tk"; classtype:attempted-recon; sid:200002714; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlinsfuco.temp.swtest.ru"; classtype:attempted-recon; sid:200002715; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlysportplus.com"; classtype:attempted-recon; sid:200002716; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ooxvocalor.yolasite.com"; classtype:attempted-recon; sid:200002717; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"opansea.live"; classtype:attempted-recon; sid:200002718; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"open24.ie-tsb.email"; classtype:attempted-recon; sid:200002719; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operationroofingllc3.com"; classtype:attempted-recon; sid:200002720; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"opticabattilana.com.ar"; classtype:attempted-recon; sid:200002721; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ora-n.yolasite.com"; classtype:attempted-recon; sid:200002722; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orabu.it"; classtype:attempted-recon; sid:200002723; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orange-dcr.fr"; classtype:attempted-recon; sid:200002724; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orange-security.cloud.coreoz.com"; classtype:attempted-recon; sid:200002725; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orange.iobeya.com"; classtype:attempted-recon; sid:200002726; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orange.sphinxonline.net"; classtype:attempted-recon; sid:200002727; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orange2k22.wixsite.com"; classtype:attempted-recon; sid:200002728; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orangeb191.temp.swtest.ru"; classtype:attempted-recon; sid:200002729; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orangess.contactin.bio"; classtype:attempted-recon; sid:200002730; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"org-nr.yolasite.com"; classtype:attempted-recon; sid:200002731; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"orlen.digital"; classtype:attempted-recon; sid:200002732; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ormantencs112.odoo.com"; classtype:attempted-recon; sid:200002733; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"osis.world"; classtype:attempted-recon; sid:200002734; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"otomoto-h229.net"; classtype:attempted-recon; sid:200002735; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"otomoto3452.com"; classtype:attempted-recon; sid:200002736; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"otwmaxx.com"; classtype:attempted-recon; sid:200002737; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oudczfbniitcqdsrmaapdztwqo-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200002738; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ourgarden.us"; classtype:attempted-recon; sid:200002739; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"outlook1541489.webcindario.com"; classtype:attempted-recon; sid:200002740; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"outlookcom119.yolasite.com"; classtype:attempted-recon; sid:200002741; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ouverturecompte.lbp-eer.fr"; classtype:attempted-recon; sid:200002742; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200002743; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"p1c.servleboncoinser.com"; classtype:attempted-recon; sid:200002744; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"package2021.blogspot.ba"; classtype:attempted-recon; sid:200002745; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"package2021.blogspot.bg"; classtype:attempted-recon; sid:200002746; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"package2021.blogspot.com"; classtype:attempted-recon; sid:200002747; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"page-restrict-case22456548.help"; classtype:attempted-recon; sid:200002748; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pages-1008009999700022199021.com"; classtype:attempted-recon; sid:200002749; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pages-alert-facebook.ezyro.com"; classtype:attempted-recon; sid:200002750; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pages-community-standart-2022.co"; classtype:attempted-recon; sid:200002751; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pages-marvelous-project.webflow.io"; classtype:attempted-recon; sid:200002752; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pages-support-office-2021.gq"; classtype:attempted-recon; sid:200002753; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pages-support-office-2021.tk"; classtype:attempted-recon; sid:200002754; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pages.secure-accts.workers.dev"; classtype:attempted-recon; sid:200002755; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pagesdetectscopyrightpostingactivitiesreported.co.vu"; classtype:attempted-recon; sid:200002756; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pagos.sinpemovil.cr"; classtype:attempted-recon; sid:200002757; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paidpapers.net"; classtype:attempted-recon; sid:200002758; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paleyeer.com"; classtype:attempted-recon; sid:200002759; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"palmm.ps"; classtype:attempted-recon; sid:200002760; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancaakesvap.com"; classtype:attempted-recon; sid:200002761; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancake-sawp.com"; classtype:attempted-recon; sid:200002762; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancake7wop.com"; classtype:attempted-recon; sid:200002763; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakesawpes.com"; classtype:attempted-recon; sid:200002764; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakesfinances.info"; classtype:attempted-recon; sid:200002765; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakesvvap-finance.org"; classtype:attempted-recon; sid:200002766; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswap.finance.tradechange.in"; classtype:attempted-recon; sid:200002767; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswap.men"; classtype:attempted-recon; sid:200002768; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswap.multi-wallet.info"; classtype:attempted-recon; sid:200002769; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswap.salsasourcing.com"; classtype:attempted-recon; sid:200002770; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswapes.company"; classtype:attempted-recon; sid:200002771; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswapexcgn.com"; classtype:attempted-recon; sid:200002772; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswapexch.com"; classtype:attempted-recon; sid:200002773; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswapexchage.com"; classtype:attempted-recon; sid:200002774; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswapexchg.com"; classtype:attempted-recon; sid:200002775; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancakeswappshop.blogspot.com"; classtype:attempted-recon; sid:200002776; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancaku-swap.com"; classtype:attempted-recon; sid:200002777; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pancalteswap.finance"; classtype:attempted-recon; sid:200002778; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"panccakesswap.org"; classtype:attempted-recon; sid:200002779; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"panckaceswap.finance"; classtype:attempted-recon; sid:200002780; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaskin.ru.com"; classtype:attempted-recon; sid:200002781; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"panelweb-4cae2.web.app"; classtype:attempted-recon; sid:200002782; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pankaceeswap.com"; classtype:attempted-recon; sid:200002783; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pankaceswapes.finance"; classtype:attempted-recon; sid:200002784; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pankakeswap.ledgity.com"; classtype:attempted-recon; sid:200002785; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pannelpub-benin.com"; classtype:attempted-recon; sid:200002786; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pantazisezopiiuurmail1.web.app"; classtype:attempted-recon; sid:200002787; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"parcel-support018.com"; classtype:attempted-recon; sid:200002788; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pardot.assemblecommunities.com"; classtype:attempted-recon; sid:200002789; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pasarbta.info"; classtype:attempted-recon; sid:200002790; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"passionfruit4576261.brizy.site"; classtype:attempted-recon; sid:200002791; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pateltutorials.com"; classtype:attempted-recon; sid:200002792; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"path.faithbible.institute"; classtype:attempted-recon; sid:200002793; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pathospitals.com"; classtype:attempted-recon; sid:200002794; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"patient-cell-40f5.updatedlogmylogin.workers.dev"; classtype:attempted-recon; sid:200002795; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"patwise.co.in"; classtype:attempted-recon; sid:200002796; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paws.org.au"; classtype:attempted-recon; sid:200002797; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paxfulacct.com"; classtype:attempted-recon; sid:200002798; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paxfulmenu.com"; classtype:attempted-recon; sid:200002799; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pay-sera.web.app"; classtype:attempted-recon; sid:200002800; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pay16-olx.pl"; classtype:attempted-recon; sid:200002801; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paymentnotificationnow.blogspot.com"; classtype:attempted-recon; sid:200002802; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paypal-online-2deposits-paymentaccept.tk"; classtype:attempted-recon; sid:200002803; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paypal-opladen.be"; classtype:attempted-recon; sid:200002804; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paypalforex.co.ke"; classtype:attempted-recon; sid:200002805; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pbemail.youxiangdashui.com"; classtype:attempted-recon; sid:200002806; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pdf-cloud-document.weeblysite.com"; classtype:attempted-recon; sid:200002807; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pdf-sharefile-doc.weeblysite.com"; classtype:attempted-recon; sid:200002808; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pdflogincnvwo.app.link"; classtype:attempted-recon; sid:200002809; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pdfsecured.mystrikingly.com"; classtype:attempted-recon; sid:200002810; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"peaceful-black.193-70-50-31.plesk.page"; classtype:attempted-recon; sid:200002811; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pedih.001www.com"; classtype:attempted-recon; sid:200002812; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pembatalanakundinonaktifkan.weebly.com"; classtype:attempted-recon; sid:200002813; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pencakecwap.com"; classtype:attempted-recon; sid:200002814; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pensive-payne-505e1a.netlify.app"; classtype:attempted-recon; sid:200002815; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"perfectliker.net"; classtype:attempted-recon; sid:200002816; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"peringatanakunfb2k214.webnode.com"; classtype:attempted-recon; sid:200002817; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"phantom-walletweb.app"; classtype:attempted-recon; sid:200002818; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"phantomaa.com"; classtype:attempted-recon; sid:200002819; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"phishingloginmicrosoftonlinecom.zerotrustcorp.workers.dev"; classtype:attempted-recon; sid:200002820; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"phlexx.com"; classtype:attempted-recon; sid:200002821; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"phreshphoto.com"; classtype:attempted-recon; sid:200002822; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pichincha-datos1.webcindario.com"; classtype:attempted-recon; sid:200002823; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pichincha-datos2.webcindario.com"; classtype:attempted-recon; sid:200002824; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pichincha-datos3.webcindario.com"; classtype:attempted-recon; sid:200002825; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pichincha-datos5.webcindario.com"; classtype:attempted-recon; sid:200002826; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pichinchabank.webcindario.com"; classtype:attempted-recon; sid:200002827; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pichinchacomfi.webcindario.com"; classtype:attempted-recon; sid:200002828; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pichinchaecori.webcindario.com"; classtype:attempted-recon; sid:200002829; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pichinchauser.webcindario.com"; classtype:attempted-recon; sid:200002830; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pichinchverify.webcindario.com"; classtype:attempted-recon; sid:200002831; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"picnic.industries"; classtype:attempted-recon; sid:200002832; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pics.lookatmynewphotos.com"; classtype:attempted-recon; sid:200002833; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"piermontbridge.com"; classtype:attempted-recon; sid:200002834; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"piffvancouver.com"; classtype:attempted-recon; sid:200002835; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pikaresailing.com"; classtype:attempted-recon; sid:200002836; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pikay13.github.io"; classtype:attempted-recon; sid:200002837; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pilmezorda.temp.swtest.ru"; classtype:attempted-recon; sid:200002838; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pinchinchaverify.webcindario.com"; classtype:attempted-recon; sid:200002839; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pirana.co.rs"; classtype:attempted-recon; sid:200002840; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pkobp.pl.justns.ru"; classtype:attempted-recon; sid:200002841; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pl-wiadomosciswiatowe.pl"; classtype:attempted-recon; sid:200002842; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pla1060604.nichost.ru"; classtype:attempted-recon; sid:200002843; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"plan-o2-monthlypayments.com"; classtype:attempted-recon; sid:200002844; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"planetaamor.org"; classtype:attempted-recon; sid:200002845; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"plasticaindia.com"; classtype:attempted-recon; sid:200002846; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"platinumserviceac.com"; classtype:attempted-recon; sid:200002847; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playgirlgold.com"; classtype:attempted-recon; sid:200002848; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ploferta.com"; classtype:attempted-recon; sid:200002849; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"plugmailextraexpiredoldpolicynotificationscenter.pages.dev"; classtype:attempted-recon; sid:200002850; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"po-service-page.com"; classtype:attempted-recon; sid:200002851; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"poc-rewards-program-c2dfc.web.app"; classtype:attempted-recon; sid:200002852; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"podpiska-darom.ru"; classtype:attempted-recon; sid:200002853; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pokajca.web.app"; classtype:attempted-recon; sid:200002854; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pokcda.lnizi9c.cn"; classtype:attempted-recon; sid:200002855; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"poklsa.slodddz.cn"; classtype:attempted-recon; sid:200002856; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polcas.et0bgyf.cn"; classtype:attempted-recon; sid:200002857; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polcd.op59bk5.cn"; classtype:attempted-recon; sid:200002858; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polcda.qcgjwj7.cn"; classtype:attempted-recon; sid:200002859; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"poldf.gejzesp.cn"; classtype:attempted-recon; sid:200002860; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polds.gmj6f2.cn"; classtype:attempted-recon; sid:200002861; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"poliambulatorioadriatico.it"; classtype:attempted-recon; sid:200002862; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"poligrafiapias.com"; classtype:attempted-recon; sid:200002863; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polkadot-france.fr"; classtype:attempted-recon; sid:200002864; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polkastarter.app"; classtype:attempted-recon; sid:200002865; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polsd.pa0cpof.cn"; classtype:attempted-recon; sid:200002866; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polska-informacyjna.pl"; classtype:attempted-recon; sid:200002867; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polxa.uh8dg67.cn"; classtype:attempted-recon; sid:200002868; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polygon-pro.com"; classtype:attempted-recon; sid:200002869; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polygon-secure.com"; classtype:attempted-recon; sid:200002870; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"polygon-technologyes.blogspot.com"; classtype:attempted-recon; sid:200002871; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pomnxaa.181gh1c.cn"; classtype:attempted-recon; sid:200002872; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"post-ch-de.34224.info"; classtype:attempted-recon; sid:200002873; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"post-ch-de.65241.org"; classtype:attempted-recon; sid:200002874; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"post-ch.de"; classtype:attempted-recon; sid:200002875; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"post-track.ch"; classtype:attempted-recon; sid:200002876; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"posta-romana.cameleon-digital.ro"; classtype:attempted-recon; sid:200002877; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"postaledsp2.conexion.fr.savealifemw.org"; classtype:attempted-recon; sid:200002878; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"postalfees-uk.com"; classtype:attempted-recon; sid:200002879; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"postalukservice.com"; classtype:attempted-recon; sid:200002880; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"postch9192.cargo.site"; classtype:attempted-recon; sid:200002881; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"postechsuivre.ileanamlaw.com"; classtype:attempted-recon; sid:200002882; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"postnl.post-tracking-delivery.etelinfra.com"; classtype:attempted-recon; sid:200002883; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"poww.6hkjmb.cn"; classtype:attempted-recon; sid:200002884; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ppnnttcc.ppcnthsc.me"; classtype:attempted-recon; sid:200002885; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"precisionimpex.com"; classtype:attempted-recon; sid:200002886; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"preg.dspearhead.com"; classtype:attempted-recon; sid:200002887; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"preg.marketingvici.com"; classtype:attempted-recon; sid:200002888; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prepaid-leboncoin.fr"; classtype:attempted-recon; sid:200002889; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"preppingconfidence.com"; classtype:attempted-recon; sid:200002890; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prernaindustries.com"; classtype:attempted-recon; sid:200002891; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"priceless-goldstine.35-185-184-61.plesk.page"; classtype:attempted-recon; sid:200002892; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"priceless-mccarthy-8674db.netlify.app"; classtype:attempted-recon; sid:200002893; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"primarypagesmetasecure.co.vu"; classtype:attempted-recon; sid:200002894; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"primeassi5.sslblindado.com"; classtype:attempted-recon; sid:200002895; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"primecentral.jihanjiaopo6.shop"; classtype:attempted-recon; sid:200002896; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"primecentral.jixinggaozhao2.shop"; classtype:attempted-recon; sid:200002897; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"primecentral.qiourn.shop"; classtype:attempted-recon; sid:200002898; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"primeone.org"; classtype:attempted-recon; sid:200002899; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"printtoner.com.mx"; classtype:attempted-recon; sid:200002900; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prism.net.in"; classtype:attempted-recon; sid:200002901; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"privacy-update-page-prtections-association-recovry-secu.web.id"; classtype:attempted-recon; sid:200002902; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"privacy-update-secu-recovry-page-protection-4565544.web.id"; classtype:attempted-recon; sid:200002903; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"privacy-update-secu-recovry-page-protection-comunity-45.web.id"; classtype:attempted-recon; sid:200002904; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"priyankasandokar1606.github.io"; classtype:attempted-recon; sid:200002905; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pro.icloudremovaltool.com"; classtype:attempted-recon; sid:200002906; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pro.systemine.xyz"; classtype:attempted-recon; sid:200002907; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"procservautomatizacion.com"; classtype:attempted-recon; sid:200002908; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.anon-rest-keep-reset.sales18130.workers.dev"; classtype:attempted-recon; sid:200002909; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.anon-step-keep-object.sales18130.workers.dev"; classtype:attempted-recon; sid:200002910; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.calm-limit-671e.ralph2481.workers.dev"; classtype:attempted-recon; sid:200002911; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.dry-snow-ddc20ffice.deuceice2.workers.dev"; classtype:attempted-recon; sid:200002912; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.keep-paper-account.sales18130.workers.dev"; classtype:attempted-recon; sid:200002913; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.lively-salad-1c42.updatelogaccountprogramedrfwerwrdhsmc.workers.dev"; classtype:attempted-recon; sid:200002914; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.passtruth-truth-5df4.pass-morn-reset-todaybringsjoy.workers.dev"; classtype:attempted-recon; sid:200002915; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.steep-poetry-1ba3.updatelogaccountprogramedrfwerwrdhscsw.workers.dev"; classtype:attempted-recon; sid:200002916; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.try-murpheos-keep.sales18130.workers.dev"; classtype:attempted-recon; sid:200002917; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"production.twilight-darkness-9e4b.updatelogaccountprogramedrfwerwrdhscsw.workers.dev"; classtype:attempted-recon; sid:200002918; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"project1-df3e9.web.app"; classtype:attempted-recon; sid:200002919; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"projectlovewell.com"; classtype:attempted-recon; sid:200002920; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"promashoppe.com"; classtype:attempted-recon; sid:200002921; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"promehedinti.ro"; classtype:attempted-recon; sid:200002922; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"promerica-sv.webcindario.com"; classtype:attempted-recon; sid:200002923; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"promericalinea01.webcindario.com"; classtype:attempted-recon; sid:200002924; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"promo.mycorporate-rewards.net"; classtype:attempted-recon; sid:200002925; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prosmate.com"; classtype:attempted-recon; sid:200002926; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prosxsiuser.myfreesites.net"; classtype:attempted-recon; sid:200002927; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prosys.poweredbygravit-e.co.uk"; classtype:attempted-recon; sid:200002928; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"protect-4d56vca.surge.sh"; classtype:attempted-recon; sid:200002929; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"provodi.com"; classtype:attempted-recon; sid:200002930; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"proximus-account.azurewebsites.net"; classtype:attempted-recon; sid:200002931; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ptxx.cc"; classtype:attempted-recon; sid:200002932; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pubgmobilevn.mobi"; classtype:attempted-recon; sid:200002933; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"publish-p43452-e180057.adobeaemcloud.com"; classtype:attempted-recon; sid:200002934; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"puffing.com.pk"; classtype:attempted-recon; sid:200002935; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pulihkan-accountt20001.webnode.page"; classtype:attempted-recon; sid:200002936; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"puroxymembrane.com"; classtype:attempted-recon; sid:200002937; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pvr0k.csb.app"; classtype:attempted-recon; sid:200002938; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pydttuxozmzjmjqxayxfxhycfr-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200002939; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qbocd.csb.app"; classtype:attempted-recon; sid:200002940; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qevwisdfztymporlndsckabdil-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200002941; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qf3nt.codesandbox.io"; classtype:attempted-recon; sid:200002942; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qfw.tosex35238.workers.dev"; classtype:attempted-recon; sid:200002943; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qhj39hfxqftr.clickfunnels.com"; classtype:attempted-recon; sid:200002944; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qhmqhgnfqbcoxkwamsioilhdmv-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200002945; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qsh74pekkv5e8.clickfunnels.com"; classtype:attempted-recon; sid:200002946; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qssa.x5yrlr.cn"; classtype:attempted-recon; sid:200002947; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quinaroja.com"; classtype:attempted-recon; sid:200002948; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quirky-jones.172-245-159-112.plesk.page"; classtype:attempted-recon; sid:200002949; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quotex-qx.com"; classtype:attempted-recon; sid:200002950; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qwas.nfi71vw.cn"; classtype:attempted-recon; sid:200002951; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qwea.wvhee0w.cn"; classtype:attempted-recon; sid:200002952; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qweas.hi5g95r.cn"; classtype:attempted-recon; sid:200002953; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qweas.p6rhddj.cn"; classtype:attempted-recon; sid:200002954; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qweas.zwfaclq.cn"; classtype:attempted-recon; sid:200002955; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"r3c31v30n3-1d3nt1ty.000webhostapp.com"; classtype:attempted-recon; sid:200002956; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rabellartz.de"; classtype:attempted-recon; sid:200002957; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rabofree.blogspot.com"; classtype:attempted-recon; sid:200002958; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rabofree.blogspot.li"; classtype:attempted-recon; sid:200002959; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rackenfordlabs.com"; classtype:attempted-recon; sid:200002960; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"racuten.nuef.info"; classtype:attempted-recon; sid:200002961; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"radhikamd.github.io"; classtype:attempted-recon; sid:200002962; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rafbbmx.ga"; classtype:attempted-recon; sid:200002963; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rafbbmx.ml"; classtype:attempted-recon; sid:200002964; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"raipurrussianescorts.com"; classtype:attempted-recon; sid:200002965; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rakoten-card.buogfbizkugf.gq"; classtype:attempted-recon; sid:200002966; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rakoten-card.bycsaxwdqunhh.gq"; classtype:attempted-recon; sid:200002967; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rakoten-card.motpefhnpvyz.gq"; classtype:attempted-recon; sid:200002968; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rakoten.potex.info"; classtype:attempted-recon; sid:200002969; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"raktuen.laobanlocker.com"; classtype:attempted-recon; sid:200002970; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rakuitan-card.info"; classtype:attempted-recon; sid:200002971; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rakuten.awjoadc.cn"; classtype:attempted-recon; sid:200002972; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rakuten.card.nuosreaoms.com"; classtype:attempted-recon; sid:200002973; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rakuten.co.jp.rakutenajp.xyz"; classtype:attempted-recon; sid:200002974; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ramgarhiamatrimonial.ca"; classtype:attempted-recon; sid:200002975; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rareelements.io"; classtype:attempted-recon; sid:200002976; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ratewatch.net"; classtype:attempted-recon; sid:200002977; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"raycargo.com"; classtype:attempted-recon; sid:200002978; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"raydiom.io"; classtype:attempted-recon; sid:200002979; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rbcmontgomery.com"; classtype:attempted-recon; sid:200002980; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rd8um.app.link"; classtype:attempted-recon; sid:200002981; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rdirtfuo6t.vov.ru"; classtype:attempted-recon; sid:200002982; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"re-direct-me.com"; classtype:attempted-recon; sid:200002983; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"re-redirection-acc-id923872635122.blogspot.com"; classtype:attempted-recon; sid:200002984; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"real-anon-keep-passing-word.rvsla.workers.dev"; classtype:attempted-recon; sid:200002985; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"realestate-page-10843446024.expresspestcontrol.co.nz"; classtype:attempted-recon; sid:200002986; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"realindiatravel.com"; classtype:attempted-recon; sid:200002987; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recibeya.tufacilmoneyonline.online"; classtype:attempted-recon; sid:200002988; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reconfirmpost287846656.us"; classtype:attempted-recon; sid:200002989; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recover-pages-media-problems-secur-782.web.id"; classtype:attempted-recon; sid:200002990; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recover-pages-secur-media-problems-397.web.id"; classtype:attempted-recon; sid:200002991; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recovery-chain.com"; classtype:attempted-recon; sid:200002992; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recovery-fb.secure-acct.workers.dev"; classtype:attempted-recon; sid:200002993; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"red-limit-db0e.chseonlinelogins.workers.dev"; classtype:attempted-recon; sid:200002994; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"redbysfrgroupebox.myfreesites.net"; classtype:attempted-recon; sid:200002995; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"redeem-microsoft-code.sitey.me"; classtype:attempted-recon; sid:200002996; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rediractionid547012016089540218057.blogspot.com"; classtype:attempted-recon; sid:200002997; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"redpichincha.webcindario.com"; classtype:attempted-recon; sid:200002998; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reg-3da7f.web.app"; classtype:attempted-recon; sid:200002999; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reg.chaindaohang.com"; classtype:attempted-recon; sid:200003000; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"regisdrive.xyz"; classtype:attempted-recon; sid:200003001; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"register-my-device.com"; classtype:attempted-recon; sid:200003002; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"registerdrive.xyz"; classtype:attempted-recon; sid:200003003; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reglic.in"; classtype:attempted-recon; sid:200003004; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"regularsweeps.xyz"; classtype:attempted-recon; sid:200003005; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reignbike.com"; classtype:attempted-recon; sid:200003006; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reikisadhna.com"; classtype:attempted-recon; sid:200003007; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rekoution.bcszxcd.shop"; classtype:attempted-recon; sid:200003008; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"relevant.systems"; classtype:attempted-recon; sid:200003009; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"remittance369297292749.goshly.com"; classtype:attempted-recon; sid:200003010; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"renovkonstruksi.com"; classtype:attempted-recon; sid:200003011; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"repl-mess.myfreesites.net"; classtype:attempted-recon; sid:200003012; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"restore.exodusapp.ru"; classtype:attempted-recon; sid:200003013; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"restorewallet-activation.net"; classtype:attempted-recon; sid:200003014; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"retiro-extracash.com"; classtype:attempted-recon; sid:200003015; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"retiro.cl"; classtype:attempted-recon; sid:200003016; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"retraiteenaction.ca"; classtype:attempted-recon; sid:200003017; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"retrospectiveplanningenforcementwestsussex.co.uk"; classtype:attempted-recon; sid:200003018; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"retrouve-particulier-mailaccord.globaltvnepal.com"; classtype:attempted-recon; sid:200003019; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rev.sfr.net.gghost.ru"; classtype:attempted-recon; sid:200003020; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"review-mynew-device.com"; classtype:attempted-recon; sid:200003021; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reviewbook.org"; classtype:attempted-recon; sid:200003022; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"revistametro.com.ar"; classtype:attempted-recon; sid:200003023; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reximane.cf"; classtype:attempted-recon; sid:200003024; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"riptide-operation.ru.com"; classtype:attempted-recon; sid:200003025; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"riveroflife.org.in"; classtype:attempted-recon; sid:200003026; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rizarichempire.com"; classtype:attempted-recon; sid:200003027; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rizkyinterior.com"; classtype:attempted-recon; sid:200003028; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rkanet.com"; classtype:attempted-recon; sid:200003029; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rkt-co.f1ss.co"; classtype:attempted-recon; sid:200003030; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rlink.vn"; classtype:attempted-recon; sid:200003031; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rmsfcc.com"; classtype:attempted-recon; sid:200003032; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rnercarl-security.co.ip.rnamso.shop"; classtype:attempted-recon; sid:200003033; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rnercarl.co.jp.merinosimo.shop"; classtype:attempted-recon; sid:200003034; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roadgo.co.uk"; classtype:attempted-recon; sid:200003035; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"robloxrun.000webhostapp.com"; classtype:attempted-recon; sid:200003036; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roccobonheur1-my-cheetah-website-copy.cheetah.builderall.com"; classtype:attempted-recon; sid:200003037; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roisnoob.github.io"; classtype:attempted-recon; sid:200003038; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rokulinktechnology.com"; classtype:attempted-recon; sid:200003039; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rolinadd.surveysparrow.com"; classtype:attempted-recon; sid:200003040; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rondalowa.blogspot.com"; classtype:attempted-recon; sid:200003041; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rondelbarrilito.com"; classtype:attempted-recon; sid:200003042; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ronin-help.com"; classtype:attempted-recon; sid:200003043; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roninwallet-connect.com"; classtype:attempted-recon; sid:200003044; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roninwallet.cm"; classtype:attempted-recon; sid:200003045; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rotimi.pandaform.com"; classtype:attempted-recon; sid:200003046; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roundcube-2c46f.web.app"; classtype:attempted-recon; sid:200003047; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roundcube-production-cf.tx1.mailhostbox.com"; classtype:attempted-recon; sid:200003048; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"routeksa.com"; classtype:attempted-recon; sid:200003049; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"royalwindsorpub.com"; classtype:attempted-recon; sid:200003050; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roygijvhluozwnflsypmewrstt-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200003051; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rplg.co"; classtype:attempted-recon; sid:200003052; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rrakutenn.co.jp.azii.cn"; classtype:attempted-recon; sid:200003053; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rrakutenn.co.jp.nanofresh.cn"; classtype:attempted-recon; sid:200003054; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rsujkblokqlyqfonpzgztejdji-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200003055; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runescape-info.com"; classtype:attempted-recon; sid:200003056; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runescapebonds.com"; classtype:attempted-recon; sid:200003057; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runescapeevents.com"; classtype:attempted-recon; sid:200003058; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ruth.martulangbelulalng.workers.dev"; classtype:attempted-recon; sid:200003059; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rymproducciones.com"; classtype:attempted-recon; sid:200003060; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"s-sarfati.co.il"; classtype:attempted-recon; sid:200003061; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"s.macecri.com"; classtype:attempted-recon; sid:200003062; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"s5vzr.app.link"; classtype:attempted-recon; sid:200003063; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"s787v.cn"; classtype:attempted-recon; sid:200003064; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sa.macecri.com"; classtype:attempted-recon; sid:200003065; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sadervoyages.intnet.mu"; classtype:attempted-recon; sid:200003066; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safty.summarycheck.workers.dev"; classtype:attempted-recon; sid:200003067; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"saintbarkleyshoes.com"; classtype:attempted-recon; sid:200003068; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"saitadobrasil.com.br"; classtype:attempted-recon; sid:200003069; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"saldospc.com"; classtype:attempted-recon; sid:200003070; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"saliksnas.lojaintegrada.com.br"; classtype:attempted-recon; sid:200003071; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"salmanfarsi01.github.io"; classtype:attempted-recon; sid:200003072; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"saludypension.com"; classtype:attempted-recon; sid:200003073; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"samarahonda.com"; classtype:attempted-recon; sid:200003074; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"samihalyaman.com"; classtype:attempted-recon; sid:200003075; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"samvoktor.com"; classtype:attempted-recon; sid:200003076; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sanasunty.site"; classtype:attempted-recon; sid:200003077; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sandeeppk03.github.io"; classtype:attempted-recon; sid:200003078; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sandhu.codebucketitsolutions.com"; classtype:attempted-recon; sid:200003079; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sanjilkumar.com"; classtype:attempted-recon; sid:200003080; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sankyo-rz.com"; classtype:attempted-recon; sid:200003081; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sanru.cd"; classtype:attempted-recon; sid:200003082; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"santander.secured-auth-login.com"; classtype:attempted-recon; sid:200003083; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"santepluspharma.eclatmediasolution.website"; classtype:attempted-recon; sid:200003084; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"santoshdangi.com.np"; classtype:attempted-recon; sid:200003085; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"saritapariyar.com.np"; classtype:attempted-recon; sid:200003086; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"satay-secur.reconfimations.pagedisabled.workers.dev"; classtype:attempted-recon; sid:200003087; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"satemi.com.ve"; classtype:attempted-recon; sid:200003088; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"satonteams.co.uk"; classtype:attempted-recon; sid:200003089; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"savingsfordentalcare.com"; classtype:attempted-recon; sid:200003090; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sbi.mx"; classtype:attempted-recon; sid:200003091; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sbs-siebanlagen.de"; classtype:attempted-recon; sid:200003092; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sc.macecri.com"; classtype:attempted-recon; sid:200003093; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sc.scicemecod.com"; classtype:attempted-recon; sid:200003094; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sca.scicemecod.com"; classtype:attempted-recon; sid:200003095; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sdgvsdvsdvs.blogspot.com"; classtype:attempted-recon; sid:200003096; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"se.scicemecod.com"; classtype:attempted-recon; sid:200003097; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sebat-dhl.blogspot.com"; classtype:attempted-recon; sid:200003098; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sebene27.github.io"; classtype:attempted-recon; sid:200003099; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secur-standard-media-recover-pages-problems-159.web.id"; classtype:attempted-recon; sid:200003100; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure-boncoincontrol.net"; classtype:attempted-recon; sid:200003101; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure-halifax-device.com"; classtype:attempted-recon; sid:200003102; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure-mynew-devices.com"; classtype:attempted-recon; sid:200003103; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure-runescape.xgm.rnp.mybluehost.me"; classtype:attempted-recon; sid:200003104; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure-zirox.s3.ap-southeast-2.amazonaws.com"; classtype:attempted-recon; sid:200003105; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.legalmetric.com"; classtype:attempted-recon; sid:200003106; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.oldschool.com-cl.ru"; classtype:attempted-recon; sid:200003107; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.oldschool.com-cu.ru"; classtype:attempted-recon; sid:200003108; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.oldschool.com-oz.ru"; classtype:attempted-recon; sid:200003109; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.oldschool.com-rsu.ru"; classtype:attempted-recon; sid:200003110; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-ak.ru"; classtype:attempted-recon; sid:200003111; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-as.cz"; classtype:attempted-recon; sid:200003112; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-az.ru"; classtype:attempted-recon; sid:200003113; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-ca.ru"; classtype:attempted-recon; sid:200003114; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-cl.ru"; classtype:attempted-recon; sid:200003115; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-co.ru"; classtype:attempted-recon; sid:200003116; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-cu.ru"; classtype:attempted-recon; sid:200003117; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-cv.ru"; classtype:attempted-recon; sid:200003118; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-or.ru"; classtype:attempted-recon; sid:200003119; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-oz.ru"; classtype:attempted-recon; sid:200003120; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-rse.ru"; classtype:attempted-recon; sid:200003121; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-rsu.ru"; classtype:attempted-recon; sid:200003122; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure.runescape.com-vs.ru"; classtype:attempted-recon; sid:200003123; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure300.inmotionhosting.com"; classtype:attempted-recon; sid:200003124; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure303.inmotionhosting.com"; classtype:attempted-recon; sid:200003125; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secure55.webhostinghub.com"; classtype:attempted-recon; sid:200003126; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secureaccount.ntflxauth.co"; classtype:attempted-recon; sid:200003127; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securegateway-ovhcloud.csl-sl.de"; classtype:attempted-recon; sid:200003128; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securelloyd-help-app.com"; classtype:attempted-recon; sid:200003129; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securewalletprotocol.online"; classtype:attempted-recon; sid:200003130; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"security-page-community-standards.blogspot.com"; classtype:attempted-recon; sid:200003131; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seguridad-oca.webcindario.com"; classtype:attempted-recon; sid:200003132; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seleccionperfil.xyz"; classtype:attempted-recon; sid:200003133; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"selector26.gg"; classtype:attempted-recon; sid:200003134; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"selector28.gg"; classtype:attempted-recon; sid:200003135; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sem.my-drs.co.uk"; classtype:attempted-recon; sid:200003136; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sen-manole.firebaseapp.com"; classtype:attempted-recon; sid:200003137; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sendo-meso.firebaseapp.com"; classtype:attempted-recon; sid:200003138; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sendung.eyecatch.ch"; classtype:attempted-recon; sid:200003139; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sergebubnin.space"; classtype:attempted-recon; sid:200003140; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sertyxese.myfreesites.net"; classtype:attempted-recon; sid:200003141; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"server-networksolutions.web.app"; classtype:attempted-recon; sid:200003142; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"server221.security.coinbase.com.gdone.co.ke"; classtype:attempted-recon; sid:200003143; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck103.web.app"; classtype:attempted-recon; sid:200003144; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck104.web.app"; classtype:attempted-recon; sid:200003145; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck105.web.app"; classtype:attempted-recon; sid:200003146; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck107.web.app"; classtype:attempted-recon; sid:200003147; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck108.web.app"; classtype:attempted-recon; sid:200003148; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck111.web.app"; classtype:attempted-recon; sid:200003149; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck112.web.app"; classtype:attempted-recon; sid:200003150; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck117.web.app"; classtype:attempted-recon; sid:200003151; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck118.web.app"; classtype:attempted-recon; sid:200003152; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck121.web.app"; classtype:attempted-recon; sid:200003153; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck122.web.app"; classtype:attempted-recon; sid:200003154; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck123.web.app"; classtype:attempted-recon; sid:200003155; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck126.web.app"; classtype:attempted-recon; sid:200003156; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck127.web.app"; classtype:attempted-recon; sid:200003157; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck129.web.app"; classtype:attempted-recon; sid:200003158; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck13.web.app"; classtype:attempted-recon; sid:200003159; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck130.web.app"; classtype:attempted-recon; sid:200003160; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck134.web.app"; classtype:attempted-recon; sid:200003161; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck135.web.app"; classtype:attempted-recon; sid:200003162; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck137.web.app"; classtype:attempted-recon; sid:200003163; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck138.web.app"; classtype:attempted-recon; sid:200003164; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck139.web.app"; classtype:attempted-recon; sid:200003165; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck14.web.app"; classtype:attempted-recon; sid:200003166; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck140.web.app"; classtype:attempted-recon; sid:200003167; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck142.web.app"; classtype:attempted-recon; sid:200003168; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck143.web.app"; classtype:attempted-recon; sid:200003169; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck145.web.app"; classtype:attempted-recon; sid:200003170; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck149.web.app"; classtype:attempted-recon; sid:200003171; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck155.web.app"; classtype:attempted-recon; sid:200003172; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck207.web.app"; classtype:attempted-recon; sid:200003173; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck21.web.app"; classtype:attempted-recon; sid:200003174; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck23.web.app"; classtype:attempted-recon; sid:200003175; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck334.web.app"; classtype:attempted-recon; sid:200003176; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck36.web.app"; classtype:attempted-recon; sid:200003177; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck410.web.app"; classtype:attempted-recon; sid:200003178; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck429.web.app"; classtype:attempted-recon; sid:200003179; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck442.web.app"; classtype:attempted-recon; sid:200003180; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck443.web.app"; classtype:attempted-recon; sid:200003181; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck46.web.app"; classtype:attempted-recon; sid:200003182; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck54.web.app"; classtype:attempted-recon; sid:200003183; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck60.web.app"; classtype:attempted-recon; sid:200003184; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck70.web.app"; classtype:attempted-recon; sid:200003185; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck736.web.app"; classtype:attempted-recon; sid:200003186; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck74.web.app"; classtype:attempted-recon; sid:200003187; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck75.web.app"; classtype:attempted-recon; sid:200003188; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck77.web.app"; classtype:attempted-recon; sid:200003189; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck8.web.app"; classtype:attempted-recon; sid:200003190; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck87.web.app"; classtype:attempted-recon; sid:200003191; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servervalidationcheck995.web.app"; classtype:attempted-recon; sid:200003192; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"service-lkdn2020.gacconstrutora.com.br"; classtype:attempted-recon; sid:200003193; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"serviceinfo-securehost.duckdns.org"; classtype:attempted-recon; sid:200003194; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servicepage.service-page.workers.dev"; classtype:attempted-recon; sid:200003195; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servicepichincha.webcindario.com"; classtype:attempted-recon; sid:200003196; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"services.runescape.com-as.cz"; classtype:attempted-recon; sid:200003197; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"services.runescape.com-rse.ru"; classtype:attempted-recon; sid:200003198; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"services.runescape.com-rsu.ru"; classtype:attempted-recon; sid:200003199; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servicesbancaire.com"; classtype:attempted-recon; sid:200003200; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"serviciosbndigitales.com"; classtype:attempted-recon; sid:200003201; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servics.validationsecuradm.workers.dev"; classtype:attempted-recon; sid:200003202; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"servinform.quadientcloud.eu"; classtype:attempted-recon; sid:200003203; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"setupmynorton.square.site"; classtype:attempted-recon; sid:200003204; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seul.unilurio.ac.mz"; classtype:attempted-recon; sid:200003205; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sevoudryserviciobomail.dudaone.com"; classtype:attempted-recon; sid:200003206; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sfc.com.vn"; classtype:attempted-recon; sid:200003207; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sfex12sec.web.app"; classtype:attempted-recon; sid:200003208; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sfirstrepublic.coms.cso.gov.tt"; classtype:attempted-recon; sid:200003209; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sfr.provad.fr"; classtype:attempted-recon; sid:200003210; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sfrpanel.lws.fr"; classtype:attempted-recon; sid:200003211; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sgtbalde991-dot-still-dynamics-321006.ue.r.appspot.com"; classtype:attempted-recon; sid:200003212; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shafischools.com"; classtype:attempted-recon; sid:200003213; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shamajastore.co.ke"; classtype:attempted-recon; sid:200003214; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shanky0.github.io"; classtype:attempted-recon; sid:200003215; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shanza.epos.com.pk"; classtype:attempted-recon; sid:200003216; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"share-eu1.hsforms.com"; classtype:attempted-recon; sid:200003217; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"share.chamaileon.io"; classtype:attempted-recon; sid:200003218; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shared-file.square.site"; classtype:attempted-recon; sid:200003219; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sharedfax815201376.wordpress.com"; classtype:attempted-recon; sid:200003220; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sharedtris.com"; classtype:attempted-recon; sid:200003221; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sharelink.sn.am"; classtype:attempted-recon; sid:200003222; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shayvardphoto.ir"; classtype:attempted-recon; sid:200003223; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shinex.lk"; classtype:attempted-recon; sid:200003224; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shippment2.temp.swtest.ru"; classtype:attempted-recon; sid:200003225; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shirhokos-mhalskbsiaoutfew43535.duckdns.org"; classtype:attempted-recon; sid:200003226; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shirtshanger.com"; classtype:attempted-recon; sid:200003227; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shiye666.cn"; classtype:attempted-recon; sid:200003228; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shop.cmfurnituremall.com"; classtype:attempted-recon; sid:200003229; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shop.ewerest-stroi.ru"; classtype:attempted-recon; sid:200003230; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopeecoins.blogspot.com"; classtype:attempted-recon; sid:200003231; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shrutidhall.com"; classtype:attempted-recon; sid:200003232; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sidneyfcuorg.freshy.site"; classtype:attempted-recon; sid:200003233; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sign-trk.empressmd.com"; classtype:attempted-recon; sid:200003234; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"signin-gcq7uwojrw58brcckylebjuy39nk2ivt65ol39k6ut6ura94zk.website.yandexcloud.net"; classtype:attempted-recon; sid:200003235; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"signin-payeer.com"; classtype:attempted-recon; sid:200003236; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"silpovsatb-ua.online"; classtype:attempted-recon; sid:200003237; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"silverberrygroup.com"; classtype:attempted-recon; sid:200003238; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"simonecamposshop.com.br"; classtype:attempted-recon; sid:200003239; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"simpkk.karanganyarkab.go.id"; classtype:attempted-recon; sid:200003240; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sindarspen.org.br"; classtype:attempted-recon; sid:200003241; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"siporados15585.blogspot.com"; classtype:attempted-recon; sid:200003242; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sirak.se"; classtype:attempted-recon; sid:200003243; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"site-4403463-3995-6112.mystrikingly.com"; classtype:attempted-recon; sid:200003244; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"site9423623.92.webydo.com"; classtype:attempted-recon; sid:200003245; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"site9423773.92.webydo.com"; classtype:attempted-recon; sid:200003246; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"site9434107.92.webydo.com"; classtype:attempted-recon; sid:200003247; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"site9548676.92.webydo.com"; classtype:attempted-recon; sid:200003248; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"site9551459.92.webydo.com"; classtype:attempted-recon; sid:200003249; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"site9552191.92.webydo.com"; classtype:attempted-recon; sid:200003250; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"site9606042.92.webydo.com"; classtype:attempted-recon; sid:200003251; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sitebrasil.azurewebsites.net"; classtype:attempted-recon; sid:200003252; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sitebuilder152832.dynadot.com"; classtype:attempted-recon; sid:200003253; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sitebuilder152935.dynadot.com"; classtype:attempted-recon; sid:200003254; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sitemodify.com"; classtype:attempted-recon; sid:200003255; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"situs-facebook-resmi21.webnode.com"; classtype:attempted-recon; sid:200003256; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"situs-layanan-pemulihan4.webnode.com"; classtype:attempted-recon; sid:200003257; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"situs-pemulihan-resmi0.webnode.com"; classtype:attempted-recon; sid:200003258; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"six-group.xyz"; classtype:attempted-recon; sid:200003259; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sk128.sbs"; classtype:attempted-recon; sid:200003260; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sklepkody.pl"; classtype:attempted-recon; sid:200003261; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"skradvanidance.business.site"; classtype:attempted-recon; sid:200003262; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"skybttv.com"; classtype:attempted-recon; sid:200003263; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"skygobank.com"; classtype:attempted-recon; sid:200003264; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"skylerclarkmusic.com"; classtype:attempted-recon; sid:200003265; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"skymavis-accountupdate.com"; classtype:attempted-recon; sid:200003266; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"skymavisupport.com"; classtype:attempted-recon; sid:200003267; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"slavamel.github.io"; classtype:attempted-recon; sid:200003268; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sleepmaskz.com"; classtype:attempted-recon; sid:200003269; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"slickparties.com"; classtype:attempted-recon; sid:200003270; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"slmkufeckf.jon-jensen.workers.dev"; classtype:attempted-recon; sid:200003271; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"slowlinebag.jp"; classtype:attempted-recon; sid:200003272; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sm.scicemecod.com"; classtype:attempted-recon; sid:200003273; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sm777.csb.app"; classtype:attempted-recon; sid:200003274; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smartfixconnect.live"; classtype:attempted-recon; sid:200003275; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smbc-accout.com"; classtype:attempted-recon; sid:200003276; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smbc-veaiana.com"; classtype:attempted-recon; sid:200003277; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smbcbc.com"; classtype:attempted-recon; sid:200003278; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smbccjp.shop"; classtype:attempted-recon; sid:200003279; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smbcr.mrtka.info"; classtype:attempted-recon; sid:200003280; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smbcwodeqingguoshoujicojp.top"; classtype:attempted-recon; sid:200003281; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smeo.org.mx"; classtype:attempted-recon; sid:200003282; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smgolamalif.github.io"; classtype:attempted-recon; sid:200003283; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smkkesehatanjember.sch.id"; classtype:attempted-recon; sid:200003284; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smmsvocal.yolasite.com"; classtype:attempted-recon; sid:200003285; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smpn2jeruklegi.sch.id"; classtype:attempted-recon; sid:200003286; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sms-check.sc-q.top"; classtype:attempted-recon; sid:200003287; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sms-infos.d2tt.co"; classtype:attempted-recon; sid:200003288; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sms-shorter.com"; classtype:attempted-recon; sid:200003289; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smsbc-info5.com"; classtype:attempted-recon; sid:200003290; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smsenligne.myfreesites.net"; classtype:attempted-recon; sid:200003291; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smsorangephonemail.myfreesites.net"; classtype:attempted-recon; sid:200003292; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smsorangesmsmessage.myfreesites.net"; classtype:attempted-recon; sid:200003293; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smss-mms.yolasite.com"; classtype:attempted-recon; sid:200003294; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smsverificationmms.myfreesites.net"; classtype:attempted-recon; sid:200003295; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smvbc-info.com"; classtype:attempted-recon; sid:200003296; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smwam.coms.cso.gov.tt"; classtype:attempted-recon; sid:200003297; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"so.macecri.com"; classtype:attempted-recon; sid:200003298; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"soaringskiesrentals.com"; classtype:attempted-recon; sid:200003299; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"soci-molen.web.app"; classtype:attempted-recon; sid:200003300; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"socialpinch.com"; classtype:attempted-recon; sid:200003301; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sofe-firma.firebaseapp.com"; classtype:attempted-recon; sid:200003302; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"soft-cell-8148.updateloginprogram.workers.dev"; classtype:attempted-recon; sid:200003303; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"soft-grass-1edd.acc-update.workers.dev"; classtype:attempted-recon; sid:200003304; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sognointerno.com"; classtype:attempted-recon; sid:200003305; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"solicitarfirmaelectronica-sv.com"; classtype:attempted-recon; sid:200003306; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"solyanayakomnata.ru"; classtype:attempted-recon; sid:200003307; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sopac.org.py"; classtype:attempted-recon; sid:200003308; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"souaxwaoh.myfreesites.net"; classtype:attempted-recon; sid:200003309; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"soude-masi.firebaseapp.com"; classtype:attempted-recon; sid:200003310; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"soufsont.blogspot.com"; classtype:attempted-recon; sid:200003311; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"soulocaredirect.webcindario.com"; classtype:attempted-recon; sid:200003312; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"soumya252000.github.io"; classtype:attempted-recon; sid:200003313; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"souravtech.com"; classtype:attempted-recon; sid:200003314; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"southamerica-east1-hardy-magpie-334101.cloudfunctions.net"; classtype:attempted-recon; sid:200003315; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"southamerica-east1-manifest-design-330523.cloudfunctions.net"; classtype:attempted-recon; sid:200003316; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"southamerica-east1-my-project-90086352.cloudfunctions.net"; classtype:attempted-recon; sid:200003317; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"southamerica-east1-noted-minutia-330211.cloudfunctions.net"; classtype:attempted-recon; sid:200003318; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sp477389.sitebeat.site"; classtype:attempted-recon; sid:200003319; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sp701876.sitebeat.site"; classtype:attempted-recon; sid:200003320; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spacemanagerent.webcindario.com"; classtype:attempted-recon; sid:200003321; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spark.shaheenwrites.com"; classtype:attempted-recon; sid:200003322; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sparkasse-vereinsbanken.xyz"; classtype:attempted-recon; sid:200003323; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sparkasse.de.internet-filiale.co"; classtype:attempted-recon; sid:200003324; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sparxinteriors.co.zw"; classtype:attempted-recon; sid:200003325; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"specialnotice.pricesamazonlogincard.shop"; classtype:attempted-recon; sid:200003326; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spectrumstorageaccess.yahoosites.com"; classtype:attempted-recon; sid:200003327; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spentamultimedia.com"; classtype:attempted-recon; sid:200003328; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spidertvapp.com"; classtype:attempted-recon; sid:200003329; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spirit.gtwozone.com"; classtype:attempted-recon; sid:200003330; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spk-entsperren.de"; classtype:attempted-recon; sid:200003331; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spk-jahreswechsel.com"; classtype:attempted-recon; sid:200003332; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spk-secure-de.com"; classtype:attempted-recon; sid:200003333; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spkfod.coms.cso.gov.tt"; classtype:attempted-recon; sid:200003334; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sport.protected-secur.workers.dev"; classtype:attempted-recon; sid:200003335; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sportshoes.top"; classtype:attempted-recon; sid:200003336; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sportybetpremium.wapka.co"; classtype:attempted-recon; sid:200003337; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spring-pond-62c4.autocreative.workers.dev"; classtype:attempted-recon; sid:200003338; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spring-pond-62c4.autocreative.workers.dev#eimaste@stinpriza.org"; classtype:attempted-recon; sid:200003339; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"squeeze-airwcmalznoun.com"; classtype:attempted-recon; sid:200003340; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"squeeze-amieazoeon.co"; classtype:attempted-recon; sid:200003341; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sr.scicemecod.com"; classtype:attempted-recon; sid:200003342; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"srisritextiles.com"; classtype:attempted-recon; sid:200003343; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"srvr-cloudmail-srvr5s5wd3.pages.dev"; classtype:attempted-recon; sid:200003344; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ssdaz.sqqaepr.cn"; classtype:attempted-recon; sid:200003345; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sse.scicemecod.com"; classtype:attempted-recon; sid:200003346; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ssia.org.sg"; classtype:attempted-recon; sid:200003347; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ssl.dsl.isl.mll.aqmst6.stockestan.ir"; classtype:attempted-recon; sid:200003348; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sso-garena.com"; classtype:attempted-recon; sid:200003349; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sswebmail-4w5twsr.web.app"; classtype:attempted-recon; sid:200003350; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"staffportal.uoz.edu.krd"; classtype:attempted-recon; sid:200003351; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stage.vannaryfowler.com"; classtype:attempted-recon; sid:200003352; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"staging.eliteautomotive.com.au"; classtype:attempted-recon; sid:200003353; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"standardcapbnk.com"; classtype:attempted-recon; sid:200003354; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"standardupdatesupportandhelpcenter2021.ga"; classtype:attempted-recon; sid:200003355; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"starforsure.com"; classtype:attempted-recon; sid:200003356; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"starliker.net"; classtype:attempted-recon; sid:200003357; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"starsoftheindustry.com"; classtype:attempted-recon; sid:200003358; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"starttsboxfile.myfreesites.net"; classtype:attempted-recon; sid:200003359; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"static-ak-fbcdn.atspace.com"; classtype:attempted-recon; sid:200003360; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"static-dev.o2alerts.com"; classtype:attempted-recon; sid:200003361; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"static-promote.weebly.com"; classtype:attempted-recon; sid:200003362; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"status-dev.o2alerts.com"; classtype:attempted-recon; sid:200003363; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stclarechurch.net"; classtype:attempted-recon; sid:200003364; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"steamcommunites.com"; classtype:attempted-recon; sid:200003365; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"steamcommunitj.com"; classtype:attempted-recon; sid:200003366; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"steamcommunityk.com"; classtype:attempted-recon; sid:200003367; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"steampoweredtrade.org"; classtype:attempted-recon; sid:200003368; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"steampoweredtrades.org"; classtype:attempted-recon; sid:200003369; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stevemadden-sverige.com"; classtype:attempted-recon; sid:200003370; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stevemaddenbutik.com"; classtype:attempted-recon; sid:200003371; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stevemaddenserbia.com"; classtype:attempted-recon; sid:200003372; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stevemaddenshoe.net"; classtype:attempted-recon; sid:200003373; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"steven-coldwellbth9965.web.app"; classtype:attempted-recon; sid:200003374; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stevencrews.com"; classtype:attempted-recon; sid:200003375; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stgrp.ru"; classtype:attempted-recon; sid:200003376; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"still-star-c948.updatelogaccountprogramedrfwerwrdhsjy.workers.dev"; classtype:attempted-recon; sid:200003377; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stimulus-claim.com"; classtype:attempted-recon; sid:200003378; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stjohnmarol.com"; classtype:attempted-recon; sid:200003379; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stjudes.in"; classtype:attempted-recon; sid:200003380; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stolizaparketa.ru"; classtype:attempted-recon; sid:200003381; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stollgroup.coms.cso.gov.tt"; classtype:attempted-recon; sid:200003382; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stomkinscommercial.com.aus.cso.gov.tt"; classtype:attempted-recon; sid:200003383; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storage.yandexcloud.net"; classtype:attempted-recon; sid:200003384; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storenike365.top"; classtype:attempted-recon; sid:200003385; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"studio-lol.com"; classtype:attempted-recon; sid:200003386; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stylifehomedecors.com"; classtype:attempted-recon; sid:200003387; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stz-fmba.ru"; classtype:attempted-recon; sid:200003388; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"submit8099.page.link"; classtype:attempted-recon; sid:200003389; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"successgroup.org"; classtype:attempted-recon; sid:200003390; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sucses-gov.nomtiluy.top"; classtype:attempted-recon; sid:200003391; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sucuvirtcolba.com"; classtype:attempted-recon; sid:200003392; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"suelunn.com"; classtype:attempted-recon; sid:200003393; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"suiviticket.co"; classtype:attempted-recon; sid:200003394; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sukien-pubgmoblevng.ga"; classtype:attempted-recon; sid:200003395; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sultan-raza.github.io"; classtype:attempted-recon; sid:200003396; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sumpandtankcleaners.in"; classtype:attempted-recon; sid:200003397; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sunbeltmembers.com"; classtype:attempted-recon; sid:200003398; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sunge-ode.firebaseapp.com"; classtype:attempted-recon; sid:200003399; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sunshineteam.in"; classtype:attempted-recon; sid:200003400; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"super-dawn-3035.ddahluwalia.workers.dev"; classtype:attempted-recon; sid:200003401; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"supermilhas.com"; classtype:attempted-recon; sid:200003402; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"supotsstunes.servehttp.com"; classtype:attempted-recon; sid:200003403; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"suppliers.bitshepherd.org"; classtype:attempted-recon; sid:200003404; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"support-auwebaccessjpnaikpanggung.com"; classtype:attempted-recon; sid:200003405; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"support-axiewallet.com"; classtype:attempted-recon; sid:200003406; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"support-dapps.info"; classtype:attempted-recon; sid:200003407; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"support-process-manager.com"; classtype:attempted-recon; sid:200003408; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"support-verify-mydevices.com"; classtype:attempted-recon; sid:200003409; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"support.atimazo.shop"; classtype:attempted-recon; sid:200003410; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"supportpichincha.webcindario.com"; classtype:attempted-recon; sid:200003411; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"survey18-aws.surveycenter.com"; classtype:attempted-recon; sid:200003412; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"survey18-aws.toluna.com"; classtype:attempted-recon; sid:200003413; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"surveys.adytude.com"; classtype:attempted-recon; sid:200003414; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"suspicious-williamson.193-70-50-31.plesk.page"; classtype:attempted-recon; sid:200003415; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"suumc-one.com"; classtype:attempted-recon; sid:200003416; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sv.scicemecod.com"; classtype:attempted-recon; sid:200003417; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"svelte-kdy6dk.stackblitz.io"; classtype:attempted-recon; sid:200003418; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"swanholm.net"; classtype:attempted-recon; sid:200003419; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"swannatural.com"; classtype:attempted-recon; sid:200003420; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"swap.elena.finance"; classtype:attempted-recon; sid:200003421; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"swappauto.staging.lcsolutions.it"; classtype:attempted-recon; sid:200003422; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"swedbank-apsauga.info"; classtype:attempted-recon; sid:200003423; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"swisscom.myfreesites.net"; classtype:attempted-recon; sid:200003424; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sxb1plvwcpnl489779.prod.sxb1.secureserver.net"; classtype:attempted-recon; sid:200003425; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synaxisreadymix.com"; classtype:attempted-recon; sid:200003426; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncdappconnect.com"; classtype:attempted-recon; sid:200003427; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncmultidapp.com"; classtype:attempted-recon; sid:200003428; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syr.us"; classtype:attempted-recon; sid:200003429; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sysm5rn.cn"; classtype:attempted-recon; sid:200003430; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"system-fassil-net-2-3242353453453--12344443.repl.co"; classtype:attempted-recon; sid:200003431; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"t0nline0de0login-001-site1.itempurl.com"; classtype:attempted-recon; sid:200003432; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"taher-mohamed-ahmed-saad.github.io"; classtype:attempted-recon; sid:200003433; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"take-free-2022.duckdns.org"; classtype:attempted-recon; sid:200003434; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"taoistw345ie.co"; classtype:attempted-recon; sid:200003435; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tarik-fitness.com"; classtype:attempted-recon; sid:200003436; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"taxcare.page.link"; classtype:attempted-recon; sid:200003437; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"taxopus.com"; classtype:attempted-recon; sid:200003438; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tb915hdh89.mfs.gg"; classtype:attempted-recon; sid:200003439; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tby.eb-sites.com"; classtype:attempted-recon; sid:200003440; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tcaconnect.ac-page.com"; classtype:attempted-recon; sid:200003441; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"teamgameswild.com"; classtype:attempted-recon; sid:200003442; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"teamgoogle125590.psee.ly"; classtype:attempted-recon; sid:200003443; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"teamomni4life.com"; classtype:attempted-recon; sid:200003444; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tebapit.com"; classtype:attempted-recon; sid:200003445; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tecmachine.com.br"; classtype:attempted-recon; sid:200003446; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tecnominproductos.com"; classtype:attempted-recon; sid:200003447; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"teekitstorage.blob.core.windows.net"; classtype:attempted-recon; sid:200003448; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tejalashikaindiagrocery.com"; classtype:attempted-recon; sid:200003449; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"telecredutobcp.com"; classtype:attempted-recon; sid:200003450; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"telegramsecurityhelp.ru"; classtype:attempted-recon; sid:200003451; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tellmeliu.github.io"; classtype:attempted-recon; sid:200003452; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"templat65sldh.myfreesites.net"; classtype:attempted-recon; sid:200003453; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"temporary-url.com"; classtype:attempted-recon; sid:200003454; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"terpelsicumple.com"; classtype:attempted-recon; sid:200003455; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tesladrive-event.com"; classtype:attempted-recon; sid:200003456; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"test.bayoucitybadges.org"; classtype:attempted-recon; sid:200003457; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"test.bitflye87.com"; classtype:attempted-recon; sid:200003458; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"test.dxbproductions.com"; classtype:attempted-recon; sid:200003459; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"test.myshopclub.ru"; classtype:attempted-recon; sid:200003460; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"test.webclient4.de"; classtype:attempted-recon; sid:200003461; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"testing-domain.duckdns.org"; classtype:attempted-recon; sid:200003462; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"texasfreedomrun.com"; classtype:attempted-recon; sid:200003463; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tgpafasfsakkk.pages.dev"; classtype:attempted-recon; sid:200003464; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theaceofspaeder.com"; classtype:attempted-recon; sid:200003465; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theaudazity.com"; classtype:attempted-recon; sid:200003466; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theavon.co.zw"; classtype:attempted-recon; sid:200003467; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thebeachleague.com"; classtype:attempted-recon; sid:200003468; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thechillipicklecanteen.com"; classtype:attempted-recon; sid:200003469; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thedecorindia.com"; classtype:attempted-recon; sid:200003470; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thedom.kg"; classtype:attempted-recon; sid:200003471; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theironinnparlour.co.uk"; classtype:attempted-recon; sid:200003472; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theneontree.in"; classtype:attempted-recon; sid:200003473; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thepointcj.com.br"; classtype:attempted-recon; sid:200003474; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thespiritualtransformation.com"; classtype:attempted-recon; sid:200003475; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thetimecenter.com"; classtype:attempted-recon; sid:200003476; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thomasdentalcentre.com"; classtype:attempted-recon; sid:200003477; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"three-retail-live.devicetradein.co.uk"; classtype:attempted-recon; sid:200003478; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tianyuiyu.uihaish.xyz"; classtype:attempted-recon; sid:200003479; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tieganford.ca"; classtype:attempted-recon; sid:200003480; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tighi.creatorlink.net"; classtype:attempted-recon; sid:200003481; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tight-samiuboc.co"; classtype:attempted-recon; sid:200003482; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tikitaps.com"; classtype:attempted-recon; sid:200003483; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tipografieonline.ro"; classtype:attempted-recon; sid:200003484; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tirozhjewelry.com"; classtype:attempted-recon; sid:200003485; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"titelinedrillingintl.yolasite.com"; classtype:attempted-recon; sid:200003486; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tktrailerparts.com"; classtype:attempted-recon; sid:200003487; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tlatx.com"; classtype:attempted-recon; sid:200003488; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tlcbcp.com-segurospe.buzz"; classtype:attempted-recon; sid:200003489; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"to-ken.biz"; classtype:attempted-recon; sid:200003490; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"toanhoc247.edu.vn"; classtype:attempted-recon; sid:200003491; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"toddler-town.com"; classtype:attempted-recon; sid:200003492; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tongdaiviettelbienhoa.com"; classtype:attempted-recon; sid:200003493; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tooljerejin.airsite.co"; classtype:attempted-recon; sid:200003494; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"top10cheapairlinesreview.xyz"; classtype:attempted-recon; sid:200003495; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"top10songsnews.com"; classtype:attempted-recon; sid:200003496; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"topearnersafrica.com"; classtype:attempted-recon; sid:200003497; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"topskills.ru"; classtype:attempted-recon; sid:200003498; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"torccolborrachas.blogspot.com"; classtype:attempted-recon; sid:200003499; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"torrinwine.com"; classtype:attempted-recon; sid:200003500; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"touchidea.top"; classtype:attempted-recon; sid:200003501; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tovowhuqeojweawmubmaqmqlv.hofferflow.icu"; classtype:attempted-recon; sid:200003502; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tpayleboncoin.com"; classtype:attempted-recon; sid:200003503; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"traders-joesxyz.com"; classtype:attempted-recon; sid:200003504; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tradeswarehouse.com"; classtype:attempted-recon; sid:200003505; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trams.mot.go.th"; classtype:attempted-recon; sid:200003506; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"transfertconfirmer-payalfrance.com"; classtype:attempted-recon; sid:200003507; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"triangarena-membership.ga"; classtype:attempted-recon; sid:200003508; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tribratanewsbondowoso.com"; classtype:attempted-recon; sid:200003509; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tribunbalikpapan.com"; classtype:attempted-recon; sid:200003510; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"truegrip.com"; classtype:attempted-recon; sid:200003511; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trustinpichincha.webcindario.com"; classtype:attempted-recon; sid:200003512; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trustpress.gr"; classtype:attempted-recon; sid:200003513; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trustypichincha.webcindario.com"; classtype:attempted-recon; sid:200003514; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ts3cacd.rzjxbv.com"; classtype:attempted-recon; sid:200003515; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"turntekcnc.com"; classtype:attempted-recon; sid:200003516; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tx.vc"; classtype:attempted-recon; sid:200003517; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"txwnmdsbqghviqxpglgzjrgbzv-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200003518; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"typedream.site"; classtype:attempted-recon; sid:200003519; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"typesmartlyocr.com"; classtype:attempted-recon; sid:200003520; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tyrecentre.ru"; classtype:attempted-recon; sid:200003521; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"u08qv44zu5h.typeform.com"; classtype:attempted-recon; sid:200003522; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"u1565723.plsk.regruhosting.ru"; classtype:attempted-recon; sid:200003523; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"u18741649.ct.sendgrid.net"; classtype:attempted-recon; sid:200003524; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"u827857uw6.ha004.t.justns.ru"; classtype:attempted-recon; sid:200003525; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uabaiieo.com"; classtype:attempted-recon; sid:200003526; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ualsemantic.dualsemantics.net"; classtype:attempted-recon; sid:200003527; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ug7jv.sbs"; classtype:attempted-recon; sid:200003528; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uglcsonfonia.org"; classtype:attempted-recon; sid:200003529; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhasd.au6bu8m.cn"; classtype:attempted-recon; sid:200003530; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhdss.xkrx0o.cn"; classtype:attempted-recon; sid:200003531; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhfddsa.t0xpo42.cn"; classtype:attempted-recon; sid:200003532; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhhd.rox847t.cn"; classtype:attempted-recon; sid:200003533; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhhff.cnza7b8.cn"; classtype:attempted-recon; sid:200003534; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhna.5m4zhvd.cn"; classtype:attempted-recon; sid:200003535; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhnas.ib8b40d.cn"; classtype:attempted-recon; sid:200003536; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhnca.yrk1du9.cn"; classtype:attempted-recon; sid:200003537; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhncd.n26k1al.cn"; classtype:attempted-recon; sid:200003538; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhncda.xmilwwp.cn"; classtype:attempted-recon; sid:200003539; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhndd.9943s82.cn"; classtype:attempted-recon; sid:200003540; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhns.mxyzy7i.cn"; classtype:attempted-recon; sid:200003541; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhnsa.sdmpo0s.cn"; classtype:attempted-recon; sid:200003542; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhnxa.d23xsru.cn"; classtype:attempted-recon; sid:200003543; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhnxa.q83itv9.cn"; classtype:attempted-recon; sid:200003544; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uhnxas.rvw56l.cn"; classtype:attempted-recon; sid:200003545; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujcd.um2nlru.cn"; classtype:attempted-recon; sid:200003546; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujdaa.fn3m4en.cn"; classtype:attempted-recon; sid:200003547; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujds.5e8tn13.cn"; classtype:attempted-recon; sid:200003548; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhca.oioqmsh.cn"; classtype:attempted-recon; sid:200003549; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhca.xsevdat.cn"; classtype:attempted-recon; sid:200003550; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhcd.8burgvo.cn"; classtype:attempted-recon; sid:200003551; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhd.21k0qik.cn"; classtype:attempted-recon; sid:200003552; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhd.c0c4m46.cn"; classtype:attempted-recon; sid:200003553; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhd.j419kr0.cn"; classtype:attempted-recon; sid:200003554; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhd.kdsiuuc.cn"; classtype:attempted-recon; sid:200003555; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhd.zkshmxt.cn"; classtype:attempted-recon; sid:200003556; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhdca.mdwclcb.cn"; classtype:attempted-recon; sid:200003557; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhdd.cotf8p5.cn"; classtype:attempted-recon; sid:200003558; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhf.m45h2q0.cn"; classtype:attempted-recon; sid:200003559; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhff.nkxefqp.cn"; classtype:attempted-recon; sid:200003560; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujhs.o2klowf.cn"; classtype:attempted-recon; sid:200003561; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujnca.wxuqxb7.cn"; classtype:attempted-recon; sid:200003562; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujnca.zgbo0g.cn"; classtype:attempted-recon; sid:200003563; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujncd.kzi68ra.cn"; classtype:attempted-recon; sid:200003564; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujncd.lw2djbm.cn"; classtype:attempted-recon; sid:200003565; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ujnxas.vj135ih.cn"; classtype:attempted-recon; sid:200003566; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ukcare.in"; classtype:attempted-recon; sid:200003567; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"umbrellaclubla.com"; classtype:attempted-recon; sid:200003568; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unam.myfreesites.net"; classtype:attempted-recon; sid:200003569; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unbxa.byjmcpy.cn"; classtype:attempted-recon; sid:200003570; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"undefinedtrack.xyz"; classtype:attempted-recon; sid:200003571; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unga.c76sioq.cn"; classtype:attempted-recon; sid:200003572; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniassessoria.com.br"; classtype:attempted-recon; sid:200003573; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unicreditaustria.ucs.info"; classtype:attempted-recon; sid:200003574; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unifacema.edu.br"; classtype:attempted-recon; sid:200003575; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unifacvest.net"; classtype:attempted-recon; sid:200003576; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unifiedsmartsync.live"; classtype:attempted-recon; sid:200003577; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unionheightsresidental.com"; classtype:attempted-recon; sid:200003578; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unisons.store"; classtype:attempted-recon; sid:200003579; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unisonsouthayr.org.uk"; classtype:attempted-recon; sid:200003580; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniswap.ch"; classtype:attempted-recon; sid:200003581; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniswap.financial"; classtype:attempted-recon; sid:200003582; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniswap.openwallet.dev"; classtype:attempted-recon; sid:200003583; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniswap.pages.dev"; classtype:attempted-recon; sid:200003584; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniswap.seal.finance"; classtype:attempted-recon; sid:200003585; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniswap.token.im"; classtype:attempted-recon; sid:200003586; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniswap.trading"; classtype:attempted-recon; sid:200003587; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniswapfinancing.info"; classtype:attempted-recon; sid:200003588; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniswaps.net"; classtype:attempted-recon; sid:200003589; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unitedalliance-online.000webhostapp.com"; classtype:attempted-recon; sid:200003590; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unitus.mk.ua"; classtype:attempted-recon; sid:200003591; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"universidadsanjuan.ac"; classtype:attempted-recon; sid:200003592; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unnca.bbh672u.cn"; classtype:attempted-recon; sid:200003593; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unnxa.pqpchqo.cn"; classtype:attempted-recon; sid:200003594; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unpocodearte.cl"; classtype:attempted-recon; sid:200003595; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unregpayee-lb.com"; classtype:attempted-recon; sid:200003596; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unsub.listhandlr.com"; classtype:attempted-recon; sid:200003597; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updateinfo-billingo2.com"; classtype:attempted-recon; sid:200003598; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updatemy.software"; classtype:attempted-recon; sid:200003599; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updateseason.com"; classtype:attempted-recon; sid:200003600; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updatestory2022.co.vu"; classtype:attempted-recon; sid:200003601; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updatevoda-billing.com"; classtype:attempted-recon; sid:200003602; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upgrade-25gb-email.thecornerstudio.com.au"; classtype:attempted-recon; sid:200003603; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upgradedserver.online"; classtype:attempted-recon; sid:200003604; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uploadpichincha.webcindario.com"; classtype:attempted-recon; sid:200003605; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uploads.codesandbox.io"; classtype:attempted-recon; sid:200003606; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uppledpichincha.webcindario.com"; classtype:attempted-recon; sid:200003607; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"urbenorte.com"; classtype:attempted-recon; sid:200003608; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"urgent-halifaxlogin.com"; classtype:attempted-recon; sid:200003609; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"userboitevocalweb.flazio.com"; classtype:attempted-recon; sid:200003610; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"userinformationstoreupdatesmail.pages.dev"; classtype:attempted-recon; sid:200003611; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"usfn.net"; classtype:attempted-recon; sid:200003612; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uspsexpressdeliveryline.com"; classtype:attempted-recon; sid:200003613; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uswowgame.net"; classtype:attempted-recon; sid:200003614; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uueer.7jgy5xe.cn"; classtype:attempted-recon; sid:200003615; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uuid-validation.run-us-west2.goorm.io"; classtype:attempted-recon; sid:200003616; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uukx0h0.cn"; classtype:attempted-recon; sid:200003617; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uyhnxx.urpzkva.cn"; classtype:attempted-recon; sid:200003618; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uyqw.dykowec.cn"; classtype:attempted-recon; sid:200003619; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uz154.sbs"; classtype:attempted-recon; sid:200003620; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"v.macecri.com"; classtype:attempted-recon; sid:200003621; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"v3r1f1c4t10ns-1d3nt1tys.000webhostapp.com"; classtype:attempted-recon; sid:200003622; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"v3r1f1c4t10ns-c3nt3rp4g3.000webhostapp.com"; classtype:attempted-recon; sid:200003623; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vaccine-status-info.com"; classtype:attempted-recon; sid:200003624; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vakif.albay-arnold.com"; classtype:attempted-recon; sid:200003625; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"valax-wallet.com"; classtype:attempted-recon; sid:200003626; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"valenciaoptometry.com"; classtype:attempted-recon; sid:200003627; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"valenteplay.com.br"; classtype:attempted-recon; sid:200003628; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"validacionpichincha.odoo.com"; classtype:attempted-recon; sid:200003629; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"validate-chain.com"; classtype:attempted-recon; sid:200003630; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"validate-solana.com"; classtype:attempted-recon; sid:200003631; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"validator-fzkiy.run-us-west2.goorm.io"; classtype:attempted-recon; sid:200003632; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vallion.motiffliterature.me"; classtype:attempted-recon; sid:200003633; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vcz.gmoqkzu.cn"; classtype:attempted-recon; sid:200003634; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"velvish.com"; classtype:attempted-recon; sid:200003635; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ventas.lnterbarnk.pe.jifad.org"; classtype:attempted-recon; sid:200003636; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"veri-pichincha.webcindario.com"; classtype:attempted-recon; sid:200003637; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verification-trustwallet.4bl-eg.com"; classtype:attempted-recon; sid:200003638; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verification.fb-page.workers.dev"; classtype:attempted-recon; sid:200003639; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verificationmessage.blob.core.windows.net"; classtype:attempted-recon; sid:200003640; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verifications-zones.com"; classtype:attempted-recon; sid:200003641; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verififacebookid.wixsite.com"; classtype:attempted-recon; sid:200003642; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verifiikasi-accounts.weebly.com"; classtype:attempted-recon; sid:200003643; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verifikasi-akun-anda0011.weeblysite.com"; classtype:attempted-recon; sid:200003644; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verifikasi-akun-facebook0022.weeblysite.com"; classtype:attempted-recon; sid:200003645; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verifikasi-identitas47.weebly.com"; classtype:attempted-recon; sid:200003646; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verifocaoffa.webcindario.com"; classtype:attempted-recon; sid:200003647; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"verifymywallets.com"; classtype:attempted-recon; sid:200003648; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vgiuhkjnm.b9u6vh5l7g1797.workers.dev"; classtype:attempted-recon; sid:200003649; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"victorarath99.github.io"; classtype:attempted-recon; sid:200003650; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videobigo.com"; classtype:attempted-recon; sid:200003651; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vietlime.vn"; classtype:attempted-recon; sid:200003652; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vietschi.de"; classtype:attempted-recon; sid:200003653; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"viettel-com-dot-c2c01-531c7.uc.r.appspot.com"; classtype:attempted-recon; sid:200003654; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vigilant-murdock.45-81-232-15.plesk.page"; classtype:attempted-recon; sid:200003655; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"viguohilkasdsd.izwe6g6lyc.workers.dev"; classtype:attempted-recon; sid:200003656; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vilaanimalviana.pt"; classtype:attempted-recon; sid:200003657; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vinbpcfatfnkjftetwwkucfqsi-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200003658; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vinivet.mk"; classtype:attempted-recon; sid:200003659; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vipfbtools.com"; classtype:attempted-recon; sid:200003660; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"viral-groub.duckdns.org"; classtype:attempted-recon; sid:200003661; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"virginia-spi.com"; classtype:attempted-recon; sid:200003662; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"virtual1dattss.com"; classtype:attempted-recon; sid:200003663; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vis-stort.github.io"; classtype:attempted-recon; sid:200003664; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vishaljangale01.github.io"; classtype:attempted-recon; sid:200003665; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"visione.co.id"; classtype:attempted-recon; sid:200003666; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"visionproperty.in"; classtype:attempted-recon; sid:200003667; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vk-money.xyz"; classtype:attempted-recon; sid:200003668; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vk-posters.ru"; classtype:attempted-recon; sid:200003669; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vk-vhods.co"; classtype:attempted-recon; sid:200003670; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vkjbm.4nt4nb464e6113.workers.dev"; classtype:attempted-recon; sid:200003671; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vodaupdatepayment.com"; classtype:attempted-recon; sid:200003672; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"volvocarskc.us1.list-manage.com"; classtype:attempted-recon; sid:200003673; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vps56290.servconfig.com"; classtype:attempted-recon; sid:200003674; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vqed.5xcv81zrx0530.workers.dev"; classtype:attempted-recon; sid:200003675; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vqwd.soboja1994.workers.dev"; classtype:attempted-recon; sid:200003676; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vr-banking-app.de"; classtype:attempted-recon; sid:200003677; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vr-neu.com"; classtype:attempted-recon; sid:200003678; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vr-system89394.com"; classtype:attempted-recon; sid:200003679; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vr-system98622.com"; classtype:attempted-recon; sid:200003680; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vtekllc.com"; classtype:attempted-recon; sid:200003681; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vtxmail2018.myfreesites.net"; classtype:attempted-recon; sid:200003682; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vugik.mecil33784.workers.dev"; classtype:attempted-recon; sid:200003683; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vv.macecri.com"; classtype:attempted-recon; sid:200003684; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vvjde0h0ttttf9hay.com"; classtype:attempted-recon; sid:200003685; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vvpaes-me-index.egvtpp.cn"; classtype:attempted-recon; sid:200003686; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vws.co.in"; classtype:attempted-recon; sid:200003687; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vxcas.a35570.cn"; classtype:attempted-recon; sid:200003688; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vxdse.myfreesites.net"; classtype:attempted-recon; sid:200003689; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"w2.deraya.org"; classtype:attempted-recon; sid:200003690; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"w5aproject.s3.us-east.cloud-object-storage.appdomain.cloud"; classtype:attempted-recon; sid:200003691; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wahed-koudsi2001.github.io"; classtype:attempted-recon; sid:200003692; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walkers-dot-composite-store-326315.uk.r.appspot.com"; classtype:attempted-recon; sid:200003693; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wallcertifyonmesh.com"; classtype:attempted-recon; sid:200003694; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walldesign.com.tr"; classtype:attempted-recon; sid:200003695; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wallet-connect012.web.app"; classtype:attempted-recon; sid:200003696; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wallet-reconnection.xyz"; classtype:attempted-recon; sid:200003697; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wallet-verified.com"; classtype:attempted-recon; sid:200003698; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wallet.silesiacoin.com"; classtype:attempted-recon; sid:200003699; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wallet22.000webhostapp.com"; classtype:attempted-recon; sid:200003700; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletconnect-tool.net"; classtype:attempted-recon; sid:200003701; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletconnect-tools.xyz"; classtype:attempted-recon; sid:200003702; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletconnectonline.pages.dev"; classtype:attempted-recon; sid:200003703; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletconnectors.com"; classtype:attempted-recon; sid:200003704; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walleterrorsupport.com"; classtype:attempted-recon; sid:200003705; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletokenvalidation.com"; classtype:attempted-recon; sid:200003706; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletsconect.live"; classtype:attempted-recon; sid:200003707; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletsconnex.com"; classtype:attempted-recon; sid:200003708; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletsliveconnects.net"; classtype:attempted-recon; sid:200003709; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletsreauth.org"; classtype:attempted-recon; sid:200003710; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletsynclive.com"; classtype:attempted-recon; sid:200003711; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletvalidation.me"; classtype:attempted-recon; sid:200003712; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"walletvalidators.com"; classtype:attempted-recon; sid:200003713; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wallletsconnectts.com"; classtype:attempted-recon; sid:200003714; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wallsynchvalidatevd.com"; classtype:attempted-recon; sid:200003715; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wana78420.myfreesites.net"; classtype:attempted-recon; sid:200003716; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wap.bitffybtcer.club"; classtype:attempted-recon; sid:200003717; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wap.bitffybtcer.xyz"; classtype:attempted-recon; sid:200003718; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wap.bitflyer.plus"; classtype:attempted-recon; sid:200003719; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wap.bitflyer.venus.kim"; classtype:attempted-recon; sid:200003720; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wap.btcffybtcer.com"; classtype:attempted-recon; sid:200003721; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"warbonus.ru"; classtype:attempted-recon; sid:200003722; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"warningshadows.org"; classtype:attempted-recon; sid:200003723; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"warsa.bandungkab.go.id"; classtype:attempted-recon; sid:200003724; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wasites.000webhostapp.com"; classtype:attempted-recon; sid:200003725; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"waterproofingengineer.com"; classtype:attempted-recon; sid:200003726; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"we-exodus-wallet.yahoosites.com"; classtype:attempted-recon; sid:200003727; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-armas.royale-freefire1garena-bonus.com"; classtype:attempted-recon; sid:200003728; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-b4119.web.app"; classtype:attempted-recon; sid:200003729; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-e1f6d.web.app"; classtype:attempted-recon; sid:200003730; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-exoduss.com"; classtype:attempted-recon; sid:200003731; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-f6612.web.app"; classtype:attempted-recon; sid:200003732; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-ml01.web.app"; classtype:attempted-recon; sid:200003733; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-my-app.com"; classtype:attempted-recon; sid:200003734; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-online-cancel.com"; classtype:attempted-recon; sid:200003735; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-verifi01.webcindario.com"; classtype:attempted-recon; sid:200003736; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-verifi02.webcindario.com"; classtype:attempted-recon; sid:200003737; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-verifi03.webcindario.com"; classtype:attempted-recon; sid:200003738; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-verifi04.webcindario.com"; classtype:attempted-recon; sid:200003739; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-verifi05.webcindario.com"; classtype:attempted-recon; sid:200003740; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-verifi06.webcindario.com"; classtype:attempted-recon; sid:200003741; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web.bredbanque.trans.sylog.co"; classtype:attempted-recon; sid:200003742; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web.royale-freefire1garena-bonus.com"; classtype:attempted-recon; sid:200003743; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webbbb.yolasite.com"; classtype:attempted-recon; sid:200003744; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webbl.yolasite.com"; classtype:attempted-recon; sid:200003745; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webdappsconnection.com"; classtype:attempted-recon; sid:200003746; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webdatamltrainingdiag842.blob.core.windows.net"; classtype:attempted-recon; sid:200003747; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webdesecure.clickfunnels.com"; classtype:attempted-recon; sid:200003748; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webhost-verify.duckdns.org"; classtype:attempted-recon; sid:200003749; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webip.yolasite.com"; classtype:attempted-recon; sid:200003750; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webmail-2aaa0.web.app"; classtype:attempted-recon; sid:200003751; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webmail-optusnet-com-au-sign1.weebly.com"; classtype:attempted-recon; sid:200003752; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webmail-sso8uyg.web.app"; classtype:attempted-recon; sid:200003753; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webmail.gourmer.co.in"; classtype:attempted-recon; sid:200003754; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webmail.login.access.docs67.live"; classtype:attempted-recon; sid:200003755; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webmailadmin0.myfreesites.net"; classtype:attempted-recon; sid:200003756; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webmailstoragesrvr4567-supportdev.codeanyapp.com"; classtype:attempted-recon; sid:200003757; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webpres.000webhostapp.com"; classtype:attempted-recon; sid:200003758; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webregular.xyz"; classtype:attempted-recon; sid:200003759; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webservice-verify.duckdns.org"; classtype:attempted-recon; sid:200003760; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"websitefun.club"; classtype:attempted-recon; sid:200003761; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webstories.eu"; classtype:attempted-recon; sid:200003762; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webvalidity.com"; classtype:attempted-recon; sid:200003763; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"well-42d74.web.app"; classtype:attempted-recon; sid:200003764; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"weryfikacja-facebookowa-28.herokuapp.com"; classtype:attempted-recon; sid:200003765; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"weteachbh.com"; classtype:attempted-recon; sid:200003766; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"whare.100webspace.net"; classtype:attempted-recon; sid:200003767; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"whatsapp-grub99zyc.duckdns.org"; classtype:attempted-recon; sid:200003768; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wheelsofmercy.org"; classtype:attempted-recon; sid:200003769; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"whitelist-network.com"; classtype:attempted-recon; sid:200003770; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"widadkamillah.github.io"; classtype:attempted-recon; sid:200003771; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wiki.oceanreeflifegame.com"; classtype:attempted-recon; sid:200003772; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"windstream-net.firebaseapp.com"; classtype:attempted-recon; sid:200003773; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"winville.biz"; classtype:attempted-recon; sid:200003774; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wireconfirmation68c10a25442a3e13.blogspot.com"; classtype:attempted-recon; sid:200003775; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wires-business-starter.webflow.io"; classtype:attempted-recon; sid:200003776; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wirtschaft.baesweiler.de"; classtype:attempted-recon; sid:200003777; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wizmi.service-now.com"; classtype:attempted-recon; sid:200003778; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wkazisan.github.io"; classtype:attempted-recon; sid:200003779; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"womancreatorofman.com"; classtype:attempted-recon; sid:200003780; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"woofle.ru"; classtype:attempted-recon; sid:200003781; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"workforcerelief.com"; classtype:attempted-recon; sid:200003782; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"workprotocoles-com.webs.com"; classtype:attempted-recon; sid:200003783; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wp-login.azurewebsites.net"; classtype:attempted-recon; sid:200003784; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wpsoar.com"; classtype:attempted-recon; sid:200003785; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wqass-index.chobqu.cn"; classtype:attempted-recon; sid:200003786; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wqass-index.dccigq.cn"; classtype:attempted-recon; sid:200003787; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wqass-index.gbswz.cn"; classtype:attempted-recon; sid:200003788; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wqass-index.pygbw.cn"; classtype:attempted-recon; sid:200003789; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wrww-roblox.com"; classtype:attempted-recon; sid:200003790; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wsertyzx.gq"; classtype:attempted-recon; sid:200003791; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wteeoq.pfinanceiro.com.de"; classtype:attempted-recon; sid:200003792; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ww.lnterbank.pe.personas.aaseguros.mx"; classtype:attempted-recon; sid:200003793; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ww.lnterbank.pe.personas.onlinesocket.in"; classtype:attempted-recon; sid:200003794; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ww.lnterbank.pe.personas.t-class.org"; classtype:attempted-recon; sid:200003795; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ww16.inpost-pl-3dsecure.clear-id.xyz"; classtype:attempted-recon; sid:200003796; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wwedealershipon.000webhostapp.com"; classtype:attempted-recon; sid:200003797; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www-cursosdigitalesmx-com.filesusr.com"; classtype:attempted-recon; sid:200003798; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www-degelyehuda-org-il.filesusr.com"; classtype:attempted-recon; sid:200003799; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www-europe564598-com.filesusr.com"; classtype:attempted-recon; sid:200003800; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www-europessign-com.filesusr.com"; classtype:attempted-recon; sid:200003801; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www-key-com.test.edgekey.net"; classtype:attempted-recon; sid:200003802; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www-mufg-jp.handicraft.ltd"; classtype:attempted-recon; sid:200003803; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www-mufg-jp.kaiqi.ink"; classtype:attempted-recon; sid:200003804; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www.facebook.com-sauuvazpjo.isiolo.go.ke"; classtype:attempted-recon; sid:200003805; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www2.rakutan.co.jploginffd9dfg7.carwork.cn"; classtype:attempted-recon; sid:200003806; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www2.rakutan.co.jploginffd9dfg7h.iotbaas.cn"; classtype:attempted-recon; sid:200003807; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www2.rakuten-card.co.jp.wzsrc.cn"; classtype:attempted-recon; sid:200003808; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www2.rakutenn.co.jp.nanopark.cn"; classtype:attempted-recon; sid:200003809; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www2.rakutenn.co.jp.zgyo.cn"; classtype:attempted-recon; sid:200003810; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www3.lejournaldugrandparis.fr"; classtype:attempted-recon; sid:200003811; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"www3.plenainclusion.org"; classtype:attempted-recon; sid:200003812; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wxsohu.com"; classtype:attempted-recon; sid:200003813; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"x.macecri.com"; classtype:attempted-recon; sid:200003814; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"x.scicemecod.com"; classtype:attempted-recon; sid:200003815; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xcas.xoh29oz.cn"; classtype:attempted-recon; sid:200003816; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xcasd.7vo6bt.cn"; classtype:attempted-recon; sid:200003817; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xcasd.b204uje.cn"; classtype:attempted-recon; sid:200003818; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xcasd.tcbjnhq.cn"; classtype:attempted-recon; sid:200003819; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xcasd.yikn2gd.cn"; classtype:attempted-recon; sid:200003820; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xcryptocars.blogspot.com"; classtype:attempted-recon; sid:200003821; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xcvdsd.page.link"; classtype:attempted-recon; sid:200003822; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xhgs.epgegxj.cn"; classtype:attempted-recon; sid:200003823; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xiajs.0dow0l.cn"; classtype:attempted-recon; sid:200003824; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xid-human-validation.run-us-west2.goorm.io"; classtype:attempted-recon; sid:200003825; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xj333.mjt.lu"; classtype:attempted-recon; sid:200003826; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xj33s.mjt.lu"; classtype:attempted-recon; sid:200003827; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xj33w.mjt.lu"; classtype:attempted-recon; sid:200003828; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xj3pr.mjt.lu"; classtype:attempted-recon; sid:200003829; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xj45g.mjt.lu"; classtype:attempted-recon; sid:200003830; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xj45o.mjt.lu"; classtype:attempted-recon; sid:200003831; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xj4og.mjt.lu"; classtype:attempted-recon; sid:200003832; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xjm7s.mjt.lu"; classtype:attempted-recon; sid:200003833; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xjmr7.mjt.lu"; classtype:attempted-recon; sid:200003834; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xjpyyds.pem4yp3.cn"; classtype:attempted-recon; sid:200003835; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xkljfg.ml"; classtype:attempted-recon; sid:200003836; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xn--gmal-sya.com"; classtype:attempted-recon; sid:200003837; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xn--ltappen-80a.se"; classtype:attempted-recon; sid:200003838; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xn--metamsk-lwa.link"; classtype:attempted-recon; sid:200003839; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xn--rpondeur-sfr2-bhb.yolasite.com"; classtype:attempted-recon; sid:200003840; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xpubgfrozen.tk"; classtype:attempted-recon; sid:200003841; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xqr3i.mjt.lu"; classtype:attempted-recon; sid:200003842; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xqr3n.mjt.lu"; classtype:attempted-recon; sid:200003843; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xqr3u.mjt.lu"; classtype:attempted-recon; sid:200003844; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xrx6r.mjt.lu"; classtype:attempted-recon; sid:200003845; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xrxh1.mjt.lu"; classtype:attempted-recon; sid:200003846; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xrxh2.mjt.lu"; classtype:attempted-recon; sid:200003847; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xrxhl.mjt.lu"; classtype:attempted-recon; sid:200003848; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xsbrookshhjx.top"; classtype:attempted-recon; sid:200003849; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xspin.cawnibos.com"; classtype:attempted-recon; sid:200003850; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xtio.ch"; classtype:attempted-recon; sid:200003851; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xtw42.mjt.lu"; classtype:attempted-recon; sid:200003852; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xvideokoreanwifesister18.duckdns.org"; classtype:attempted-recon; sid:200003853; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xx.macecri.com"; classtype:attempted-recon; sid:200003854; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xxaas.tp00jv9.cn"; classtype:attempted-recon; sid:200003855; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xxasd.sf29hrg.cn"; classtype:attempted-recon; sid:200003856; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xxx-com-dot-c2c01-531c7.uc.r.appspot.com"; classtype:attempted-recon; sid:200003857; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"xzasd.uz64g3.cn"; classtype:attempted-recon; sid:200003858; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@asdxa.p2x11pi.cn"; classtype:attempted-recon; sid:200003859; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@bghgcd.psuxscm.cn"; classtype:attempted-recon; sid:200003860; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@bhgxa.eo76sni.cn"; classtype:attempted-recon; sid:200003861; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@cdas.nxzigco.cn"; classtype:attempted-recon; sid:200003862; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@cxasd.easghbl.cn"; classtype:attempted-recon; sid:200003863; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@hghgda.erjl0hx.cn"; classtype:attempted-recon; sid:200003864; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@inna.cedymll.cn"; classtype:attempted-recon; sid:200003865; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@jhdd.fjcslad.cn"; classtype:attempted-recon; sid:200003866; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@kjhdda.tetfeec.cn"; classtype:attempted-recon; sid:200003867; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@lkjds.nlmwjta.cn"; classtype:attempted-recon; sid:200003868; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@nhbcda.g4g5mgc.cn"; classtype:attempted-recon; sid:200003869; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@poklsa.slodddz.cn"; classtype:attempted-recon; sid:200003870; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@qweas.p6rhddj.cn"; classtype:attempted-recon; sid:200003871; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@ssdaz.sqqaepr.cn"; classtype:attempted-recon; sid:200003872; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@uhncda.xmilwwp.cn"; classtype:attempted-recon; sid:200003873; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@uhnxa.q83itv9.cn"; classtype:attempted-recon; sid:200003874; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@ujdaa.fn3m4en.cn"; classtype:attempted-recon; sid:200003875; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@ujds.5e8tn13.cn"; classtype:attempted-recon; sid:200003876; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@ujhdca.mdwclcb.cn"; classtype:attempted-recon; sid:200003877; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@uyhnxx.urpzkva.cn"; classtype:attempted-recon; sid:200003878; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@zxas.2nd0g8.cn"; classtype:attempted-recon; sid:200003879; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahoo%2eco%2ejp@zxass.jbkyj0o.cn"; classtype:attempted-recon; sid:200003880; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yahuomall.square.site"; classtype:attempted-recon; sid:200003881; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yairix.github.io"; classtype:attempted-recon; sid:200003882; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yalena.me"; classtype:attempted-recon; sid:200003883; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yandex-viral.duckdns.org"; classtype:attempted-recon; sid:200003884; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yaqoobi.org"; classtype:attempted-recon; sid:200003885; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yayanti.com"; classtype:attempted-recon; sid:200003886; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ybdaa.oqsgm9r.cn"; classtype:attempted-recon; sid:200003887; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ybggd.fjgjoux.cn"; classtype:attempted-recon; sid:200003888; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yellow-surf-7b04.voiceovermade-today.workers.dev"; classtype:attempted-recon; sid:200003889; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yerelyonetim.net"; classtype:attempted-recon; sid:200003890; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ygbda.ffeufka.cn"; classtype:attempted-recon; sid:200003891; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yhbca.pfs8ylv.cn"; classtype:attempted-recon; sid:200003892; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yhbndd.ryyswjn.cn"; classtype:attempted-recon; sid:200003893; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yhcd.gabprnx.cn"; classtype:attempted-recon; sid:200003894; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yhddf.vtf23ic.cn"; classtype:attempted-recon; sid:200003895; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yhdff.iw6fwu.cn"; classtype:attempted-recon; sid:200003896; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yhnbd.5u3z9i2.cn"; classtype:attempted-recon; sid:200003897; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yhncd.3ycuxr1.cn"; classtype:attempted-recon; sid:200003898; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yiaswqjdtcyeqpvyqthijepeai-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200003899; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ykyevmqxaktnfgrtuufymkhnce-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200003900; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yma1ll0g0n.odoo.com"; classtype:attempted-recon; sid:200003901; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ynbgdc.woprkzp.cn"; classtype:attempted-recon; sid:200003902; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ynbxa.pvgulkz.cn"; classtype:attempted-recon; sid:200003903; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yndda.m117s1s.cn"; classtype:attempted-recon; sid:200003904; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yo7ka-anna.com"; classtype:attempted-recon; sid:200003905; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yogeshwarwiremesh.com"; classtype:attempted-recon; sid:200003906; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"youknowar.com"; classtype:attempted-recon; sid:200003907; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"young-snow-7447.tcheviron5269.workers.dev"; classtype:attempted-recon; sid:200003908; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"youreasygoing2022.co.vu"; classtype:attempted-recon; sid:200003909; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yqlpeitost.duckdns.org"; classtype:attempted-recon; sid:200003910; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ytdjhstej.tk"; classtype:attempted-recon; sid:200003911; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yuhjjkss.web.app"; classtype:attempted-recon; sid:200003912; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yumpai.cn"; classtype:attempted-recon; sid:200003913; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"z.macecri.com"; classtype:attempted-recon; sid:200003914; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"z.scicemecod.com"; classtype:attempted-recon; sid:200003915; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"z0massegurabclp1.shreeramwoodindustries.com"; classtype:attempted-recon; sid:200003916; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"z2qje.codesandbox.io"; classtype:attempted-recon; sid:200003917; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"z3voicrxxvs.typeform.com"; classtype:attempted-recon; sid:200003918; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zacharytlasko.com"; classtype:attempted-recon; sid:200003919; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zackselectronics.co.zw"; classtype:attempted-recon; sid:200003920; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zaktualizacja-platnosci.netfxtv.co.pl"; classtype:attempted-recon; sid:200003921; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zasd.yhxmd30.cn"; classtype:attempted-recon; sid:200003922; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zb2-home.web.app"; classtype:attempted-recon; sid:200003923; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zen-minsky-ef5931.netlify.app"; classtype:attempted-recon; sid:200003924; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zenvinyl.com"; classtype:attempted-recon; sid:200003925; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zepe.io"; classtype:attempted-recon; sid:200003926; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zeroquiz.com"; classtype:attempted-recon; sid:200003927; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zgyyds.mm5p1ch.cn"; classtype:attempted-recon; sid:200003928; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zgyyds.nebl4zw.cn"; classtype:attempted-recon; sid:200003929; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zhrmghgyyds.h0tlexl.cn"; classtype:attempted-recon; sid:200003930; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zjzj6688.yihang.ren"; classtype:attempted-recon; sid:200003931; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zmpcoaca.cyou"; classtype:attempted-recon; sid:200003932; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zmpcoacu.cyou"; classtype:attempted-recon; sid:200003933; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zmpcoado.cyou"; classtype:attempted-recon; sid:200003934; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zoho-online.web.app"; classtype:attempted-recon; sid:200003935; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zoho-validationserv.web.app"; classtype:attempted-recon; sid:200003936; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zonmca.hxljatvw.cn"; classtype:attempted-recon; sid:200003937; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zshrvvo.cn"; classtype:attempted-recon; sid:200003938; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zxas.2nd0g8.cn"; classtype:attempted-recon; sid:200003939; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zxas.hs0rgq8.cn"; classtype:attempted-recon; sid:200003940; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zxass.jbkyj0o.cn"; classtype:attempted-recon; sid:200003941; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zxcas.ywqfz8.cn"; classtype:attempted-recon; sid:200003942; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zxcaspx.aghwlup.cn"; classtype:attempted-recon; sid:200003943; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zxcnash.seufhsk.cn"; classtype:attempted-recon; sid:200003944; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zxcod.01l241.cn"; classtype:attempted-recon; sid:200003945; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zxcuashs.e0n0gh5.cn"; classtype:attempted-recon; sid:200003946; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zxnahs.3cze6ri.cn"; classtype:attempted-recon; sid:200003947; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zz.macecri.com"; classtype:attempted-recon; sid:200003948; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/comcast/xfinity.php?d1193169ba22c33594765d16035661b1=&amp\;email=a@a.c&amp\;.rand=login.xfinity.com.aspx"; endswith; nocase; http.host; content:"0333fa5.netsolhost.com"; classtype:attempted-recon; sid:200003949; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ameli-assurance/remboursement/login/"; endswith; nocase; http.host; content:"045a3c0.wcomhost.com"; classtype:attempted-recon; sid:200003950; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ameli-assurance/remboursement/login/iframe-page2.html"; endswith; nocase; http.host; content:"045a3c0.wcomhost.com"; classtype:attempted-recon; sid:200003951; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ameli-assurance/remboursement/login"; endswith; nocase; http.host; content:"048d7b4.wcomhost.com"; classtype:attempted-recon; sid:200003952; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ameli-assurance/remboursement/login/"; endswith; nocase; http.host; content:"048d7b4.wcomhost.com"; classtype:attempted-recon; sid:200003953; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/escaixa/es/espace/home/"; endswith; nocase; http.host; content:"0572f4b.wcomhost.com"; classtype:attempted-recon; sid:200003954; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ads/c/"; endswith; nocase; http.host; content:"108ideashop.com"; classtype:attempted-recon; sid:200003955; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbva/592cf4/425bdbd3-91cf-4e9f-9498-7a06b3ad75ec/?test=1"; endswith; nocase; http.host; content:"28ecne20f9u.securetnet.com"; classtype:attempted-recon; sid:200003956; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/themes/3rdst/8-login-form/"; endswith; nocase; http.host; content:"3rdstreetmarket.com"; classtype:attempted-recon; sid:200003957; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openpc/directlogin.do"; endswith; nocase; http.host; content:"a-q-f.com"; classtype:attempted-recon; sid:200003958; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dhhh?trackingid=gnevs68e&signature=newsletter"; endswith; nocase; http.host; content:"abre.ai"; classtype:attempted-recon; sid:200003959; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dmjg"; endswith; nocase; http.host; content:"abre.ai"; classtype:attempted-recon; sid:200003960; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/servicelogin?passive=1209600&continue=https://sites.google.com/view/viewbill-bt-1/bt&followup=https://sites.google.com/view/viewbill-bt-1/bt"; endswith; nocase; http.host; content:"accounts.google.com"; classtype:attempted-recon; sid:200003961; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/1lordman1man3/oscman2.html&followup=https://storage.cloud.google.com/1lordman1man3/oscman2.html"; endswith; nocase; http.host; content:"accounts.google.com"; classtype:attempted-recon; sid:200003962; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/appspotv450i7r8h9vf9y6yt8uiuft58f7uf5yye36u0jtyf78uuyfyy/index.html&followup=https://storage.cloud.google.com/appspotv450i7r8h9vf9y6yt8uiuft58f7uf5yye36u0jtyf78uuyfyy/index.html"; endswith; nocase; http.host; content:"accounts.google.com"; classtype:attempted-recon; sid:200003963; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/employt44to49cclrlolcrl94lnlxo.appspot.com/index.html&followup=https://storage.cloud.google.com/employt44to49cclrlolcrl94lnlxo.appspot.com/index.html"; endswith; nocase; http.host; content:"accounts.google.com"; classtype:attempted-recon; sid:200003964; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/maintainancecomponeta.appspot.com/mineindex.html&followup=https://storage.cloud.google.com/maintainancecomponeta.appspot.com/mineindex.html"; endswith; nocase; http.host; content:"accounts.google.com"; classtype:attempted-recon; sid:200003965; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/officpcpspbcncuser.appspot.com/index.htm&followup=https://storage.cloud.google.com/officpcpspbcncuser.appspot.com/index.htm"; endswith; nocase; http.host; content:"accounts.google.com"; classtype:attempted-recon; sid:200003966; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/poopnoomprops-oo987700ok/newrbindex.html&followup=https://storage.cloud.google.com/poopnoomprops-oo987700ok/newrbindex.html"; endswith; nocase; http.host; content:"accounts.google.com"; classtype:attempted-recon; sid:200003967; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?page_id=758"; endswith; nocase; http.host; content:"activartransferenciainternacional.com"; classtype:attempted-recon; sid:200003968; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/en/bellcocreditunion/"; endswith; nocase; http.host; content:"admin.fifoundry.net"; classtype:attempted-recon; sid:200003969; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2005/03/colourful-life-of-aij.html"; endswith; nocase; http.host; content:"aijcs.blogspot.com"; classtype:attempted-recon; sid:200003970; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ion"; endswith; nocase; http.host; content:"alconexport.com"; classtype:attempted-recon; sid:200003971; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ion/"; endswith; nocase; http.host; content:"alconexport.com"; classtype:attempted-recon; sid:200003972; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/venus_gardose_talke_com/_layouts/15/wopiframe.aspx?guestaccesstoken=8extkunxrkqozifs2sycqmk4ox0ntao7cizsavm5mjc=&amp\;docid=1_14abcf62971634e6b8387df30ef7d978b&amp\;wdformid={83a6cfc0-5689-4aa4-ab13-96952b8999ba}&amp\;action=formsubmit"; endswith; nocase; http.host; content:"alfredtalkelogisticservices-my.sharepoint.com"; classtype:attempted-recon; sid:200003973; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blog/wp-content/themes/10/"; endswith; nocase; http.host; content:"alinachopra.com"; classtype:attempted-recon; sid:200003974; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/our/ourtime/ourtime.html"; endswith; nocase; http.host; content:"ambrosecourt.com"; classtype:attempted-recon; sid:200003975; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/faxwxagm72247832mhwuk7224783272247832/index.html?961961d961"; endswith; nocase; http.host; content:"ams3.digitaloceanspaces.com"; classtype:attempted-recon; sid:200003976; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/njk/25_40_24_5e_40_26_40_26_28_29_23_23_5e_23_24_26_5e_25_26_40_5e_28_23_26.html"; endswith; nocase; http.host; content:"ams3.digitaloceanspaces.com"; classtype:attempted-recon; sid:200003977; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jps/webmail_reset.htm"; endswith; nocase; http.host; content:"anekaslot.com"; classtype:attempted-recon; sid:200003978; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/"; endswith; nocase; http.host; content:"api-freewallet.com"; classtype:attempted-recon; sid:200003979; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oexchange/0.8/wrap/opengraph?url=ahr0chm6ly93zxetnmrlodiud2vilmfwcc8znzg1mje5lze1lziwmjfjdw5plmn6nto1nibbttu6ntygqu13zwjtyxn0zxi5lze1lziwmjeznzg1mjfjdw5plmn6nto1nibbttu6ntygqu13zwjtyxn0zxiznzg1mje5lze1lziwmjfjdw5plmn6nto1nibbttu6ntygqu0znzg1mjf3zwjtyxn0zxi5lze1lziwmjfjdw5plmn6nto1nibbttm3oduymtu6ntygqu13zwjtyxn0zxiznzg1mjejd2vibwfzdgvyqgn1bmkuy3o="; endswith; nocase; http.host; content:"api.addthis.com"; classtype:attempted-recon; sid:200003980; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/b9fu9axf9rcv7bhjp80fpcm8zna5wcwi"; endswith; nocase; http.host; content:"app.box.com"; classtype:attempted-recon; sid:200003981; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/x6agocx9zvj049azirk4aw3xrqdedqhl"; endswith; nocase; http.host; content:"app.box.com"; classtype:attempted-recon; sid:200003982; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/ymr0ltw3hmn8icxebz16gjhcyhqa49w4"; endswith; nocase; http.host; content:"app.box.com"; classtype:attempted-recon; sid:200003983; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public/form/mnzdivok"; endswith; nocase; http.host; content:"app.pipefy.com"; classtype:attempted-recon; sid:200003984; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public/form/xlfe4rw2"; endswith; nocase; http.host; content:"app.pipefy.com"; classtype:attempted-recon; sid:200003985; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p/cmxgsj"; endswith; nocase; http.host; content:"app.simplenote.com"; classtype:attempted-recon; sid:200003986; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/publish/xhrdvc"; endswith; nocase; http.host; content:"app.simplenote.com"; classtype:attempted-recon; sid:200003987; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6dfhh1yrol"; endswith; nocase; http.host; content:"appurl.io"; classtype:attempted-recon; sid:200003988; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lsmho6dyl-"; endswith; nocase; http.host; content:"appurl.io"; classtype:attempted-recon; sid:200003989; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wywajnlbtl"; endswith; nocase; http.host; content:"appurl.io"; classtype:attempted-recon; sid:200003990; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/at&t/"; endswith; nocase; http.host; content:"att-yahoo.meculinkvolt.com"; classtype:attempted-recon; sid:200003991; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"azeioaz.blogspot.com"; classtype:attempted-recon; sid:200003992; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/index.html"; endswith; nocase; http.host; content:"baovesusonglcxt.com"; classtype:attempted-recon; sid:200003993; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/listeners/ae/n-nv6588123/ae/ae/verify/sms.php"; endswith; nocase; http.host; content:"bardaiconnect.com"; classtype:attempted-recon; sid:200003994; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"baritasonte.blogspot.com"; classtype:attempted-recon; sid:200003995; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/_layouts/15/wopiframe.aspx?guestaccesstoken=d96ydzq8vuilprdurtucov60qbtyz20222a95vav4da%3d&docid=1_1f81a6ca97d114a5f8e9829362518b16d&wdformid=%7b11b3b6fc%2d6e67%2d434d%2da029%2d3afe98d81a11%7d&action=formsubmit"; endswith; nocase; http.host; content:"bdsfa.sharepoint.com"; classtype:attempted-recon; sid:200003996; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/_layouts/15/wopiframe.aspx?guestaccesstoken=d96ydzq8vuilprdurtucov60qbtyz20222a95vav4da%3d&docid=1_1f81a6ca97d114a5f8e9829362518b16d&wdformid=%7b11b3b6fc%2d6e67%2d434d%2da029%2d3afe98d81a11%7d&action=formsubmit&cid=57d50783-8fd3-4515-8ab3-24c639533fdf"; endswith; nocase; http.host; content:"bdsfa.sharepoint.com"; classtype:attempted-recon; sid:200003997; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mp/china/index.php?login=sindy.zhu@swift.com"; endswith; nocase; http.host; content:"bendmytrend.com"; classtype:attempted-recon; sid:200003998; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fr3kf"; endswith; nocase; http.host; content:"bit.do"; classtype:attempted-recon; sid:200003999; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frxsz"; endswith; nocase; http.host; content:"bit.do"; classtype:attempted-recon; sid:200004000; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fs7cb"; endswith; nocase; http.host; content:"bit.do"; classtype:attempted-recon; sid:200004001; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fs8cx"; endswith; nocase; http.host; content:"bit.do"; classtype:attempted-recon; sid:200004002; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fsf6l"; endswith; nocase; http.host; content:"bit.do"; classtype:attempted-recon; sid:200004003; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3ijwsm2"; endswith; nocase; http.host; content:"bit.ly."; classtype:attempted-recon; sid:200004004; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2iz03nf"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004005; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2kduy2u"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004006; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2nog4ow?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004007; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2nwrbgj"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004008; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2oq6dhz"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004009; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2p28z0h"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004010; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2q7fcpg"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004011; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2uwvcnh"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004012; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2vuwbzk"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004013; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2wqlrea"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004014; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2zaee65"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004015; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2zejaht"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004016; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2zomh31?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004017; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/30ceyfq"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004018; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/30dwddq"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004019; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/30vy89r"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004020; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/319qtui"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004021; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/31cwtqd?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004022; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/31d3mp6?facebook_service"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004023; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/31xebzq"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004024; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/32xotak?l=www.bancoripley.cl"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004025; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33ipjf7"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004026; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33pcwtj"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004027; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/34mhgdg"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004028; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/37r8zo3"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004029; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/38xmo4d"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004030; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/392hszz"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004031; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3aetm80"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004032; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3afo6kx"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004033; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3an4lcn"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004034; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3aqvwmn"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004035; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3bdkpfx?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004036; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3bmjhx1?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004037; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3bq4stv?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004038; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3bsgkin"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004039; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3bvwofv?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004040; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3c7nozm"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004041; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3ca8owp?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004042; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3cahvv5help-center-notice-comunity"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004043; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3clopj4"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004044; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3cpqerq"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004045; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3cvl6ir"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004046; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3czqfzo?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004047; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3d7ezub?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004048; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3dj0r1p"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004049; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3dky0ds?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004050; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3e3wjwp"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004051; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3eeiwqv"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004052; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3ego3xw?redirect=system"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004053; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3eoqvcn"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004054; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3eptccr"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004055; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3exbeuu?i=www.bancoripley.cl"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004056; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3fb9f8f"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004057; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3fd8key"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004058; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3fk3blu"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004059; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3fmvby5?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004060; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3fyg9rf"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004061; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3guiinq?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004062; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3gxztog"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004063; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3gyfnlm?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004064; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3hvucnu"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004065; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3hwhrlr"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004066; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3i8tjul"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004067; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3jow35g?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004068; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3jqfusj?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004069; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3jqmbfu"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004070; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3jsnadf?i=www.bancoripley.cl"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004071; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3jvodhm?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004072; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3jxszq1?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004073; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3k2aaqc?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004074; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3kdifqr"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004075; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3kueruz"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004076; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3kxfgbu"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004077; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3l4jpqg?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004078; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3ldovbh"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004079; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3lgmoqh"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004080; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3mgij5v"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004081; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3mkihc9"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004082; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3mrtcap"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004083; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3mryk6q"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004084; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3mvat1h?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004085; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3mwnmia?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004086; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3nddkta"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004087; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3nkpgzq"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004088; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3nvr2mn"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004089; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3phrfct"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004090; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3pqid6z?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004091; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3qc8jtv"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004092; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3qplrme"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004093; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3r49apq?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004094; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3r8xxmg?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004095; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3rd3dgx"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004096; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3reovvv"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004097; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3rkzqb5"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004098; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3rucafb?confirmations"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004099; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3s7gmhf"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004100; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3sdxkuf"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004101; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3tkk6kn"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004102; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3tks2um"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004103; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3tzc89x"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004104; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3vtbyq5"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004105; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3vyh0x9"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004106; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3w8ru6g?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004107; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3wb6m3i"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004108; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3xhfy9m?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004109; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3xkuef1?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004110; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3xrdvez?facebook_update"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004111; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3yatzv9?confirmation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004112; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3zbrsmk?|=www.bancoripley.cl"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004113; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3zv9bif"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004114; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bancamps-web"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004115; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/click-confirm"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004116; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coinspot-claim-bonus"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004117; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/community-details"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004118; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/confirm-click"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004119; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edoardopolaccoufficiale"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004120; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-13orange"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004121; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-14orange"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004122; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/id-lockpages"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004123; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/id-locksystem"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004124; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info-details-notification"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004125; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ip13-orange"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004126; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ip14-orange"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004127; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lrs-gov1"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004128; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main-pages"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004129; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mr-pin"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004130; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orange-id13"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004131; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orange-id2"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004132; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orange-id3"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004133; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orange-id4"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004134; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/page-infromation"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004135; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pandemicreliefpackage"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004136; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/policy-pages"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004137; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/portale-mps-attivazione"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004138; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/recoveryform"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004139; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/verifikasipemblokiran_id"; endswith; nocase; http.host; content:"bit.ly"; classtype:attempted-recon; sid:200004140; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/#/"; endswith; nocase; http.host; content:"bitflyertt.com"; classtype:attempted-recon; sid:200004141; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2p3bbbs"; endswith; nocase; http.host; content:"bitly.com"; classtype:attempted-recon; sid:200004142; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3aolo2y"; endswith; nocase; http.host; content:"bitly.com"; classtype:attempted-recon; sid:200004143; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3bqoevf"; endswith; nocase; http.host; content:"bitly.com"; classtype:attempted-recon; sid:200004144; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3g1epw3"; endswith; nocase; http.host; content:"bitly.com"; classtype:attempted-recon; sid:200004145; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3jrtmmu"; endswith; nocase; http.host; content:"bitly.com"; classtype:attempted-recon; sid:200004146; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3koilft"; endswith; nocase; http.host; content:"bitly.com"; classtype:attempted-recon; sid:200004147; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3xmjxs4"; endswith; nocase; http.host; content:"bitly.com"; classtype:attempted-recon; sid:200004148; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taxirsxcy"; endswith; nocase; http.host; content:"bitly.com"; classtype:attempted-recon; sid:200004149; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nlwp"; endswith; nocase; http.host; content:"bitly.ws"; classtype:attempted-recon; sid:200004150; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/en/wallets/"; endswith; nocase; http.host; content:"bitwayconnect.com"; classtype:attempted-recon; sid:200004151; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/accounts_blackbearcc_co_uk/_layouts/15/onedrive.aspx?id=%2fpersonal%2faccounts%5fblackbearcc%5fco%5fuk%2fdocuments%2fngb%20urgente%20substanti%c3%able%20update%20%5f%20voorstel%2epdf&amp\;parent=%2fpersonal%2faccounts%5fblackbearcc%5fco%5fuk%2fdocuments&amp\;originalpath=ahr0chm6ly9ibgfja2jlyxjjy2nvdwstbxkuc2hhcmvwb2ludc5jb20vomi6l2cvcgvyc29uywwvywnjb3vudhnfymxhy2tizwfyy2nfy29fdwsvrve5as01b19mukjbcutzeunhv3eznw9ccfbtmze3b2fsrnrgnhpzuenbvlfiqt9ydgltzt1tqjzyquroodjvzw"; endswith; nocase; http.host; content:"blackbearcccouk-my.sharepoint.com"; classtype:attempted-recon; sid:200004152; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sella/info.html"; endswith; nocase; http.host; content:"bluehorse.in"; classtype:attempted-recon; sid:200004153; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/012dsd_fiestamart_com/_layouts/15/wopiframe.aspx?guestaccesstoken=t3v5ldmmhrtlw5cyiohlp9z4yo7ufnrop9j1plyfdkm%3d&docid=1_1d89d259f7e704301aca26ac4dbabaa8d&wdformid=%7bfeb771e5%2d93ee%2d4015%2d8e87%2dd1c30d0f406a%7d&action=formsubmit&cid=f609fe16-56c4-4e2b-a964-75e250d31c99"; endswith; nocase; http.host; content:"bodegalatinacorp-my.sharepoint.com"; classtype:attempted-recon; sid:200004154; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nlozan9lgoapq"; endswith; nocase; http.host; content:"bom.to"; classtype:attempted-recon; sid:200004155; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?aplicar"; endswith; nocase; http.host; content:"bonomequedoencasa.blogspot.com"; classtype:attempted-recon; sid:200004156; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s9x"; endswith; nocase; http.host; content:"bpl.kr"; classtype:attempted-recon; sid:200004157; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2r9pyocy"; endswith; nocase; http.host; content:"bre.is"; classtype:attempted-recon; sid:200004158; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/content/7fde14dcc130f933dfa5c0283d776eb9/?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; endswith; nocase; http.host; content:"capstroyinvest.com"; classtype:attempted-recon; sid:200004159; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/content/c0e9ccedb57ca77a45d83f9bde98224b/?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; endswith; nocase; http.host; content:"capstroyinvest.com"; classtype:attempted-recon; sid:200004160; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/content/c0e9ccedb57ca77a45d83f9bde98224b?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; endswith; nocase; http.host; content:"capstroyinvest.com"; classtype:attempted-recon; sid:200004161; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/content/c4957ef2c1f1801d0506e35cc3b5a6a8/?user=3d{{email}}&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; endswith; nocase; http.host; content:"capstroyinvest.com"; classtype:attempted-recon; sid:200004162; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/content/c4957ef2c1f1801d0506e35cc3b5a6a8?user=3d{{email}}&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; endswith; nocase; http.host; content:"capstroyinvest.com"; classtype:attempted-recon; sid:200004163; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/content/d190a3ceefc52c12869c2bee7b9ed710/?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; endswith; nocase; http.host; content:"capstroyinvest.com"; classtype:attempted-recon; sid:200004164; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/content/d190a3ceefc52c12869c2bee7b9ed710?user=&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; endswith; nocase; http.host; content:"capstroyinvest.com"; classtype:attempted-recon; sid:200004165; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/content/fcc3a33269bb5f281754c49ab86c3d4e/?user=3d{{email}}&amp\;_verify?service=mail&amp\;data:text/html\;charset=utf-8\;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft"; endswith; nocase; http.host; content:"capstroyinvest.com"; classtype:attempted-recon; sid:200004166; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/files/1/0533/5367/6992/t/3/assets/home.html"; endswith; nocase; http.host; content:"cdn.shopify.com"; classtype:attempted-recon; sid:200004167; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/index.php?option=com_content&view=article&id=67"; endswith; nocase; http.host; content:"centromedicoviladomat.com"; classtype:attempted-recon; sid:200004168; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2021/02/blog-post_12.html"; endswith; nocase; http.host; content:"chronopostvalidation.blogspot.com"; classtype:attempted-recon; sid:200004169; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proxy/rdh-rjsrv9zzrx57iscgov74o1gka4qjdfj01qr7v8-pkjgyvn50tivt7pzqgm5kuqdmonqle3f8eq_t8f4xl6jdozabmf2lxy-888ai8hdji633rg"; endswith; nocase; http.host; content:"ci3.googleusercontent.com"; classtype:attempted-recon; sid:200004170; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proxy/djc3ckf7jcnj8l0duyaqyjwffeskzbccy9spjiauj_jwrplgw0ahyaf1xozvm6n_fjn8q1-2vkhqqujjr1en3qej703lyxxujt6tto-ttwsl6hgsggp3ehcc"; endswith; nocase; http.host; content:"ci4.googleusercontent.com"; classtype:attempted-recon; sid:200004171; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proxy/zjba9cvtmkfnoveyofx6gqong0kqi3s69d9o2y32fmu_gankb59tj-rb79bolx0bwbsemnonfhh2esy9olfdp-20gybztkzstfhfheqrrjuefxwiwkqws29wxm6tdobikwz-qkzfphpaldfr"; endswith; nocase; http.host; content:"ci4.googleusercontent.com"; classtype:attempted-recon; sid:200004172; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/eric_cimsltd_com/_layouts/15/wopiframe.aspx?guestaccesstoken=wnhqsp58ikn1qzzozpe2oiw%2fmizdr53wegdbyscml7y%3d&amp\;docid=1_1207bcf2f71094b5cb97dcb5bea3e1a3a&amp\;wdformid=%7bd98de46a%2d2777%2d417f%2dbbcf%2d5f08c8244727%7d&amp\;action=formsubmit"; endswith; nocase; http.host; content:"cimslp-my.sharepoint.com"; classtype:attempted-recon; sid:200004173; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yc8bd&post=665308711_37&cc_key"; endswith; nocase; http.host; content:"clck.ru"; classtype:attempted-recon; sid:200004174; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yzuft&post=665308711_32&cc_key"; endswith; nocase; http.host; content:"clck.ru"; classtype:attempted-recon; sid:200004175; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/icp/relay.php?r=57372110&amp\;msgid=807563&amp\;act=af7a&amp\;c=1365247&amp\;destination=https://www.linkedin.com/&amp\;cf=17638&amp\;v=6023ca6bc5e4f8b8568ed04ff6a646a7d7757336e750d772ecc1cb2b3b6063b4"; endswith; nocase; http.host; content:"click.icptrack.com"; classtype:attempted-recon; sid:200004176; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?qs=6541641088c869552ced792d84ee93eabf075e23cd5eba83a7d07a40ad9cf2ce36c931984719b9df7de658999defbc87f999ec46970a0280"; endswith; nocase; http.host; content:"click.message.fruit.com"; classtype:attempted-recon; sid:200004177; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/#moreinfo@widomaker.com"; endswith; nocase; http.host; content:"cloud-dot-chaser-331005.uk.r.appspot.com"; classtype:attempted-recon; sid:200004178; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste/c4tl1sfout2tbkhn5810/raw"; endswith; nocase; http.host; content:"codepasta.app"; classtype:attempted-recon; sid:200004179; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/#investor-relations@cyient.com"; endswith; nocase; http.host; content:"cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev"; classtype:attempted-recon; sid:200004180; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?!=%25_col_email%20address_%25"; endswith; nocase; http.host; content:"community-die.blogspot.com"; classtype:attempted-recon; sid:200004181; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:b:/g/personal/infonoreply_communitychurch_tv/eburrky2tklimiiiqf0ia5kbbhkaxaypf06-08wf9wjebq?e=w5jmrb"; endswith; nocase; http.host; content:"communitychurch-my.sharepoint.com"; classtype:attempted-recon; sid:200004182; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/discounts_services/writing/loginform2d0e.php"; endswith; nocase; http.host; content:"confabint.com"; classtype:attempted-recon; sid:200004183; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/userbcc/indexx.html"; endswith; nocase; http.host; content:"consultorioveterinario7colinas.pt"; classtype:attempted-recon; sid:200004184; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/js/crop/cm"; endswith; nocase; http.host; content:"createchsoft.com"; classtype:attempted-recon; sid:200004185; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004186; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?.rand=13inboxlight.aspx?n=1774256418"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004187; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?.rand=13inboxlight.aspx?n=1774256418&amp\;email=jackdavis@eureliosollutions.com&amp\;fid=1&amp\;fid=4&amp\;rand=13inboxlightaspxn.1774256418"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004188; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004189; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004190; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;amp"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004191; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;amp\;ampopensource:observable-35835700-0d08-4c25-a188-b8312ba00a941067515"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004192; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;ampopensource:observable-35835700-0d08-4c25-a188-b8312ba00a941067515"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004193; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;fid.4.1252899642&amp\;fid=1&amp\;fav.1&amp\;rand.13inboxlight.aspxn.1774256418&amp\;fid.1252899642&amp\;fid.1&amp\;fav.1&amp\;email=&amp\;.rand=13inboxlight.aspx?n=1774256418&amp\;fid=4"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004194; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&amp\;fid.4.1252899642&amp\;fid=4&amp\;fav.1&amp\;rand.13inboxlight.aspxn.1774256418&amp\;fid.1252899642&amp\;fid.1&amp\;email=jsmith@imaphost.com&amp\;.rand=13inboxlight.aspx?n=1774256418"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004195; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct/login.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13inboxlight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=jackdavis@eureliosollutions.com&.rand=13inboxlight.aspx?n=1774256418&fid=4"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004196; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/acct?email=jackdavis@eureliosollutions.com"; endswith; nocase; http.host; content:"creativecombat.com"; classtype:attempted-recon; sid:200004197; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/images/verify/update/y.html"; endswith; nocase; http.host; content:"creativeingredient.com"; classtype:attempted-recon; sid:200004198; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2011/02/habbo-crediti-gratis-sicuro-100.html"; endswith; nocase; http.host; content:"creditiperhabbogratissicuro100.blogspot.com"; classtype:attempted-recon; sid:200004199; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"cusstomerservicee.blogspot.com"; classtype:attempted-recon; sid:200004200; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/91eb6b959cd1249d6877/"; endswith; nocase; http.host; content:"custream.com"; classtype:attempted-recon; sid:200004201; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2isbc3k"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004202; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3yqokjg"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004203; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3yy01ci"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004204; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4ypfq09"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004205; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5yhe1qn"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004206; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7yqfwsn"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004207; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aynunsk"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004208; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayw5mev"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004209; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bundu4e?id/help/pages?ref=cr"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004210; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/byqp8mx"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004211; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/claiminc"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004212; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ctmlfil"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004213; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cyni5cc"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004214; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cyqucr4"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004215; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dkvkq49/"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004216; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gyqdc7m"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004217; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ingdirect-es"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004218; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irsgov"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004219; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iyn1owx"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004220; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kiiataa"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004221; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mynrk6q"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004222; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ny0rjd4"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004223; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nynglzu"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004224; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nyxbpmv"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004225; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oyqykkh"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004226; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ptl7kd8"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004227; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/py2rr2z"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004228; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pyqptqe"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004229; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pywuwcj"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004230; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qyc4svc"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004231; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qymd2vc"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004232; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rykpt4j"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004233; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ryzqc5o"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004234; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyq6jn2"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004235; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uybigpf"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004236; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uydktcc"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004237; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uyqji5z"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004238; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uyx0po9"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004239; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wyc154r"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004240; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xynjuem"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004241; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ytv0uzv"; endswith; nocase; http.host; content:"cutt.ly"; classtype:attempted-recon; sid:200004242; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oglp"; endswith; nocase; http.host; content:"cy.tc"; classtype:attempted-recon; sid:200004243; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/#?act=cl&pid=34515_md&uid=1&vid=25&ofid=1615&lid=126&cid=17171"; endswith; nocase; http.host; content:"d854c624d7.gesundheitundschonheit.com"; classtype:attempted-recon; sid:200004244; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/online/showdocument?documentid=1fce937a-ba39-4053-a83a-f07711ad8efd&invitationid=82f3e840-cd11-4da4-8579-304bd7e930b0"; endswith; nocase; http.host; content:"digisigner.com"; classtype:attempted-recon; sid:200004245; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vszcwxk6nifthkg32wjxfjgq9yc-jjujkbsumqeeau8uw7xkcutyp0tbgux2mvwu8iqfrxxlunajob8/pub"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004246; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vt_xl-m0ff8yqqhzhgseahgwejo0znh9re6w0qvgbe0qfe084hrebjjg673htphdnvbcdnq6agehncq/pub?mobilelogin"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004247; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vth3iya0ov7p49rk9ejozgqnueuk8fna2mky389hertlwx4mnoyhl1mlhnwbz8sxnsqtk8i5uysmq68/pub?embedded=true"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004248; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vts9czxqycsgi-quifs7m1mqjzmlcjlccnhw3dsahdss5ymnpy6y0vsgwvf3piu6js22ydjyew1oyo_/pub?embedded=true"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004249; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/12467akksjbdxtns1aefg-fo9hlxamtxynf5brvbz5tc/viewform?edit_requested=true"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004250; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/1fpyjsolbptidxpf23lqom1jghfw7qrvbbbfxxi82pzg/viewform?edit_requested=true"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004251; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsc-xysogohjsbzmcnoded8ooar2gz1c5zxobgk8envh3jbpow/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004252; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsc0yyqlieizg0nzouznvhsjfags1h9qi5hpdw3qlgbivm501q/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004253; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsc4bagzjzmstbnjhy7zpy5zsx-xrn7reoouolv54luk5tihha/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004254; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsc8uc5aztlek3s6dqtk1etorhez5m2yvubyw5qmfkpisrelcq/viewform?usp=pp_url"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004255; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsc_enqwhhv1jnvzy55mb4ghvjd4wcz9plnolh2eoitk7qgbra/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004256; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsc_f0pxmnwzrtbck6u06fdzocmhgzvjzlc8cu7c9b456fhccq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004257; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscaoiohhbm7suyz9ol9o9ueunbxn6donxrfjge2cevdw_8jmw/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004258; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscc30j0zmjvz0ct-wi59yhnz9gimpj3snofe5vkbovmeykomg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004259; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscc98m5fw4ifog0zeiuquxitizmisrgsdvyxvtxsppunpkwzq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004260; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscclmqirehqtkm3vl4u9gm2zv6xfvrddbrgke9fmsfujqbboq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004261; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscd8t8sjgxqrsa6dq5kjpmrpsxkvi4bl38sfdu7wa3sl32elg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004262; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscda1to5ru4sjeeujg3ki2bimklprvsec6u43kpvhbfyhrldw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004263; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscda1to5ru4sjeeujg3ki2bimklprvsec6u43kpvhbfyhrldw/viewform?usp=sf_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004264; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscdct8mue2qq3syjr4tnntol30jfdk8vwpco6yjh7dxnq5nyg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004265; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscdct8mue2qq3syjr4tnntol30jfdk8vwpco6yjh7dxnq5nyg/viewform?usp=sf_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004266; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscdkcb2saiqfhtrh2inewegl56-jrv0e_ncfubvdmdprxpzfq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004267; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscdkcb2saiqfhtrh2inewegl56-jrv0e_ncfubvdmdprxpzfq/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004268; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsceoxsfawdsbd2r-jk2sppywnv1bchzjjcw2xkcj7oqkwqriw/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004269; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscf9u8nrld-zvu6clr4jcwnw0buqrykdldtzoullbxy8kc1ta/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004270; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscfh2njwrve6_rkxxy1yz83keoeekd4maqcnd-ivq7rkg0uca/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004271; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscfmdl3il-2rcplfeq-12jtre1mwsgbnmh2nhoj9xoflmplew/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004272; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscirilop6_iti0zvvrlsbk8zfaeo-f10otlhj9k5liyervk4g/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004273; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscjtat4fmstlxz3hbfkg4qyi-epfdmun7_avcqwvgscoydytw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004274; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscjvnhykksssaw-kycyrl6ywg_r3fdjuyqhk2mrmxcpgwfxoa/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004275; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscmzyecgbuuccfs_5e5axn9hpruzskqmvseedm0xz1qrqb5vg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004276; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscn6xxq_xvtivggy_4rkibou1i27e0kpiimikafpaavki1vsq/viewform?usp=send_form&usp=embed_facebook"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004277; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscphvypdecdasu-iqnvt4bvkiu5g1fioskjyfi9gk2z69cemq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004278; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscqbbsvkpxnasqgeazpzwxp1ln7qzdurt-nqn4azqa7q14euw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004279; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscrgopduxv2yg9memppi-dzfii70kq8hr8pi5zn9o_5amr3xa/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004280; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscrmsgjymaojts0bfneswvnfekiw6zya5rzyqoa1ydp5wkcrw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004281; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscuttypbph1iazuis8aa6xvrlmagwglmdcrrg8g2oymskvbva/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004282; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscuzwqncl3qs7cwfb7jlimpdueycxy0mv6zknp0uubdbkcu3w/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004283; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscvp9muuu33wgba4h5kugaleeh0onrqzug-b6n5aj5werrmaw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004284; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscvqmhqgwbubzxdynzgvlbmmziyagdiadz2eyhc-s-ro8ndfq/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004285; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscxgbsqs0_gphf4vziykyu_g5rgytw2s9fir3lyfar7kaixew/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004286; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscxgbsqs0_gphf4vziykyu_g5rgytw2s9fir3lyfar7kaixew/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004287; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlscz4uf8dtvwhgxggkzsbbhjcgu9npgc6agxpy5o2fwpo6tv5q/viewform?usp=sf_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004288; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsczp3nbsyvoj5-wf-7k4xshjczyxvdc-lc679urtbl_k-9x8q/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004289; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsd1x00gqusaavdvp5ualsrctsjb80y9oy7yln6wwani40srpw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004290; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsd1x00gqusaavdvp5ualsrctsjb80y9oy7yln6wwani40srpw/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004291; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsd3x6brnru3toiionptordwmc4zorxcky1ebpmeg6bb4jfuca/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004292; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsd7jgegqudsjg7blscqgfvdftyvlno6xreg6wjuxl0hnfbwtw/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;gxids=7628"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004293; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsd8_xzmknrntxwpeg8bvmvbbzmjsfgejo-vngsmyjx1dnidsg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004294; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsd8vkw5fxeroe_pxa7n5cdfpukhahbg_7k7sg0iuosh_xsyoa/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004295; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsd9poeb_wmgffgg8taw4z_np0kdbo32gr35k1zxizj7lcdela/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004296; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsd_c4wpt0zzouwt5lr9p5kn5cylz3ananv1hlix6u_h36w1rg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004297; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsda4flfi-1_gvwqnbb1dcxz_mb5omo9t2oc-vslzfgh6avrag/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004298; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdbgprbyowwcugqslasnoo-sbqcrgi6ppycsytvsw2_dwfeug/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004299; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdce9c1bqexlzlu9rojtuwtaatyeeshywbkmuiobrw_a-_mga/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004300; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdce9c1bqexlzlu9rojtuwtaatyeeshywbkmuiobrw_a-_mga/viewform?usp=pp_url"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004301; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdcznggxnwia2ct8kmxid1tdqhgerhnmixukxuj7nmq1lqsma/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004302; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdfarxg-0eurkyimsg-ukgl4mbtgvwfhe1wzbdxmb7oaosnyg/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004303; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdfyxb1kjjvkaiwbbpbgr0dfaq1xx2ehhzbxnt3adndssy1yw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004304; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdfyxb1kjjvkaiwbbpbgr0dfaq1xx2ehhzbxnt3adndssy1yw/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004305; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdgxybkn7btnmkuuyyoe0rlbw8kmdgbwejv6l52fjbm9vledg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004306; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdinjm_qvdbv3roybqi073rm1pujmrrs7lid7c3qk-4xwweew/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004307; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdlwgxgjcqz_53lnvyfaiibnkptndldhs4vd0c__6lufv81zq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004308; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdmsww4edj2yofwdenmvl3uvyibigishgajtsfa7chvcan0wg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004309; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdmsww4edj2yofwdenmvl3uvyibigishgajtsfa7chvcan0wg/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004310; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdnngh7an2vfxw1k7cotxcb24wwne2qcm3j5deelwsn676z2q/viewform?usp=pp_url"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004311; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdpetadtoy4qkid3frxtq_jkthudhyvm17bkmb8iqonismzvw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004312; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdvo-nueiprck-o5gw7-bnmsz9jvwlyspeqfhfr2g2osbsrba/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004313; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdvwkczn_rxvn1522z1mcojbs40ymrctyizpyuv72_0wbypgq/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004314; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdwbz5hapgqojwjyndeeyjxamg0wnaj3kolh3fb6xf4c-fxjw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004315; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdwbz5hapgqojwjyndeeyjxamg0wnaj3kolh3fb6xf4c-fxjw/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004316; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdxm-rwnv41p3wdcbtetukrctoakvuoe1h_uy8jgnxy7kldza/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004317; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdy1071rbhheyidjzo6fw5busqot5eunllw_thawo6udamfaq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004318; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdybqflfptobqslhflytic3g936bnojaljztk6ct1d5mjvnnw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004319; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdyygc4-s_a1dcdvcf9z9n1yhvz2dnehdr2aij-bcetxe2csg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004320; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsdzrubbm3nrqdzjs6q7phutjgmn-dm8zquphjg9ge31q7bdhg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004321; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlse3-zgmg83lctfks0egmambwonybkscrvxix--n1azwngkphg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004322; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlse5htthgifmniezokiypnjjhanvkvlehsrk9esgcpoauqutiw/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004323; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlse8ds15kxxdcrhfspcfrbvy6sbdhp0e4540zzmhhvzouewvka/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004324; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlse_mo9pzgdahzdgz0wctr7lm0cqm_zwos8ljc4cqgtvnqfmfq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004325; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseaoj1gseoc72inocx9jofb1nqgqm81_firdsookdvnd4fz3q/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004326; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsebpakzyvtprhygwe23jlsdieyoca0jtiyy-f68nqwofparww/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004327; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsebyedalhc7exqq5fljf8x1akbwz0h8l8ojbx5nx3go7bh3sa/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004328; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsebyedalhc7exqq5fljf8x1akbwz0h8l8ojbx5nx3go7bh3sa/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004329; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseck8-g3um70ihw-ajfait5whcec3qdowobizswz8_-et_jkq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004330; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsed7ckwpjf0hndj7zb3qtjmirtkv6pwcrmhplptuczapfmdew/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004331; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseerl98zqhhsjdo_vwhfzft3njmrw-es6isa689uqc2opalkg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004332; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsefdjhvlb8j4f16k5uewfckrm6sxun7mb8kmt6hnsw4twzb1a/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004333; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsefv5nkokmsxbkw84jsid2gwxxq8hhcvvajj-hjwl43irewza/viewform?vc=0&amp\;c=0&amp\;w=1"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004334; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseggxi9u9oxdijtvvfpdkom7-bau-dstzgnovfyndrhxtk_ew/viewform?fbzx=450838898210045776"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004335; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseht4cdltkad8967jjarcb5nafonbaw3dtpynth9mdk94hf-q/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004336; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseirld9oyigwxmec2bc-ax4yd-m-rhezlne00aminsjf0uteq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004337; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseja63wnjv6158neslzqwlnlui4yluhb0nlou-vx0ehpwkexg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004338; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsejavlqdkikylynqlg6p7kyfu4qnlyy31opnfttucuhgmek4a/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004339; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsekx9ewwwdcej4qewpnqgzq3bzhqogrop2ui9vxaeswphzyvq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004340; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsemwyrvcln1ql8uxd0dsiswveuehikz5hwalfeni7jjfaefmg/viewform?usp=sf_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004341; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseoz9zpmm0c0fjksklv-p1hsrwsuybmj6bvbd_fkewzzcv_ea/viewform?usp=pp_url"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004342; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsepe4jevfm3mjc-vndxuq_9wjpc7afrjadkxvp8czawh27cqg/viewform?usp=sf_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004343; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseq5h3-5stw3bwnpoi6g-gfwcgej7q82incdm01dd1lf182iq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004344; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseqdx2wgybdxlhascsuopq1xqsmwrxjf4erl_cpmvtt96dq_g/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004345; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlser-b6q--nvif2fj7nbn88dh8lj-s2yfbgjyuygwsacbhm6lw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004346; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsesuqyiwovf64ujl8ewzqpw-vq7_ljhh96vouros2rqn1vunw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004347; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseszgantjzuxgteg0dsiizzmadcwjbjqcsri5nidod2rd2_lg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004348; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlset42bzecl3yrdnnffv6f7kecxpd1sy4rbh3h3govwg1k1z1w/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004349; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlseumxp-wga1x873upqxmi_hx8nbbllh12zzmxia1xuqp2mgbq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004350; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsevpkt1byhl-oqjptw8wbecnm7-iqnax-mz8zd-mxp0fol3jg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004351; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsewr7-ksdpydhc1tv8tkcxrlad8zrf3q_uqt-rj9a_fmmzxya/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004352; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsewr7-ksdpydhc1tv8tkcxrlad8zrf3q_uqt-rj9a_fmmzxya/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004353; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsewymtg0_yxlw9-prz205ldklpt1q0_aklvlput4ndg_coetq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004354; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsf-exsf9vm0rleksdp46wa2dfca3dhphayf4tl4rktjvmgguw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004355; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsf32hx6ujsi_gqji38udpamxxxnhyrx8qhmqcqnteinj_0cmg/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004356; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsf43dgkrjoe0kbhyqzxvaswkmbstzlu6x-40xi-sxxgfevhww/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004357; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsf9wlt_kxvre3b2hhpi0hcx4zia83c9bbkabo4w15nfekvwuw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004358; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfacaqo8c7hsu7mr6zkbsfulv8m710ke2qna_7tyusomgmtjw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004359; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfacaqo8c7hsu7mr6zkbsfulv8m710ke2qna_7tyusomgmtjw/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004360; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfanborkr2ivrhpsjdnvnb-jktwkjbuub3wnsxb-md7haddsq/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004361; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfbu-bfa-om2nk21gbc1gbbeoy4veybh7qcrj8jw7nwthmh_w/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004362; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfeoy_w3jwkkz8psgsw4nrja9tmg2lx0x0nvtmv38k0hjzzmq/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004363; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfgrkvxsp4vv3h2jpge8n2rwi_acvt3o91y4av8-nbjpc0xxw/viewform?c=0&amp\;w=1"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004364; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfhzli805cycnlai887dfo6ra8bwbwjbc8uehmv5amiaqdbyq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004365; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfjpx-sxpejnp_q2fmfu0jy8oqoesrx9wbrqplcychw9luupa/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004366; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfjsgjhbjke-mlmni8cfg1tacz-hdpvmy5j2br9upjr1f7nda/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004367; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfjsgjhbjke-mlmni8cfg1tacz-hdpvmy5j2br9upjr1f7nda/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004368; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfk9fn6xlhju27dzlzxp6nzvjlaqbtzb3uf20uakw6ddguvnw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004369; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfk9fn6xlhju27dzlzxp6nzvjlaqbtzb3uf20uakw6ddguvnw/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004370; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfk9hpkld9-qwaxs8b0cpslaw2-oomu6bcwpxkmp-fo8kr3ew/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004371; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfksirdejkit-tdeiwrnkf00ygsqdsqth0hmwydiqdik10tna/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004372; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfnjyzbmw-pd1byw4b4opoksx2cealounsnhg5fjc3fk1qocq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004373; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfnlsbejsiacubkj2geltmn7slefoweeczuagp3jfmfkijg4a/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004374; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsforgq2zksc0soenei1m7xcow9surjrynoh6ppsku6_kxvdpw/viewform?usp=sf_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004375; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfp1eukgsktriyraz2csynqwfwtv6ehlnbszu69dbxz9lirtq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004376; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfp1eukgsktriyraz2csynqwfwtv6ehlnbszu69dbxz9lirtq/viewform?usp=send_form"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004377; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfpvmlfha5uwdz_4bnvq19l2mctpltose6aszym6w9ls0hxza/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004378; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfqpqpbuxrrc0ubvtbrr86nxa4pt68zft0bm_2ufdvt1tzvuw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004379; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfrzt6zpkhgtvzqutkypqtjffxaucn3evqpf6ytbqug3t41yw/viewform?usp=pp_urlorganization"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004380; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfsia_g4fb5yg_cu8fjuxcndbgqz1setzfedm0cw0eaonb57g/viewform?usp=sf_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004381; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsftriyys-rvphnbmh6v6lyimxjy3rpog8xvtb3v1agqhawiva/viewform?usp=sf_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004382; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfuzr1yx2exrzt3ysxszgcawjpp45t9gz3nqtkvhfqslxw_ig/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004383; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfvgwgijgampx2qfseard_pb2bcyonllojnjhrv9qxb8vpeva/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004384; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfvgwgijgampx2qfseard_pb2bcyonllojnjhrv9qxb8vpeva/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004385; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfvhavjlgw4__-x0qdg5tbot5uo9vkn4csn8mx3lpvkdah8ag/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004386; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfwbcfrxuktidm2ctjalngebxbx4k_dijxbekg2y-naausaqw/viewform?vc=0&amp\;c=0&amp\;w=1&amp\;flr=0&amp\;usp=mail_form_link"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004387; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfwdsuczwrih_wnciwh_qjpg1v5p-qk8zyjjoccpbhmyeygrq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004388; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfygwrauuzg0kcnd6w_s42qneyhqpha0zs1rift0akntmlugq/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004389; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/d/e/1faipqlsfzhyjvw1nn6bvqhbwmd3rcrm6gukuzir5u9tmsszmcrr8nyw/viewform"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004390; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/presentation/d/e/2pacx-1vrp2k-b45tcwcadgwzkulyaqrs1f9vfjs3y19o6fs_7p34ymzwuascr7lkuijhc83-o6fmsbbvehcf2/pub?start=false&amp\;loop=false&amp\;delayms=3000&amp\;slide=id.p"; endswith; nocase; http.host; content:"docs.google.com"; classtype:attempted-recon; sid:200004391; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/19zpw90jgon3j5merxi1pauvkjdmx8nfq/edit"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004392; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1bcdyitw2vo5jp6yrbdmiy8cfrkcf4tby/view?usp=drive_web"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004393; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1c5o9_y8_octsepwyojfarn1k-kj4d9fe"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004394; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1cppgzjnodnftsks_w82um_b_ctgzn-ah/edit"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004395; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1fdgs5g6fqqkudcl2meym63ua3yu0o-tb/view?usp=drive_web"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004396; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1fsvmjkcq7ennrsfdufkcxshfhnda_fui/view"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004397; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1ginbnlpvt7kpfnog9a68fqmn7k3aivui"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004398; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1hdvx7j89h5l7yz39idgzhqji93jnkl_c/view"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004399; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1jixb69t_nw9tmkhvfrejkfzof3d-ijet/view"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004400; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1jvfh6wq9ea9kxr1shhwbh3pecflqzppc/edit"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004401; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1mg5asnyoeet7qsg2n0d_2paxc3j7wx3k/edit"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004402; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1qf58h-1lunq1pubplwdhwd3uooj_vjxa/view"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004403; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/d/1robiosanbh8doqa7yuiewn3akz4094ho/edit"; endswith; nocase; http.host; content:"drive.google.com"; classtype:attempted-recon; sid:200004404; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/alldomain/domain/dmain/index.php?i=i&amp\;0=abuse@optusnet.com.au"; endswith; nocase; http.host; content:"ecomcrew.staging.wpengine.com"; classtype:attempted-recon; sid:200004405; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/angela_ure_ecusltd_co_uk/_layouts/15/wopiframe.aspx?guestaccesstoken=umwosbguhwaqic3hhtqfly7zjwf8oggrcn6d%2bggohoc%3d&docid=1_1956f6e254d71417a89981b2a1c8d0a99&wdformid=%7be61ca4f5-c461-425a-a52e-4598e7b699e5%7d&action=formsubmit&cid=4ab9a2a7-7cf4-43ae-8149-ffead8d66e7b"; endswith; nocase; http.host; content:"ecusltd-my.sharepoint.com"; classtype:attempted-recon; sid:200004406; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/marco_eeverywhere_com/_layouts/15/onedrive.aspx?id=/personal/marco_eeverywhere_com/documents/documents&amp\;originalpath=ahr0chm6ly9lzxzlcnl3agvyzs1tes5zagfyzxbvaw50lmnvbs86zjovcc9tyxjjby9fcwhvbeq1x3hltknorzbdmdvvmgjvvujoy1z3b25futjvejhtlwxqrg9svwvrp3j0aw1lpvduaunytfu4mlvn"; endswith; nocase; http.host; content:"eeverywhere-my.sharepoint.com"; classtype:attempted-recon; sid:200004407; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m&#61\;0"; endswith; nocase; http.host; content:"eleoelswka.blogspot.com"; classtype:attempted-recon; sid:200004408; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=t6t%2fhn1dkbyhlyx%2beimbazufa43rrgz6%2faaaewnocdi%3d&docid=1_18168db23429e45f29fdf2e7be120efc4&wdformid=%7bb9970f62%2d44c3%2d4d09%2d9929%2d6e1eb652da57%7d&action=formsubmit"; endswith; nocase; http.host; content:"ersfilter-my.sharepoint.com"; classtype:attempted-recon; sid:200004409; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=6ywmlbqi9%20sjfgzhadhvte2gyowjf83iqbjrjehik4s=&amp\;docid=1_135f7008dfbfa44e6b09dab0eb165b997&amp\;wdformid={e037f2d9-5daa-4916-ba03-eb11d0aa6dea}&amp\;action=formsubmit"; endswith; nocase; http.host; content:"ersfilter-my.sharepoint.com"; classtype:attempted-recon; sid:200004410; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/nradonich_ersfilter_com/_layouts/15/wopiframe.aspx?guestaccesstoken=6ywmlbqi9%2bsjfgzhadhvte2gyowjf83iqbjrjehik4s%3d&docid=1_135f7008dfbfa44e6b09dab0eb165b997&wdformid=%7be037f2d9%2d5daa%2d4916%2dba03%2deb11d0aa6dea%7d&action=formsubmit"; endswith; nocase; http.host; content:"ersfilter-my.sharepoint.com"; classtype:attempted-recon; sid:200004411; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/takesurvey?tt=/p9xlsw/pwa97qdwq8ubbg%3d%3d"; endswith; nocase; http.host; content:"eu.questionpro.com"; classtype:attempted-recon; sid:200004412; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t/ab3uufjzb3vk20"; endswith; nocase; http.host; content:"eu.questionpro.com"; classtype:attempted-recon; sid:200004413; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?fbclid=iwar3cu_8pblosqw-rwa7evcrs5jpl6zvzkou0qrf7vl9oqge4h2ctmcxrdyk"; endswith; nocase; http.host; content:"eurobankovnikredit.com"; classtype:attempted-recon; sid:200004414; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shard/s339/client/snv?noteguid=f48e12fd-48da-e57f-8e76-cdf6e4054e1d&amp\;notekey=02a9fa6bd051dc6b4581ee3b617b3f88&amp\;sn=https://www.evernote.com/shard/s339/sh/f48e12fd-48da-e57f-8e76-cdf6e4054e1d/02a9fa6bd051dc6b4581ee3b617b3f88&amp\;title=optus%20webmail"; endswith; nocase; http.host; content:"evernote.com"; classtype:attempted-recon; sid:200004415; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shard/s446/client/snv?noteguid=4dc119ab-57d6-b8e0-4fcb-c11c0a637b94&notekey=9ddb3753cb700b0c86a78176be71f4f5&sn=https%3a%2f%2fwww.evernote.com%2fshard%2fs446%2fsh%2f4dc119ab-57d6-b8e0-4fcb-c11c0a637b94%2f9ddb3753cb700b0c86a78176be71f4f5&title=you%2bhave%2breceived%2ban%2binvoice."; endswith; nocase; http.host; content:"evernote.com"; classtype:attempted-recon; sid:200004416; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shard/s446/sh/4dc119ab-57d6-b8e0-4fcb-c11c0a637b94/9ddb3753cb700b0c86a78176be71f4f5"; endswith; nocase; http.host; content:"evernote.com"; classtype:attempted-recon; sid:200004417; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/jameswaterston_everythingmobilelimited_onmicrosoft_com/_layouts/15/onedrive.aspx"; endswith; nocase; http.host; content:"everythingmobilelimited-my.sharepoint.com"; classtype:attempted-recon; sid:200004418; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/tim_hansen_excelelectrical_com/_layouts/15/onedrive.aspx?id=/personal/tim_hansen_excelelectrical_com/documents/open%20to%20view%20shared%20document%20in%20hitech%20sharepoint&amp\;originalpath=ahr0chm6ly9legnlbgvszwn0cmljywwwlw15lnnoyxjlcg9pbnquy29tlzpmoi9nl3blcnnvbmfsl3rpbv9oyw5zzw5fzxhjzwxlbgvjdhjpy2fsx2nvbs9fa2zoazdydndfaettvl9pwulkctdzmejlveeyr3awzwjnsdfkrgdjrfdfttznp3j0aw1lpunrvevzrwxcmlvn"; endswith; nocase; http.host; content:"excelelectrical0-my.sharepoint.com"; classtype:attempted-recon; sid:200004419; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r?us_privacy=&amp\;a=p-w_ayumw3pzr2w&amp\;labels=_qc.clk,_click.adserver.rtb,_click.rand.60541&amp\;rtbip=192.184.70.137&amp\;rtbdata2=eaaaiencvf9odwdnzxrzx1e0mjfftwfuywdlzf9tzxj2awnlimofncj-jtiws_b-ohnodhrwczovl3d3dy5syxcuy29twihbt0llsefpmvdcvwi0vmdxvi1julfbztjdullinvfzuuitwjdutjfpdu3bfukaayfd3aqeoaebqahv4fyeugeawahq-aniadv5u4til9obfllxavhtz0fpaghnqs1sufktuvntqkhlaarzydroawsyaviznracclocbmc4ronaagliagdqas7hhvv4n_fmqqhgagdoagd4agckaxywlnb1yi0xmjyxotkyndq0odazodc1mamaqamasgmejmh7angd_dgd4gmpcc13x0fzdu13m1baujj36gmfcngfefryawu5mjeymfgdaiaeayoedxf1yw50y2fzdc1xyzhybajvuw&amp\;redirecturl3=https://www.cbtnuggets.com/?utm_source=quantcast&amp\;utm_medium=prospecting&amp\;utm_campaign=general_us&amp\;utm_term=testimonial&amp\;qc_campaign=cbt_nuggets_q421_managed_service&amp\;qc_adid=2078771"; endswith; nocase; http.host; content:"exch.quantserve.com"; classtype:attempted-recon; sid:200004420; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/remote/mandate/4jya9anuerrpmikrph7-j5pl9nyz_uw1bc7q1vvmmhw"; endswith; nocase; http.host; content:"exchange4free.com"; classtype:attempted-recon; sid:200004421; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rrefeeieoj.html?erectrcsq@*cthiytvcdx$zsxycuikjmkjivee$terdtygjyvtrre"; endswith; nocase; http.host; content:"explorebathurst.com.au"; classtype:attempted-recon; sid:200004422; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gvrmpushnotification/nbproject/private/fbapps/melis/"; endswith; nocase; http.host; content:"fbapps.milestoneinternet.com"; classtype:attempted-recon; sid:200004423; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/customercare/_layouts/15/wopiframe.aspx?guestaccesstoken=ce%2fd5uzxeu8hlntd6e5v18nttv4whxgmlwyudt4igom%3d&docid=1_1eb5df03726a240859b223a44b8b16724&wdformid=%7bb8008e00-21bc-4a4a-91dc-1e1b63610c96%7d&action=formsubmit&cid=c766f7bd-9562-4c9e-a9b0-75cf38b33e48"; endswith; nocase; http.host; content:"fclighting.sharepoint.com"; classtype:attempted-recon; sid:200004424; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/investorway"; endswith; nocase; http.host; content:"feeds.feedburner.com"; classtype:attempted-recon; sid:200004425; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//?m=0"; endswith; nocase; http.host; content:"ferferfccezs.blogspot.com"; classtype:attempted-recon; sid:200004426; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"ferferfrefe.blogspot.com"; classtype:attempted-recon; sid:200004427; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jelxwqrcrvhj&amp\;ijosing&amp\;kontakt@wmb-walther.de.html"; endswith; nocase; http.host; content:"fifit.co.uk"; classtype:attempted-recon; sid:200004428; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f/75h75hd7v"; endswith; nocase; http.host; content:"files.fm"; classtype:attempted-recon; sid:200004429; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/biyugbhiuhgy7o900-h9oh98h9-987.appspot.com/o/vnmbvuyt8-8y98yh0%3d890y8iuh9yyh%2f5rtyfghtfyu67-9876trfc%3d9ygv.htm?alt=media&amp\;token=dce6f041-19ff-4e8a-8012-1cfdac4cf369#bv@pplsi.com"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004430; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/dr-clin-c4f68.appspot.com/o/drweb.html?alt=media&amp\;token=09293ba9-0738-41ea-9cf3-67cb43af2b88&amp\;x=famacas-cfa0appspotappspotmacas-macas-vfwefsaxsppspotcfa0ps&amp\;prox=p2000isolation@aaa.kr"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004431; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/dr-clin-c4f68.appspot.com/o/drweb.html?alt=media&amp\;token=09293ba9-0738-41ea-9cf3-67cb43af2b88&amp\;x=famacas-cfa0appspotappspotmacas-macas-vfwefsaxsppspotcfa0ps&amp\;prox=yourname@yourcompany.com"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004432; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/goo2-ac630.appspot.com/o/goo%20(2).html?alt=media&amp\;token=2d1281a2-3364-420f-a3b5-c693b7bda1f2#a@b.com"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004433; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/macryti-109.appspot.com/o/kp-oe0%2fbtt-hash.html?alt=media&amp\;token=02abe8bd-5141-4b5a-a7d4-08120e5f43dd#choiteng@motenghaiplc.com"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004434; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/ntachi-e1dbe.appspot.com/o/hgigieiciejceinhviejrie95489349%20(19).html?alt=media&amp\;token=5901e369-e71e-416b-9688-b21c62e31587#m.couvee@colasit.nl"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004435; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/odrv-3c4a4.appspot.com/o/index1.html?alt=media&amp\;token=11958c2a-34a6-4ed1-a1b5-081ec066cb95&amp\;data=zxzhbi5ncmvzagftqg1py2hlbglulmnvbq=="; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004436; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/outlook-4c0f2.appspot.com/o/books%2fwebmail.htm?alt=media&amp\;token=216401d2-aba7-42f4-8fd5-9b672cade830#abuse@optusnet.com.au"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004437; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/outlook-4c0f2.appspot.com/o/books%2fwebmail.htm?alt=media&amp\;token=216401d2-aba7-42f4-8fd5-9b672cade830#tiekimas@tidlo.lt"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004438; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/rei-rezuio-rexire-565.appspot.com/o/%40%40%40indexv-vb-vau-ry-8%252fbv-yu-er-8f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%20-%20copy.html?alt=media&amp\;token=da92acdd-870d-4049-b9ac-f0d373777f06#info@legalshield.com"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004439; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/rei-rezuio-rexire-565.appspot.com/o/%40%40%40indexv-vb-vau-ry-8%252fbv-yu-er-8f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%2525252f%25252525%20-%20copy.html?alt=media&amp\;token=da92acdd-870d-4049-b9ac-f0d373777f06#support@legalshieldcorp.com"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004440; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/rned-a824v.appspot.com/o/gen%252findex2oli.html?alt=media&amp\;token=828c2259-c86f-442e-91a0-8d43a1fe7d8b#abuse@optusnet.com.au"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004441; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/tei-neriou-reuix-678.appspot.com/o/%40%40%40indexv-vb-veu-ry-8%25433%2569.html?alt=media&amp\;token=6b0a9c43-8711-491b-9f40-50ad280ffb32#ggradnigo@prepaidlegal.com"; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; classtype:attempted-recon; sid:200004442; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mc.html"; endswith; nocase; http.host; content:"flavena.co.rs"; classtype:attempted-recon; sid:200004443; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btinternetwebmail"; endswith; nocase; http.host; content:"flow.page"; classtype:attempted-recon; sid:200004444; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bttelecoommunication"; endswith; nocase; http.host; content:"flow.page"; classtype:attempted-recon; sid:200004445; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hdhdhdeue"; endswith; nocase; http.host; content:"flow.page"; classtype:attempted-recon; sid:200004446; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hjbsvjhfb"; endswith; nocase; http.host; content:"flow.page"; classtype:attempted-recon; sid:200004447; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jhgcfghj"; endswith; nocase; http.host; content:"flow.page"; classtype:attempted-recon; sid:200004448; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mnkpo"; endswith; nocase; http.host; content:"flow.page"; classtype:attempted-recon; sid:200004449; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nicszdbaiodi"; endswith; nocase; http.host; content:"flow.page"; classtype:attempted-recon; sid:200004450; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p/vf7vfv9ky?fc=0"; endswith; nocase; http.host; content:"flowcode.com"; classtype:attempted-recon; sid:200004451; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/page/btinternetwebmail"; endswith; nocase; http.host; content:"flowcode.com"; classtype:attempted-recon; sid:200004452; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/page/btisojtuf"; endswith; nocase; http.host; content:"flowcode.com"; classtype:attempted-recon; sid:200004453; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/page/bttelecommunicaation"; endswith; nocase; http.host; content:"flowcode.com"; classtype:attempted-recon; sid:200004454; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/page/bttelecoommunication"; endswith; nocase; http.host; content:"flowcode.com"; classtype:attempted-recon; sid:200004455; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/page/hjbsvjhfb"; endswith; nocase; http.host; content:"flowcode.com"; classtype:attempted-recon; sid:200004456; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/page/jhgcfghj"; endswith; nocase; http.host; content:"flowcode.com"; classtype:attempted-recon; sid:200004457; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/page/mnkpo"; endswith; nocase; http.host; content:"flowcode.com"; classtype:attempted-recon; sid:200004458; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1mqqu8exzgpptqpl8"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004459; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3cyoxmwxqkbfpt2v5"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004460; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8epxhwdapiab7mfw7"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004461; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9bwawhpz5vi7ilpe6"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004462; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akohiguxjs9wlpu28?sllqm"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004463; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b7lqaal42juffiw1a"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004464; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bfz2l7i3wvrp5heb9"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004465; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dncj4btc56n1n71n8"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004466; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edtu6r7rqxqyegcf6"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004467; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/egj66jkgwkcd3aat8"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004468; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eozlrnnf7jh84xdp8"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004469; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fzlons3fgnjdqdd19?omgbfzrazhlppbtx"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004470; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goerpntl5tfeumdz6"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004471; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gr4b9sxradtcj7or7"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004472; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guptjarp2xatzbvo8"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004473; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iai7pzm4pxyb145i9"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004474; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jnkkauxwwbfhtuqz9?hkgotygikyoujp"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004475; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jzxtb9auexgjcewfa"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004476; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kehch96avaku7oey7?akowgmooutpwa"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004477; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nvljeb1quzaovd8u5"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004478; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/puadbxscibgw5ma79?xfccuwmmhgwrwztd"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004479; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qhwastfqxg1yehi77"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004480; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qzopkn9aj2gzaw2g6"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004481; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruaxzqjjzghi8rar9"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004482; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rwpcmhm8vtfa7f4m8"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004483; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sj21ehdebhkcpvfv6"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004484; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smufgmyhduckbq6ka?fjxhgyroek"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004485; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uqzzznxv4cfhu3yr9"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004486; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v5xtnywt5s6zvpp27"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004487; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v7k2chwbcca59vz27"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004488; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w6uh9p66tdq6l1m66"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004489; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x3aasffazsrl8pcr9"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004490; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x8hybjggubfftabw8"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004491; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xxccjhuzjtg4pr3y8"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004492; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xxjqmu6luzkpnalg6"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004493; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yfxkceytox2zuyvb6"; endswith; nocase; http.host; content:"forms.gle"; classtype:attempted-recon; sid:200004494; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pages/responsepage.aspx?id=60hhzfbtoe-qdzpnyrluyo-ivxb0mexgqufvg5tcyifunzg5uknzne1irjzvt1y3slewrepwnflmvs4u"; endswith; nocase; http.host; content:"forms.office.com"; classtype:attempted-recon; sid:200004495; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pages/responsepage.aspx?id=dqsikwdsw0yxejajblztrqaaaaaaaaaaaao__tdasqlurfrqmjzxneyxn0g3vexutfvzq0mztu9fms4u"; endswith; nocase; http.host; content:"forms.office.com"; classtype:attempted-recon; sid:200004496; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pages/responsepage.aspx?id=dqsikwdsw0yxejajblztrqaaaaaaaaaaaao__thg5xvuodnbwtvytzhwwdnctknvovo4tldctexmvi4u"; endswith; nocase; http.host; content:"forms.office.com"; classtype:attempted-recon; sid:200004497; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pages/responsepage.aspx?id=jrbxvx3x9keewcq72hm6fnkqekonandcsjd9av060h5urepumvvgmks2te41rfewmlletulvufnuqy4u"; endswith; nocase; http.host; content:"forms.office.com"; classtype:attempted-recon; sid:200004498; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmaingt/server.html"; endswith; nocase; http.host; content:"fra1.digitaloceanspaces.com"; classtype:attempted-recon; sid:200004499; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m&#61\;0"; endswith; nocase; http.host; content:"frdezeredaresafin.blogspot.com"; classtype:attempted-recon; sid:200004500; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"fredsamasont.blogspot.com"; classtype:attempted-recon; sid:200004501; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fewn4zq5fegh6bf3qpasy44v&amp\;persistence=1&amp\;checksum=3d7975c121a1d514f1b3a9facb177a78f25e1326da6497ae9cf35e33ba436119"; endswith; nocase; http.host; content:"go.skimresources.com"; classtype:attempted-recon; sid:200004502; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fewn4zx501vbg1xj6vr2hk10&amp\;persistence=1&amp\;checksum=fc555be29c86e6e13177069b7632770b2cb9f30b36d229624f37be1cb2475704"; endswith; nocase; http.host; content:"go.skimresources.com"; classtype:attempted-recon; sid:200004503; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fexfpq10qje7acrftnz6v4zb&amp\;persistence=1&amp\;checksum=5916a09fb5c03e4187a58ae7221dbc20e8568b5840df4b6f3eb57227975bd2ce"; endswith; nocase; http.host; content:"go.skimresources.com"; classtype:attempted-recon; sid:200004504; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fey1pewqgha9bqebgbvwe95n&amp\;persistence=1&amp\;checksum=3fefba73b68799e5152bf7031ce8a7b1a300456243ee123a27f6efca31d9f055"; endswith; nocase; http.host; content:"go.skimresources.com"; classtype:attempted-recon; sid:200004505; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fez46yyrvh6f0bbehn8h419h&amp\;persistence=1&amp\;checksum=069f46345ac935567ad562a3d64a332066064c97f8feae803d555f9cc820c561"; endswith; nocase; http.host; content:"go.skimresources.com"; classtype:attempted-recon; sid:200004506; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01fezncfbjbj86yneatjn0qvt4&amp\;persistence=1&amp\;checksum=8142350e161acc6cb246be1d05d596973a1d3ac50af1f3594ee9ea462c87a4ef"; endswith; nocase; http.host; content:"go.skimresources.com"; classtype:attempted-recon; sid:200004507; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01ff06m6n2q43m6zcaqrh8xpm2&amp\;persistence=1&amp\;checksum=26e140f8abae23dd0c8dd547390a4deb9fc54b1acf3539d8aa44fb19e04902ef"; endswith; nocase; http.host; content:"go.skimresources.com"; classtype:attempted-recon; sid:200004508; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp\;test=off&amp\;id=355x561&amp\;url=https://www.paypal.com/shopping/&amp\;xguid=01ff0qxy635yfpkrdaxav47j5k&amp\;persistence=1&amp\;checksum=cb2e0f7328d6ffea0e15a24046095a0bb98d27d4488e822bea4b181763f2eb0b"; endswith; nocase; http.host; content:"go.skimresources.com"; classtype:attempted-recon; sid:200004509; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/url?q=http%3a%2f%2fbit.do%2ffr6ci&sa=d&sntz=1&usg=afqjcne7joz-iz-adrzkrxcihj8t9fs9qw"; endswith; nocase; http.host; content:"google.com"; classtype:attempted-recon; sid:200004510; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/url?q=http%3a%2f%2fbit.do%2ffsgjq&amp\;sa=d&amp\;sntz=1&amp\;usg=afqjcngvqc30z-4hiaizv03gpwblwu3vnw"; endswith; nocase; http.host; content:"google.com"; classtype:attempted-recon; sid:200004511; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/url?q=http://srv-auth.web.app/upd/index.html%23%5b%5b-email-%5d%5d&amp\;source=gmail&amp\;ust=1607952068298000&amp\;usg=afqjcnet34jepejaewvja8unv7ycds1vjg"; endswith; nocase; http.host; content:"google.com"; classtype:attempted-recon; sid:200004512; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/url?q=https://393512dfd8544c98be9a40f2f67df8bd.svc.dynamics.com/t/r/a7uua5shyiplufx4zj7f6u2clgtguiagoxngfoio4am?clientid%3d70000%23%5bemail%5d%2b00-70000&amp\;source=gmail&amp\;ust=1636719774661000&amp\;usg=aovvaw2fsk8htfwhsfqapvbu674n"; endswith; nocase; http.host; content:"google.com"; classtype:attempted-recon; sid:200004513; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/url?q=https://passionfruit4576261.brizy.site/&amp\;source=gmail&amp\;ust=1608664764243000&amp\;usg=afqjcnghljnr1tyn8j4c1ijid09ra9ehdq"; endswith; nocase; http.host; content:"google.com"; classtype:attempted-recon; sid:200004514; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/url?q=https://us4-usndr.com/ru/mail_link_tracker?hash%3d6k5ar5ciusdx1q1tdgm8atcrexmonyy3xdfiogu7zr6gb6gtthpqk7fm8tz4gzkjftg9oouu31eqdro67dtgwnn5x1p3ziiieq8rykja%26url%3dahr0chm6ly90lm1ll2fhegnvbw11bml0eq~~%26uid%3dndmwndy3nw~~%26ucs%3dd93ed45d47070739243d9b678dd03e93&amp\;source=gmail&amp\;ust=1607288611770000&amp\;usg=afqjcngo5kdwx08p-bg6mzdtluzdjhtzxw"; endswith; nocase; http.host; content:"google.com"; classtype:attempted-recon; sid:200004515; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fp?u=https://tinyurl.com/32xz989f&grqid=zbk35vud&s=1&hl=id-id"; endswith; nocase; http.host; content:"googleweblight.com"; classtype:attempted-recon; sid:200004516; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i?u=a894ec7f.46t33454t4.pages.dev?user=masoli@legalshieldassociate.com"; endswith; nocase; http.host; content:"googleweblight.com"; classtype:attempted-recon; sid:200004517; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i?u=b4e921f0.sso-mailsrvr-4344e5teed.pages.dev?user=abuse@gmail.com"; endswith; nocase; http.host; content:"googleweblight.com"; classtype:attempted-recon; sid:200004518; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/tspencer_gormanusa_com/_layouts/15/wopiframe.aspx?guestaccesstoken=wgfwcmmssvdsofa7ljviwaj85tleclug2xbvoqwlmp0%3d&amp\;docid=1_12424441d8c29412bb868684e5cb74e47&amp\;wdformid=%7b992e319a%2dbe72%2d460b%2db6b4%2d2d3fcf789fc5%7d&amp\;action=formsubmit"; endswith; nocase; http.host; content:"gormanusa-my.sharepoint.com"; classtype:attempted-recon; sid:200004519; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/out/408?jobid=29207&u=princed.de?id=8400239909"; endswith; nocase; http.host; content:"gradcracker.com"; classtype:attempted-recon; sid:200004520; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2021/12/hafslund.html"; endswith; nocase; http.host; content:"hafslundno.blogspot.com"; classtype:attempted-recon; sid:200004521; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1kzic"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004522; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4ds15"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004523; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6qnhc"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004524; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dghpp"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004525; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f1itl"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004526; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fmjiu"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004527; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g9yl5"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004528; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i51rh"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004529; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lmiyt"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004530; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m8ikv"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004531; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o0ugq"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004532; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ta0lq"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004533; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ue2ho"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004534; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urq2m"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004535; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vfywl"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004536; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w27iz"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004537; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xegru"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004538; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zlbow"; endswith; nocase; http.host; content:"han.gl"; classtype:attempted-recon; sid:200004539; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2021/12/window.html"; endswith; nocase; http.host; content:"hangovertest1.blogspot.com"; classtype:attempted-recon; sid:200004540; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yuhgbfvdfvbtytrvdfbgt.html"; endswith; nocase; http.host; content:"heaterintwintersz.ams3.digitaloceanspaces.com"; classtype:attempted-recon; sid:200004541; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mz4yho"; endswith; nocase; http.host; content:"hm.ru"; classtype:attempted-recon; sid:200004542; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zeland.html"; endswith; nocase; http.host; content:"homeentertainmentexpo.com"; classtype:attempted-recon; sid:200004543; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/themes/engines/ira.xml"; endswith; nocase; http.host; content:"house18.info"; classtype:attempted-recon; sid:200004544; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?https://trimurl.co/0wsx7z"; endswith; nocase; http.host; content:"href.li"; classtype:attempted-recon; sid:200004545; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?https://www.rkat2.2r-p.xyz/"; endswith; nocase; http.host; content:"href.li"; classtype:attempted-recon; sid:200004546; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?https://ykm.de/f4b990c239777330"; endswith; nocase; http.host; content:"href.li"; classtype:attempted-recon; sid:200004547; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//ykm.de/f4b990c239777330"; endswith; nocase; http.host; content:"href.li?https:"; classtype:attempted-recon; sid:200004548; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgav30ruohf"; endswith; nocase; http.host; content:"ht.ly"; classtype:attempted-recon; sid:200004549; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shoh30rwmdj?10/13/2021"; endswith; nocase; http.host; content:"ht.ly"; classtype:attempted-recon; sid:200004550; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ebuse/servic"; endswith; nocase; http.host; content:"i-m.mx"; classtype:attempted-recon; sid:200004551; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webaccountupdate/stockholmsuniversitet/"; endswith; nocase; http.host; content:"i-m.mx"; classtype:attempted-recon; sid:200004552; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mdkea5ckpozm/click-here-to-start"; endswith; nocase; http.host; content:"ifyufyujk.quip.com"; classtype:attempted-recon; sid:200004553; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/pginet_groupe-igs_fr/_layouts/15/wopiframe.aspx?guestaccesstoken=o1ljzjnq70g8yg6w%2fce3ec9zu3%2bg6ck6ibkmhwt3wl0%3d&amp\;docid=1_1c2a91e87cc7a4ffb85611d8ebf31f653&amp\;wdformid=%7bcdf56303%2d9250%2d4cf1%2d8370%2db3f9a84cd714%7d&amp\;action=formsubmit"; endswith; nocase; http.host; content:"igsasso-my.sharepoint.com"; classtype:attempted-recon; sid:200004554; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/free/4t6u/bt"; endswith; nocase; http.host; content:"im-creator.com"; classtype:attempted-recon; sid:200004555; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/free/kennymoore12/btinternet"; endswith; nocase; http.host; content:"im-creator.com"; classtype:attempted-recon; sid:200004556; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/free/kfouo/btcommmms"; endswith; nocase; http.host; content:"im-creator.com"; classtype:attempted-recon; sid:200004557; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/free/msw0rd/att_word"; endswith; nocase; http.host; content:"im-creator.com"; classtype:attempted-recon; sid:200004558; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/viewer/vbid-fa0f29d5-fpsjmms8"; endswith; nocase; http.host; content:"im-creator.com"; classtype:attempted-recon; sid:200004559; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/survey/27415/source=39-4621"; endswith; nocase; http.host; content:"imagematch300.com"; classtype:attempted-recon; sid:200004560; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/viewer/vbid-fa0f29d5-fpsjmms8"; endswith; nocase; http.host; content:"imcreator.com"; classtype:attempted-recon; sid:200004561; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/appmanager/renouvellement-automatique-obligatoire/ovh/managerweb-ovhdepartmenttechniqueovh/web.index.html5400configuration_hosting_database/web-ovh/vh/?user-agent=mozilla/5.0+(windows+nt+10.0\;+win64\;+x64)+applewebkit/537.36+(khtml,+like+gecko)+chrome/86.0.4240.75+safari/537.36"; endswith; nocase; http.host; content:"improvproject.com"; classtype:attempted-recon; sid:200004562; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/free/emailupdatee/owaweb"; endswith; nocase; http.host; content:"imxprs.com"; classtype:attempted-recon; sid:200004563; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/free/outlookwebaccessupgrade/outlookwebaccessupgrade"; endswith; nocase; http.host; content:"imxprs.com"; classtype:attempted-recon; sid:200004564; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/free/webmaiil/accounttportal"; endswith; nocase; http.host; content:"imxprs.com"; classtype:attempted-recon; sid:200004565; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/maint/?hash=a2fyaw5hywxtzwlkyxjpymvpcm9aag90bwfpbc5jb20="; endswith; nocase; http.host; content:"insurance2019.moneynet.com.tw"; classtype:attempted-recon; sid:200004566; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/areawebmps"; endswith; nocase; http.host; content:"is.gd"; classtype:attempted-recon; sid:200004567; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clnhxv"; endswith; nocase; http.host; content:"is.gd"; classtype:attempted-recon; sid:200004568; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f0iqhg?trackingid=lxyqpvnl&signature=newsletter"; endswith; nocase; http.host; content:"is.gd"; classtype:attempted-recon; sid:200004569; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t1xeia"; endswith; nocase; http.host; content:"is.gd"; classtype:attempted-recon; sid:200004570; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3arx6oo"; endswith; nocase; http.host; content:"j.mp"; classtype:attempted-recon; sid:200004571; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3gydg8x?/supporrecovery"; endswith; nocase; http.host; content:"j.mp"; classtype:attempted-recon; sid:200004572; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3i22f5g?jnlope"; endswith; nocase; http.host; content:"j.mp"; classtype:attempted-recon; sid:200004573; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3kkkf0n"; endswith; nocase; http.host; content:"j.mp"; classtype:attempted-recon; sid:200004574; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/65g2g"; endswith; nocase; http.host; content:"jtbtigers.com"; classtype:attempted-recon; sid:200004575; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/jdonahue_k12_com/_layouts/15/wopiframe.aspx?guestaccesstoken=jxndynkzmynao0nofzmhz4t%2fk%2br%2fg7qir2agrjo42ha%3d&docid=1_12252b23331654ef4bf8ef978a8eb83ee&wdformid=%7b2711d93c%2d7591%2d4baa%2db377%2dcf40ba8c7343%7d&action=formsubmit"; endswith; nocase; http.host; content:"k12inc-my.sharepoint.com"; classtype:attempted-recon; sid:200004576; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c07czi"; endswith; nocase; http.host; content:"kutt.it"; classtype:attempted-recon; sid:200004577; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l3leph"; endswith; nocase; http.host; content:"kutt.it"; classtype:attempted-recon; sid:200004578; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l?u=https://claimthirdpaymnet.page.link/mvfa?trackingid=4rcleqvo&signature=newsletter"; endswith; nocase; http.host; content:"l.wl.co"; classtype:attempted-recon; sid:200004579; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l?u=https://claimthirdpaymnet.page.link/mvfa?trackingid=xx6dnmzz&signature=newsletter"; endswith; nocase; http.host; content:"l.wl.co"; classtype:attempted-recon; sid:200004580; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l?u=https://is.gd/f0iqhg?trackingid=kzg8g3od&signature=newsletter"; endswith; nocase; http.host; content:"l.wl.co"; classtype:attempted-recon; sid:200004581; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l?u=https://is.gd/vohpj6?trackingid=rt6fxwgl&signature=newsletter"; endswith; nocase; http.host; content:"l.wl.co"; classtype:attempted-recon; sid:200004582; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l?u=https://parg.co/bewg?trackingid=egqfrhlp&signature=newsletter"; endswith; nocase; http.host; content:"l.wl.co"; classtype:attempted-recon; sid:200004583; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l?u=https://submit.irs.completeyourdata.info/?claim"; endswith; nocase; http.host; content:"l.wl.co"; classtype:attempted-recon; sid:200004584; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=cvhzehjl&signature=newsletter"; endswith; nocase; http.host; content:"l.wl.co"; classtype:attempted-recon; sid:200004585; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=nwb0pxlg&signature=newsletter"; endswith; nocase; http.host; content:"l.wl.co"; classtype:attempted-recon; sid:200004586; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l?u=https://xcvdsd.page.link/zi7x?trackingid=wqdypvka&signature=newsletter"; endswith; nocase; http.host; content:"l.wl.co"; classtype:attempted-recon; sid:200004587; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/match_login/match.com/match/login1876.html"; endswith; nocase; http.host; content:"lifeiswhatyoumakeofit.com"; classtype:attempted-recon; sid:200004588; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fqg9x"; endswith; nocase; http.host; content:"lihi1.cc"; classtype:attempted-recon; sid:200004589; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uh2xv"; endswith; nocase; http.host; content:"lihi1.cc"; classtype:attempted-recon; sid:200004590; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slink?code=ek5cbk8g"; endswith; nocase; http.host; content:"linkedin.com"; classtype:attempted-recon; sid:200004591; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/url?a=https://u25098085.ct.sendgrid.net/ls/click?upn=4o0yybebwwobmwye6nfxf74k9v8ctniui1j2zge2nz95e9lyg4bkzyeqhmb7dtwcz7ioun-2bn1j8mpzi-2fpiiskt0bhpz08nwukegu0uqqki2h1s5yghctgcifqu-2bw1xclixrd_0qvnbxqwscekttpgl5skkts6yu-2batmdqkyh3bke4v1frfd55qka72zddyevzyat2nxv1k3yz6k8mwivrnsgvysy0wagfn8g5lfrsekexaptnpwfu0cediip-2bx7vwnyo9s20tqt2-2bj-2bvkbnfrh9uuad9j9stqo-2bcbol-2fjxsacxht5mztqgwx1c5d6x4fkpu32hmnetd1eimxhhfmzkxiukogw4aalovfcjsym0u8gjpy-3d&amp\;c=e,1,2vluk9dfc0eb8l7-rios2j4nvvlmg8fu0rs0_haoaqpf_7ary6vt_oiimum26g-03mgzmsvdmzlfwohfhlogn3z77jluyi415qw9iw3dptggs_9sfqsq4a,,&amp\;typo=1"; endswith; nocase; http.host; content:"linkprotect.cudasvc.com"; classtype:attempted-recon; sid:200004592; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2oj172"; endswith; nocase; http.host; content:"linkr.bio"; classtype:attempted-recon; sid:200004593; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5254ov"; endswith; nocase; http.host; content:"linkr.bio"; classtype:attempted-recon; sid:200004594; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9o5vz8"; endswith; nocase; http.host; content:"linkr.bio"; classtype:attempted-recon; sid:200004595; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attservice365"; endswith; nocase; http.host; content:"linkr.bio"; classtype:attempted-recon; sid:200004596; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bt.home"; endswith; nocase; http.host; content:"linkr.bio"; classtype:attempted-recon; sid:200004597; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btinternet"; endswith; nocase; http.host; content:"linkr.bio"; classtype:attempted-recon; sid:200004598; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w1vl9o"; endswith; nocase; http.host; content:"linkr.bio"; classtype:attempted-recon; sid:200004599; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attmailserver"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004600; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attonlineservice"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004601; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attverificationpro"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004602; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btelop"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004603; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btinternettt"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004604; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d.emery1"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004605; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dannygeez"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004606; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/feetesuqshailhkaia"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004607; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftggtgrtt"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004608; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keedkudi"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004609; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mobicomgb"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004610; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nbvkl"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004611; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plkjh"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004612; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pubgxmetrodus"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004613; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/savermail.yahoo"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004614; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/service.orange"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004615; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teccalicious"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004616; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yah00nccx"; endswith; nocase; http.host; content:"linktr.ee"; classtype:attempted-recon; sid:200004617; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/czarina-cabalza_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=bcxwl3a7ttskgw2polh3cucg2dfe77pbj2gkmixkizs%3d&docid=1_1b87bddf46e1144efadb39c587acdadae&wdformid=%7b5b4e96cf%2d1bcd%2d468f%2da845%2d09b4d8027bc2%7d&action=formsubmit"; endswith; nocase; http.host; content:"livenmitac-my.sharepoint.com"; classtype:attempted-recon; sid:200004618; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/czarina-cabalza_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=bcxwl3a7ttskgw2polh3cucg2dfe77pbj2gkmixkizs=&amp\;docid=1_1b87bddf46e1144efadb39c587acdadae&amp\;wdformid={5b4e96cf-1bcd-468f-a845-09b4d8027bc2}&amp\;action=formsubmit"; endswith; nocase; http.host; content:"livenmitac-my.sharepoint.com"; classtype:attempted-recon; sid:200004619; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/czarina-cabalza_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=fnyckzjagh3z%2bl1cadcdqxot6rfyhmeonulx7ksc7pq%3d&docid=1_15129478f60da40db8395b5675832ef56&wdformid=%7b000c8ab1%2dcbc8%2d44e3%2dac19%2d0015f01b771e%7d&action=formsubmit"; endswith; nocase; http.host; content:"livenmitac-my.sharepoint.com"; classtype:attempted-recon; sid:200004620; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/hannah-daly_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=ia5uzzon3iviku4f3pxemyhhabfwkpdjirpftfear%2fk%3d&docid=1_169208e425ed84fea9fd294a6886d67e9&wdformid=%7b06255f86%2d4bf9%2d4ee8%2dbd7e%2dfef81913a79b%7d&action=formsubmit"; endswith; nocase; http.host; content:"livenmitac-my.sharepoint.com"; classtype:attempted-recon; sid:200004621; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/hannah-daly_live_nmit_ac_nz/_layouts/15/wopiframe.aspx?guestaccesstoken=ia5uzzon3iviku4f3pxemyhhabfwkpdjirpftfear/k=&amp\;docid=1_169208e425ed84fea9fd294a6886d67e9&amp\;wdformid={06255f86-4bf9-4ee8-bd7e-fef81913a79b}&amp\;action=formsubmit"; endswith; nocase; http.host; content:"livenmitac-my.sharepoint.com"; classtype:attempted-recon; sid:200004622; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d8ruzprc"; endswith; nocase; http.host; content:"lnkd.in"; classtype:attempted-recon; sid:200004623; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/di6hueus"; endswith; nocase; http.host; content:"lnkd.in"; classtype:attempted-recon; sid:200004624; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dn4fff29"; endswith; nocase; http.host; content:"lnkd.in"; classtype:attempted-recon; sid:200004625; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edxjbzfy"; endswith; nocase; http.host; content:"lnkd.in"; classtype:attempted-recon; sid:200004626; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emruebe2"; endswith; nocase; http.host; content:"lnkd.in"; classtype:attempted-recon; sid:200004627; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eqjcnf2u"; endswith; nocase; http.host; content:"lnkd.in"; classtype:attempted-recon; sid:200004628; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gib6fpsz"; endswith; nocase; http.host; content:"lnkd.in"; classtype:attempted-recon; sid:200004629; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/home/?6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d"; endswith; nocase; http.host; content:"login.xfinity.meculinkvolt.com"; classtype:attempted-recon; sid:200004630; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2021/02/blog-post.html"; endswith; nocase; http.host; content:"magyarpoosta.blogspot.com"; classtype:attempted-recon; sid:200004631; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forms/forms/form1.html"; endswith; nocase; http.host; content:"mail.hfcfit.com"; classtype:attempted-recon; sid:200004632; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/179.32.144.1585349/sucursalpersonas.transaccionesbancolombia.com/mua"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004633; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/179.32.144.1585349/sucursalpersonas.transaccionesbancolombia.com/mua/"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004634; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/181.143.31.2028037/sucursalpersonas.transaccionesbancolombia.com/mua"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004635; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/181.143.31.2028037/sucursalpersonas.transaccionesbancolombia.com/mua/"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004636; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/186.154.25.1064023/sucursalpersonas.transaccionesbancolombia.com/mua"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004637; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/186.154.25.1064023/sucursalpersonas.transaccionesbancolombia.com/mua/"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004638; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/190.27.90.2077221/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004639; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/190.61.55.2105806/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004640; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/191.110.122.835718/sucursalpersonas.transaccionesbancolombia.com/mua"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004641; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/191.110.122.835718/sucursalpersonas.transaccionesbancolombia.com/mua/"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004642; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/191.95.152.1287758/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004643; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mua/201.233.42.1501206/sucursalpersonas.transaccionesbancolombia.com/mua/index.html"; endswith; nocase; http.host; content:"mail.trendset.com.ar.ci3.toservers.com"; classtype:attempted-recon; sid:200004644; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"mamasitasont.blogspot.com"; classtype:attempted-recon; sid:200004645; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1gne6"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004646; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6w9qj"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004647; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/77srn"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004648; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g50gq"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004649; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hfldu"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004650; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ibyyn"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004651; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ij3t9"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004652; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jlrbo"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004653; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qpwha"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004654; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reu8w"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004655; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sb6ww"; endswith; nocase; http.host; content:"me2.kr"; classtype:attempted-recon; sid:200004656; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linkredirect?authuser=0&amp\;dest=https%3a%2f%2flinktr.ee%2fpaypai.serviceid?idtrack=kzsykctt"; endswith; nocase; http.host; content:"meet.google.com"; classtype:attempted-recon; sid:200004657; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p/cp/0ccc3066dc2bcd17/c?mi_u=87923176&mi_origin=&url=http://email.stickercanada.com/t?entity_type=2&entity_id=32534&email_pref_id=34785928&sent_id=1600423397&service_id=22668&redirect_url=https:/relievehotmailonly.cloudns.cl/imagineme/ionos.php"; endswith; nocase; http.host; content:"mi.jetblue.com"; classtype:attempted-recon; sid:200004658; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2020/11/fiyatlar.html"; endswith; nocase; http.host; content:"milanno342.blogspot.com"; classtype:attempted-recon; sid:200004659; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvtygtgvrv.html?ggcdraewqaszxfdxcgchjbjnhbgvfcdrxtcyvbuninhbygtfcrx"; endswith; nocase; http.host; content:"monstercarp.rn86.ru"; classtype:attempted-recon; sid:200004660; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/form/60deff002ca34f5aa4985ab3"; endswith; nocase; http.host; content:"my.forms.app"; classtype:attempted-recon; sid:200004661; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/form/6112452ca3f6e60d511bad0d"; endswith; nocase; http.host; content:"my.forms.app"; classtype:attempted-recon; sid:200004662; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leboncoin-service/confirmationpaiement-1"; endswith; nocase; http.host; content:"my.forms.app"; classtype:attempted-recon; sid:200004663; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/views/abn/identification.php"; endswith; nocase; http.host; content:"mybrenger-transport.com"; classtype:attempted-recon; sid:200004664; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/_layouts/15/wopiframe.aspx?guestaccesstoken=xvdowzk%2bkm4wndrziofnpfcj8fb8rkrsqt%2bkybvollg%3d&docid=1_16fb1a2a3e2f9468aa7cebc35874c9da0&wdformid=%7b95111770-0103-492b-8c70-e9625f96b49a%7d&action=formsubmit&cid=4d02a372-8b83-4120-84b5-1d9a2a3492dd"; endswith; nocase; http.host; content:"myparc.sharepoint.com"; classtype:attempted-recon; sid:200004665; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/ginger_gingerfountain_com/_layouts/15/wopiframe.aspx?guestaccesstoken=gpys8ex7ys1urrzbfeasvlexkodtrovmmcpn%2brsnebs%3d&amp\;docid=1_1882b07b5eb5643d2bdaa63426324ef0e&amp\;wdformid=%7b9bd54af1%2dee16%2d4e07%2d8d62%2d6e9b76e47512%7d&amp\;action=formsubmit&amp\;cid=9adf3e74-8cc1-4e36-b545-c9165fcafde7"; endswith; nocase; http.host; content:"netorg6600800-my.sharepoint.com"; classtype:attempted-recon; sid:200004666; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/leon_leongavartin_com/_layouts/15/wopiframe.aspx?guestaccesstoken=rpanwaz3gooz0d20j9wu7zzskog8p5egpbt4oc5j5bq%3d&docid=1_137b486a2059c4fc7b670d2ddb8f27254&wdformid=%7b07fe213f%2d4079%2d45b9%2db73f%2dfa9809248dd7%7d&action=formsubmit"; endswith; nocase; http.host; content:"netorgft2223515-my.sharepoint.com"; classtype:attempted-recon; sid:200004667; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bancos/interbank"; endswith; nocase; http.host; content:"nexoinmobiliario.pe"; classtype:attempted-recon; sid:200004668; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/examination/admitpanel/filemanager/5365678587"; endswith; nocase; http.host; content:"nihmt.com"; classtype:attempted-recon; sid:200004669; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2021/02/blog-post.html"; endswith; nocase; http.host; content:"norwayposten.blogspot.com"; classtype:attempted-recon; sid:200004670; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n/axjt4zimmriy/b/cherishppps-20210930-1214/o/spaceblack.html"; endswith; nocase; http.host; content:"objectstorage.us-phoenix-1.oraclecloud.com"; classtype:attempted-recon; sid:200004671; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"oiazeiuiazolme.blogspot.com"; classtype:attempted-recon; sid:200004672; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/forms/view/zalxyved/a9adea36-d163-4d46-a3de-0e990d86e78e"; endswith; nocase; http.host; content:"online.visual-paradigm.com"; classtype:attempted-recon; sid:200004673; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ions/index.php?email=redacted@abuse.ionos.com"; endswith; nocase; http.host; content:"onlinecasinospark.com"; classtype:attempted-recon; sid:200004674; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''"; endswith; nocase; http.host; content:"oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com"; classtype:attempted-recon; sid:200004675; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/walletconnect/"; endswith; nocase; http.host; content:"pancakeswapsupport.co"; classtype:attempted-recon; sid:200004676; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"paozeia.blogspot.com"; classtype:attempted-recon; sid:200004677; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2021/02/blog-post.html"; endswith; nocase; http.host; content:"paypal-inc-userupdatenuber7925570844.blogspot.com"; classtype:attempted-recon; sid:200004678; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-mails/"; endswith; nocase; http.host; content:"pilgrimapp.com"; classtype:attempted-recon; sid:200004679; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/pasi_puumalainen_plytec_fi/_layouts/15/wopiframe.aspx?sourcedoc={8f0414f2-e7a8-46f4-a2bb-d38353ed20d6}&amp\;action=default&amp\;originalpath=ahr0chm6ly9wbhl0zwnmas1tes5zagfyzxbvaw50lmnvbs86bzovzy9wzxjzb25hbc9wyxnpx3b1dw1hbgfpbmvux3bsexrly19mas9fdklvqkktbzvfukdvcnzuzzfqdelowui1vgg5bxf2ltjlvl9mohvka09sb2pnp3j0aw1lpxvysjgtvnb2mtbn"; endswith; nocase; http.host; content:"plytecfi-my.sharepoint.com"; classtype:attempted-recon; sid:200004680; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/att/citi"; endswith; nocase; http.host; content:"pplastmart.com"; classtype:attempted-recon; sid:200004681; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fia8mx"; endswith; nocase; http.host; content:"ppt.cc"; classtype:attempted-recon; sid:200004682; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fva4wx"; endswith; nocase; http.host; content:"ppt.cc"; classtype:attempted-recon; sid:200004683; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fvakzx"; endswith; nocase; http.host; content:"ppt.cc"; classtype:attempted-recon; sid:200004684; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fvllvx"; endswith; nocase; http.host; content:"ppt.cc"; classtype:attempted-recon; sid:200004685; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/survey/t/?title=bt-broadband-and-private-policy-support_20"; endswith; nocase; http.host; content:"proprofs.com"; classtype:attempted-recon; sid:200004686; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emailfwd/show.php?usernum=350311855&amp\;formid=3879"; endswith; nocase; http.host; content:"pub5.bravenet.com"; classtype:attempted-recon; sid:200004687; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pfbgzhkd"; endswith; nocase; http.host; content:"pxlme.me"; classtype:attempted-recon; sid:200004688; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vn79myoi"; endswith; nocase; http.host; content:"pxlme.me"; classtype:attempted-recon; sid:200004689; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d%2f&action=formsubmit"; endswith; nocase; http.host; content:"qualitasc-my.sharepoint.com"; classtype:attempted-recon; sid:200004690; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d%3e%2f&action=formsubmit"; endswith; nocase; http.host; content:"qualitasc-my.sharepoint.com"; classtype:attempted-recon; sid:200004691; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/lrodriguez_qualita_es/_layouts/15/wopiframe.aspx?guestaccesstoken=x6egjunw%2bncgnemfdqjrmoajqkuc9c41sq13edqfoeu%3d&docid=1_16dc35173dd06466fa8c37e332833f0bd&wdformid=%7b67d0feef%2d08d4%2d4d0a%2d8a25%2d0d2c9b0a2eed%7d&action=formsubmit"; endswith; nocase; http.host; content:"qualitasc-my.sharepoint.com"; classtype:attempted-recon; sid:200004692; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jeh2aebbsh97"; endswith; nocase; http.host; content:"quip.com"; classtype:attempted-recon; sid:200004693; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qv7malu8n7cz/you-have-some-messages-pending"; endswith; nocase; http.host; content:"quip.com"; classtype:attempted-recon; sid:200004694; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/77ll23ween.html"; endswith; nocase; http.host; content:"r3g34.fra1.digitaloceanspaces.com"; classtype:attempted-recon; sid:200004695; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2020?m=1"; endswith; nocase; http.host; content:"rabofree.blogspot.com"; classtype:attempted-recon; sid:200004696; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u1496343659/3363308/"; endswith; nocase; http.host; content:"readymag.com"; classtype:attempted-recon; sid:200004697; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u3169021124/3364004/"; endswith; nocase; http.host; content:"readymag.com"; classtype:attempted-recon; sid:200004698; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u3908669287/3364075/"; endswith; nocase; http.host; content:"readymag.com"; classtype:attempted-recon; sid:200004699; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"reamaam.blogspot.com"; classtype:attempted-recon; sid:200004700; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j7107dr"; endswith; nocase; http.host; content:"rebrand.ly"; classtype:attempted-recon; sid:200004701; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z83ig2n?rb.routing.mode=proxy&amp\;rb.routing.signature=123%20836"; endswith; nocase; http.host; content:"rebrand.ly"; classtype:attempted-recon; sid:200004702; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"redatofadesafe.blogspot.com"; classtype:attempted-recon; sid:200004703; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?key=bbb516d91daee20498798694a42dd559&u=https://lrs.financial/eesuri6?l5oyrhkwq"; endswith; nocase; http.host; content:"redirect.viglink.com"; classtype:attempted-recon; sid:200004704; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"reikreitel.blogspot.com"; classtype:attempted-recon; sid:200004705; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v01iebe3vicvgirviexv4sbdve1r03f.html"; endswith; nocase; http.host; content:"release-held-messageshee.fra1.digitaloceanspaces.com"; classtype:attempted-recon; sid:200004706; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/renew-global-entry"; endswith; nocase; http.host; content:"renew.trusted-travelers-online.com"; classtype:attempted-recon; sid:200004707; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xeknoz?confirmation"; endswith; nocase; http.host; content:"reurl.cc"; classtype:attempted-recon; sid:200004708; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xgmxr1"; endswith; nocase; http.host; content:"reurl.cc"; classtype:attempted-recon; sid:200004709; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2d0jazx1eky5/click-here-to-verify-your-email"; endswith; nocase; http.host; content:"rezunz.quip.com"; classtype:attempted-recon; sid:200004710; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2021/02/blog-post.html"; endswith; nocase; http.host; content:"riderctposten.blogspot.com"; classtype:attempted-recon; sid:200004711; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruralaccoun/alibaba.com/portal.php?email=june3354@naver.com"; endswith; nocase; http.host; content:"ruralaccounting.com.au"; classtype:attempted-recon; sid:200004712; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/-rb9g"; endswith; nocase; http.host; content:"s.id"; classtype:attempted-recon; sid:200004713; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/actueel1"; endswith; nocase; http.host; content:"s.id"; classtype:attempted-recon; sid:200004714; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/actueel2"; endswith; nocase; http.host; content:"s.id"; classtype:attempted-recon; sid:200004715; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crsqh"; endswith; nocase; http.host; content:"s.id"; classtype:attempted-recon; sid:200004716; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ytk-r"; endswith; nocase; http.host; content:"s.id"; classtype:attempted-recon; sid:200004717; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/progressivebank-uat/index.html"; endswith; nocase; http.host; content:"s3.amazonaws.com"; classtype:attempted-recon; sid:200004718; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carli_lamell.html"; endswith; nocase; http.host; content:"sanclemente.cl"; classtype:attempted-recon; sid:200004719; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p/la-banque-postale.html"; endswith; nocase; http.host; content:"sandert12.blogspot.com"; classtype:attempted-recon; sid:200004720; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbot"; endswith; nocase; http.host; content:"sateegourmet.com"; classtype:attempted-recon; sid:200004721; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"sefonta.blogspot.com"; classtype:attempted-recon; sid:200004722; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p/postenno_9.html"; endswith; nocase; http.host; content:"seonewsservic.blogspot.com"; classtype:attempted-recon; sid:200004723; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6gwvve65243s9/eer442.html"; endswith; nocase; http.host; content:"sgp1.digitaloceanspaces.com"; classtype:attempted-recon; sid:200004724; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1fni_ent2sao6wqv0vzdn7g8nl9d"; endswith; nocase; http.host; content:"share.hsforms.com"; classtype:attempted-recon; sid:200004725; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/basic.php?k=d63621ef3dc01735479befc13f97ec7fdb68991d"; endswith; nocase; http.host; content:"shared-document.com"; classtype:attempted-recon; sid:200004726; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nqgu1"; endswith; nocase; http.host; content:"shorturl.at"; classtype:attempted-recon; sid:200004727; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/jh_silitrade_com/_layouts/15/wopiframe.aspx?guestaccesstoken=8vzaur%2f5gb%2fwmmsfdszlpfueeb0ml%2fzkiljmp9hfa0o%3d&amp\;docid=1_14a3d3f238b844155b59bb08023697365&amp\;wdformid=%7b3395edb6%2d941b%2d49a6%2dbd04%2dc039ca27bb2b%7d&amp\;action=formsubmit"; endswith; nocase; http.host; content:"silitrade-my.sharepoint.com"; classtype:attempted-recon; sid:200004728; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p/3cd35d"; endswith; nocase; http.host; content:"simp.ly"; classtype:attempted-recon; sid:200004729; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p/h45c89"; endswith; nocase; http.host; content:"simp.ly"; classtype:attempted-recon; sid:200004730; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/publish/xhrdvc"; endswith; nocase; http.host; content:"simp.ly"; classtype:attempted-recon; sid:200004731; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/sy4norton.com/setup/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004732; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newservices.website/orange-mobiles/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004733; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/e9d24c72/23524457"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004734; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/habbotuttogratis"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004735; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/habbotuttogratis/assignments"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004736; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/libretyreserve"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004737; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/libretyreserve/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004738; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/protectedinmprovmnt44/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004739; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/safetycheck427064200647221/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004740; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/verifycheckpointpaqes/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004741; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/08ie-securepage-facebook"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004742; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/0iey-securepage-facebook"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004743; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/2-orangebank-salva/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004744; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/3-orangebank-vetch/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004745; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/4-orangebank-toto/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004746; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/65h7t65ygtdw5f4/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004747; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/aattt/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004748; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/abuse-privacy/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004749; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/access-office-docxpdf-call-net/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004750; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/airplanecost/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004751; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/alert-app-pages/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004752; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/app-mobile-uuid/recovery"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004753; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/appsconfirms"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004754; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/asdfghjklhgfdsdfgh/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004755; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/att-managements/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004756; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/attemail56/home?authuser=3"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004757; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/attfeatures/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004758; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/attyahooohroffice231/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004759; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/audio-call-net/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004760; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/audio-mp-vm/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004761; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/authentification-orangebank-eu/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004762; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/awspage"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004763; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/banquepostalebanqueetassurance/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004764; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/bdbhdhbdhbd/home?authuser=2"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004765; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/benachrichtigung-sparkasse/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004766; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/bt-cloud-voice-review-voice/bt-voice-cloud"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004767; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/bt-clould-preview000112/voice010101010bt-cloud?authuser=8"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004768; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/bt-interne/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004769; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/bt-mail-690/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004770; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/bt-pdf-receipt-payment/www-bt-pdf?authuser=8"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004771; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/bt-voice1010010/bt-voicemesaage10120201002?authuser=8"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004772; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/bt-web-com32/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004773; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btbtbtbtbtbtcomm/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004774; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btbusinessx/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004775; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btcloudpaymentinvoice202000/httpsbtcloudvm-voice-new?authuser=1"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004776; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btcoms/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004777; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btconnectbusiness/btconnect"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004778; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btconnectmailserver/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004779; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btconnectted/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004780; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btconnnect/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004781; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btinternetco/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004782; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btmv-voice-notice011/btvoicemessage?authuser=8"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004783; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btnvm-urgentnotice/btvmnew-note?authuser=1"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004784; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btsbusinessbill/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004785; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btserver22/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004786; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/bttbusinesssss/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004787; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/btvoivemessage/bt-home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004788; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/capitaloneloginus/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004789; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/chabillacoat/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004790; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/clickheretoverifyyouracount/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004791; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/clickpagenewlogin2021"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004792; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/coinsbuysellswapcryptocurrency/?fbclid=iwar2isl9xfxxgcxtftml2hmcl_dglhshlkfkpdotycyqu-qjqqfdqm9whtfm"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004793; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/comfimobiekdofl/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004794; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/community-pages-app/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004795; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/confirmation-orangabank/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004796; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/connectolo/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004797; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/continue6363gd/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004798; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ctz03"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004799; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/currentlyserver/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004800; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/dfffrreeer/home?authuser=3"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004801; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/dffvderr/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004802; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/dfghjhckuyf/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004803; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/dfghjhl/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004804; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/dkdfkazii-ofoqisjaz1wk/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004805; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/dkekkeole/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004806; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/dumes/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004807; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/dvrbtrethy5642qwrfvd/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004808; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/espace-orange-vocal/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004809; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/espace-vocalorange-ref0325/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004810; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/espacemessagerieorangesms/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004811; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/etyajdnxnskoeprlwyaxbdhfkrituy/btconnect"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004812; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ewyy65/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004813; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ewyy65/home?authuser=3"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004814; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/feelblessed/bt-business"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004815; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/fhgfbythfrsv/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004816; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/fhgfjhfj/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004817; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/form-recovery/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004818; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/form-recovery/details"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004819; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/gdhbfcxzx"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004820; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/hbxchx"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004821; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/hccwc/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004822; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/home-bt-updates/bt-com"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004823; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/home-pages-recovery/details"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004824; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/htvvss/home?authuser=3"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004825; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/identificaton-10777502102022/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004826; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ii-securepage-facebook"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004827; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/invoice-payment-pdf/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004828; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/invoicehomepdf/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004829; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/invoicescan365pdf/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004830; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/jcnvvn/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004831; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/jmjmnhvdc/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004832; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/labred-authentification-source/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004833; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/leafadd/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004834; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/log-inpagenew"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004835; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/mcwdbvefjberjrwgnwriviwr/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004836; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/messor/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004837; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/mobile-apps-pages/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004838; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/mobile-redirect-system"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004839; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/mv-voicepage/home?authuser=8"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004840; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/mycoinwallet/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004841; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/necrologieinfosfroravocal/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004842; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/newbtmissedcall/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004843; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/newuploadpage"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004844; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/newvoicemail/home?authuser=1"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004845; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/nextprojectpage"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004846; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/nextprojectpage2022"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004847; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/noticeplaypagenew2021"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004848; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/noticepublicpagenew2021"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004849; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/notifcationnoticesystempage"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004850; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/nouveau-sms-message-vocal/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004851; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ob-seccurite/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004852; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ob-securite/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004853; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ob-securites/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004854; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ob-service/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004855; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/offiice-voice-com/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004856; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/onlinefifthercheckaccout/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004857; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orange-b-securite/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004858; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orange-forfaits-et-mobiles"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004859; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangeb-190/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004860; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangeb171/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004861; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangeb221/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004862; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangeba/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004863; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangeban/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004864; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangebank-r/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004865; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangebank-sc/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004866; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangebank-secure-secure/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004867; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangebanksecurite/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004868; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangebannk/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004869; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangeibank/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004870; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangeinfosvocalnews/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004871; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangemyconnect/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004872; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/oranggebank/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004873; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/orangiebank/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004874; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/pagenewlogin2022"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004875; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/pages-identificaton-1000050210/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004876; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/pass-press/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004877; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/paypal-customer-services/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004878; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/paypal-loginn/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004879; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/pfherjwlsnmcyelwudy/home?authuser=3"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004880; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/pleasecheckpoint2021"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004881; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/postacerticodplusaccaccueil/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004882; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/protonmailservice/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004883; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/quickteamservice/yahoo-com"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004884; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/reactivationhelp2021/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004885; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/redirect-acctpages-uuid/details"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004886; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/redirectme-to/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004887; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/retttt/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004888; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/reviewappspagerviicee/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004889; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/reviewappspagerviiceee"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004890; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/rg9eur94uwe9d/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004891; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/richcoff/bt-business"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004892; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/rimekahsdjg/summary_page"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004893; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/salimkaso/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004894; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/sbcglobalm/home?authuser=1"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004895; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securbtcomms/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004896; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/secure-bt-homevoice01010120/home?authuser=8"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004897; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/secure-ob-/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004898; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/secure-ob/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004899; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securebtcomms/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004900; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securebtcommss/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004901; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securebusinessbtsecurbt/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004902; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securiplus0101/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004903; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securite-ob-service/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004904; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securite-obank/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004905; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securitee-ob/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004906; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securites-ob/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004907; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securmybusinessbtsecurbt/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004908; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securree/home?authuser=1"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004909; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/securritee-ob/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004910; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/serv-ob/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004911; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/serv-obank/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004912; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/serveur-communication-box/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004913; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/service-orangebank-fr/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004914; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/service-orangebank-securi/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004915; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/service-securite-ob/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004916; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/servicenewlogin"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004917; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/shgeudh/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004918; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ski03/strona-g%c5%82%c3%b3wna"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004919; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/soeyankandi5/bt-business"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004920; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/szdgsdhgd"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004921; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/thenewstartpage2021"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004922; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/update-allreadypage"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004923; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/updatesecure"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004924; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/updatingnewpage"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004925; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/upgrade-bt/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004926; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/utututttu/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004927; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/v-ob/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004928; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/venmo-loginusa/"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004929; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/vfbjf/btconnect"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004930; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/view-your-billonline/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004931; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/viewyourbilll/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004932; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/viewyournewbill/bt-business-btconnect"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004933; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/vjsdhdfidjasi/btconnect"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004934; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/webespaceclient-ref8/accueil"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004935; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/webmailcooom/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004936; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/xcccjcdhasks/btconnect"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004937; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/xmicrosoftoficew/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004938; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/xsvgcxsgvdhg/home?authuser=4"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004939; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/xvhfefef/bt-business"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004940; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/yah000/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004941; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/yahooend/yahoo"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004942; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/yahoomailingdesk/yahoo-com"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004943; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/yahooscott/yahoo"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004944; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/yourbillnotification/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004945; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/yt89ougjio/bt"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004946; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/ztt5zazu/home"; endswith; nocase; http.host; content:"sites.google.com"; classtype:attempted-recon; sid:200004947; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/webmail.cpanel.net/user/cp.user.sign_in/auth/cpanel_mailbox/index.htm"; endswith; nocase; http.host; content:"skart.co.in"; classtype:attempted-recon; sid:200004948; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qevjwc"; endswith; nocase; http.host; content:"snip.ly"; classtype:attempted-recon; sid:200004949; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"solatresont.blogspot.com"; classtype:attempted-recon; sid:200004950; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"soufatanse.blogspot.com"; classtype:attempted-recon; sid:200004951; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"soufsont.blogspot.com"; classtype:attempted-recon; sid:200004952; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stt-c625a3f2c2"; endswith; nocase; http.host; content:"sprw.io"; classtype:attempted-recon; sid:200004953; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:b:/g/personal/mandyb_steiner_co_za/exxq1passetnrojoe83fzboboxufoggwb7uvmyfqbionla?e=4:su8jhq&amp\;at=9"; endswith; nocase; http.host; content:"steinercoza-my.sharepoint.com"; classtype:attempted-recon; sid:200004954; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/themes/twentyfifteen/css/read/chinavali/index.php?email=jsmith@imaphost.com"; endswith; nocase; http.host; content:"stolizaparketa.ru"; classtype:attempted-recon; sid:200004955; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1lordman1man3/oscman2.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004956; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/acc03lzzl4m3izm03iauserpowa.appspot.com/index.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004957; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/algebraic-pact-316913.appspot.com/index.html#jbell@legalshield.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004958; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anaagc040gdyacgd0dyuser.appspot.com/index.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004959; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ciat3tdtttd53c3e5userp.appspot.com/index.html#jr@legalshield.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004960; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ciat3tdtttd53c3e5userp.appspot.com/index.html#paul@legalshield.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004961; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientid4dunptjlryzrift3nrlomi160gqntzgznajujcnbszq8w/index.htm"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004962; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dhngw6p6rwrwnuv6vnuse.appspot.com/index.html#brianvillacarlos@legalshieldcorp.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004963; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g58t3e588ddgmdeddauth.appspot.com/index.html#jim-shelvy@legalshield.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004964; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gu1r0utjruhjkukrxhauser.appspot.com/index.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004965; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/indettn/pdflmanco.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004966; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/indettn/zdewaman.html#example@example.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004967; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkkqkl633qn6kq3lqssiiddnenen.appspot.com/index.html#jbell@legalshield.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004968; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkkqkl633qn6kq3lqssiiddnenen.appspot.com/index.html#t.voit@legalshield.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004969; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logon_id63757945b-32c6-49b0-83e6-1d93765276e7/"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004970; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logon_id63757945b-32c6-49b0-83e6-1d93765276e7/index.html#martin.manasek@ruk.cuni.cz"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004971; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maintainancecomponeta.appspot.com/index.html#a@b.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004972; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maintainancecomponeta.appspot.com/kayindex.html#eimaste@stinpriza.org"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004973; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maintainancecomponeta.appspot.com/myowngeneral.html#eimaste@stinpriza.org"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004974; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maintainancecomponeta.appspot.com/newmineindex.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004975; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/owuddqd9dqqdddq9qd0caerq.appspot.com/index.html#stevewilliamson@legalshield.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004976; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/projerroro0h5j5ro0jrrj.appspot.com/index.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004977; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/q90qqqar22r229r292euser.appspot.com/index.html"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004978; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/q90qqqar22r229r292euser.appspot.com/index.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004979; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rrdar99rt9qraraq99euser.appspot.com/index.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004980; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s0pts0apttxpp00atarrauth.appspot.com/index.html#user@calstatela.edu"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004981; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/staging.maintainancecomponeta.appspot.com/fcocnew.html"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004982; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/staging.maintainancecomponeta.appspot.com/nvhdjgtpl8txagtoccpyscuekxctc7j3kpg5bbugwqv0kemeas313lqehufuifcl6el9vtvomhrfbjbpxbg6qrnsg5sz3dyaiqor%2c%2520ffx6khej2lavfftroaizcq99hjdn3f4hs6gdeg2qodfyhobl8zonx6lez2dafyafc6spylufytfvuzn1jsioh4u6xpsbsqxqgh.html#icann@tecnocratica.net"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004983; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/staging.maintainancecomponeta.appspot.com/sydlasgendomain.html#winnie@soupro.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004984; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user517497679326978.appspot.com/index.html"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004985; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uth0uax3t3uh30ttna0nnuser.appspot.com/index.html#jbell@legalshield.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004986; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yyw77ywnn68weyew6euserq.appspot.com/index.html#rosalefua@legalshield.com"; endswith; nocase; http.host; content:"storage.cloud.google.com"; classtype:attempted-recon; sid:200004987; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/03a6c481bbd83f8/df225c198d58561#un/68425_md/2/16247/3955/23/19171"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200004988; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1827435283/1827435283.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200004989; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abjsfatitvyrobprkawlycsckcwrvnntndjwbgoqjiswdbkhhlyxnbv/cli123.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200004990; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abuabomvnediarrfgxamrtqcoehnpskugrmafutqnhugsbzossviqfv/cli123.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200004991; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/acwuwxxomzzlrrfuyssheahvokqfunqvlbjnjrbyfsmbbmdppwimvbd/cli123.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200004992; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbss-urltest-public/docomo_20210726_01.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200004993; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbss-urltest-public/docomo_20210910_01.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200004994; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbss-urltest-public/docomo_20210910_02.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200004995; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bionat/xdaysonde1.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200004996; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bionat/xdragon1.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200004997; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bionat/xgmx1.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200004998; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bionat/xiphoneswiss1.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200004999; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bionat/xketode1.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005000; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bionat/xlena1.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005001; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bionat/xps5de1.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005002; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bionat/xspar1.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005003; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buckettt01/redirect%20newslettersreply.shop.html#rd/u8888idsyy65301cvmt1247244psw23077wujo1715"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005004; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document-check/sign.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005005; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inboxino/brand.html#cl/13669_md/1/788/1401/22/1025434"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005006; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inboxino/brand.html#cl/13695_md/1/788/1401/109/376564"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005007; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inboxino/brand.html#un/13664_md/1/455/1401/112/814109"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005008; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inboxino/brand.html#un/13695_md/1/788/1401/25/339407"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005009; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sstoragert/linkqs.html#cl/19939_md/1/4441/3808/112/984664"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005010; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sstoragert/linkqs.html#un/19995_md/1/4542/3682/112/984664"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005011; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ylffhg/redireck.html"; endswith; nocase; http.host; content:"storage.googleapis.com"; classtype:attempted-recon; sid:200005012; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p/authentifier-transcash.html"; endswith; nocase; http.host; content:"suivi-coupon-recharge.blogspot.com"; classtype:attempted-recon; sid:200005013; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/usroutput/themeset1_2021-12-21-23-15-13/"; endswith; nocase; http.host; content:"sunnylandingpages.com"; classtype:attempted-recon; sid:200005014; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/adrian_ramos_superpark_com_hk/_layouts/15/wopiframe.aspx?guestaccesstoken=vofjngnui%2fslbameorlq62qlg8mcdnpo1dizu6i%2bc1m%3d&amp\;docid=1_124bbb2f682ca4c7daba6cec6ee34dfb9&amp\;wdformid=%7ba85c8abe%2d68be%2d43dd%2d91f3%2db397386186be%7d&amp\;action=formsubmit"; endswith; nocase; http.host; content:"superpark-my.sharepoint.com"; classtype:attempted-recon; sid:200005015; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/form/608bca7586919c70a2066ef7"; endswith; nocase; http.host; content:"surveyheart.com"; classtype:attempted-recon; sid:200005016; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/pranjali_chandurkar_nmims_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=668cyp4s%2fwcmx8rj223bvjfwdvtryffzfpyarbrueha%3d&amp\;docid=1_1916b69db182644fead12e874cad930c4&amp\;wdformid=%7bcd4093b9%2ddfae%2d49f1%2dadde%2df32fbe93b271%7d&amp\;action=formsubmit"; endswith; nocase; http.host; content:"svkmmumbai-my.sharepoint.com"; classtype:attempted-recon; sid:200005017; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/index.html"; endswith; nocase; http.host; content:"swisscoat.com.cn"; classtype:attempted-recon; sid:200005018; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/about-us/netflix/9001ca429212011f4a4fda6c778cc318/account"; endswith; nocase; http.host; content:"synapse-project.com"; classtype:attempted-recon; sid:200005019; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/about-us/netflix/9001ca429212011f4a4fda6c778cc318/account/"; endswith; nocase; http.host; content:"synapse-project.com"; classtype:attempted-recon; sid:200005020; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public/dapp"; endswith; nocase; http.host; content:"synmultiwallet.com"; classtype:attempted-recon; sid:200005021; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6b3rxfp90m"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005022; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8mptsau4zq?amp=1"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005023; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9ooxxstzmb?amp=1?trackingid=ftiikjly&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005024; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9ooxxstzmb?trackingid=lxr1lc3e&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005025; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ef7oipwfto"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005026; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fy2lasfqae?trackingid=agbl0dxn&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005027; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fy2lasfqae?trackingid=dhrt9pxv&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005028; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fy2lasfqae?trackingid=mhrdlxok&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005029; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fy2lasfqae?trackingid=s5kqcb1o&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005030; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ge6k1ctsmd?trackingid=3pc2vgmn&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005031; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ge6k1ctsmd?trackingid=n13hzxpy&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005032; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ge6k1ctsmd?trackingid=ocfgjhka&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005033; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ge6k1ctsmd?trackingid=ohj6ctus&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005034; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lkcd0mnequ"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005035; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/timonfvymu?trackingid=67yzc2bv&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005036; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/timonfvymu?trackingid=cybyidfp&signature=newsletter"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005037; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zrd6j5rq4u?amp=1"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005038; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zwuq6zjpdj"; endswith; nocase; http.host; content:"t.co"; classtype:attempted-recon; sid:200005039; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/helton.law/outlook.office.com/"; endswith; nocase; http.host; content:"tasteentertainment.com"; classtype:attempted-recon; sid:200005040; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/system32/procesosdeseguridadhb/170.51.165.16679791/agregar/telefono/contacto/logonoperacionservlet.html"; endswith; nocase; http.host; content:"tecsuport.com.br"; classtype:attempted-recon; sid:200005041; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2021/03/blog-post_48.html"; endswith; nocase; http.host; content:"telenorkandklimsupoort.blogspot.com"; classtype:attempted-recon; sid:200005042; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/form.htm"; endswith; nocase; http.host; content:"thedigirocket.com"; classtype:attempted-recon; sid:200005043; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2021/11/1/1and1/index.php"; endswith; nocase; http.host; content:"thelibrarysamui.com"; classtype:attempted-recon; sid:200005044; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ing587388"; endswith; nocase; http.host; content:"tiny.one"; classtype:attempted-recon; sid:200005045; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ing67454"; endswith; nocase; http.host; content:"tiny.one"; classtype:attempted-recon; sid:200005046; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reuswnzc"; endswith; nocase; http.host; content:"tiny.one"; classtype:attempted-recon; sid:200005047; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/48rzxpne"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005048; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4wcw6fcu"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005049; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btinternet56"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005050; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evyu688y"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005051; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nycgovtgrant"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005052; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uha4nvtf"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005053; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y8mcrhhp"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005054; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yxb48kqj"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005055; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yxry9vf5"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005056; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yyvm8qr5"; endswith; nocase; http.host; content:"tinyurl.com"; classtype:attempted-recon; sid:200005057; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/truist.com/"; endswith; nocase; http.host; content:"topearnersafrica.com"; classtype:attempted-recon; sid:200005058; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h/v6/link-track/1.0/1612678003989072-e5f6d8cc-499b-ea4f-85f1-8b23ad935661/1612677988/2f5895837f8d3f0a667c6b92ad41f652/8af273ac431e289838c8bf7c490185f3/3fe2530ffaa60580b73b9eec6af02f4d?redirect_uri=http://amazon.com"; endswith; nocase; http.host; content:"tr.cloudmagic.com"; classtype:attempted-recon; sid:200005059; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h/v6/link-track/1.0/1614590779401122-8e06125c-4b23-d643-3068-601cab9bec04/1614590763/2f5895837f8d3f0a667c6b92ad41f652/31367888a66bf6f98973a200c83075bb/3fe2530ffaa60580b73b9eec6af02f4d?redirect_uri=http://amazon.com"; endswith; nocase; http.host; content:"tr.cloudmagic.com"; classtype:attempted-recon; sid:200005060; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/?bn=35405429\;cpdir=https://tmmny.csb.app/.wewrewew.ahr0chm6ly9pbnzlc3rpbmdpbmdvzc5vcmcvqvbjmjq3.yw1izxiuzml0dg9uqhnwyxjrlmnvlm56"; endswith; nocase; http.host; content:"track.adform.net"; classtype:attempted-recon; sid:200005061; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=1"; endswith; nocase; http.host; content:"transcash-fr-v.blogspot.com"; classtype:attempted-recon; sid:200005062; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webapp/tribratanews/public/js/hughesnet.com/index.php"; endswith; nocase; http.host; content:"tribratanewsbondowoso.com"; classtype:attempted-recon; sid:200005063; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lsjpgw?verification-online-service"; endswith; nocase; http.host; content:"u.to"; classtype:attempted-recon; sid:200005064; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unrpgg"; endswith; nocase; http.host; content:"u.to"; classtype:attempted-recon; sid:200005065; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wsddga"; endswith; nocase; http.host; content:"u.to"; classtype:attempted-recon; sid:200005066; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pbi_pbi1151/login/remote/071108407/6"; endswith; nocase; http.host; content:"ucbonline.com"; classtype:attempted-recon; sid:200005067; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=e%2f5p4lmr7oxtbuuzst9ihpacebtz%2bhbogl5i950bhau%3d&docid=1_151b39d9e7dd54cfba500875349d3beb6&wdformid=%7bda6fcad9%2d9684%2d43af%2db959%2de2fa774eaba6%7d&action=formsubmit"; endswith; nocase; http.host; content:"umconnectumt-my.sharepoint.com"; classtype:attempted-recon; sid:200005068; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=h2b5qkvlooc%2bfvhpo6qkbxdfdzwzpa7doqhaikfrj08%3d&docid=1_1cab74931edec4bf39e6f4768e7830a02&wdformid=%7b6a702647%2db560%2d40c5%2d8890%2d109ec5ad9bc5%7d&action=formsubmit"; endswith; nocase; http.host; content:"umconnectumt-my.sharepoint.com"; classtype:attempted-recon; sid:200005069; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=inau9tsjk5bvaoypx%2fgfkvgo0iz4rq47kvts4tkb8yq%3d&docid=1_19c7a48ea3a0448c78765a480857920f0&wdformid=%7bd8f70a7d%2d4204%2d4a87%2da88e%2dbad6b0e4129e%7d&action=formsubmit"; endswith; nocase; http.host; content:"umconnectumt-my.sharepoint.com"; classtype:attempted-recon; sid:200005070; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=inau9tsjk5bvaoypx/gfkvgo0iz4rq47kvts4tkb8yq=&amp\;docid=1_19c7a48ea3a0448c78765a480857920f0&amp\;wdformid={d8f70a7d-4204-4a87-a88e-bad6b0e4129e}&amp\;action=formsubmit"; endswith; nocase; http.host; content:"umconnectumt-my.sharepoint.com"; classtype:attempted-recon; sid:200005071; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=uh9hjveaooebgqolme%2f5qft71pw2stg2ojiiqxebzce%3d&docid=1_11e28ca5d86c6416f926736ea3e8ad885&wdformid=%7b70256f91%2df178%2d4e5f%2d847a%2df748294a79c9%7d&action=formsubmit"; endswith; nocase; http.host; content:"umconnectumt-my.sharepoint.com"; classtype:attempted-recon; sid:200005072; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wine"; endswith; nocase; http.host; content:"umeacademy.com"; classtype:attempted-recon; sid:200005073; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wptracking/tracking2/tracking/tracking.php"; endswith; nocase; http.host; content:"uniga.ac.id"; classtype:attempted-recon; sid:200005074; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0lxgmv"; endswith; nocase; http.host; content:"url.gratis"; classtype:attempted-recon; sid:200005075; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kcornwall/email-verification/notice/account_login/login.html#accounting@utu.fi"; endswith; nocase; http.host; content:"users.tpg.com.au"; classtype:attempted-recon; sid:200005076; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1pxak"; endswith; nocase; http.host; content:"v.ht"; classtype:attempted-recon; sid:200005077; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yogs"; endswith; nocase; http.host; content:"v.ht"; classtype:attempted-recon; sid:200005078; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rd/c56498tvifh29711728hupj8172asy17489blob7311"; endswith; nocase; http.host; content:"vaiddzed.cc"; classtype:attempted-recon; sid:200005079; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drupal-7.56/scripts/bp"; endswith; nocase; http.host; content:"velvet.by"; classtype:attempted-recon; sid:200005080; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drupal-7.56/scripts/bp/"; endswith; nocase; http.host; content:"velvet.by"; classtype:attempted-recon; sid:200005081; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"veredesafs.blogspot.com"; classtype:attempted-recon; sid:200005082; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"vetrfedsonte.blogspot.com"; classtype:attempted-recon; sid:200005083; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2021/03/blog-post.html"; endswith; nocase; http.host; content:"viamobte.blogspot.com"; classtype:attempted-recon; sid:200005084; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/61e168ca67f4550de805d006/interactive-content-secured-document"; endswith; nocase; http.host; content:"view.genial.ly"; classtype:attempted-recon; sid:200005085; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/61e168ca67f4550de805d006/interactive-content-untitled-genially"; endswith; nocase; http.host; content:"view.genial.ly"; classtype:attempted-recon; sid:200005086; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/?m=0"; endswith; nocase; http.host; content:"vivaterouna.blogspot.com"; classtype:attempted-recon; sid:200005087; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?cc_key=&amp\;post=%7brandom_number_5%7d_1&amp\;to=http://18.118.206.123/index.php?key=%7brandom_letternumberuplow_5%7d,email=%7bemail%7d"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005088; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=1qg10"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005089; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=3efeh"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005090; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=cylqz"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005091; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=dmyfj"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005092; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=dvexh"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005093; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=fhqja"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005094; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=g9dzz"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005095; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=qq74g"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005096; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=v0de0,email=kflove23@icloud.com&post=11981_1&cc_key"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005097; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.118.206.123/index.php?key=zzbtj"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005098; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=ccugr"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005099; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=mb1wu"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005100; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=meixj"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005101; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=toboe"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005102; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=tyzud"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005103; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=u7tfm,email=resurgita@icloud.com&post=35252_1&cc_key"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005104; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=v5t6m,email=robertgoby@icloud.com&post=24927_1&cc_key"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005105; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=vgy1e"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005106; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2f18.219.14.108/index.php?key=znbui"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005107; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2fhumanity06.com%2fwp-content%2fthemes%2fapi.html"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005108; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2frois-zkxzx.run.goorm.io/safe-browser/"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005109; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2fwww.allovisite.com%2fwp-content%2fplugins%2fapi.html"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005110; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=http%3a%2f%2fwww.allovisite.com%2fwp-content%2fplugins%2fapi.html&post=693378694_2&cc_key"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005111; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https%3a%2f%2fmsq-health.com%2fimages%2fonehealth%2fsound%2faudio&post=696668869_2&cc_key=/odmibxru/tsiqjhleqcj"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005112; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https%3a%2f%2fsapphireinternationalschool.com%2falbum%2fimages%2fsound%2faudio&post=690576696_17&cc_key=/lhgesiqipz/ksbqekez2fa"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005113; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://api.safebrowser-antidrop.com/ai.html?key=ppsyk"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005114; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://arroketainsificansion.com/r/cairdiembos"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005115; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://drmustafaalagamy.com/css/rajahutandil2"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005116; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://laprospergroup.com/wp-admin/assets/?key=8oyrd,email={email}"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005117; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://rendelparis.com/wp-admin/assets?key=isvbt,email={email}"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005118; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://sahara-distribution.com/wp-admin/dir"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005119; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://www.marmum.ae/css/?key=ibxa"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005120; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://www.marmum.ae/css/?key=ksor"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005121; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://www.marmum.ae/css/?key=lzqm"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005122; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://www.marmum.ae/css/?key=yihv"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005123; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/away.php?to=https://www.newlifenursery.com/assets/rdt.html?key=lwhi1"; endswith; nocase; http.host; content:"vk.com"; classtype:attempted-recon; sid:200005124; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/all.php"; endswith; nocase; http.host; content:"vps3920.ultahost.com"; classtype:attempted-recon; sid:200005125; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8jdu/sb6/index.php?_"; endswith; nocase; http.host; content:"wallieget.com"; classtype:attempted-recon; sid:200005126; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8jdu/sb6/index.php?_&amp\;_"; endswith; nocase; http.host; content:"wallieget.com"; classtype:attempted-recon; sid:200005127; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8jdu/sb6/index.php?_&amp\;_&amp\;_"; endswith; nocase; http.host; content:"wallieget.com"; classtype:attempted-recon; sid:200005128; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o2/a/f5s4y/0"; endswith; nocase; http.host; content:"warriorplus.com"; classtype:attempted-recon; sid:200005129; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upgrade/"; endswith; nocase; http.host; content:"webmail.serviceunit.co.uk"; classtype:attempted-recon; sid:200005130; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/themes/sketch/js/sf_trash/c45b222914e3c78d"; endswith; nocase; http.host; content:"webuyworkshopequipment.com"; classtype:attempted-recon; sid:200005131; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/themes/sketch/js/sf_trash/c45b222914e3c78d/"; endswith; nocase; http.host; content:"webuyworkshopequipment.com"; classtype:attempted-recon; sid:200005132; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/secure/wells"; endswith; nocase; http.host; content:"whitmansasphalt.com"; classtype:attempted-recon; sid:200005133; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/secure/wells/"; endswith; nocase; http.host; content:"whitmansasphalt.com"; classtype:attempted-recon; sid:200005134; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/@bt_home"; endswith; nocase; http.host; content:"withkoji.com"; classtype:attempted-recon; sid:200005135; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/@bt_internet"; endswith; nocase; http.host; content:"withkoji.com"; classtype:attempted-recon; sid:200005136; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/@bt_service_alert."; endswith; nocase; http.host; content:"withkoji.com"; classtype:attempted-recon; sid:200005137; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/@bt_teem"; endswith; nocase; http.host; content:"withkoji.com"; classtype:attempted-recon; sid:200005138; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/@bt_update"; endswith; nocase; http.host; content:"withkoji.com"; classtype:attempted-recon; sid:200005139; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/@bt_upgrade"; endswith; nocase; http.host; content:"withkoji.com"; classtype:attempted-recon; sid:200005140; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/@btinternet"; endswith; nocase; http.host; content:"withkoji.com"; classtype:attempted-recon; sid:200005141; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/:x:/r/personal/pklewis_k12_wv_us/_layouts/15/wopiframe.aspx?guestaccesstoken=tqintdtuii%2bam%2fbqmtnjkenggs2dptoi8hs2jqftjkq%3d&docid=1_1446052cffa4c4871bd24bb98fe86ed6d&wdformid=%7bdf30d25d%2d0b59%2d47e5%2d956e%2dc601397ea4d7%7d&action=formsubmit&cid=57cdb8ab-426b-4eff-a51f-903ee3684f96"; endswith; nocase; http.host; content:"wvk12-my.sharepoint.com"; classtype:attempted-recon; sid:200005142; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/personal/pklewis_k12_wv_us/_layouts/15/wopiframe.aspx?guestaccesstoken=tqintdtuii%2bam%2fbqmtnjkenggs2dptoi8hs2jqftjkq%3d&docid=1_1446052cffa4c4871bd24bb98fe86ed6d&wdformid=%7bdf30d25d%2d0b59%2d47e5%2d956e%2dc601397ea4d7%7d&action=formsubmit&cid=57cdb8ab-426b-4eff-a51f-903ee3684f96"; endswith; nocase; http.host; content:"wvk12-my.sharepoint.com"; classtype:attempted-recon; sid:200005143; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oih3b8"; endswith; nocase; http.host; content:"xip.li"; classtype:attempted-recon; sid:200005144; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fire/dhl/load.php?0=aw5mb0btzxrhbg9naxmuy29t&amp\;guce_referrer=ahr0chm6ly9sb2dpbi55ywhvby5jb20v&amp\;guce_referrer_sig=aqaaaba99nmgr9inqoyu5mi3asjqfyjcpatd_a8modgjxpnxynmo8n5zxdi8ezv7gfypzosc_rpmz0hyfdck0olmxnmb6tpfznd5enc"; endswith; nocase; http.host; content:"znbint.com"; classtype:attempted-recon; sid:200005145; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kms8u47zlxwk"; endswith; nocase; http.host; content:"zpr.io"; classtype:attempted-recon; sid:200005146; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mxvzwlcdizyq"; endswith; nocase; http.host; content:"zpr.io"; classtype:attempted-recon; sid:200005147; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"phishing-filter phishing website detected"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nckeqquhrpuf"; endswith; nocase; http.host; content:"zpr.io"; classtype:attempted-recon; sid:200005148; rev:1;)
diff --git a/dist/phishing-filter-unbound.conf b/dist/phishing-filter-unbound.conf
index a03fc120..22c7fc36 100644
--- a/dist/phishing-filter-unbound.conf
+++ b/dist/phishing-filter-unbound.conf
@@ -1,5 +1,5 @@
 # Title: Phishing Domains Unbound Blocklist
-# Updated: Sun, 16 Jan 2022 12:01:44 +0000
+# Updated: Mon, 17 Jan 2022 00:01:35 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/phishing-filter
 # License: https://gitlab.com/curben/phishing-filter#license
@@ -13,9 +13,6 @@ local-zone: "00oeady.cn" always_nxdomain
 local-zone: "02-billing-support.org" always_nxdomain
 local-zone: "08863299.sso-secure-mail0454etr.pages.dev" always_nxdomain
 local-zone: "0bs.de" always_nxdomain
-local-zone: "0gjvj7a8eydbjz3au8anbg-on.drv.tw" always_nxdomain
-local-zone: "1000000000347789523698541.tk" always_nxdomain
-local-zone: "1000000000347789523698545.tk" always_nxdomain
 local-zone: "1000000000347789523698546.tk" always_nxdomain
 local-zone: "1000000000347789523698547.tk" always_nxdomain
 local-zone: "109edc5b.ssdtfgyb09.pages.dev" always_nxdomain
@@ -25,6 +22,7 @@ local-zone: "149-210-143-165.colo.transip.net" always_nxdomain
 local-zone: "15004083383734.data-store-company.com" always_nxdomain
 local-zone: "154.30.211.130.bc.googleusercontent.com" always_nxdomain
 local-zone: "16park.cn" always_nxdomain
+local-zone: "1727365.com" always_nxdomain
 local-zone: "178.128.108.233.dsl.dyn.forthnet.gr" always_nxdomain
 local-zone: "1800poolservice.com" always_nxdomain
 local-zone: "185-46-10-159.cloudvps.regruhosting.ru" always_nxdomain
@@ -39,7 +37,6 @@ local-zone: "2022-exodus.com" always_nxdomain
 local-zone: "2022-girobanken-sparkassen.xyz" always_nxdomain
 local-zone: "2022.intrebrkprsonas.xyz" always_nxdomain
 local-zone: "217651.8b.io" always_nxdomain
-local-zone: "2247317.verifyinguser426128734570198363.com" always_nxdomain
 local-zone: "228.94.92.rev.sfr.net.gghost.ru" always_nxdomain
 local-zone: "24611250.sibforms.com" always_nxdomain
 local-zone: "2482689012.yolasite.com" always_nxdomain
@@ -48,12 +45,16 @@ local-zone: "2ex2cfu.cn" always_nxdomain
 local-zone: "2fa.bthei.com" always_nxdomain
 local-zone: "2pil.ru" always_nxdomain
 local-zone: "2rakuten.co.jp.happyyear.cn" always_nxdomain
+local-zone: "2yfh.short.gy" always_nxdomain
 local-zone: "3-139-75-158.cprapid.com" always_nxdomain
 local-zone: "343i.org" always_nxdomain
 local-zone: "343t3dv9qdufp.clickfunnels.com" always_nxdomain
 local-zone: "3568365.com" always_nxdomain
+local-zone: "365unfreezesecurity.com" always_nxdomain
+local-zone: "3782365.com" always_nxdomain
 local-zone: "3a10a178.s6t6sj4s46tu4sys54y5.pages.dev" always_nxdomain
 local-zone: "3bvjh.sbs" always_nxdomain
+local-zone: "3c5.com" always_nxdomain
 local-zone: "3ck.me" always_nxdomain
 local-zone: "3dprintersupplies.com.au" always_nxdomain
 local-zone: "3dsecure-update-service-info-live.duckdns.org" always_nxdomain
@@ -77,18 +78,19 @@ local-zone: "5e841ae2.srvr-cloudmail-srvr6765e7tg.pages.dev" always_nxdomain
 local-zone: "613707.selcdn.ru" always_nxdomain
 local-zone: "61da8ae6.6u6566hrrthsh45.pages.dev" always_nxdomain
 local-zone: "638ca12d-ba2f-451c-8418-faf56b7de7ff.htmlcomponentservice.com" always_nxdomain
-local-zone: "65451440241544.hyperphp.com" always_nxdomain
-local-zone: "664876.verifyinguser426128734570198363.com" always_nxdomain
+local-zone: "6734365.com" always_nxdomain
 local-zone: "67lksxgjd.bttmassage-thai-tanger.com" always_nxdomain
 local-zone: "6a7zu9he6mqh.clickfunnels.com" always_nxdomain
 local-zone: "6c7f0acc.sibforms.com" always_nxdomain
+local-zone: "6stupefacentevideo2022.pagedemo.co" always_nxdomain
+local-zone: "754675377.xyz" always_nxdomain
 local-zone: "7837365.com" always_nxdomain
 local-zone: "7a4298b9.sso-mail-secure234ds23d23wd1.pages.dev" always_nxdomain
 local-zone: "7wr4u.csb.app" always_nxdomain
 local-zone: "7yu3v.csb.app" always_nxdomain
-local-zone: "8010361370310234068010361370310234.blogspot.be" always_nxdomain
 local-zone: "859411.icu" always_nxdomain
 local-zone: "8760365.com" always_nxdomain
+local-zone: "885211.icu" always_nxdomain
 local-zone: "889381.icu" always_nxdomain
 local-zone: "8899.jp" always_nxdomain
 local-zone: "89ix7y0.cn" always_nxdomain
@@ -116,15 +118,18 @@ local-zone: "absaonline2021.website2.me" always_nxdomain
 local-zone: "absolute-containers-sip.business.site" always_nxdomain
 local-zone: "absolutepleasure.com.my" always_nxdomain
 local-zone: "acacia.webdevonline.net" always_nxdomain
+local-zone: "account-recovery.org" always_nxdomain
 local-zone: "account.herephyshy.info" always_nxdomain
 local-zone: "account.verifications.help-page.workers.dev" always_nxdomain
 local-zone: "accounts-autoscout24.de" always_nxdomain
 local-zone: "acessobradesco.digital" always_nxdomain
 local-zone: "ach111.xyz" always_nxdomain
 local-zone: "activate-hulu-com-activate.sitey.me" always_nxdomain
+local-zone: "activatingmymainnet.com" always_nxdomain
 local-zone: "adamfeber.com" always_nxdomain
 local-zone: "adcloudserver.com" always_nxdomain
 local-zone: "admin-formserviceupdates.weeblysite.com" always_nxdomain
+local-zone: "administer-708aa.web.app" always_nxdomain
 local-zone: "administraciondefincaspereznovo.com" always_nxdomain
 local-zone: "adorablepomskyhome.net" always_nxdomain
 local-zone: "adpunemploymentclaims.sharefile.com" always_nxdomain
@@ -134,14 +139,13 @@ local-zone: "affixsports.net" always_nxdomain
 local-zone: "afreemart.xyz" always_nxdomain
 local-zone: "africansecrets.ca" always_nxdomain
 local-zone: "agora.imb.br" always_nxdomain
-local-zone: "agricolefr-99f918.ingress-erytho.easywp.com" always_nxdomain
 local-zone: "agrimetiersmartinique.fr" always_nxdomain
 local-zone: "agurimu-nagoya.com" always_nxdomain
 local-zone: "ahhhh.pe.kr" always_nxdomain
 local-zone: "ai.macecri.com" always_nxdomain
-local-zone: "aib-unauthorized-access.com" always_nxdomain
 local-zone: "aid-validation-human.run-us-west2.goorm.io" always_nxdomain
 local-zone: "aimekidya-recpag.web.id" always_nxdomain
+local-zone: "airbnb.book-space-b851927.live" always_nxdomain
 local-zone: "airportprescreening.com" always_nxdomain
 local-zone: "aitsidihamh.my-place.us" always_nxdomain
 local-zone: "akanksha3012.github.io" always_nxdomain
@@ -162,8 +166,10 @@ local-zone: "aliciabot.azurewebsites.net" always_nxdomain
 local-zone: "alkhalilgraphics.com" always_nxdomain
 local-zone: "allegrolokalnie-pl-3dsafe.id-43051.xyz" always_nxdomain
 local-zone: "allegrolokalnie-pl-3dsafe.id-91501.xyz" always_nxdomain
+local-zone: "allegrolokalnie-pl-3dseif.id-43051.xyz" always_nxdomain
 local-zone: "allegrolokalnie-pl-safe.id-43051.xyz" always_nxdomain
 local-zone: "alliancesuper.com" always_nxdomain
+local-zone: "almarjantours.com" always_nxdomain
 local-zone: "almighty.edu.np" always_nxdomain
 local-zone: "alnajahh.com" always_nxdomain
 local-zone: "aloun.ps" always_nxdomain
@@ -171,6 +177,7 @@ local-zone: "alphabnkgre.com" always_nxdomain
 local-zone: "alqadi.ps" always_nxdomain
 local-zone: "alquilervillora.net" always_nxdomain
 local-zone: "alsofft.com" always_nxdomain
+local-zone: "alupi-frey.shop" always_nxdomain
 local-zone: "amacez.jyrtery4.top" always_nxdomain
 local-zone: "amacredit.amacardpkey.xyz" always_nxdomain
 local-zone: "amaenv.fgasdfw6.xyz" always_nxdomain
@@ -181,21 +188,20 @@ local-zone: "amazom.supwwe.xyz" always_nxdomain
 local-zone: "amazomsse.shop" always_nxdomain
 local-zone: "amazon-gcatech.com" always_nxdomain
 local-zone: "amazon-interruption.com" always_nxdomain
-local-zone: "amazon.co.ip.jlig.cn" always_nxdomain
 local-zone: "amazon.co.jp.abaiaccounting.cn" always_nxdomain
 local-zone: "amazon.gousana.casa" always_nxdomain
-local-zone: "amazon.jp-m.win" always_nxdomain
+local-zone: "amazon.logins-co.jp" always_nxdomain
 local-zone: "amazon.works.ga" always_nxdomain
 local-zone: "amazonhome.sfrmobiles.com" always_nxdomain
 local-zone: "amazonjapsne.cf" always_nxdomain
+local-zone: "amazonses.authflows.com" always_nxdomain
 local-zone: "amazoon.co.op.o4j.top" always_nxdomain
-local-zone: "ambil-hadiah-gratis-resmi-dari-freefire.duckdns.org" always_nxdomain
 local-zone: "amc-training.com" always_nxdomain
-local-zone: "amcgardiennage.com" always_nxdomain
+local-zone: "amecmasmerd.ga" always_nxdomain
 local-zone: "ameozom.jp.onaworks.com" always_nxdomain
 local-zone: "americanexpress-auth.azurewebsites.net" always_nxdomain
-local-zone: "americanexpress.heiwakai.com" always_nxdomain
 local-zone: "amguevara.com" always_nxdomain
+local-zone: "amhsd.com" always_nxdomain
 local-zone: "amidabuli.com" always_nxdomain
 local-zone: "amlnov7.web.app" always_nxdomain
 local-zone: "amnzma-jp.top" always_nxdomain
@@ -206,7 +212,6 @@ local-zone: "amnzmsn3-jp.shop" always_nxdomain
 local-zone: "amoazom.rm82j6-t8.cn" always_nxdomain
 local-zone: "amonzau_co_take.ktbf.shop" always_nxdomain
 local-zone: "amosleh.com" always_nxdomain
-local-zone: "amozom.co.ip.taxhod.club" always_nxdomain
 local-zone: "amreeth.github.io" always_nxdomain
 local-zone: "amusebouche-bg.com" always_nxdomain
 local-zone: "amzcredit.dearva.xyz" always_nxdomain
@@ -222,24 +227,21 @@ local-zone: "angryezgames.com" always_nxdomain
 local-zone: "anhduongjsc.com" always_nxdomain
 local-zone: "anj-azakp.run.goorm.io" always_nxdomain
 local-zone: "anjalijha167.github.io" always_nxdomain
-local-zone: "anjayredit.duckdns.org" always_nxdomain
 local-zone: "annacatania.com.mt" always_nxdomain
 local-zone: "anon-keep-admin-keep.rvsla.workers.dev" always_nxdomain
 local-zone: "ansr.ro" always_nxdomain
 local-zone: "aolmailukhelplinecustomerservice.blogspot.com" always_nxdomain
 local-zone: "aolmailukhelplinecustomerservice.blogspot.com.au" always_nxdomain
-local-zone: "aolpoweredservice.duckdns.org" always_nxdomain
 local-zone: "aolverixon11dfd.weebly.com" always_nxdomain
 local-zone: "aolxperience.com" always_nxdomain
+local-zone: "api-saisoncard-co-jp.md160.net" always_nxdomain
 local-zone: "api-saisoncard-co-jp.o4ay8.net" always_nxdomain
 local-zone: "api.florense.com.br" always_nxdomain
 local-zone: "api.redirect-bentobot199.com" always_nxdomain
 local-zone: "api.redirect-safebrowser-online.com" always_nxdomain
-local-zone: "api.safe-directmail.com" always_nxdomain
 local-zone: "aplintec.com.mx" always_nxdomain
 local-zone: "app-928e4a31-5ecb-44ae-8c1e-5a710ac73f9f.cleverapps.io" always_nxdomain
 local-zone: "app-bombcrypto-io-login-ab.blogspot.com" always_nxdomain
-local-zone: "app-panckswp.xyz" always_nxdomain
 local-zone: "app.bydn217.club" always_nxdomain
 local-zone: "app.duel.network" always_nxdomain
 local-zone: "app.fiiber.ca" always_nxdomain
@@ -249,10 +251,11 @@ local-zone: "app.sugarsync.com" always_nxdomain
 local-zone: "appatualizecef.com" always_nxdomain
 local-zone: "appibsolicitud.com" always_nxdomain
 local-zone: "appleid-check.info" always_nxdomain
+local-zone: "applekra.com" always_nxdomain
 local-zone: "applepichincha.webcindario.com" always_nxdomain
 local-zone: "apply.aua.am" always_nxdomain
 local-zone: "apps.mobile-form-verification40124572700208277579.xjzsg0tqkl-ewl6ngk8w352.p.runcloud.link" always_nxdomain
-local-zone: "appttech.com" always_nxdomain
+local-zone: "aprilgagenesh.com" always_nxdomain
 local-zone: "aquaqualitas.com" always_nxdomain
 local-zone: "arafathrumman.github.io" always_nxdomain
 local-zone: "arcacg.com" always_nxdomain
@@ -260,15 +263,18 @@ local-zone: "archivio-supporto.sitoper.it" always_nxdomain
 local-zone: "are.scicemecod.com" always_nxdomain
 local-zone: "areueaom.gtpzcve.cn" always_nxdomain
 local-zone: "areueaom.gtva.cn" always_nxdomain
+local-zone: "arif.com.bd" always_nxdomain
 local-zone: "aromatic.webenliven.in" always_nxdomain
 local-zone: "arthamahotels.com" always_nxdomain
 local-zone: "artlux.com.pl" always_nxdomain
 local-zone: "arub-service.org" always_nxdomain
 local-zone: "aruba.fatt.ids-sys.com" always_nxdomain
 local-zone: "as.macecri.com" always_nxdomain
+local-zone: "as.scicemecod.com" always_nxdomain
 local-zone: "asaipestcontrol.com" always_nxdomain
 local-zone: "ascom.co.tz" always_nxdomain
 local-zone: "asd.9sw53wk.cn" always_nxdomain
+local-zone: "asdxa.p2x11pi.cn" always_nxdomain
 local-zone: "asgard-ampqy.run-us-west2.goorm.io" always_nxdomain
 local-zone: "asimpwsh.com" always_nxdomain
 local-zone: "asistentetramitadordigitalda.com" always_nxdomain
@@ -278,19 +284,24 @@ local-zone: "at-t-support-service1.sitey.me" always_nxdomain
 local-zone: "at-t-yahoo.sitey.me" always_nxdomain
 local-zone: "atento-fdi.plusoftomni.com.br" always_nxdomain
 local-zone: "ativacao-online73681.com" always_nxdomain
+local-zone: "atlanticeconcrete.com" always_nxdomain
 local-zone: "atnr76dxku336szy.clickfunnels.com" always_nxdomain
-local-zone: "attcustomdesk.weebly.com" always_nxdomain
+local-zone: "att556.weebly.com" always_nxdomain
+local-zone: "att87.weebly.com" always_nxdomain
 local-zone: "attinfoser.weebly.com" always_nxdomain
 local-zone: "attonlinemanagementpage.weebly.com" always_nxdomain
+local-zone: "attonlineuserverification.weebly.com" always_nxdomain
 local-zone: "attpage1121.weebly.com" always_nxdomain
 local-zone: "atualizacao-online547864.com" always_nxdomain
 local-zone: "atualizarmodolo.com" always_nxdomain
 local-zone: "atulrathore-dev.github.io" always_nxdomain
+local-zone: "auid-japan.com" always_nxdomain
 local-zone: "aurumship.com" always_nxdomain
-local-zone: "aushfew.tokyo" always_nxdomain
 local-zone: "aushotel.es" always_nxdomain
 local-zone: "auth-task1-m.web.app" always_nxdomain
 local-zone: "auth-webmailakeonetcom.yolasite.com" always_nxdomain
+local-zone: "auth.topgamers.cn" always_nxdomain
+local-zone: "authent54-sedure32.duckdns.org" always_nxdomain
 local-zone: "authorize-trustvallet-protocol.com" always_nxdomain
 local-zone: "authorizewallet.app" always_nxdomain
 local-zone: "authuxeehmutconjxmailssocl.web.app" always_nxdomain
@@ -300,16 +311,15 @@ local-zone: "autoexprs.com" always_nxdomain
 local-zone: "autoranplususeremailprocessingupdate.pages.dev" always_nxdomain
 local-zone: "autoscurt24.de" always_nxdomain
 local-zone: "autumn-sun-4a21.paqesads-scure.workers.dev" always_nxdomain
+local-zone: "avelocidad.com" always_nxdomain
 local-zone: "avrorganics.com" always_nxdomain
 local-zone: "awesome-gates-8bdd6f.netlify.app" always_nxdomain
 local-zone: "ax.xiguw.workers.dev" always_nxdomain
-local-zone: "axieinfinity-meta.com" always_nxdomain
 local-zone: "axieinfinity-supportwallet.com" always_nxdomain
 local-zone: "axlr.in" always_nxdomain
-local-zone: "ayguru.com" always_nxdomain
+local-zone: "ayushenterprise.in" always_nxdomain
 local-zone: "az.macecri.com" always_nxdomain
 local-zone: "azb3s.cf" always_nxdomain
-local-zone: "azmnsaz.000webhostapp.com" always_nxdomain
 local-zone: "azmznonos_co_long.akys.shop" always_nxdomain
 local-zone: "b.com.0cdb6084fc320a42a6418192753f5960.laremolonarestaurante.com" always_nxdomain
 local-zone: "b059c86968a6427389952025bcee9886.svc.dynamics.com" always_nxdomain
@@ -317,7 +327,6 @@ local-zone: "b4e921f0.sso-mailsrvr-4344e5teed.pages.dev" always_nxdomain
 local-zone: "b96f7f93.sibforms.com" always_nxdomain
 local-zone: "b97bca39.srvr-cloudmail-srvr6754e5rte.pages.dev" always_nxdomain
 local-zone: "bacteralia.com" always_nxdomain
-local-zone: "badnewswegewroighgserhhg.xyz" always_nxdomain
 local-zone: "bag-macben.eu" always_nxdomain
 local-zone: "bakhai.vn" always_nxdomain
 local-zone: "balajihospital.net" always_nxdomain
@@ -337,7 +346,6 @@ local-zone: "bancaporlnternetlnterbarnk.jifad.org" always_nxdomain
 local-zone: "bancaporlnternetlnterbarnk.libertycanais.com.br" always_nxdomain
 local-zone: "bancoiinng.site44.com" always_nxdomain
 local-zone: "bancooccidentalb.com" always_nxdomain
-local-zone: "bank-id.pl" always_nxdomain
 local-zone: "bankapolska.com" always_nxdomain
 local-zone: "banki0wa.us" always_nxdomain
 local-zone: "bankocaoffo.webcindario.com" always_nxdomain
@@ -345,8 +353,8 @@ local-zone: "bankofamer86.ddns.net" always_nxdomain
 local-zone: "bannerbank.control-inc.com" always_nxdomain
 local-zone: "bannerchampnyc.com" always_nxdomain
 local-zone: "banproseguridadasistenteenlineanic.webnode.es" always_nxdomain
-local-zone: "banqsuepoy.temp.swtest.ru" always_nxdomain
 local-zone: "baradua.it" always_nxdomain
+local-zone: "barbecuef.top" always_nxdomain
 local-zone: "battlelastmont.cyou" always_nxdomain
 local-zone: "bc1.paiementervice.com" always_nxdomain
 local-zone: "bconclutmjy.ru" always_nxdomain
@@ -355,7 +363,7 @@ local-zone: "bcpzonaseguirabeta.com" always_nxdomain
 local-zone: "be-home.web.do" always_nxdomain
 local-zone: "bearmybrand.com" always_nxdomain
 local-zone: "beast-blog.com" always_nxdomain
-local-zone: "beibys.com.br" always_nxdomain
+local-zone: "beccu07.zzux.com" always_nxdomain
 local-zone: "beijing.vfzfy1v.cn" always_nxdomain
 local-zone: "belovedaroma.com" always_nxdomain
 local-zone: "bendmytrend.com" always_nxdomain
@@ -421,18 +429,19 @@ local-zone: "bnconacional.odoo.com" always_nxdomain
 local-zone: "bncre.odoo.com" always_nxdomain
 local-zone: "bncxz.9wx9b27.cn" always_nxdomain
 local-zone: "bndigitalpersonas.com" always_nxdomain
-local-zone: "bnpparibas-pl.mob-app.xyz" always_nxdomain
 local-zone: "boaupdate.bfaoscr.com" always_nxdomain
 local-zone: "bogdonovlerer.com" always_nxdomain
 local-zone: "bogged-finance.com" always_nxdomain
+local-zone: "boi.365online-replacement.com" always_nxdomain
+local-zone: "boke4-indonesia-2022a7whatsapp.duckdns.org" always_nxdomain
+local-zone: "bokep-virall-sange33.duckdns.org" always_nxdomain
 local-zone: "bokgabanesolutions.co.za" always_nxdomain
+local-zone: "bold-lichterman.45-81-232-15.plesk.page" always_nxdomain
 local-zone: "bookfbs.evangsamuelministries.com" always_nxdomain
 local-zone: "boxes.com.py" always_nxdomain
 local-zone: "br4.in" always_nxdomain
 local-zone: "br622.teste.website" always_nxdomain
-local-zone: "brave-knuth-96d329.netlify.app" always_nxdomain
 local-zone: "breople.com" always_nxdomain
-local-zone: "brigida_cossette.gitlab.io" always_nxdomain
 local-zone: "brooks-forrunning.top" always_nxdomain
 local-zone: "brooks-justforjogging.top" always_nxdomain
 local-zone: "brooks-move.top" always_nxdomain
@@ -471,7 +480,6 @@ local-zone: "builmon.xyz" always_nxdomain
 local-zone: "bujikena.web.app" always_nxdomain
 local-zone: "bundel-cobragratis2022.duckdns.org" always_nxdomain
 local-zone: "busanopen.org" always_nxdomain
-local-zone: "business-action-copyright11022.web.app" always_nxdomain
 local-zone: "business-action-page129591.web.app" always_nxdomain
 local-zone: "business-appeal-copyright8211.web.app" always_nxdomain
 local-zone: "business-appeal-form-18222.web.app" always_nxdomain
@@ -479,24 +487,22 @@ local-zone: "business-copyright-alert100821.web.app" always_nxdomain
 local-zone: "business-copyright-alert198082.web.app" always_nxdomain
 local-zone: "business-copyright-alert19882.web.app" always_nxdomain
 local-zone: "business-copyright-detected920.web.app" always_nxdomain
-local-zone: "business-page-content125882.web.app" always_nxdomain
 local-zone: "business-required-helpcenter82.web.app" always_nxdomain
 local-zone: "business-required-info188221.web.app" always_nxdomain
 local-zone: "businessemailss.biz" always_nxdomain
-local-zone: "bussines.messages-redirect-to-page.e37uezyquk-rz83y0rwz4d7.p.runcloud.link" always_nxdomain
 local-zone: "buyelectronicsnyc.com" always_nxdomain
 local-zone: "c.curiousmorty.be" always_nxdomain
 local-zone: "c.jardindemiedo.es" always_nxdomain
 local-zone: "c.loveawaits.be" always_nxdomain
 local-zone: "c.mail.com" always_nxdomain
 local-zone: "c0m-r51znzlh8i.isiolo.go.ke" always_nxdomain
-local-zone: "c10012022j.temp.swtest.ru" always_nxdomain
 local-zone: "c1christine.tjelmeland2e.cso.gov.tt" always_nxdomain
 local-zone: "c2dc5b99.chgmar.pages.dev" always_nxdomain
 local-zone: "c6ebv708.caspio.com" always_nxdomain
 local-zone: "cabsiler.com" always_nxdomain
 local-zone: "cache.nebula.phx3.secureserver.net" always_nxdomain
 local-zone: "cadeau-orange.fr" always_nxdomain
+local-zone: "caixabanki.temp.swtest.ru" always_nxdomain
 local-zone: "caixaseguradora.quadientcloud.com" always_nxdomain
 local-zone: "cakesbyannemotha.com" always_nxdomain
 local-zone: "cammymiller.com" always_nxdomain
@@ -506,7 +512,6 @@ local-zone: "cannellandcoflooring.co.uk" always_nxdomain
 local-zone: "capservice.online" always_nxdomain
 local-zone: "caracasmateriais.blogspot.com" always_nxdomain
 local-zone: "carpediemxp.com" always_nxdomain
-local-zone: "carry.reduxservices.com" always_nxdomain
 local-zone: "carservicessaupdate.xyz" always_nxdomain
 local-zone: "cartamorin-geometres.fr" always_nxdomain
 local-zone: "carwash.tv" always_nxdomain
@@ -519,6 +524,7 @@ local-zone: "caycos.beispielseite-wmka.de" always_nxdomain
 local-zone: "caymanreno.com" always_nxdomain
 local-zone: "cbmonlinegroups.com" always_nxdomain
 local-zone: "cc.scicemecod.com" always_nxdomain
+local-zone: "cc23674.tmweb.ru" always_nxdomain
 local-zone: "ccjrlaw.com" always_nxdomain
 local-zone: "cdas.nxzigco.cn" always_nxdomain
 local-zone: "cdsoa.wuefyta.cn" always_nxdomain
@@ -531,14 +537,13 @@ local-zone: "centralconsulta.link" always_nxdomain
 local-zone: "centre1.bubbleapps.io" always_nxdomain
 local-zone: "ceresgulf.com" always_nxdomain
 local-zone: "certifica-montepaschii.com" always_nxdomain
-local-zone: "chalokradocallkakuch.azurewebsites.net" always_nxdomain
-local-zone: "changenotification.pricesamazonlogincard.monster" always_nxdomain
+local-zone: "charitascb.com" always_nxdomain
 local-zone: "charperimagedesign.com" always_nxdomain
 local-zone: "chat-whatasapp.com" always_nxdomain
 local-zone: "chat-whatsaap99.duckdns.org" always_nxdomain
 local-zone: "chat-whatsapp-com-go8i7q-qregrabc-ibuxub.duckdns.org" always_nxdomain
-local-zone: "chat-whatsapp-group-2022.duckdns.org" always_nxdomain
 local-zone: "chat-whatsapp-grupo-invitacion.blogspot.com" always_nxdomain
+local-zone: "chat-whatsapp-gscfghjsgsu.duckdns.org" always_nxdomain
 local-zone: "chckmaill1.web.app" always_nxdomain
 local-zone: "chckmaill10.web.app" always_nxdomain
 local-zone: "chckmaill11.web.app" always_nxdomain
@@ -572,9 +577,9 @@ local-zone: "chiragrajoria.github.io" always_nxdomain
 local-zone: "chois.jp" always_nxdomain
 local-zone: "christienstudystl.wixsite.com" always_nxdomain
 local-zone: "christmas-dhl-express-delvr.hopekosmos.com" always_nxdomain
+local-zone: "chronopostaws.com" always_nxdomain
 local-zone: "chtbnk.uk" always_nxdomain
 local-zone: "chutomen.com" always_nxdomain
-local-zone: "ciiusea.com" always_nxdomain
 local-zone: "cinemaleftech.com" always_nxdomain
 local-zone: "citagestionenlineabn.com" always_nxdomain
 local-zone: "city-of-jazz.de" always_nxdomain
@@ -582,13 +587,11 @@ local-zone: "ckwgruppe.service-now.com" always_nxdomain
 local-zone: "claiimdiamondgratis84.duckdns.org" always_nxdomain
 local-zone: "claim-event-freefire-garena-oldfree-a4.duckdns.org" always_nxdomain
 local-zone: "claim-skingratis-mobailegends161.duckdns.org" always_nxdomain
-local-zone: "claimgratisff2022.duckdns.org" always_nxdomain
 local-zone: "claims-funds-enczj.run-us-west2.goorm.io" always_nxdomain
 local-zone: "claimseventmlbb.duckdns.org" always_nxdomain
 local-zone: "claimshopee.yolasite.com" always_nxdomain
 local-zone: "claro-link.brsafe.com.br" always_nxdomain
 local-zone: "claus.bz" always_nxdomain
-local-zone: "clefman.cl" always_nxdomain
 local-zone: "click-here-help.in" always_nxdomain
 local-zone: "client-support-page.com" always_nxdomain
 local-zone: "clientid-h5p8n7f9e6fbmkhbr3i4gbnia7e9zpts4nbk3ebk0zj625t2ol.website.yandexcloud.net" always_nxdomain
@@ -627,7 +630,9 @@ local-zone: "co.jp.rukbcga.cn" always_nxdomain
 local-zone: "co.jp.sefdvsi.cn" always_nxdomain
 local-zone: "co.jp.tezkkbp.cn" always_nxdomain
 local-zone: "co.jp.ztxzzup.cn" always_nxdomain
+local-zone: "cobaincurlduluom.duckdns.org" always_nxdomain
 local-zone: "codwarzonemobile.com" always_nxdomain
+local-zone: "coindappsync.online" always_nxdomain
 local-zone: "cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev" always_nxdomain
 local-zone: "collab-land.net" always_nxdomain
 local-zone: "collabland.info" always_nxdomain
@@ -642,23 +647,24 @@ local-zone: "com-mm2ai86orr.isiolo.go.ke" always_nxdomain
 local-zone: "com-r51znzlh8i.isiolo.go.ke" always_nxdomain
 local-zone: "com-sauuvazpjo.isiolo.go.ke" always_nxdomain
 local-zone: "com-ugsyk69nqb.isiolo.go.ke" always_nxdomain
-local-zone: "comefuck.co" always_nxdomain
 local-zone: "community.fb-pages-01138913366342885284.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link" always_nxdomain
 local-zone: "community.fb-pages-28202553629866144006.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link" always_nxdomain
 local-zone: "community.fb-pages-44883444930165123303.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link" always_nxdomain
 local-zone: "completeegali.webcindario.com" always_nxdomain
+local-zone: "completeyorcorp.lunsrgovert.net" always_nxdomain
 local-zone: "comunicazione-europe.net" always_nxdomain
 local-zone: "comunity-isue-ideent-andromeda-29.web.id" always_nxdomain
 local-zone: "comunity-isue-ideent-andromeda-33.web.id" always_nxdomain
-local-zone: "comunity-isue-ideent-andromeda-88.web.id" always_nxdomain
 local-zone: "con-firma.firebaseapp.com" always_nxdomain
-local-zone: "confirming-pages-idntitysupport.web.id" always_nxdomain
 local-zone: "congresosba.com.ar" always_nxdomain
 local-zone: "conhecaonlinedigital.com.br" always_nxdomain
 local-zone: "connect.au-login.0662smt.com" always_nxdomain
+local-zone: "connect.auone.jp-login.kddi-sys.com" always_nxdomain
+local-zone: "connect.myauone.jp-auid.jp-auid.com" always_nxdomain
+local-zone: "connect.myauone.jp-auid.kddi-mail.com" always_nxdomain
+local-zone: "connectlivewallet.io" always_nxdomain
 local-zone: "connectwallet.me" always_nxdomain
 local-zone: "conoscofaturahiiiper.com" always_nxdomain
-local-zone: "consultavirtuai.bieah.com" always_nxdomain
 local-zone: "contabilidaderabello.com.br" always_nxdomain
 local-zone: "contact2acceptpoilcyverifingyouracceptancemailfullinbox.pages.dev" always_nxdomain
 local-zone: "contapessoal.digital" always_nxdomain
@@ -669,7 +675,7 @@ local-zone: "continentepecas.com" always_nxdomain
 local-zone: "contratodeparceria.com.br" always_nxdomain
 local-zone: "controlpichincha.webcindario.com" always_nxdomain
 local-zone: "copyright-center-live.ml" always_nxdomain
-local-zone: "corl-inv.web.app" always_nxdomain
+local-zone: "coroplastusa.com" always_nxdomain
 local-zone: "correosdemexico-web.com" always_nxdomain
 local-zone: "corta.ai" always_nxdomain
 local-zone: "cosemu.com" always_nxdomain
@@ -689,7 +695,6 @@ local-zone: "credicorp-capital.net" always_nxdomain
 local-zone: "credicorpfiduciariasa.com" always_nxdomain
 local-zone: "credifinanciera.didacsis.com" always_nxdomain
 local-zone: "crediserfinanza.com" always_nxdomain
-local-zone: "credita302.temp.swtest.ru" always_nxdomain
 local-zone: "creditagricole-sudrhonealpes.blogspot.ba" always_nxdomain
 local-zone: "creditagricole-sudrhonealpes.blogspot.com" always_nxdomain
 local-zone: "creditagricole-sudrhonealpes.blogspot.ro" always_nxdomain
@@ -697,13 +702,18 @@ local-zone: "creditinternationalbank.com" always_nxdomain
 local-zone: "creditiperhabbogratissicuro100.blogspot.it" always_nxdomain
 local-zone: "cresvin.com" always_nxdomain
 local-zone: "criticalcarevizag.com" always_nxdomain
+local-zone: "crrdxwjap7t.typeform.com" always_nxdomain
 local-zone: "cryptocars-plays.buzz" always_nxdomain
 local-zone: "cryptocarsme.com" always_nxdomain
 local-zone: "cryptscars-logs.com" always_nxdomain
 local-zone: "cryqtocars.me" always_nxdomain
 local-zone: "cuans.bkaamiv.cn" always_nxdomain
 local-zone: "currentlyupgrade.mystrikingly.com" always_nxdomain
+local-zone: "cusnas.366wuv.cn" always_nxdomain
+local-zone: "cxas.bvd2q18.cn" always_nxdomain
+local-zone: "cxas.zk6w4dt.cn" always_nxdomain
 local-zone: "cxasd.easghbl.cn" always_nxdomain
+local-zone: "cxmnsa.04frh0w.cn" always_nxdomain
 local-zone: "cxnbas.nmkbmqk.cn" always_nxdomain
 local-zone: "cxuahs.1wc9bxm.cn" always_nxdomain
 local-zone: "cyna.rkpmage.cn" always_nxdomain
@@ -716,8 +726,10 @@ local-zone: "d18gc1ytkdv37u.cloudfront.net" always_nxdomain
 local-zone: "d2aae6a6.srvr-cloudmail-srvr675eu6r.pages.dev" always_nxdomain
 local-zone: "d3ncuwwrr82.typeform.com" always_nxdomain
 local-zone: "daatahomes.com" always_nxdomain
+local-zone: "dadafa88.com" always_nxdomain
 local-zone: "damp-f43e.recovery-page-secur.workers.dev" always_nxdomain
 local-zone: "danitraseoexperts.com" always_nxdomain
+local-zone: "dappconnecttvalidator.net" always_nxdomain
 local-zone: "dapponlines.com" always_nxdomain
 local-zone: "dappscoins.com" always_nxdomain
 local-zone: "dappsiconnect.com" always_nxdomain
@@ -733,8 +745,8 @@ local-zone: "daycoval.facildepagar.com.br" always_nxdomain
 local-zone: "db-web-client.com" always_nxdomain
 local-zone: "dbesmdcjzturhizszllesbthsn-dot-gl44393333333.rj.r.appspot.com" always_nxdomain
 local-zone: "dbkuzwes.online" always_nxdomain
-local-zone: "dbs-interrnet.online" always_nxdomain
 local-zone: "dbs.limited" always_nxdomain
+local-zone: "dbs.online.webdbslistinonline.com" always_nxdomain
 local-zone: "dbs.webdbslistinonline.com" always_nxdomain
 local-zone: "dbw.gr" always_nxdomain
 local-zone: "dcm1.ae.iwc.static.tungmung.co.id" always_nxdomain
@@ -767,6 +779,7 @@ local-zone: "deutsche-post.apurvathespygenesh.com" always_nxdomain
 local-zone: "dev-nadaj.orlenpaczka.ce5.pl" always_nxdomain
 local-zone: "dev-secu-credit-union.pantheonsite.io" always_nxdomain
 local-zone: "dev-www.orlenpaczka.ce5.pl" always_nxdomain
+local-zone: "dev.massageliabilityinsurancegroup.com" always_nxdomain
 local-zone: "dev.shivaxi.com" always_nxdomain
 local-zone: "devicepichincha.webcindario.com" always_nxdomain
 local-zone: "devops.help" always_nxdomain
@@ -779,15 +792,17 @@ local-zone: "dhl-event.app" always_nxdomain
 local-zone: "dhl.recruitmentplatform.com" always_nxdomain
 local-zone: "diamondplate.us" always_nxdomain
 local-zone: "die-post-swiss-id-19782635812.psd2any.com" always_nxdomain
+local-zone: "diepost-paketevhost207932.lowhost.ru" always_nxdomain
 local-zone: "diginto.org" always_nxdomain
-local-zone: "dilscord.gift" always_nxdomain
+local-zone: "diligentverify.com" always_nxdomain
 local-zone: "directqpuprozaakp.weebly.com" always_nxdomain
 local-zone: "dirtyez.com" always_nxdomain
 local-zone: "disccrdapp.com" always_nxdomain
 local-zone: "disckord.club" always_nxdomain
 local-zone: "discoord-nittro.com" always_nxdomain
-local-zone: "discorc.gift" always_nxdomain
 local-zone: "discordbugs.com" always_nxdomain
+local-zone: "discordnitroos.com" always_nxdomain
+local-zone: "discrods.gift" always_nxdomain
 local-zone: "dispositivoapp.azurewebsites.net" always_nxdomain
 local-zone: "distinctivei.com" always_nxdomain
 local-zone: "distrial.ec" always_nxdomain
@@ -800,7 +815,6 @@ local-zone: "dkglobaljobs.com" always_nxdomain
 local-zone: "dl.9xu.com" always_nxdomain
 local-zone: "dlink.me" always_nxdomain
 local-zone: "dmaxpesca.com.es" always_nxdomain
-local-zone: "dminer.cloud" always_nxdomain
 local-zone: "doclab-console-auth.firebaseapp.com" always_nxdomain
 local-zone: "docs-verify-c671.thajetiase.workers.dev" always_nxdomain
 local-zone: "docs.revv.so" always_nxdomain
@@ -826,12 +840,9 @@ local-zone: "domainserverlawa116.web.app" always_nxdomain
 local-zone: "domainserverlawa117.web.app" always_nxdomain
 local-zone: "domainserverlawa118.web.app" always_nxdomain
 local-zone: "domainserverlawa119.web.app" always_nxdomain
-local-zone: "domainserverlawa120.web.app" always_nxdomain
-local-zone: "domainserverlawa121.web.app" always_nxdomain
 local-zone: "domainserverlawa122.web.app" always_nxdomain
 local-zone: "domainserverlawa123.web.app" always_nxdomain
 local-zone: "domainserverlawa124.web.app" always_nxdomain
-local-zone: "domainserverlawa125.web.app" always_nxdomain
 local-zone: "domainserverlawa126.web.app" always_nxdomain
 local-zone: "domainserverlawa127.web.app" always_nxdomain
 local-zone: "domainserverlawa128.web.app" always_nxdomain
@@ -840,32 +851,24 @@ local-zone: "domainserverlawa13.web.app" always_nxdomain
 local-zone: "domainserverlawa130.web.app" always_nxdomain
 local-zone: "domainserverlawa131.web.app" always_nxdomain
 local-zone: "domainserverlawa132.web.app" always_nxdomain
-local-zone: "domainserverlawa133.web.app" always_nxdomain
 local-zone: "domainserverlawa134.web.app" always_nxdomain
 local-zone: "domainserverlawa135.web.app" always_nxdomain
 local-zone: "domainserverlawa136.web.app" always_nxdomain
 local-zone: "domainserverlawa137.web.app" always_nxdomain
-local-zone: "domainserverlawa138.web.app" always_nxdomain
 local-zone: "domainserverlawa139.web.app" always_nxdomain
 local-zone: "domainserverlawa14.web.app" always_nxdomain
-local-zone: "domainserverlawa140.web.app" always_nxdomain
-local-zone: "domainserverlawa141.web.app" always_nxdomain
 local-zone: "domainserverlawa142.web.app" always_nxdomain
 local-zone: "domainserverlawa143.web.app" always_nxdomain
 local-zone: "domainserverlawa144.web.app" always_nxdomain
 local-zone: "domainserverlawa145.web.app" always_nxdomain
 local-zone: "domainserverlawa146.web.app" always_nxdomain
-local-zone: "domainserverlawa147.web.app" always_nxdomain
 local-zone: "domainserverlawa148.web.app" always_nxdomain
 local-zone: "domainserverlawa149.web.app" always_nxdomain
 local-zone: "domainserverlawa150.web.app" always_nxdomain
-local-zone: "domainserverlawa151.web.app" always_nxdomain
 local-zone: "domainserverlawa152.web.app" always_nxdomain
 local-zone: "domainserverlawa153.web.app" always_nxdomain
-local-zone: "domainserverlawa154.web.app" always_nxdomain
 local-zone: "domainserverlawa155.web.app" always_nxdomain
 local-zone: "domainserverlawa156.web.app" always_nxdomain
-local-zone: "domainserverlawa157.web.app" always_nxdomain
 local-zone: "domainserverlawa158.web.app" always_nxdomain
 local-zone: "domainserverlawa159.web.app" always_nxdomain
 local-zone: "domainserverlawa160.web.app" always_nxdomain
@@ -873,20 +876,15 @@ local-zone: "domainserverlawa161.web.app" always_nxdomain
 local-zone: "domainserverlawa162.web.app" always_nxdomain
 local-zone: "domainserverlawa163.web.app" always_nxdomain
 local-zone: "domainserverlawa164.web.app" always_nxdomain
-local-zone: "domainserverlawa165.web.app" always_nxdomain
 local-zone: "domainserverlawa166.web.app" always_nxdomain
 local-zone: "domainserverlawa167.web.app" always_nxdomain
 local-zone: "domainserverlawa168.web.app" always_nxdomain
 local-zone: "domainserverlawa169.web.app" always_nxdomain
-local-zone: "domainserverlawa17.web.app" always_nxdomain
-local-zone: "domainserverlawa170.web.app" always_nxdomain
 local-zone: "domainserverlawa171.web.app" always_nxdomain
 local-zone: "domainserverlawa172.web.app" always_nxdomain
 local-zone: "domainserverlawa173.web.app" always_nxdomain
 local-zone: "domainserverlawa174.web.app" always_nxdomain
-local-zone: "domainserverlawa175.web.app" always_nxdomain
 local-zone: "domainserverlawa176.web.app" always_nxdomain
-local-zone: "domainserverlawa177.web.app" always_nxdomain
 local-zone: "domainserverlawa178.web.app" always_nxdomain
 local-zone: "domainserverlawa179.web.app" always_nxdomain
 local-zone: "domainserverlawa18.web.app" always_nxdomain
@@ -895,34 +893,25 @@ local-zone: "domainserverlawa181.web.app" always_nxdomain
 local-zone: "domainserverlawa182.web.app" always_nxdomain
 local-zone: "domainserverlawa183.web.app" always_nxdomain
 local-zone: "domainserverlawa184.web.app" always_nxdomain
-local-zone: "domainserverlawa185.web.app" always_nxdomain
 local-zone: "domainserverlawa186.web.app" always_nxdomain
 local-zone: "domainserverlawa187.web.app" always_nxdomain
 local-zone: "domainserverlawa188.web.app" always_nxdomain
 local-zone: "domainserverlawa189.web.app" always_nxdomain
 local-zone: "domainserverlawa19.web.app" always_nxdomain
-local-zone: "domainserverlawa190.web.app" always_nxdomain
 local-zone: "domainserverlawa191.web.app" always_nxdomain
 local-zone: "domainserverlawa193.web.app" always_nxdomain
 local-zone: "domainserverlawa194.web.app" always_nxdomain
 local-zone: "domainserverlawa195.web.app" always_nxdomain
-local-zone: "domainserverlawa196.web.app" always_nxdomain
-local-zone: "domainserverlawa197.web.app" always_nxdomain
 local-zone: "domainserverlawa198.web.app" always_nxdomain
-local-zone: "domainserverlawa199.web.app" always_nxdomain
 local-zone: "domainserverlawa20.web.app" always_nxdomain
-local-zone: "domainserverlawa200.web.app" always_nxdomain
 local-zone: "domainserverlawa201.web.app" always_nxdomain
 local-zone: "domainserverlawa202.web.app" always_nxdomain
-local-zone: "domainserverlawa203.web.app" always_nxdomain
 local-zone: "domainserverlawa204.web.app" always_nxdomain
 local-zone: "domainserverlawa205.web.app" always_nxdomain
 local-zone: "domainserverlawa206.web.app" always_nxdomain
-local-zone: "domainserverlawa207.web.app" always_nxdomain
 local-zone: "domainserverlawa208.web.app" always_nxdomain
 local-zone: "domainserverlawa209.web.app" always_nxdomain
 local-zone: "domainserverlawa21.web.app" always_nxdomain
-local-zone: "domainserverlawa210.web.app" always_nxdomain
 local-zone: "domainserverlawa211.web.app" always_nxdomain
 local-zone: "domainserverlawa212.web.app" always_nxdomain
 local-zone: "domainserverlawa213.web.app" always_nxdomain
@@ -936,7 +925,6 @@ local-zone: "domainserverlawa220.web.app" always_nxdomain
 local-zone: "domainserverlawa221.web.app" always_nxdomain
 local-zone: "domainserverlawa222.web.app" always_nxdomain
 local-zone: "domainserverlawa223.web.app" always_nxdomain
-local-zone: "domainserverlawa224.web.app" always_nxdomain
 local-zone: "domainserverlawa225.web.app" always_nxdomain
 local-zone: "domainserverlawa226.web.app" always_nxdomain
 local-zone: "domainserverlawa227.web.app" always_nxdomain
@@ -949,12 +937,10 @@ local-zone: "domainserverlawa233.web.app" always_nxdomain
 local-zone: "domainserverlawa234.web.app" always_nxdomain
 local-zone: "domainserverlawa235.web.app" always_nxdomain
 local-zone: "domainserverlawa237.web.app" always_nxdomain
-local-zone: "domainserverlawa238.web.app" always_nxdomain
 local-zone: "domainserverlawa239.web.app" always_nxdomain
 local-zone: "domainserverlawa240.web.app" always_nxdomain
 local-zone: "domainserverlawa241.web.app" always_nxdomain
 local-zone: "domainserverlawa242.web.app" always_nxdomain
-local-zone: "domainserverlawa243.web.app" always_nxdomain
 local-zone: "domainserverlawa244.web.app" always_nxdomain
 local-zone: "domainserverlawa245.web.app" always_nxdomain
 local-zone: "domainserverlawa246.web.app" always_nxdomain
@@ -962,35 +948,23 @@ local-zone: "domainserverlawa247.web.app" always_nxdomain
 local-zone: "domainserverlawa248.web.app" always_nxdomain
 local-zone: "domainserverlawa249.web.app" always_nxdomain
 local-zone: "domainserverlawa25.web.app" always_nxdomain
-local-zone: "domainserverlawa250.web.app" always_nxdomain
 local-zone: "domainserverlawa251.web.app" always_nxdomain
 local-zone: "domainserverlawa252.web.app" always_nxdomain
 local-zone: "domainserverlawa253.web.app" always_nxdomain
-local-zone: "domainserverlawa254.web.app" always_nxdomain
-local-zone: "domainserverlawa255.web.app" always_nxdomain
 local-zone: "domainserverlawa256.web.app" always_nxdomain
 local-zone: "domainserverlawa257.web.app" always_nxdomain
 local-zone: "domainserverlawa258.web.app" always_nxdomain
-local-zone: "domainserverlawa259.web.app" always_nxdomain
-local-zone: "domainserverlawa26.web.app" always_nxdomain
 local-zone: "domainserverlawa260.web.app" always_nxdomain
-local-zone: "domainserverlawa261.web.app" always_nxdomain
-local-zone: "domainserverlawa262.web.app" always_nxdomain
 local-zone: "domainserverlawa263.web.app" always_nxdomain
 local-zone: "domainserverlawa264.web.app" always_nxdomain
 local-zone: "domainserverlawa265.web.app" always_nxdomain
 local-zone: "domainserverlawa266.web.app" always_nxdomain
 local-zone: "domainserverlawa267.web.app" always_nxdomain
-local-zone: "domainserverlawa268.web.app" always_nxdomain
 local-zone: "domainserverlawa269.web.app" always_nxdomain
 local-zone: "domainserverlawa270.web.app" always_nxdomain
-local-zone: "domainserverlawa271.web.app" always_nxdomain
-local-zone: "domainserverlawa272.web.app" always_nxdomain
 local-zone: "domainserverlawa273.web.app" always_nxdomain
 local-zone: "domainserverlawa274.web.app" always_nxdomain
-local-zone: "domainserverlawa275.web.app" always_nxdomain
 local-zone: "domainserverlawa276.web.app" always_nxdomain
-local-zone: "domainserverlawa277.web.app" always_nxdomain
 local-zone: "domainserverlawa278.web.app" always_nxdomain
 local-zone: "domainserverlawa279.web.app" always_nxdomain
 local-zone: "domainserverlawa280.web.app" always_nxdomain
@@ -999,9 +973,7 @@ local-zone: "domainserverlawa282.web.app" always_nxdomain
 local-zone: "domainserverlawa283.web.app" always_nxdomain
 local-zone: "domainserverlawa284.web.app" always_nxdomain
 local-zone: "domainserverlawa285.web.app" always_nxdomain
-local-zone: "domainserverlawa286.web.app" always_nxdomain
 local-zone: "domainserverlawa287.web.app" always_nxdomain
-local-zone: "domainserverlawa289.web.app" always_nxdomain
 local-zone: "domainserverlawa29.web.app" always_nxdomain
 local-zone: "domainserverlawa290.web.app" always_nxdomain
 local-zone: "domainserverlawa292.web.app" always_nxdomain
@@ -1010,28 +982,20 @@ local-zone: "domainserverlawa294.web.app" always_nxdomain
 local-zone: "domainserverlawa295.web.app" always_nxdomain
 local-zone: "domainserverlawa296.web.app" always_nxdomain
 local-zone: "domainserverlawa297.web.app" always_nxdomain
-local-zone: "domainserverlawa298.web.app" always_nxdomain
 local-zone: "domainserverlawa299.web.app" always_nxdomain
-local-zone: "domainserverlawa30.web.app" always_nxdomain
 local-zone: "domainserverlawa300.web.app" always_nxdomain
 local-zone: "domainserverlawa301.web.app" always_nxdomain
 local-zone: "domainserverlawa302.web.app" always_nxdomain
 local-zone: "domainserverlawa303.web.app" always_nxdomain
 local-zone: "domainserverlawa304.web.app" always_nxdomain
 local-zone: "domainserverlawa305.web.app" always_nxdomain
-local-zone: "domainserverlawa306.web.app" always_nxdomain
 local-zone: "domainserverlawa307.web.app" always_nxdomain
 local-zone: "domainserverlawa308.web.app" always_nxdomain
-local-zone: "domainserverlawa309.web.app" always_nxdomain
-local-zone: "domainserverlawa31.web.app" always_nxdomain
 local-zone: "domainserverlawa310.web.app" always_nxdomain
 local-zone: "domainserverlawa311.web.app" always_nxdomain
 local-zone: "domainserverlawa312.web.app" always_nxdomain
 local-zone: "domainserverlawa313.web.app" always_nxdomain
-local-zone: "domainserverlawa314.web.app" always_nxdomain
 local-zone: "domainserverlawa315.web.app" always_nxdomain
-local-zone: "domainserverlawa316.web.app" always_nxdomain
-local-zone: "domainserverlawa317.web.app" always_nxdomain
 local-zone: "domainserverlawa318.web.app" always_nxdomain
 local-zone: "domainserverlawa319.web.app" always_nxdomain
 local-zone: "domainserverlawa32.web.app" always_nxdomain
@@ -1039,13 +1003,11 @@ local-zone: "domainserverlawa320.web.app" always_nxdomain
 local-zone: "domainserverlawa321.web.app" always_nxdomain
 local-zone: "domainserverlawa322.web.app" always_nxdomain
 local-zone: "domainserverlawa323.web.app" always_nxdomain
-local-zone: "domainserverlawa324.web.app" always_nxdomain
 local-zone: "domainserverlawa325.web.app" always_nxdomain
 local-zone: "domainserverlawa326.web.app" always_nxdomain
 local-zone: "domainserverlawa327.web.app" always_nxdomain
 local-zone: "domainserverlawa328.web.app" always_nxdomain
 local-zone: "domainserverlawa329.web.app" always_nxdomain
-local-zone: "domainserverlawa33.web.app" always_nxdomain
 local-zone: "domainserverlawa330.web.app" always_nxdomain
 local-zone: "domainserverlawa331.web.app" always_nxdomain
 local-zone: "domainserverlawa332.web.app" always_nxdomain
@@ -1056,17 +1018,14 @@ local-zone: "domainserverlawa336.web.app" always_nxdomain
 local-zone: "domainserverlawa337.web.app" always_nxdomain
 local-zone: "domainserverlawa338.web.app" always_nxdomain
 local-zone: "domainserverlawa339.web.app" always_nxdomain
-local-zone: "domainserverlawa34.web.app" always_nxdomain
 local-zone: "domainserverlawa340.web.app" always_nxdomain
 local-zone: "domainserverlawa341.web.app" always_nxdomain
 local-zone: "domainserverlawa342.web.app" always_nxdomain
 local-zone: "domainserverlawa343.web.app" always_nxdomain
 local-zone: "domainserverlawa344.web.app" always_nxdomain
-local-zone: "domainserverlawa345.web.app" always_nxdomain
 local-zone: "domainserverlawa346.web.app" always_nxdomain
 local-zone: "domainserverlawa347.web.app" always_nxdomain
 local-zone: "domainserverlawa348.web.app" always_nxdomain
-local-zone: "domainserverlawa35.web.app" always_nxdomain
 local-zone: "domainserverlawa350.web.app" always_nxdomain
 local-zone: "domainserverlawa351.web.app" always_nxdomain
 local-zone: "domainserverlawa352.web.app" always_nxdomain
@@ -1080,7 +1039,6 @@ local-zone: "domainserverlawa359.web.app" always_nxdomain
 local-zone: "domainserverlawa36.web.app" always_nxdomain
 local-zone: "domainserverlawa360.web.app" always_nxdomain
 local-zone: "domainserverlawa361.web.app" always_nxdomain
-local-zone: "domainserverlawa362.web.app" always_nxdomain
 local-zone: "domainserverlawa363.web.app" always_nxdomain
 local-zone: "domainserverlawa364.web.app" always_nxdomain
 local-zone: "domainserverlawa365.web.app" always_nxdomain
@@ -1091,7 +1049,6 @@ local-zone: "domainserverlawa37.web.app" always_nxdomain
 local-zone: "domainserverlawa370.web.app" always_nxdomain
 local-zone: "domainserverlawa371.web.app" always_nxdomain
 local-zone: "domainserverlawa372.web.app" always_nxdomain
-local-zone: "domainserverlawa373.web.app" always_nxdomain
 local-zone: "domainserverlawa374.web.app" always_nxdomain
 local-zone: "domainserverlawa375.web.app" always_nxdomain
 local-zone: "domainserverlawa376.web.app" always_nxdomain
@@ -1107,11 +1064,7 @@ local-zone: "domainserverlawa384.web.app" always_nxdomain
 local-zone: "domainserverlawa385.web.app" always_nxdomain
 local-zone: "domainserverlawa386.web.app" always_nxdomain
 local-zone: "domainserverlawa387.web.app" always_nxdomain
-local-zone: "domainserverlawa388.web.app" always_nxdomain
-local-zone: "domainserverlawa389.web.app" always_nxdomain
-local-zone: "domainserverlawa39.web.app" always_nxdomain
 local-zone: "domainserverlawa390.web.app" always_nxdomain
-local-zone: "domainserverlawa391.web.app" always_nxdomain
 local-zone: "domainserverlawa392.web.app" always_nxdomain
 local-zone: "domainserverlawa393.web.app" always_nxdomain
 local-zone: "domainserverlawa394.web.app" always_nxdomain
@@ -1122,11 +1075,8 @@ local-zone: "domainserverlawa398.web.app" always_nxdomain
 local-zone: "domainserverlawa40.web.app" always_nxdomain
 local-zone: "domainserverlawa400.web.app" always_nxdomain
 local-zone: "domainserverlawa401.web.app" always_nxdomain
-local-zone: "domainserverlawa402.web.app" always_nxdomain
 local-zone: "domainserverlawa403.web.app" always_nxdomain
-local-zone: "domainserverlawa404.web.app" always_nxdomain
 local-zone: "domainserverlawa405.web.app" always_nxdomain
-local-zone: "domainserverlawa406.web.app" always_nxdomain
 local-zone: "domainserverlawa407.web.app" always_nxdomain
 local-zone: "domainserverlawa408.web.app" always_nxdomain
 local-zone: "domainserverlawa409.web.app" always_nxdomain
@@ -1137,7 +1087,6 @@ local-zone: "domainserverlawa412.web.app" always_nxdomain
 local-zone: "domainserverlawa413.web.app" always_nxdomain
 local-zone: "domainserverlawa414.web.app" always_nxdomain
 local-zone: "domainserverlawa415.web.app" always_nxdomain
-local-zone: "domainserverlawa416.web.app" always_nxdomain
 local-zone: "domainserverlawa417.web.app" always_nxdomain
 local-zone: "domainserverlawa418.web.app" always_nxdomain
 local-zone: "domainserverlawa419.web.app" always_nxdomain
@@ -1150,12 +1099,10 @@ local-zone: "domainserverlawa424.web.app" always_nxdomain
 local-zone: "domainserverlawa425.web.app" always_nxdomain
 local-zone: "domainserverlawa426.web.app" always_nxdomain
 local-zone: "domainserverlawa427.web.app" always_nxdomain
-local-zone: "domainserverlawa428.web.app" always_nxdomain
 local-zone: "domainserverlawa429.web.app" always_nxdomain
 local-zone: "domainserverlawa43.web.app" always_nxdomain
 local-zone: "domainserverlawa430.web.app" always_nxdomain
 local-zone: "domainserverlawa431.web.app" always_nxdomain
-local-zone: "domainserverlawa432.web.app" always_nxdomain
 local-zone: "domainserverlawa433.web.app" always_nxdomain
 local-zone: "domainserverlawa434.web.app" always_nxdomain
 local-zone: "domainserverlawa435.web.app" always_nxdomain
@@ -1165,36 +1112,27 @@ local-zone: "domainserverlawa438.web.app" always_nxdomain
 local-zone: "domainserverlawa439.web.app" always_nxdomain
 local-zone: "domainserverlawa44.web.app" always_nxdomain
 local-zone: "domainserverlawa440.web.app" always_nxdomain
-local-zone: "domainserverlawa441.web.app" always_nxdomain
 local-zone: "domainserverlawa442.web.app" always_nxdomain
 local-zone: "domainserverlawa443.web.app" always_nxdomain
 local-zone: "domainserverlawa444.web.app" always_nxdomain
 local-zone: "domainserverlawa445.web.app" always_nxdomain
 local-zone: "domainserverlawa446.web.app" always_nxdomain
 local-zone: "domainserverlawa447.web.app" always_nxdomain
-local-zone: "domainserverlawa448.web.app" always_nxdomain
 local-zone: "domainserverlawa449.web.app" always_nxdomain
-local-zone: "domainserverlawa45.web.app" always_nxdomain
 local-zone: "domainserverlawa450.web.app" always_nxdomain
 local-zone: "domainserverlawa451.web.app" always_nxdomain
 local-zone: "domainserverlawa452.web.app" always_nxdomain
 local-zone: "domainserverlawa453.web.app" always_nxdomain
-local-zone: "domainserverlawa454.web.app" always_nxdomain
 local-zone: "domainserverlawa455.web.app" always_nxdomain
 local-zone: "domainserverlawa456.web.app" always_nxdomain
-local-zone: "domainserverlawa457.web.app" always_nxdomain
-local-zone: "domainserverlawa458.web.app" always_nxdomain
 local-zone: "domainserverlawa459.web.app" always_nxdomain
 local-zone: "domainserverlawa46.web.app" always_nxdomain
 local-zone: "domainserverlawa460.web.app" always_nxdomain
-local-zone: "domainserverlawa461.web.app" always_nxdomain
 local-zone: "domainserverlawa462.web.app" always_nxdomain
 local-zone: "domainserverlawa463.web.app" always_nxdomain
 local-zone: "domainserverlawa464.web.app" always_nxdomain
 local-zone: "domainserverlawa465.web.app" always_nxdomain
 local-zone: "domainserverlawa466.web.app" always_nxdomain
-local-zone: "domainserverlawa467.web.app" always_nxdomain
-local-zone: "domainserverlawa468.web.app" always_nxdomain
 local-zone: "domainserverlawa469.web.app" always_nxdomain
 local-zone: "domainserverlawa47.web.app" always_nxdomain
 local-zone: "domainserverlawa470.web.app" always_nxdomain
@@ -1205,18 +1143,14 @@ local-zone: "domainserverlawa474.web.app" always_nxdomain
 local-zone: "domainserverlawa475.web.app" always_nxdomain
 local-zone: "domainserverlawa476.web.app" always_nxdomain
 local-zone: "domainserverlawa477.web.app" always_nxdomain
-local-zone: "domainserverlawa478.web.app" always_nxdomain
 local-zone: "domainserverlawa479.web.app" always_nxdomain
 local-zone: "domainserverlawa480.web.app" always_nxdomain
 local-zone: "domainserverlawa481.web.app" always_nxdomain
-local-zone: "domainserverlawa482.web.app" always_nxdomain
 local-zone: "domainserverlawa483.web.app" always_nxdomain
 local-zone: "domainserverlawa484.web.app" always_nxdomain
 local-zone: "domainserverlawa485.web.app" always_nxdomain
 local-zone: "domainserverlawa486.web.app" always_nxdomain
 local-zone: "domainserverlawa487.web.app" always_nxdomain
-local-zone: "domainserverlawa488.web.app" always_nxdomain
-local-zone: "domainserverlawa489.web.app" always_nxdomain
 local-zone: "domainserverlawa49.web.app" always_nxdomain
 local-zone: "domainserverlawa490.web.app" always_nxdomain
 local-zone: "domainserverlawa491.web.app" always_nxdomain
@@ -1227,22 +1161,15 @@ local-zone: "domainserverlawa495.web.app" always_nxdomain
 local-zone: "domainserverlawa496.web.app" always_nxdomain
 local-zone: "domainserverlawa497.web.app" always_nxdomain
 local-zone: "domainserverlawa498.web.app" always_nxdomain
-local-zone: "domainserverlawa499.web.app" always_nxdomain
 local-zone: "domainserverlawa50.web.app" always_nxdomain
 local-zone: "domainserverlawa500.web.app" always_nxdomain
-local-zone: "domainserverlawa501.web.app" always_nxdomain
 local-zone: "domainserverlawa502.web.app" always_nxdomain
-local-zone: "domainserverlawa503.web.app" always_nxdomain
-local-zone: "domainserverlawa504.web.app" always_nxdomain
-local-zone: "domainserverlawa505.web.app" always_nxdomain
 local-zone: "domainserverlawa506.web.app" always_nxdomain
 local-zone: "domainserverlawa507.web.app" always_nxdomain
 local-zone: "domainserverlawa508.web.app" always_nxdomain
 local-zone: "domainserverlawa509.web.app" always_nxdomain
 local-zone: "domainserverlawa51.web.app" always_nxdomain
-local-zone: "domainserverlawa510.web.app" always_nxdomain
 local-zone: "domainserverlawa511.web.app" always_nxdomain
-local-zone: "domainserverlawa513.web.app" always_nxdomain
 local-zone: "domainserverlawa514.web.app" always_nxdomain
 local-zone: "domainserverlawa515.web.app" always_nxdomain
 local-zone: "domainserverlawa516.web.app" always_nxdomain
@@ -1251,10 +1178,8 @@ local-zone: "domainserverlawa518.web.app" always_nxdomain
 local-zone: "domainserverlawa519.web.app" always_nxdomain
 local-zone: "domainserverlawa52.web.app" always_nxdomain
 local-zone: "domainserverlawa520.web.app" always_nxdomain
-local-zone: "domainserverlawa521.web.app" always_nxdomain
 local-zone: "domainserverlawa522.web.app" always_nxdomain
 local-zone: "domainserverlawa523.web.app" always_nxdomain
-local-zone: "domainserverlawa524.web.app" always_nxdomain
 local-zone: "domainserverlawa525.web.app" always_nxdomain
 local-zone: "domainserverlawa526.web.app" always_nxdomain
 local-zone: "domainserverlawa527.web.app" always_nxdomain
@@ -1265,28 +1190,21 @@ local-zone: "domainserverlawa530.web.app" always_nxdomain
 local-zone: "domainserverlawa531.web.app" always_nxdomain
 local-zone: "domainserverlawa532.web.app" always_nxdomain
 local-zone: "domainserverlawa533.web.app" always_nxdomain
-local-zone: "domainserverlawa534.web.app" always_nxdomain
-local-zone: "domainserverlawa535.web.app" always_nxdomain
 local-zone: "domainserverlawa536.web.app" always_nxdomain
 local-zone: "domainserverlawa537.web.app" always_nxdomain
 local-zone: "domainserverlawa538.web.app" always_nxdomain
 local-zone: "domainserverlawa539.web.app" always_nxdomain
 local-zone: "domainserverlawa54.web.app" always_nxdomain
-local-zone: "domainserverlawa540.web.app" always_nxdomain
 local-zone: "domainserverlawa541.web.app" always_nxdomain
 local-zone: "domainserverlawa542.web.app" always_nxdomain
 local-zone: "domainserverlawa543.web.app" always_nxdomain
-local-zone: "domainserverlawa544.web.app" always_nxdomain
 local-zone: "domainserverlawa545.web.app" always_nxdomain
 local-zone: "domainserverlawa546.web.app" always_nxdomain
 local-zone: "domainserverlawa547.web.app" always_nxdomain
-local-zone: "domainserverlawa548.web.app" always_nxdomain
 local-zone: "domainserverlawa549.web.app" always_nxdomain
 local-zone: "domainserverlawa550.web.app" always_nxdomain
 local-zone: "domainserverlawa551.web.app" always_nxdomain
-local-zone: "domainserverlawa552.web.app" always_nxdomain
 local-zone: "domainserverlawa553.web.app" always_nxdomain
-local-zone: "domainserverlawa554.web.app" always_nxdomain
 local-zone: "domainserverlawa555.web.app" always_nxdomain
 local-zone: "domainserverlawa556.web.app" always_nxdomain
 local-zone: "domainserverlawa557.web.app" always_nxdomain
@@ -1296,9 +1214,7 @@ local-zone: "domainserverlawa56.web.app" always_nxdomain
 local-zone: "domainserverlawa560.web.app" always_nxdomain
 local-zone: "domainserverlawa561.web.app" always_nxdomain
 local-zone: "domainserverlawa562.web.app" always_nxdomain
-local-zone: "domainserverlawa563.web.app" always_nxdomain
 local-zone: "domainserverlawa564.web.app" always_nxdomain
-local-zone: "domainserverlawa565.web.app" always_nxdomain
 local-zone: "domainserverlawa566.web.app" always_nxdomain
 local-zone: "domainserverlawa567.web.app" always_nxdomain
 local-zone: "domainserverlawa568.web.app" always_nxdomain
@@ -1307,35 +1223,24 @@ local-zone: "domainserverlawa57.web.app" always_nxdomain
 local-zone: "domainserverlawa570.web.app" always_nxdomain
 local-zone: "domainserverlawa571.web.app" always_nxdomain
 local-zone: "domainserverlawa572.web.app" always_nxdomain
-local-zone: "domainserverlawa573.web.app" always_nxdomain
 local-zone: "domainserverlawa574.web.app" always_nxdomain
 local-zone: "domainserverlawa575.web.app" always_nxdomain
 local-zone: "domainserverlawa576.web.app" always_nxdomain
 local-zone: "domainserverlawa577.web.app" always_nxdomain
 local-zone: "domainserverlawa578.web.app" always_nxdomain
 local-zone: "domainserverlawa579.web.app" always_nxdomain
-local-zone: "domainserverlawa58.web.app" always_nxdomain
-local-zone: "domainserverlawa580.web.app" always_nxdomain
 local-zone: "domainserverlawa581.web.app" always_nxdomain
 local-zone: "domainserverlawa582.web.app" always_nxdomain
 local-zone: "domainserverlawa583.web.app" always_nxdomain
-local-zone: "domainserverlawa584.web.app" always_nxdomain
-local-zone: "domainserverlawa585.web.app" always_nxdomain
 local-zone: "domainserverlawa586.web.app" always_nxdomain
 local-zone: "domainserverlawa587.web.app" always_nxdomain
 local-zone: "domainserverlawa588.web.app" always_nxdomain
 local-zone: "domainserverlawa589.web.app" always_nxdomain
 local-zone: "domainserverlawa59.web.app" always_nxdomain
-local-zone: "domainserverlawa590.web.app" always_nxdomain
-local-zone: "domainserverlawa591.web.app" always_nxdomain
 local-zone: "domainserverlawa592.web.app" always_nxdomain
 local-zone: "domainserverlawa593.web.app" always_nxdomain
-local-zone: "domainserverlawa594.web.app" always_nxdomain
-local-zone: "domainserverlawa595.web.app" always_nxdomain
-local-zone: "domainserverlawa596.web.app" always_nxdomain
 local-zone: "domainserverlawa597.web.app" always_nxdomain
 local-zone: "domainserverlawa598.web.app" always_nxdomain
-local-zone: "domainserverlawa599.web.app" always_nxdomain
 local-zone: "domainserverlawa60.web.app" always_nxdomain
 local-zone: "domainserverlawa600.web.app" always_nxdomain
 local-zone: "domainserverlawa601.web.app" always_nxdomain
@@ -1343,25 +1248,18 @@ local-zone: "domainserverlawa602.web.app" always_nxdomain
 local-zone: "domainserverlawa603.web.app" always_nxdomain
 local-zone: "domainserverlawa604.web.app" always_nxdomain
 local-zone: "domainserverlawa605.web.app" always_nxdomain
-local-zone: "domainserverlawa606.web.app" always_nxdomain
 local-zone: "domainserverlawa607.web.app" always_nxdomain
 local-zone: "domainserverlawa608.web.app" always_nxdomain
 local-zone: "domainserverlawa609.web.app" always_nxdomain
-local-zone: "domainserverlawa61.web.app" always_nxdomain
 local-zone: "domainserverlawa610.web.app" always_nxdomain
-local-zone: "domainserverlawa611.web.app" always_nxdomain
 local-zone: "domainserverlawa612.web.app" always_nxdomain
 local-zone: "domainserverlawa613.web.app" always_nxdomain
 local-zone: "domainserverlawa614.web.app" always_nxdomain
-local-zone: "domainserverlawa615.web.app" always_nxdomain
-local-zone: "domainserverlawa616.web.app" always_nxdomain
-local-zone: "domainserverlawa617.web.app" always_nxdomain
 local-zone: "domainserverlawa618.web.app" always_nxdomain
 local-zone: "domainserverlawa619.web.app" always_nxdomain
 local-zone: "domainserverlawa62.web.app" always_nxdomain
 local-zone: "domainserverlawa620.web.app" always_nxdomain
 local-zone: "domainserverlawa621.web.app" always_nxdomain
-local-zone: "domainserverlawa622.web.app" always_nxdomain
 local-zone: "domainserverlawa623.web.app" always_nxdomain
 local-zone: "domainserverlawa624.web.app" always_nxdomain
 local-zone: "domainserverlawa625.web.app" always_nxdomain
@@ -1382,7 +1280,6 @@ local-zone: "domainserverlawa638.web.app" always_nxdomain
 local-zone: "domainserverlawa639.web.app" always_nxdomain
 local-zone: "domainserverlawa64.web.app" always_nxdomain
 local-zone: "domainserverlawa640.web.app" always_nxdomain
-local-zone: "domainserverlawa641.web.app" always_nxdomain
 local-zone: "domainserverlawa642.web.app" always_nxdomain
 local-zone: "domainserverlawa643.web.app" always_nxdomain
 local-zone: "domainserverlawa644.web.app" always_nxdomain
@@ -1398,11 +1295,6 @@ local-zone: "domainserverlawa652.web.app" always_nxdomain
 local-zone: "domainserverlawa653.web.app" always_nxdomain
 local-zone: "domainserverlawa654.web.app" always_nxdomain
 local-zone: "domainserverlawa655.web.app" always_nxdomain
-local-zone: "domainserverlawa656.web.app" always_nxdomain
-local-zone: "domainserverlawa657.web.app" always_nxdomain
-local-zone: "domainserverlawa658.web.app" always_nxdomain
-local-zone: "domainserverlawa659.web.app" always_nxdomain
-local-zone: "domainserverlawa66.web.app" always_nxdomain
 local-zone: "domainserverlawa660.web.app" always_nxdomain
 local-zone: "domainserverlawa661.web.app" always_nxdomain
 local-zone: "domainserverlawa662.web.app" always_nxdomain
@@ -1413,14 +1305,10 @@ local-zone: "domainserverlawa666.web.app" always_nxdomain
 local-zone: "domainserverlawa667.web.app" always_nxdomain
 local-zone: "domainserverlawa668.web.app" always_nxdomain
 local-zone: "domainserverlawa669.web.app" always_nxdomain
-local-zone: "domainserverlawa67.web.app" always_nxdomain
-local-zone: "domainserverlawa670.web.app" always_nxdomain
 local-zone: "domainserverlawa671.web.app" always_nxdomain
 local-zone: "domainserverlawa672.web.app" always_nxdomain
 local-zone: "domainserverlawa673.web.app" always_nxdomain
-local-zone: "domainserverlawa674.web.app" always_nxdomain
 local-zone: "domainserverlawa675.web.app" always_nxdomain
-local-zone: "domainserverlawa676.web.app" always_nxdomain
 local-zone: "domainserverlawa677.web.app" always_nxdomain
 local-zone: "domainserverlawa678.web.app" always_nxdomain
 local-zone: "domainserverlawa679.web.app" always_nxdomain
@@ -1428,12 +1316,8 @@ local-zone: "domainserverlawa68.web.app" always_nxdomain
 local-zone: "domainserverlawa680.web.app" always_nxdomain
 local-zone: "domainserverlawa681.web.app" always_nxdomain
 local-zone: "domainserverlawa682.web.app" always_nxdomain
-local-zone: "domainserverlawa683.web.app" always_nxdomain
 local-zone: "domainserverlawa684.web.app" always_nxdomain
 local-zone: "domainserverlawa685.web.app" always_nxdomain
-local-zone: "domainserverlawa686.web.app" always_nxdomain
-local-zone: "domainserverlawa687.web.app" always_nxdomain
-local-zone: "domainserverlawa688.web.app" always_nxdomain
 local-zone: "domainserverlawa689.web.app" always_nxdomain
 local-zone: "domainserverlawa69.web.app" always_nxdomain
 local-zone: "domainserverlawa690.web.app" always_nxdomain
@@ -1441,7 +1325,6 @@ local-zone: "domainserverlawa691.web.app" always_nxdomain
 local-zone: "domainserverlawa692.web.app" always_nxdomain
 local-zone: "domainserverlawa693.web.app" always_nxdomain
 local-zone: "domainserverlawa694.web.app" always_nxdomain
-local-zone: "domainserverlawa695.web.app" always_nxdomain
 local-zone: "domainserverlawa696.web.app" always_nxdomain
 local-zone: "domainserverlawa697.web.app" always_nxdomain
 local-zone: "domainserverlawa698.web.app" always_nxdomain
@@ -1452,15 +1335,11 @@ local-zone: "domainserverlawa701.web.app" always_nxdomain
 local-zone: "domainserverlawa702.web.app" always_nxdomain
 local-zone: "domainserverlawa703.web.app" always_nxdomain
 local-zone: "domainserverlawa704.web.app" always_nxdomain
-local-zone: "domainserverlawa705.web.app" always_nxdomain
 local-zone: "domainserverlawa706.web.app" always_nxdomain
-local-zone: "domainserverlawa707.web.app" always_nxdomain
 local-zone: "domainserverlawa708.web.app" always_nxdomain
 local-zone: "domainserverlawa709.web.app" always_nxdomain
 local-zone: "domainserverlawa71.web.app" always_nxdomain
-local-zone: "domainserverlawa710.web.app" always_nxdomain
 local-zone: "domainserverlawa711.web.app" always_nxdomain
-local-zone: "domainserverlawa712.web.app" always_nxdomain
 local-zone: "domainserverlawa713.web.app" always_nxdomain
 local-zone: "domainserverlawa714.web.app" always_nxdomain
 local-zone: "domainserverlawa715.web.app" always_nxdomain
@@ -1469,17 +1348,13 @@ local-zone: "domainserverlawa717.web.app" always_nxdomain
 local-zone: "domainserverlawa718.web.app" always_nxdomain
 local-zone: "domainserverlawa719.web.app" always_nxdomain
 local-zone: "domainserverlawa72.web.app" always_nxdomain
-local-zone: "domainserverlawa720.web.app" always_nxdomain
 local-zone: "domainserverlawa721.web.app" always_nxdomain
 local-zone: "domainserverlawa722.web.app" always_nxdomain
-local-zone: "domainserverlawa723.web.app" always_nxdomain
 local-zone: "domainserverlawa724.web.app" always_nxdomain
 local-zone: "domainserverlawa725.web.app" always_nxdomain
 local-zone: "domainserverlawa726.web.app" always_nxdomain
 local-zone: "domainserverlawa727.web.app" always_nxdomain
-local-zone: "domainserverlawa728.web.app" always_nxdomain
 local-zone: "domainserverlawa729.web.app" always_nxdomain
-local-zone: "domainserverlawa73.web.app" always_nxdomain
 local-zone: "domainserverlawa730.web.app" always_nxdomain
 local-zone: "domainserverlawa731.web.app" always_nxdomain
 local-zone: "domainserverlawa732.web.app" always_nxdomain
@@ -1492,31 +1367,22 @@ local-zone: "domainserverlawa738.web.app" always_nxdomain
 local-zone: "domainserverlawa739.web.app" always_nxdomain
 local-zone: "domainserverlawa74.web.app" always_nxdomain
 local-zone: "domainserverlawa740.web.app" always_nxdomain
-local-zone: "domainserverlawa741.web.app" always_nxdomain
 local-zone: "domainserverlawa742.web.app" always_nxdomain
 local-zone: "domainserverlawa743.web.app" always_nxdomain
 local-zone: "domainserverlawa744.web.app" always_nxdomain
-local-zone: "domainserverlawa745.web.app" always_nxdomain
 local-zone: "domainserverlawa746.web.app" always_nxdomain
-local-zone: "domainserverlawa747.web.app" always_nxdomain
-local-zone: "domainserverlawa748.web.app" always_nxdomain
 local-zone: "domainserverlawa749.web.app" always_nxdomain
 local-zone: "domainserverlawa75.web.app" always_nxdomain
 local-zone: "domainserverlawa750.web.app" always_nxdomain
-local-zone: "domainserverlawa751.web.app" always_nxdomain
 local-zone: "domainserverlawa752.web.app" always_nxdomain
 local-zone: "domainserverlawa753.web.app" always_nxdomain
 local-zone: "domainserverlawa754.web.app" always_nxdomain
 local-zone: "domainserverlawa755.web.app" always_nxdomain
-local-zone: "domainserverlawa756.web.app" always_nxdomain
 local-zone: "domainserverlawa757.web.app" always_nxdomain
 local-zone: "domainserverlawa758.web.app" always_nxdomain
 local-zone: "domainserverlawa759.web.app" always_nxdomain
-local-zone: "domainserverlawa76.web.app" always_nxdomain
-local-zone: "domainserverlawa760.web.app" always_nxdomain
 local-zone: "domainserverlawa761.web.app" always_nxdomain
 local-zone: "domainserverlawa762.web.app" always_nxdomain
-local-zone: "domainserverlawa763.web.app" always_nxdomain
 local-zone: "domainserverlawa764.web.app" always_nxdomain
 local-zone: "domainserverlawa765.web.app" always_nxdomain
 local-zone: "domainserverlawa766.web.app" always_nxdomain
@@ -1536,22 +1402,17 @@ local-zone: "domainserverlawa778.web.app" always_nxdomain
 local-zone: "domainserverlawa779.web.app" always_nxdomain
 local-zone: "domainserverlawa78.web.app" always_nxdomain
 local-zone: "domainserverlawa780.web.app" always_nxdomain
-local-zone: "domainserverlawa781.web.app" always_nxdomain
 local-zone: "domainserverlawa782.web.app" always_nxdomain
 local-zone: "domainserverlawa783.web.app" always_nxdomain
 local-zone: "domainserverlawa784.web.app" always_nxdomain
 local-zone: "domainserverlawa785.web.app" always_nxdomain
 local-zone: "domainserverlawa786.web.app" always_nxdomain
-local-zone: "domainserverlawa787.web.app" always_nxdomain
 local-zone: "domainserverlawa788.web.app" always_nxdomain
 local-zone: "domainserverlawa789.web.app" always_nxdomain
 local-zone: "domainserverlawa79.web.app" always_nxdomain
 local-zone: "domainserverlawa790.web.app" always_nxdomain
-local-zone: "domainserverlawa791.web.app" always_nxdomain
-local-zone: "domainserverlawa792.web.app" always_nxdomain
 local-zone: "domainserverlawa793.web.app" always_nxdomain
 local-zone: "domainserverlawa794.web.app" always_nxdomain
-local-zone: "domainserverlawa795.web.app" always_nxdomain
 local-zone: "domainserverlawa796.web.app" always_nxdomain
 local-zone: "domainserverlawa797.web.app" always_nxdomain
 local-zone: "domainserverlawa798.web.app" always_nxdomain
@@ -1560,7 +1421,6 @@ local-zone: "domainserverlawa80.web.app" always_nxdomain
 local-zone: "domainserverlawa800.web.app" always_nxdomain
 local-zone: "domainserverlawa801.web.app" always_nxdomain
 local-zone: "domainserverlawa802.web.app" always_nxdomain
-local-zone: "domainserverlawa803.web.app" always_nxdomain
 local-zone: "domainserverlawa804.web.app" always_nxdomain
 local-zone: "domainserverlawa806.web.app" always_nxdomain
 local-zone: "domainserverlawa807.web.app" always_nxdomain
@@ -1568,8 +1428,6 @@ local-zone: "domainserverlawa808.web.app" always_nxdomain
 local-zone: "domainserverlawa809.web.app" always_nxdomain
 local-zone: "domainserverlawa81.web.app" always_nxdomain
 local-zone: "domainserverlawa810.web.app" always_nxdomain
-local-zone: "domainserverlawa811.web.app" always_nxdomain
-local-zone: "domainserverlawa812.web.app" always_nxdomain
 local-zone: "domainserverlawa813.web.app" always_nxdomain
 local-zone: "domainserverlawa814.web.app" always_nxdomain
 local-zone: "domainserverlawa815.web.app" always_nxdomain
@@ -1583,7 +1441,6 @@ local-zone: "domainserverlawa821.web.app" always_nxdomain
 local-zone: "domainserverlawa822.web.app" always_nxdomain
 local-zone: "domainserverlawa823.web.app" always_nxdomain
 local-zone: "domainserverlawa824.web.app" always_nxdomain
-local-zone: "domainserverlawa825.web.app" always_nxdomain
 local-zone: "domainserverlawa826.web.app" always_nxdomain
 local-zone: "domainserverlawa827.web.app" always_nxdomain
 local-zone: "domainserverlawa828.web.app" always_nxdomain
@@ -1595,9 +1452,7 @@ local-zone: "domainserverlawa832.web.app" always_nxdomain
 local-zone: "domainserverlawa833.web.app" always_nxdomain
 local-zone: "domainserverlawa834.web.app" always_nxdomain
 local-zone: "domainserverlawa835.web.app" always_nxdomain
-local-zone: "domainserverlawa836.web.app" always_nxdomain
 local-zone: "domainserverlawa837.web.app" always_nxdomain
-local-zone: "domainserverlawa838.web.app" always_nxdomain
 local-zone: "domainserverlawa839.web.app" always_nxdomain
 local-zone: "domainserverlawa84.web.app" always_nxdomain
 local-zone: "domainserverlawa840.web.app" always_nxdomain
@@ -1605,29 +1460,21 @@ local-zone: "domainserverlawa841.web.app" always_nxdomain
 local-zone: "domainserverlawa842.web.app" always_nxdomain
 local-zone: "domainserverlawa843.web.app" always_nxdomain
 local-zone: "domainserverlawa844.web.app" always_nxdomain
-local-zone: "domainserverlawa845.web.app" always_nxdomain
 local-zone: "domainserverlawa846.web.app" always_nxdomain
-local-zone: "domainserverlawa847.web.app" always_nxdomain
-local-zone: "domainserverlawa848.web.app" always_nxdomain
-local-zone: "domainserverlawa849.web.app" always_nxdomain
 local-zone: "domainserverlawa85.web.app" always_nxdomain
-local-zone: "domainserverlawa850.web.app" always_nxdomain
 local-zone: "domainserverlawa851.web.app" always_nxdomain
 local-zone: "domainserverlawa852.web.app" always_nxdomain
 local-zone: "domainserverlawa853.web.app" always_nxdomain
-local-zone: "domainserverlawa854.web.app" always_nxdomain
 local-zone: "domainserverlawa855.web.app" always_nxdomain
 local-zone: "domainserverlawa856.web.app" always_nxdomain
 local-zone: "domainserverlawa857.web.app" always_nxdomain
 local-zone: "domainserverlawa858.web.app" always_nxdomain
-local-zone: "domainserverlawa859.web.app" always_nxdomain
 local-zone: "domainserverlawa86.web.app" always_nxdomain
 local-zone: "domainserverlawa860.web.app" always_nxdomain
 local-zone: "domainserverlawa861.web.app" always_nxdomain
 local-zone: "domainserverlawa862.web.app" always_nxdomain
 local-zone: "domainserverlawa863.web.app" always_nxdomain
 local-zone: "domainserverlawa864.web.app" always_nxdomain
-local-zone: "domainserverlawa865.web.app" always_nxdomain
 local-zone: "domainserverlawa866.web.app" always_nxdomain
 local-zone: "domainserverlawa867.web.app" always_nxdomain
 local-zone: "domainserverlawa868.web.app" always_nxdomain
@@ -1638,7 +1485,6 @@ local-zone: "domainserverlawa871.web.app" always_nxdomain
 local-zone: "domainserverlawa872.web.app" always_nxdomain
 local-zone: "domainserverlawa873.web.app" always_nxdomain
 local-zone: "domainserverlawa874.web.app" always_nxdomain
-local-zone: "domainserverlawa875.web.app" always_nxdomain
 local-zone: "domainserverlawa877.web.app" always_nxdomain
 local-zone: "domainserverlawa878.web.app" always_nxdomain
 local-zone: "domainserverlawa879.web.app" always_nxdomain
@@ -1646,9 +1492,7 @@ local-zone: "domainserverlawa88.web.app" always_nxdomain
 local-zone: "domainserverlawa880.web.app" always_nxdomain
 local-zone: "domainserverlawa881.web.app" always_nxdomain
 local-zone: "domainserverlawa882.web.app" always_nxdomain
-local-zone: "domainserverlawa883.web.app" always_nxdomain
 local-zone: "domainserverlawa884.web.app" always_nxdomain
-local-zone: "domainserverlawa885.web.app" always_nxdomain
 local-zone: "domainserverlawa886.web.app" always_nxdomain
 local-zone: "domainserverlawa888.web.app" always_nxdomain
 local-zone: "domainserverlawa889.web.app" always_nxdomain
@@ -1668,19 +1512,14 @@ local-zone: "domainserverlawa901.web.app" always_nxdomain
 local-zone: "domainserverlawa902.web.app" always_nxdomain
 local-zone: "domainserverlawa903.web.app" always_nxdomain
 local-zone: "domainserverlawa904.web.app" always_nxdomain
-local-zone: "domainserverlawa905.web.app" always_nxdomain
 local-zone: "domainserverlawa906.web.app" always_nxdomain
 local-zone: "domainserverlawa907.web.app" always_nxdomain
 local-zone: "domainserverlawa908.web.app" always_nxdomain
 local-zone: "domainserverlawa909.web.app" always_nxdomain
 local-zone: "domainserverlawa91.web.app" always_nxdomain
 local-zone: "domainserverlawa910.web.app" always_nxdomain
-local-zone: "domainserverlawa911.web.app" always_nxdomain
 local-zone: "domainserverlawa912.web.app" always_nxdomain
 local-zone: "domainserverlawa913.web.app" always_nxdomain
-local-zone: "domainserverlawa914.web.app" always_nxdomain
-local-zone: "domainserverlawa915.web.app" always_nxdomain
-local-zone: "domainserverlawa916.web.app" always_nxdomain
 local-zone: "domainserverlawa917.web.app" always_nxdomain
 local-zone: "domainserverlawa918.web.app" always_nxdomain
 local-zone: "domainserverlawa92.web.app" always_nxdomain
@@ -1689,22 +1528,14 @@ local-zone: "domainserverlawa921.web.app" always_nxdomain
 local-zone: "domainserverlawa922.web.app" always_nxdomain
 local-zone: "domainserverlawa923.web.app" always_nxdomain
 local-zone: "domainserverlawa924.web.app" always_nxdomain
-local-zone: "domainserverlawa925.web.app" always_nxdomain
 local-zone: "domainserverlawa926.web.app" always_nxdomain
 local-zone: "domainserverlawa927.web.app" always_nxdomain
 local-zone: "domainserverlawa929.web.app" always_nxdomain
-local-zone: "domainserverlawa93.web.app" always_nxdomain
 local-zone: "domainserverlawa930.web.app" always_nxdomain
-local-zone: "domainserverlawa931.web.app" always_nxdomain
 local-zone: "domainserverlawa932.web.app" always_nxdomain
-local-zone: "domainserverlawa933.web.app" always_nxdomain
-local-zone: "domainserverlawa934.web.app" always_nxdomain
 local-zone: "domainserverlawa935.web.app" always_nxdomain
-local-zone: "domainserverlawa936.web.app" always_nxdomain
 local-zone: "domainserverlawa937.web.app" always_nxdomain
 local-zone: "domainserverlawa938.web.app" always_nxdomain
-local-zone: "domainserverlawa939.web.app" always_nxdomain
-local-zone: "domainserverlawa94.web.app" always_nxdomain
 local-zone: "domainserverlawa940.web.app" always_nxdomain
 local-zone: "domainserverlawa941.web.app" always_nxdomain
 local-zone: "domainserverlawa942.web.app" always_nxdomain
@@ -1713,45 +1544,33 @@ local-zone: "domainserverlawa944.web.app" always_nxdomain
 local-zone: "domainserverlawa945.web.app" always_nxdomain
 local-zone: "domainserverlawa946.web.app" always_nxdomain
 local-zone: "domainserverlawa947.web.app" always_nxdomain
-local-zone: "domainserverlawa948.web.app" always_nxdomain
 local-zone: "domainserverlawa949.web.app" always_nxdomain
 local-zone: "domainserverlawa95.web.app" always_nxdomain
 local-zone: "domainserverlawa950.web.app" always_nxdomain
-local-zone: "domainserverlawa951.web.app" always_nxdomain
 local-zone: "domainserverlawa952.web.app" always_nxdomain
 local-zone: "domainserverlawa953.web.app" always_nxdomain
 local-zone: "domainserverlawa954.web.app" always_nxdomain
 local-zone: "domainserverlawa955.web.app" always_nxdomain
-local-zone: "domainserverlawa957.web.app" always_nxdomain
 local-zone: "domainserverlawa958.web.app" always_nxdomain
 local-zone: "domainserverlawa959.web.app" always_nxdomain
 local-zone: "domainserverlawa96.web.app" always_nxdomain
-local-zone: "domainserverlawa960.web.app" always_nxdomain
 local-zone: "domainserverlawa961.web.app" always_nxdomain
 local-zone: "domainserverlawa962.web.app" always_nxdomain
 local-zone: "domainserverlawa963.web.app" always_nxdomain
 local-zone: "domainserverlawa964.web.app" always_nxdomain
-local-zone: "domainserverlawa965.web.app" always_nxdomain
 local-zone: "domainserverlawa966.web.app" always_nxdomain
 local-zone: "domainserverlawa967.web.app" always_nxdomain
-local-zone: "domainserverlawa968.web.app" always_nxdomain
-local-zone: "domainserverlawa969.web.app" always_nxdomain
 local-zone: "domainserverlawa97.web.app" always_nxdomain
 local-zone: "domainserverlawa970.web.app" always_nxdomain
-local-zone: "domainserverlawa971.web.app" always_nxdomain
-local-zone: "domainserverlawa972.web.app" always_nxdomain
 local-zone: "domainserverlawa973.web.app" always_nxdomain
 local-zone: "domainserverlawa974.web.app" always_nxdomain
 local-zone: "domainserverlawa975.web.app" always_nxdomain
 local-zone: "domainserverlawa976.web.app" always_nxdomain
 local-zone: "domainserverlawa977.web.app" always_nxdomain
-local-zone: "domainserverlawa978.web.app" always_nxdomain
 local-zone: "domainserverlawa979.web.app" always_nxdomain
 local-zone: "domainserverlawa98.web.app" always_nxdomain
 local-zone: "domainserverlawa980.web.app" always_nxdomain
-local-zone: "domainserverlawa981.web.app" always_nxdomain
 local-zone: "domainserverlawa982.web.app" always_nxdomain
-local-zone: "domainserverlawa983.web.app" always_nxdomain
 local-zone: "domainserverlawa984.web.app" always_nxdomain
 local-zone: "domainserverlawa985.web.app" always_nxdomain
 local-zone: "domainserverlawa986.web.app" always_nxdomain
@@ -1761,14 +1580,11 @@ local-zone: "domainserverlawa989.web.app" always_nxdomain
 local-zone: "domainserverlawa99.web.app" always_nxdomain
 local-zone: "domainserverlawa990.web.app" always_nxdomain
 local-zone: "domainserverlawa991.web.app" always_nxdomain
-local-zone: "domainserverlawa992.web.app" always_nxdomain
 local-zone: "domainserverlawa993.web.app" always_nxdomain
-local-zone: "domainserverlawa994.web.app" always_nxdomain
 local-zone: "domainserverlawa995.web.app" always_nxdomain
 local-zone: "domainserverlawa996.web.app" always_nxdomain
-local-zone: "domainserverlawa997.web.app" always_nxdomain
-local-zone: "domainserverlawa998.web.app" always_nxdomain
 local-zone: "domainserverlawa999.web.app" always_nxdomain
+local-zone: "donaidrsilcio.com" always_nxdomain
 local-zone: "doooog.cn" always_nxdomain
 local-zone: "dopeydog.co.nz" always_nxdomain
 local-zone: "dorouscom.com" always_nxdomain
@@ -1776,20 +1592,20 @@ local-zone: "douuodwoman.com" always_nxdomain
 local-zone: "dowaba-s2dhl.blogspot.com" always_nxdomain
 local-zone: "doz.tode.cz" always_nxdomain
 local-zone: "dpasdasfasfasfas.pages.dev" always_nxdomain
+local-zone: "dpd-pl.566868.space" always_nxdomain
 local-zone: "dpd-redelivery-uk.com" always_nxdomain
 local-zone: "dpmasdaskj.pages.dev" always_nxdomain
 local-zone: "dr-joannepeeler.com" always_nxdomain
 local-zone: "dr3aq.byethost32.com" always_nxdomain
+local-zone: "dreamhacker.pro" always_nxdomain
 local-zone: "dreamotion-jp.com" always_nxdomain
 local-zone: "drivingschoolglasgow.co.uk" always_nxdomain
 local-zone: "drmarciovaleriano.com.br" always_nxdomain
-local-zone: "dsadsadsa.diskstation.eu" always_nxdomain
 local-zone: "dsgcbeonline.com" always_nxdomain
+local-zone: "dskedirekt.web.app" always_nxdomain
 local-zone: "dsp2codemdp.t.justns.ru" always_nxdomain
-local-zone: "dswboot.cc" always_nxdomain
 local-zone: "dtpprtmwbtudyquwgytcqcthzc-dot-gl44393333333.rj.r.appspot.com" always_nxdomain
 local-zone: "dtrpsystasfasgas.pages.dev" always_nxdomain
-local-zone: "duanemanor.tk" always_nxdomain
 local-zone: "dukhovnist.in.ua" always_nxdomain
 local-zone: "durecorpperu.com" always_nxdomain
 local-zone: "dwrat.andalous.org" always_nxdomain
@@ -1803,7 +1619,6 @@ local-zone: "e4ra.byethost8.com" always_nxdomain
 local-zone: "e63q45f9h5fr.clickfunnels.com" always_nxdomain
 local-zone: "eagleeyeapparel.com" always_nxdomain
 local-zone: "earth01.info" always_nxdomain
-local-zone: "easy-webtdapp.com" always_nxdomain
 local-zone: "easywalletfix.net" always_nxdomain
 local-zone: "easywalletsfix.com" always_nxdomain
 local-zone: "eba0200d0c.nxcli.net" always_nxdomain
@@ -1812,15 +1627,12 @@ local-zone: "ebay.com.dashboard-seller.center" always_nxdomain
 local-zone: "eberhardtedwige.wixsite.com" always_nxdomain
 local-zone: "ebuddynews.com" always_nxdomain
 local-zone: "ec.snadc-oecddo.com" always_nxdomain
-local-zone: "ecloanmoney.com" always_nxdomain
 local-zone: "ecogreenjanitorial.com" always_nxdomain
 local-zone: "ecomcrew.staging.wpengine.com" always_nxdomain
 local-zone: "ecosteelsolution.ro" always_nxdomain
-local-zone: "editpdfonline.tk" always_nxdomain
 local-zone: "edje.com" always_nxdomain
 local-zone: "edukickmexico.com" always_nxdomain
 local-zone: "ee-sms.co.uk" always_nxdomain
-local-zone: "ee.mseocri.com" always_nxdomain
 local-zone: "ee.scicemecod.com" always_nxdomain
 local-zone: "efarms.com.ng" always_nxdomain
 local-zone: "eharmonyservice.com" always_nxdomain
@@ -1843,7 +1655,6 @@ local-zone: "emojis.dels.bar" always_nxdomain
 local-zone: "emsi-lobo.firebaseapp.com" always_nxdomain
 local-zone: "en-template-solicito-16414253314897.onepage.website" always_nxdomain
 local-zone: "enbolivia.com" always_nxdomain
-local-zone: "enchanting-guiltless-suede.glitch.me" always_nxdomain
 local-zone: "encryptdrive.booogle.net" always_nxdomain
 local-zone: "engcamp.org" always_nxdomain
 local-zone: "enoman.fqzsdgtg.cn" always_nxdomain
@@ -1869,20 +1680,18 @@ local-zone: "eth-coinwallet.net" always_nxdomain
 local-zone: "eth.coinscout.cc" always_nxdomain
 local-zone: "ethnictrendz.com" always_nxdomain
 local-zone: "ets.jwr.pa-fakfak.go.id" always_nxdomain
-local-zone: "etwtny.cf" always_nxdomain
 local-zone: "eucriomeumundo.com" always_nxdomain
 local-zone: "eugnerally-wixsite-com.filesusr.com" always_nxdomain
-local-zone: "euraby.com" always_nxdomain
 local-zone: "eusa-lombo.firebaseapp.com" always_nxdomain
 local-zone: "evashoes.com.ua" always_nxdomain
+local-zone: "even-besar-banget.duckdns.org" always_nxdomain
 local-zone: "even-ff-gratisterbaru2022.duckdns.org" always_nxdomain
-local-zone: "even-ff-terbarugratis2022.duckdns.org" always_nxdomain
+local-zone: "event-ff-bundle-baru.duckdns.org" always_nxdomain
 local-zone: "event-freefire728.duckdns.org" always_nxdomain
+local-zone: "event-freeskkinmlbb.duckdns.org" always_nxdomain
 local-zone: "event-garenafreefire263.duckdns.org" always_nxdomain
-local-zone: "event-skin-resmi-2022.duckdns.org" always_nxdomain
-local-zone: "eventclaimfreefiregratis2022.duckdns.org" always_nxdomain
 local-zone: "eventclaimsff0.duckdns.org" always_nxdomain
-local-zone: "eventgarenafreefiremax2022.duckdns.org" always_nxdomain
+local-zone: "eventspinfreefire2022.duckdns.org" always_nxdomain
 local-zone: "everestmotors.com.np" always_nxdomain
 local-zone: "evo-revolutioncups.com" always_nxdomain
 local-zone: "evolbithman.web.app" always_nxdomain
@@ -1891,6 +1700,7 @@ local-zone: "excelhana.com" always_nxdomain
 local-zone: "exchange-pancakeswaps.com" always_nxdomain
 local-zone: "exchangedictionary.com" always_nxdomain
 local-zone: "exodlus.net" always_nxdomain
+local-zone: "exodus-2022.com" always_nxdomain
 local-zone: "exodus.com-wallet-signin.com" always_nxdomain
 local-zone: "exodus.com-web-wallet-online.com" always_nxdomain
 local-zone: "exodus.com.tccaponline.com" always_nxdomain
@@ -1902,6 +1712,7 @@ local-zone: "extracash-interlbankonline.com" always_nxdomain
 local-zone: "extracloud.com.au" always_nxdomain
 local-zone: "ezblox.site" always_nxdomain
 local-zone: "ezssausage.com" always_nxdomain
+local-zone: "f2f.co.jp" always_nxdomain
 local-zone: "f6fr7.codesandbox.io" always_nxdomain
 local-zone: "f9w1lned0ruqblxi6jahwotak.filesusr.com" always_nxdomain
 local-zone: "faccebook.azurewebsites.net" always_nxdomain
@@ -1916,7 +1727,10 @@ local-zone: "facebook.com-r51znzih8i.isiolo.go.ke" always_nxdomain
 local-zone: "facebook.com-zxsrf038k.isiolo.go.ke" always_nxdomain
 local-zone: "facebook.eventspinff.wtf" always_nxdomain
 local-zone: "facebook.kingstopup.com" always_nxdomain
+local-zone: "facebook.whcserverbox.com" always_nxdomain
+local-zone: "facebook8facebook.blogspot.com" always_nxdomain
 local-zone: "facebookk.azurewebsites.net" always_nxdomain
+local-zone: "facebookphisher.herokuapp.com" always_nxdomain
 local-zone: "facebooks.azurewebsites.net" always_nxdomain
 local-zone: "faic.in" always_nxdomain
 local-zone: "faizankhan0408.github.io" always_nxdomain
@@ -1930,20 +1744,21 @@ local-zone: "fassilnet5.ultimatefreehost.in" always_nxdomain
 local-zone: "fax.gruppobiesse.it" always_nxdomain
 local-zone: "fb-case-id-28031803-fcdc-48af.web.app" always_nxdomain
 local-zone: "fb-pages.proteksion-help.workers.dev" always_nxdomain
+local-zone: "fb.10004682.review" always_nxdomain
 local-zone: "fb.expressturkeyi.com" always_nxdomain
 local-zone: "fb7927.bget.ru" always_nxdomain
 local-zone: "fdasd.2e4jept.cn" always_nxdomain
 local-zone: "fdhgf.xyz" always_nxdomain
-local-zone: "feceboolk.blogspot.com" always_nxdomain
 local-zone: "federalaccesscredit.com" always_nxdomain
 local-zone: "fedner.net" always_nxdomain
 local-zone: "fer-brooks.top" always_nxdomain
 local-zone: "feriadempleos.com" always_nxdomain
 local-zone: "ferienhof-gempel.de" always_nxdomain
 local-zone: "ff-anivesary225.duckdns.org" always_nxdomain
+local-zone: "ff-member-ganena.com" always_nxdomain
 local-zone: "ff-membership-garena.com" always_nxdomain
 local-zone: "ff-membershipz-garena.ga" always_nxdomain
-local-zone: "ff.membership.garenaj.vn" always_nxdomain
+local-zone: "ff.members.garera.vn" always_nxdomain
 local-zone: "ffim-event-2022.duckdns.org" always_nxdomain
 local-zone: "fghjr74rhudfguhtfguji.blogspot.com" always_nxdomain
 local-zone: "fi.uy" always_nxdomain
@@ -1952,7 +1767,6 @@ local-zone: "fidelitybank-mn.net" always_nxdomain
 local-zone: "fighting40s.com" always_nxdomain
 local-zone: "fikir.id" always_nxdomain
 local-zone: "fileundelete.net" always_nxdomain
-local-zone: "filmkenner.com" always_nxdomain
 local-zone: "filtrosmil.com.br" always_nxdomain
 local-zone: "finalfantasyguide.co.uk" always_nxdomain
 local-zone: "finiiishingedgex.tk" always_nxdomain
@@ -1967,13 +1781,14 @@ local-zone: "fluksrv.mycpanel.rs" always_nxdomain
 local-zone: "fmwebapp.azurewebsites.net" always_nxdomain
 local-zone: "foliar.pl" always_nxdomain
 local-zone: "foma-ura-lote.firebaseapp.com" always_nxdomain
+local-zone: "foor1.com" always_nxdomain
+local-zone: "for-pakage-delevry.tragaroleary.com" always_nxdomain
 local-zone: "foresta-mod.firebaseapp.com" always_nxdomain
 local-zone: "forhimself9999.co.vu" always_nxdomain
 local-zone: "formbuddy.com" always_nxdomain
 local-zone: "forms.formium.io" always_nxdomain
 local-zone: "formtools.com" always_nxdomain
 local-zone: "forum-dofus.com.co" always_nxdomain
-local-zone: "foryour.gov-information.info" always_nxdomain
 local-zone: "fpalpha.myportfolio.com" always_nxdomain
 local-zone: "fpmaam.org" always_nxdomain
 local-zone: "fr-europe564598-com.filesusr.com" always_nxdomain
@@ -1986,6 +1801,7 @@ local-zone: "freefiredot-comerhadiah.duckdns.org" always_nxdomain
 local-zone: "freefireevent-codashop2022.duckdns.org" always_nxdomain
 local-zone: "freeitemff-allreward.duckdns.org" always_nxdomain
 local-zone: "freeliker.net" always_nxdomain
+local-zone: "freereward-ff.duckdns.org" always_nxdomain
 local-zone: "frefire-membership-garena.sukienfreefire2021.top" always_nxdomain
 local-zone: "freg-nine.pt" always_nxdomain
 local-zone: "friendsofnechockey.com" always_nxdomain
@@ -2001,21 +1817,22 @@ local-zone: "ftx.com.vn" always_nxdomain
 local-zone: "ftx.cool" always_nxdomain
 local-zone: "ftxbonus.site" always_nxdomain
 local-zone: "funiswap.exchange" always_nxdomain
+local-zone: "furgonetka-1.pl" always_nxdomain
 local-zone: "fusionrestobar.cl" always_nxdomain
+local-zone: "futurebits.in" always_nxdomain
+local-zone: "fwztmgr.cn" always_nxdomain
 local-zone: "fxhalifax.com" always_nxdomain
 local-zone: "fxxmpavktyihgyqitmuaimubui-dot-gl44393333333.rj.r.appspot.com" always_nxdomain
 local-zone: "g-mtcc.com" always_nxdomain
 local-zone: "g.greatsubstance.com.my" always_nxdomain
 local-zone: "ga.teesmith.shop" always_nxdomain
 local-zone: "gabrielamims.com" always_nxdomain
-local-zone: "gabung-grubnew1342.duckdns.org" always_nxdomain
 local-zone: "gagaclinic.com" always_nxdomain
 local-zone: "gakrvwufrvhxjaabezdbltlhff-dot-gl44393333333.rj.r.appspot.com" always_nxdomain
 local-zone: "gallciaonllne.webcindario.com" always_nxdomain
 local-zone: "garena-xacminhtaikhoan.com" always_nxdomain
-local-zone: "garenafreefire728.duckdns.org" always_nxdomain
-local-zone: "gastronomiarobertos.com" always_nxdomain
 local-zone: "gasunige.mfs.gg" always_nxdomain
+local-zone: "gbunggrup-pmrsatu13.duckdns.org" always_nxdomain
 local-zone: "gedfdfsd.eu" always_nxdomain
 local-zone: "geg.li" always_nxdomain
 local-zone: "generali-italia-ag.hrweb.it" always_nxdomain
@@ -2041,7 +1858,6 @@ local-zone: "goldenlasgidi10.web.app" always_nxdomain
 local-zone: "golkondaresorts.com" always_nxdomain
 local-zone: "goo-gl.me" always_nxdomain
 local-zone: "good12345.tripod.com" always_nxdomain
-local-zone: "goofy-wozniak.192-210-226-164.plesk.page" always_nxdomain
 local-zone: "gorol-cost.web.app" always_nxdomain
 local-zone: "gorol-investor.web.app" always_nxdomain
 local-zone: "gosafes.com" always_nxdomain
@@ -2051,39 +1867,28 @@ local-zone: "gramarcales.com.br" always_nxdomain
 local-zone: "greekinfra.com" always_nxdomain
 local-zone: "greenclasses.in" always_nxdomain
 local-zone: "grosshandel-mevida.de" always_nxdomain
-local-zone: "group-mantap-seger.duckdns.org" always_nxdomain
 local-zone: "group-wa-1.duckdns.org" always_nxdomain
-local-zone: "groupbkep-vral15.duckdns.org" always_nxdomain
 local-zone: "groworldinternational.com" always_nxdomain
 local-zone: "grp02.member.mycld-rakuten.info" always_nxdomain
-local-zone: "grub-sangex.wikaba.com" always_nxdomain
-local-zone: "grubgabung.duckdns.org" always_nxdomain
 local-zone: "grubnatajadeh12.duckdns.org" always_nxdomain
+local-zone: "grubterbarukk037.duckdns.org" always_nxdomain
 local-zone: "grubviralterbaru65c.duckdns.org" always_nxdomain
-local-zone: "grup-bokephot-terbaru2022.duckdns.org" always_nxdomain
-local-zone: "grup-bokepviral4.duckdns.org" always_nxdomain
-local-zone: "grup-dwsa-indomesia845.duckdns.org" always_nxdomain
-local-zone: "grup-viral-seleb.duckdns.org" always_nxdomain
-local-zone: "grup-viralbokep111.myftp.org" always_nxdomain
-local-zone: "grup-viralbokep2.ddns.net" always_nxdomain
+local-zone: "gruo-wa-okep-dewasa-2022.duckdns.org" always_nxdomain
+local-zone: "grup-bokep-terbaru555.duckdns.org" always_nxdomain
 local-zone: "grup-whatsapp121.duckdns.org" always_nxdomain
 local-zone: "grup-whatsappbokep1.duckdns.org" always_nxdomain
 local-zone: "grup-whatsappbokep2.duckdns.org" always_nxdomain
-local-zone: "grupbokeppadacantik.duckdns.org" always_nxdomain
+local-zone: "grup2022ssx.duckdns.org" always_nxdomain
 local-zone: "grupofsp.com.br" always_nxdomain
 local-zone: "gruposanpio.com" always_nxdomain
-local-zone: "gruptiktok.wikaba.com" always_nxdomain
-local-zone: "grupviral-xx.duckdns.org" always_nxdomain
-local-zone: "grupviral109.duckdns.org" always_nxdomain
-local-zone: "grupviralterbaru.duckdns.org" always_nxdomain
+local-zone: "grupwhatsaap-viral-2022.duckdns.org" always_nxdomain
 local-zone: "grupwhatsappnobar-2022.duckdns.org" always_nxdomain
 local-zone: "gscommunityspirit.greenschool.org" always_nxdomain
 local-zone: "gstsolutions.online" always_nxdomain
+local-zone: "gtw420.com" always_nxdomain
 local-zone: "gunatanahku.perkimtan.sumbarprov.go.id" always_nxdomain
 local-zone: "gurukanth.com" always_nxdomain
 local-zone: "gwenet.org" always_nxdomain
-local-zone: "gyfnqyk.cn" always_nxdomain
-local-zone: "gymjaokhanakho.azurewebsites.net" always_nxdomain
 local-zone: "habbocreditosparati.blogspot.com" always_nxdomain
 local-zone: "haftteam.ir" always_nxdomain
 local-zone: "hahdaeupdate.es.tl" always_nxdomain
@@ -2100,19 +1905,18 @@ local-zone: "hasseanhannitybeenwaterboarded.com" always_nxdomain
 local-zone: "haunlimited.org" always_nxdomain
 local-zone: "hcnprdvz.azureedge.net" always_nxdomain
 local-zone: "hdmediahub.club" always_nxdomain
-local-zone: "hdss-stream.org" always_nxdomain
 local-zone: "heinthu1.github.io" always_nxdomain
 local-zone: "hellenic-postbank.com" always_nxdomain
-local-zone: "helloparis.co.uk" always_nxdomain
 local-zone: "help-account-bxsfe.ondigitalocean.app" always_nxdomain
+local-zone: "help-identity-recoveri-support-center.web.id" always_nxdomain
 local-zone: "help-notice-center-identity-6532.web.id" always_nxdomain
 local-zone: "help.insecur.saftyalert.workers.dev" always_nxdomain
 local-zone: "help.validation-page.workers.dev" always_nxdomain
+local-zone: "helpingcentere.com" always_nxdomain
 local-zone: "henan.vxim58i.cn" always_nxdomain
 local-zone: "hermes.parcel-tracker.com" always_nxdomain
 local-zone: "hetershaven.net" always_nxdomain
 local-zone: "heuristic-gagarin.45-88-108-231.plesk.page" always_nxdomain
-local-zone: "hfemail.ntneancns.com" always_nxdomain
 local-zone: "hgda.db0u4hs.cn" always_nxdomain
 local-zone: "hgdaa.lfoxcct.cn" always_nxdomain
 local-zone: "hghgda.erjl0hx.cn" always_nxdomain
@@ -2127,18 +1931,15 @@ local-zone: "hifly38926.top" always_nxdomain
 local-zone: "hifly39091.top" always_nxdomain
 local-zone: "hifly61215.top" always_nxdomain
 local-zone: "hifly71191.top" always_nxdomain
-local-zone: "hikaheal.com" always_nxdomain
 local-zone: "himalayansherpa.com.au" always_nxdomain
 local-zone: "himbauane.blogspot.com" always_nxdomain
 local-zone: "hitman71hd-wixsite-com.filesusr.com" always_nxdomain
-local-zone: "hjhjjhjhjh.pagedemo.co" always_nxdomain
 local-zone: "hockian.com" always_nxdomain
 local-zone: "holobeam.000webhostapp.com" always_nxdomain
 local-zone: "home.ei1ns.de" always_nxdomain
 local-zone: "home.myfairpoint.net" always_nxdomain
 local-zone: "homepichilinea2.webcindario.com" always_nxdomain
 local-zone: "homesinlogin.com" always_nxdomain
-local-zone: "homestaylongho.com" always_nxdomain
 local-zone: "hostnix.net" always_nxdomain
 local-zone: "hostpoint.ch.17a902ef.tcorner.fr" always_nxdomain
 local-zone: "hotbrooks.com" always_nxdomain
@@ -2151,6 +1952,7 @@ local-zone: "hpplotters.in" always_nxdomain
 local-zone: "hs-giveaways.ca" always_nxdomain
 local-zone: "ht-cargo.com.vn" always_nxdomain
 local-zone: "htlgroup.com.my" always_nxdomain
+local-zone: "httpcom-0d4tol437.isiolo.go.ke" always_nxdomain
 local-zone: "httpeugnerally-wixsite-com.filesusr.com" always_nxdomain
 local-zone: "https-scert-con04.xyz" always_nxdomain
 local-zone: "https-scert-srv02.xyz" always_nxdomain
@@ -2175,7 +1977,6 @@ local-zone: "i.violationspage.validationspege.workers.dev" always_nxdomain
 local-zone: "ialvkqkadlmcdltczoqpwoociz-dot-gl44393333333.rj.r.appspot.com" always_nxdomain
 local-zone: "ibpm.ru" always_nxdomain
 local-zone: "icloud-map-live.com" always_nxdomain
-local-zone: "icloudstatus.com.ng" always_nxdomain
 local-zone: "icy.martulangbelulalng.workers.dev" always_nxdomain
 local-zone: "idappswallets.com" always_nxdomain
 local-zone: "identifiez-vous-avec-votre-compte.yolasite.com" always_nxdomain
@@ -2188,7 +1989,6 @@ local-zone: "iframejld.avent-media.fr" always_nxdomain
 local-zone: "ighk.umjlrs7uci2751.workers.dev" always_nxdomain
 local-zone: "iipvit.by" always_nxdomain
 local-zone: "ijcda.bukkats.cn" always_nxdomain
-local-zone: "ijeioqhawdqioqho.weebly.com" always_nxdomain
 local-zone: "ijhca.0gb0h7z.cn" always_nxdomain
 local-zone: "ijjd.h8nmtcc.cn" always_nxdomain
 local-zone: "ijmna.p2y00vd.cn" always_nxdomain
@@ -2199,23 +1999,25 @@ local-zone: "ikcda.a2g5xvs.cn" always_nxdomain
 local-zone: "ikcsa.ajiqvjf.cn" always_nxdomain
 local-zone: "ikdff.jmo904i.cn" always_nxdomain
 local-zone: "ikja.lbanwqp.cn" always_nxdomain
+local-zone: "ikjcd.p1z98hl.cn" always_nxdomain
 local-zone: "ikjd.uk0xnp8.cn" always_nxdomain
 local-zone: "ikjgd.rg6bzk7.cn" always_nxdomain
 local-zone: "ikmcd.u4jdbxm.cn" always_nxdomain
 local-zone: "ikmxaa.qcqxlrq.cn" always_nxdomain
+local-zone: "ilooksrare.com" always_nxdomain
 local-zone: "iloveyourglasses.com" always_nxdomain
 local-zone: "ilpconnect.org" always_nxdomain
+local-zone: "image-pict-ig.duckdns.org" always_nxdomain
 local-zone: "imersao.impulseingles.com.br" always_nxdomain
 local-zone: "imf0rm4t10nc3nt3r-1d3nt1tys.000webhostapp.com" always_nxdomain
-local-zone: "imi-ksa.jajainfo.net" always_nxdomain
 local-zone: "imobiliaria-cardinali-com-br.blogspot.com" always_nxdomain
 local-zone: "impostazionebper.000webhostapp.com" always_nxdomain
 local-zone: "in.deraya.org" always_nxdomain
-local-zone: "inaueab.com" always_nxdomain
 local-zone: "indo-viral2022.duckdns.org" always_nxdomain
 local-zone: "info.lionnets.com" always_nxdomain
 local-zone: "infohypesquad.com" always_nxdomain
 local-zone: "infopichinchaweb.webcindario.com" always_nxdomain
+local-zone: "information.safeamazoncardweb.cyou" always_nxdomain
 local-zone: "informations.recovery.confiryourpage.workers.dev" always_nxdomain
 local-zone: "infos00001.temp.swtest.ru" always_nxdomain
 local-zone: "infosecplace.com" always_nxdomain
@@ -2228,16 +2030,16 @@ local-zone: "inna.cedymll.cn" always_nxdomain
 local-zone: "innca.ol90k56.cn" always_nxdomain
 local-zone: "innovasjon.as" always_nxdomain
 local-zone: "inps-ep.com" always_nxdomain
-local-zone: "instagram-9.blogspot.com" always_nxdomain
-local-zone: "instagramhelpp.agency" always_nxdomain
+local-zone: "instahelppbaddge.ml" always_nxdomain
 local-zone: "intellidata-analytica.com" always_nxdomain
-local-zone: "interbankempresahome.rankforever.com" always_nxdomain
 local-zone: "interbankempresas.pe-il.ru" always_nxdomain
+local-zone: "interbankhomeweb.fullcircleteam.com" always_nxdomain
 local-zone: "intern.unibas-com.ch" always_nxdomain
 local-zone: "international-formulier.91-218-65-223.plesk.page" always_nxdomain
 local-zone: "internetbanking-caixa-gov.xyz" always_nxdomain
 local-zone: "internetbankinghelp.com" always_nxdomain
 local-zone: "internetservicetech.com" always_nxdomain
+local-zone: "intesalife.ie" always_nxdomain
 local-zone: "intexargentina.com.ar" always_nxdomain
 local-zone: "inthewildproductions.com" always_nxdomain
 local-zone: "intoli.ru" always_nxdomain
@@ -2245,10 +2047,14 @@ local-zone: "intrafloraplants.com" always_nxdomain
 local-zone: "intranet.sztpe.info" always_nxdomain
 local-zone: "investpl.work" always_nxdomain
 local-zone: "iplogger.info" always_nxdomain
+local-zone: "iqwea.soxr0u1.cn" always_nxdomain
 local-zone: "ironmantech.shop" always_nxdomain
-local-zone: "irs-gov.us-get-funds-assistance.com" always_nxdomain
+local-zone: "irs-gov-supportcenters.com" always_nxdomain
+local-zone: "irs.gov-coronavirus-pandemic-tax-refund-submission.com" always_nxdomain
+local-zone: "ise.com.ar" always_nxdomain
 local-zone: "isfirsatibul.com" always_nxdomain
 local-zone: "ismamorlin.my-place.us" always_nxdomain
+local-zone: "isntagranmeta.pagedemo.co" always_nxdomain
 local-zone: "istudyalumni.com" always_nxdomain
 local-zone: "it-europe564598-com.filesusr.com" always_nxdomain
 local-zone: "it.melnikhotels.com" always_nxdomain
@@ -2260,6 +2066,12 @@ local-zone: "iuhs.tyopfhn.cn" always_nxdomain
 local-zone: "iujdas.yfwxlc9.cn" always_nxdomain
 local-zone: "iuyydd.ebeg6uk.cn" always_nxdomain
 local-zone: "j9w77d0.cn" always_nxdomain
+local-zone: "jacco.co.jp-service-tranid-0001-00001m.jtlctj.cn" always_nxdomain
+local-zone: "jacco.co.jp-service-tranid-0001-00001m.jxbehx.cn" always_nxdomain
+local-zone: "jacco.co.jp-service-tranid-0001-00001m.qyb59bk.cn" always_nxdomain
+local-zone: "jacco.co.jp-service-tranid-0001-00001m.v8vxqi.cn" always_nxdomain
+local-zone: "jacco.co.jp-service-tranid-0001-00001m.v9iasv.cn" always_nxdomain
+local-zone: "jacco.co.jp-service-tranid-0001-00001m.vjsj3y.cn" always_nxdomain
 local-zone: "jacobliston.com" always_nxdomain
 local-zone: "jadaart.org" always_nxdomain
 local-zone: "jagex-rewards.com" always_nxdomain
@@ -2271,31 +2083,31 @@ local-zone: "jbwbzta.alfens8.cc" always_nxdomain
 local-zone: "jeanbaileyrobor.com" always_nxdomain
 local-zone: "jendelajogja.com" always_nxdomain
 local-zone: "jerinja.github.io" always_nxdomain
-local-zone: "jessicasproul.com" always_nxdomain
 local-zone: "jetser-electrical-supply.business.site" always_nxdomain
-local-zone: "jetstoop.top" always_nxdomain
 local-zone: "jett.gator.site" always_nxdomain
 local-zone: "jflkp.csb.app" always_nxdomain
 local-zone: "jfovukvysqnglcjghfxncklqih-dot-gl44393333333.rj.r.appspot.com" always_nxdomain
 local-zone: "jhda.wfdyk9p.cn" always_nxdomain
 local-zone: "jhdd.fjcslad.cn" always_nxdomain
 local-zone: "jhff.93oe0u9.cn" always_nxdomain
+local-zone: "jhnd.0drhnjk.cn" always_nxdomain
 local-zone: "jiwanramchemical.com" always_nxdomain
 local-zone: "jjhcd.27ke98i.cn" always_nxdomain
 local-zone: "jk99j.sbs" always_nxdomain
-local-zone: "jkhkjjkjk.pagedemo.co" always_nxdomain
 local-zone: "jlogine.com" always_nxdomain
+local-zone: "jmcna.jiwayjc.cn" always_nxdomain
+local-zone: "jmfykd.cyou" always_nxdomain
+local-zone: "jncba.diiqsmm.cn" always_nxdomain
 local-zone: "jnlope.tangguakrapekpuik.link" always_nxdomain
 local-zone: "jnnc.grnxkoj.cn" always_nxdomain
 local-zone: "job-type.com" always_nxdomain
 local-zone: "jobs.job.com.bd" always_nxdomain
 local-zone: "joecamera.net" always_nxdomain
 local-zone: "john-ashley.de" always_nxdomain
-local-zone: "join-chat-whatssap-viral-2022.duckdns.org" always_nxdomain
-local-zone: "join-group-wa2022.duckdns.org" always_nxdomain
-local-zone: "join-grub-bokep-gratis.duckdns.org" always_nxdomain
-local-zone: "join-grubkienzy849.duckdns.org" always_nxdomain
-local-zone: "join-whatsapp-tante-hot18.duckdns.org" always_nxdomain
+local-zone: "join-group-1.duckdns.org" always_nxdomain
+local-zone: "join-gruo-waku282.duckdns.org" always_nxdomain
+local-zone: "joinedprice.com" always_nxdomain
+local-zone: "joingrupku183.duckdns.org" always_nxdomain
 local-zone: "joingrupp-bkep156.duckdns.org" always_nxdomain
 local-zone: "joingrupterbaru-0.duckdns.org" always_nxdomain
 local-zone: "joinlinkviral729.duckdns.org" always_nxdomain
@@ -2303,12 +2115,14 @@ local-zone: "joinssgropshot18.duckdns.org" always_nxdomain
 local-zone: "joinssgropssney6.duckdns.org" always_nxdomain
 local-zone: "jow-japan.or.jp" always_nxdomain
 local-zone: "joyeriajireh.com.mx" always_nxdomain
-local-zone: "jp-bnnk.japappoit.asdwb.xyz" always_nxdomain
-local-zone: "jp-bnnk.japappoit.asdwd.xyz" always_nxdomain
+local-zone: "jp-auid.com" always_nxdomain
+local-zone: "jp.mercari.omany.buzz" always_nxdomain
 local-zone: "jptechdocsign.net" always_nxdomain
 local-zone: "jrhayley.plus.com" always_nxdomain
 local-zone: "juandfar.github.io" always_nxdomain
+local-zone: "jurisgeneral.com" always_nxdomain
 local-zone: "jurlebedev.ru" always_nxdomain
+local-zone: "juscook.com" always_nxdomain
 local-zone: "justgot.gonevis.com" always_nxdomain
 local-zone: "justsayingbro.com" always_nxdomain
 local-zone: "jvk.zultifarza.workers.dev" always_nxdomain
@@ -2316,6 +2130,7 @@ local-zone: "jyeue43rm95p.clickfunnels.com" always_nxdomain
 local-zone: "jz2bab.webwave.dev" always_nxdomain
 local-zone: "k3ja6d.webwave.dev" always_nxdomain
 local-zone: "kaamwalibais.co.in" always_nxdomain
+local-zone: "kachinas.be" always_nxdomain
 local-zone: "kamdhenurealities.com" always_nxdomain
 local-zone: "kargonova.com" always_nxdomain
 local-zone: "kartaltepespor.com" always_nxdomain
@@ -2327,9 +2142,11 @@ local-zone: "kdhdf34j6dfh.dealerwebsite.com" always_nxdomain
 local-zone: "kdlscaffolding.co.uk" always_nxdomain
 local-zone: "kecc.com" always_nxdomain
 local-zone: "kecmanijada.com" always_nxdomain
+local-zone: "kedai-gamers.com" always_nxdomain
 local-zone: "keep-passw0rd-supp0rt20211129-0106.supp0rtaaqkadq2zgnizte3ltbly2etnge5yi05ntm3lty2yjcwyzywzdjhmwa.workers.dev" always_nxdomain
 local-zone: "keepactive-8k98-l9k8-98j8-98j78u-d3d3-fr3d34d-2.pages.dev" always_nxdomain
 local-zone: "keepboxactive-msoe3e3-osd2rrf432-d342f4-3f34e32edetferef.pages.dev" always_nxdomain
+local-zone: "kenanhusovic.com" always_nxdomain
 local-zone: "kevinsmovingservice.com" always_nxdomain
 local-zone: "kex81.sbs" always_nxdomain
 local-zone: "key-drcp.com" always_nxdomain
@@ -2353,12 +2170,12 @@ local-zone: "konfirmasi-identitas-2022.webnode.page" always_nxdomain
 local-zone: "konnect2kamadhenu.com" always_nxdomain
 local-zone: "koteng.odoo.com" always_nxdomain
 local-zone: "kr-bithumb.web.app" always_nxdomain
-local-zone: "kraftongame.net" always_nxdomain
 local-zone: "krupije.com" always_nxdomain
 local-zone: "krx887.com" always_nxdomain
 local-zone: "ksschool.org.in" always_nxdomain
 local-zone: "kuchkuchnights.com" always_nxdomain
 local-zone: "kurortnoye.com.ua" always_nxdomain
+local-zone: "ky79.com" always_nxdomain
 local-zone: "l-abe.com" always_nxdomain
 local-zone: "l-q.in" always_nxdomain
 local-zone: "lambdaweb.info" always_nxdomain
@@ -2380,16 +2197,17 @@ local-zone: "leadershipmail.org" always_nxdomain
 local-zone: "learningimpactmodel.com" always_nxdomain
 local-zone: "leboncoiinlbc.000webhostapp.com" always_nxdomain
 local-zone: "leboncoin.delivery01588.icu" always_nxdomain
+local-zone: "lefaf77683.temp.swtest.ru" always_nxdomain
 local-zone: "lemeiesta.com" always_nxdomain
 local-zone: "lenagruessdich.net" always_nxdomain
 local-zone: "leroycu.ca" always_nxdomain
+local-zone: "letoptuswebmail-9b69f0.ingress-comporellon.easywp.com" always_nxdomain
 local-zone: "lettertracing4kids.com" always_nxdomain
 local-zone: "lexnotes.com.ng" always_nxdomain
-local-zone: "lg-bluebadgecenter.ml" always_nxdomain
 local-zone: "lg-onecom-io.web.app" always_nxdomain
 local-zone: "liberasrl.it" always_nxdomain
 local-zone: "lihi3.cc" always_nxdomain
-local-zone: "linkcontract.tech" always_nxdomain
+local-zone: "linkgrupkakak-disini.duckdns.org" always_nxdomain
 local-zone: "liongear.com" always_nxdomain
 local-zone: "lirc.cep.edu.vn" always_nxdomain
 local-zone: "little-frost-1a15.chrisc11004842.workers.dev" always_nxdomain
@@ -2413,28 +2231,33 @@ local-zone: "lloydsbank.secure-online-deregister.com" always_nxdomain
 local-zone: "lloydsbank.secure-personal-device-login.com" always_nxdomain
 local-zone: "lloyduk-newdevice-registered-online.com" always_nxdomain
 local-zone: "llsckhuhskcamuqwbonsrhwpvk-dot-gl44393333333.rj.r.appspot.com" always_nxdomain
+local-zone: "lmbanang.pgryuangbtusngka.link" always_nxdomain
 local-zone: "lnkd.dev" always_nxdomain
 local-zone: "lnterbancape-lbk.com" always_nxdomain
 local-zone: "lnterbank.pe.starneonsignsug.com" always_nxdomain
+local-zone: "local-postoffice-deliver.com" always_nxdomain
 local-zone: "localwithg.com" always_nxdomain
 local-zone: "lockpichincha.webcindario.com" always_nxdomain
 local-zone: "loengregkuetngferu.live" always_nxdomain
 local-zone: "lofon-add.firebaseapp.com" always_nxdomain
 local-zone: "loftywallet.com" always_nxdomain
+local-zone: "logfuliz.web.app" always_nxdomain
 local-zone: "login-a5x1ir9bkd0dfo9nrbe2akijf3ux35u2gard0djpitipusxxc8.website.yandexcloud.net" always_nxdomain
 local-zone: "login-facebook18.webnode.page" always_nxdomain
 local-zone: "login-live.com-s02.net" always_nxdomain
 local-zone: "login-np6hh1hdf6csg7hcskopd44b7e7z4clqa8lput68g5abukevka.website.yandexcloud.net" always_nxdomain
 local-zone: "login-postfinance.com" always_nxdomain
+local-zone: "login-singaporee.apply-now-online-digital.com" always_nxdomain
 local-zone: "login.dbs.webdbslistinonline.com" always_nxdomain
 local-zone: "login.privategold.uytrtyuhij987.gowithapex.com" always_nxdomain
-local-zone: "login.smbc.weddirecttop.com" always_nxdomain
 local-zone: "logindhlaccess.dhlupdatelogin.workers.dev" always_nxdomain
+local-zone: "loginnewatt.weebly.com" always_nxdomain
 local-zone: "logverify-df12e-verify-1230-eu.web.app" always_nxdomain
 local-zone: "loinesports.com" always_nxdomain
 local-zone: "lomadesarrollos.mx" always_nxdomain
 local-zone: "lombard11.eu" always_nxdomain
 local-zone: "lot-lp-x.web.app" always_nxdomain
+local-zone: "love.gos-box.com" always_nxdomain
 local-zone: "lp.vp4.me" always_nxdomain
 local-zone: "lrs.financial" always_nxdomain
 local-zone: "lrs.foundation" always_nxdomain
@@ -2454,13 +2277,10 @@ local-zone: "m.protc.safty-pege.workers.dev" always_nxdomain
 local-zone: "m.recovery.safetyacount.workers.dev" always_nxdomain
 local-zone: "m.recovery.saftypageupdate.workers.dev" always_nxdomain
 local-zone: "m.salsomascard.top" always_nxdomain
-local-zone: "m4-appcaixia.com" always_nxdomain
 local-zone: "m42club.com" always_nxdomain
-local-zone: "m5bundle.com" always_nxdomain
 local-zone: "machineryzoneservice.com" always_nxdomain
 local-zone: "macjakarta.com" always_nxdomain
 local-zone: "macst.cc" always_nxdomain
-local-zone: "madamailru.temp.swtest.ru" always_nxdomain
 local-zone: "madens.com.pl" always_nxdomain
 local-zone: "madrhinoconsulting.com" always_nxdomain
 local-zone: "maestro.my.prod.dfg152.ru" always_nxdomain
@@ -2472,15 +2292,15 @@ local-zone: "mail-account-verify-f4723.web.app" always_nxdomain
 local-zone: "mail-gmxaktualisierung.yolasite.com" always_nxdomain
 local-zone: "mail-ovhcloud.web.app" always_nxdomain
 local-zone: "mail-ssocloud-srvr67yhguh.pages.dev" always_nxdomain
+local-zone: "mail.atlanticeconcrete.com" always_nxdomain
 local-zone: "mail.enrollmoreclientsbootcamp.com" always_nxdomain
-local-zone: "mail.gov-taxid.completofyours.info" always_nxdomain
-local-zone: "mail.grup-dwsa-indomesia845.duckdns.org" always_nxdomain
 local-zone: "mail.ims-fe.com" always_nxdomain
+local-zone: "mail.kenanhusovic.com" always_nxdomain
 local-zone: "mail.kuttabalfatih.com" always_nxdomain
 local-zone: "mail.santepluspharma.com" always_nxdomain
 local-zone: "mail.sweetshopspecialtycoffee.com.au" always_nxdomain
-local-zone: "mail.tariqalaraimi.com" always_nxdomain
 local-zone: "mail.updateinfo-billingo2.com" always_nxdomain
+local-zone: "mail.wellsfargous.duckdns.org" always_nxdomain
 local-zone: "mail.wheel1factory.net" always_nxdomain
 local-zone: "mail.zenstream.com" always_nxdomain
 local-zone: "maildomaiincheck1.web.app" always_nxdomain
@@ -2508,60 +2328,56 @@ local-zone: "mailserver7656566.blob.core.windows.net" always_nxdomain
 local-zone: "mailupdattee10.web.app" always_nxdomain
 local-zone: "mailupdattee11.web.app" always_nxdomain
 local-zone: "mailupdattee12.web.app" always_nxdomain
-local-zone: "mailupdattee13.web.app" always_nxdomain
 local-zone: "mailupdattee14.web.app" always_nxdomain
-local-zone: "mailupdattee15.web.app" always_nxdomain
 local-zone: "mailupdattee16.web.app" always_nxdomain
 local-zone: "mailupdattee17.web.app" always_nxdomain
-local-zone: "mailupdattee18.web.app" always_nxdomain
 local-zone: "mailupdattee19.web.app" always_nxdomain
 local-zone: "mailupdattee20.web.app" always_nxdomain
 local-zone: "mailupdattee21.web.app" always_nxdomain
 local-zone: "mailupdattee22.web.app" always_nxdomain
-local-zone: "mailupdattee23.web.app" always_nxdomain
 local-zone: "mailupdattee24.web.app" always_nxdomain
 local-zone: "mailupdattee26.web.app" always_nxdomain
 local-zone: "mailupdattee27.web.app" always_nxdomain
 local-zone: "mailupdattee28.web.app" always_nxdomain
 local-zone: "mailupdattee29.web.app" always_nxdomain
-local-zone: "mailupdattee32.web.app" always_nxdomain
 local-zone: "mailupdattee34.web.app" always_nxdomain
 local-zone: "mailupdattee35.web.app" always_nxdomain
 local-zone: "mailupdattee40.web.app" always_nxdomain
-local-zone: "mailupdattee5.web.app" always_nxdomain
 local-zone: "mailupdattee6.web.app" always_nxdomain
 local-zone: "mailupdattee7.web.app" always_nxdomain
 local-zone: "mailupdattee8.web.app" always_nxdomain
-local-zone: "mailupdattee9.web.app" always_nxdomain
+local-zone: "mainbugerrorfixing.com" always_nxdomain
+local-zone: "mainmobilerectify.live" always_nxdomain
+local-zone: "mainsbscrestore.com" always_nxdomain
 local-zone: "maintoken.org" always_nxdomain
-local-zone: "mainwalletappconnect.com" always_nxdomain
 local-zone: "makcts-go.ru" always_nxdomain
 local-zone: "make-anon-keep-past.rvsla.workers.dev" always_nxdomain
 local-zone: "mala-riba.com" always_nxdomain
 local-zone: "malaprontaargentina.com.br" always_nxdomain
 local-zone: "malehaenterprises.com" always_nxdomain
 local-zone: "malukutenggarakab.go.id" always_nxdomain
+local-zone: "mamasitasont.blogspot.com" always_nxdomain
 local-zone: "mandirilivinlinksystem.brizy.site" always_nxdomain
-local-zone: "mandirilivinlinksystem2.brizy.site" always_nxdomain
 local-zone: "mandirilivinlinksystem3.brizy.site" always_nxdomain
-local-zone: "manthsedty.live" always_nxdomain
 local-zone: "manualsync.com" always_nxdomain
+local-zone: "maotun.xyz" always_nxdomain
 local-zone: "mapsa.com.pe" always_nxdomain
+local-zone: "marifilmines.ca" always_nxdomain
 local-zone: "marinthe.poingaitongamlm.link" always_nxdomain
 local-zone: "marketplace-axieinfinity.io" always_nxdomain
 local-zone: "marketplace-axlelnfiniity.com" always_nxdomain
 local-zone: "marketplace.facebook.com-1b6x8r3ep.isiolo.go.ke" always_nxdomain
 local-zone: "marketplace.facebook.com-29ta3qbv.isiolo.go.ke" always_nxdomain
 local-zone: "marketplace.facebook.com-hzup1bae.isiolo.go.ke" always_nxdomain
+local-zone: "marketplace.facebook.com-izkbuxmx.isiolo.go.ke" always_nxdomain
 local-zone: "marketplace.facebook.com-kq1oh2ae.isiolo.go.ke" always_nxdomain
+local-zone: "marketplace.facebook.com-milt5ssm.isiolo.go.ke" always_nxdomain
 local-zone: "marketplace.facebook.com-qze9zt75vm.isiolo.go.ke" always_nxdomain
 local-zone: "marketplace.facebook.com-sauuvazpjo.isiolo.go.ke" always_nxdomain
 local-zone: "marketplace.facebook.com-tyeuieb7.isiolo.go.ke" always_nxdomain
 local-zone: "marketplace.facebook.com-wd5sulr0f5.isiolo.go.ke" always_nxdomain
 local-zone: "marketplace.facebook.com-z1au8cxghl.isiolo.go.ke" always_nxdomain
 local-zone: "marketplaceaxieinfiniity.com" always_nxdomain
-local-zone: "marmardian.co.vu" always_nxdomain
-local-zone: "marylkmatzenger.com" always_nxdomain
 local-zone: "masdas0932.co.vu" always_nxdomain
 local-zone: "masum.lawyer" always_nxdomain
 local-zone: "match.lookatmynewphotos.com" always_nxdomain
@@ -2589,22 +2405,28 @@ local-zone: "mercani.pomyt.info" always_nxdomain
 local-zone: "mercariz.xyz" always_nxdomain
 local-zone: "meremanovegabana.website2.me" always_nxdomain
 local-zone: "mericarir.mbudeu.cn" always_nxdomain
-local-zone: "mericarir.mg0gbo1.cn" always_nxdomain
+local-zone: "mericarir.mednljn.cn" always_nxdomain
 local-zone: "mericarir.mgeukpx.cn" always_nxdomain
 local-zone: "mericarir.mglsffs.cn" always_nxdomain
-local-zone: "mericarir.mksydb.cn" always_nxdomain
+local-zone: "mericarir.mglxyul.cn" always_nxdomain
+local-zone: "mericarir.mhgqdtv.cn" always_nxdomain
+local-zone: "mericarir.mjrsrfo.cn" always_nxdomain
 local-zone: "mericarir.mktbbr.cn" always_nxdomain
+local-zone: "mericarir.mkxbqnu.cn" always_nxdomain
 local-zone: "mericarir.mlyffa.cn" always_nxdomain
+local-zone: "mericarir.mmsfzys.cn" always_nxdomain
 local-zone: "mericarir.mnfjwy.cn" always_nxdomain
 local-zone: "mericarir.mnheijt.cn" always_nxdomain
-local-zone: "mericarir.mrzcafk.cn" always_nxdomain
 local-zone: "mericarir.msnygk.cn" always_nxdomain
-local-zone: "mericorci-logining.sfhs26r.lyb6srb.cn" always_nxdomain
+local-zone: "mericarir.mtlrnzu.cn" always_nxdomain
+local-zone: "mericarir.mukkwvc.cn" always_nxdomain
+local-zone: "mericarir.mxsoecl.cn" always_nxdomain
 local-zone: "meriocori-logining.2y3uio.pyqbas.cn" always_nxdomain
 local-zone: "mestertignseekjet4.blogspot.com" always_nxdomain
 local-zone: "mestertignseekjet5.blogspot.com" always_nxdomain
 local-zone: "mestertignseekjet6.blogspot.com" always_nxdomain
 local-zone: "mestredaobra.com" always_nxdomain
+local-zone: "meta-support-centers.ml" always_nxdomain
 local-zone: "metalurgicagiom.com.br" always_nxdomain
 local-zone: "metamasc.club" always_nxdomain
 local-zone: "metamask-connect.com" always_nxdomain
@@ -2615,11 +2437,13 @@ local-zone: "metamask-wallets.yahoosites.com" always_nxdomain
 local-zone: "metamask.cam" always_nxdomain
 local-zone: "metamask.io-php.com" always_nxdomain
 local-zone: "metamask.kiwi" always_nxdomain
+local-zone: "metamask.loan" always_nxdomain
 local-zone: "metamask.protocol-process.me" always_nxdomain
 local-zone: "metamask.security-information.cc" always_nxdomain
 local-zone: "metamask.social" always_nxdomain
 local-zone: "metamask.wallets-reauth.net" always_nxdomain
 local-zone: "metamaskdownloadandroid.xyz" always_nxdomain
+local-zone: "metamaskextension.xyz" always_nxdomain
 local-zone: "metamassklogins-us.tumblr.com" always_nxdomain
 local-zone: "metaversepadapp.com" always_nxdomain
 local-zone: "meusabor.com.br" always_nxdomain
@@ -2627,19 +2451,20 @@ local-zone: "mfacebook.blogspot.com.cy" always_nxdomain
 local-zone: "mfacebook.blogspot.lt" always_nxdomain
 local-zone: "mfacebook.blogspot.rs" always_nxdomain
 local-zone: "mgpskartarpur.com" always_nxdomain
+local-zone: "mgrandroyale.com" always_nxdomain
 local-zone: "mibancocrece.com.co" always_nxdomain
 local-zone: "micacd.elshov.com" always_nxdomain
-local-zone: "michaelxrandazzo.com" always_nxdomain
 local-zone: "michiyado.com" always_nxdomain
 local-zone: "microcav.square.site" always_nxdomain
 local-zone: "microsoftonline.pages.dev" always_nxdomain
 local-zone: "microsoftwebserver.mfs.gg" always_nxdomain
 local-zone: "micuenta01.github.io" always_nxdomain
+local-zone: "midasbuy1st.com" always_nxdomain
+local-zone: "midsposc2.com" always_nxdomain
 local-zone: "mijnics-actualisatie.185-236-231-64.plesk.page" always_nxdomain
-local-zone: "mikhali.com" always_nxdomain
+local-zone: "mikayelxhovakimyan.com" always_nxdomain
 local-zone: "milanobet301.com" always_nxdomain
 local-zone: "militarybikers.org" always_nxdomain
-local-zone: "minamikaga.or.jp" always_nxdomain
 local-zone: "mingming20160152.github.io" always_nxdomain
 local-zone: "miozpro.com" always_nxdomain
 local-zone: "miracdoviz.com" always_nxdomain
@@ -2669,16 +2494,17 @@ local-zone: "mjaymvnlchrlbwjlcjizmxn0.filesusr.com" always_nxdomain
 local-zone: "mk2.ge" always_nxdomain
 local-zone: "mkjiool.weebly.com" always_nxdomain
 local-zone: "mnbxa.73kfer9.cn" always_nxdomain
+local-zone: "mnbxcas.zm7wwar.cn" always_nxdomain
 local-zone: "mncxx.qbeepor.cn" always_nxdomain
 local-zone: "mnnbx.r1rpj09.cn" always_nxdomain
+local-zone: "mnncxa.fwffsyt.cn" always_nxdomain
 local-zone: "mobiile.systemredirect-pages.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link" always_nxdomain
-local-zone: "mobil-singaporre.digital-online-login-opportunity.com" always_nxdomain
 local-zone: "mobile-orange-forever.yolasite.com" always_nxdomain
 local-zone: "mobile-portail.live" always_nxdomain
 local-zone: "mobile.hedgesportst.me" always_nxdomain
-local-zone: "moccasinyellowbetatest--josekkk.repl.co" always_nxdomain
 local-zone: "moccasinyellowbetatest.josekkk.repl.co" always_nxdomain
 local-zone: "modest-hertz.45-81-232-15.plesk.page" always_nxdomain
+local-zone: "moiksys.com" always_nxdomain
 local-zone: "mon-token.com" always_nxdomain
 local-zone: "mon.espace.lcl.fr.certosini.info" always_nxdomain
 local-zone: "monbudri.xyz" always_nxdomain
@@ -2693,6 +2519,7 @@ local-zone: "montrealidiomas.com.br" always_nxdomain
 local-zone: "monyeward.com" always_nxdomain
 local-zone: "morcario.xyz" always_nxdomain
 local-zone: "morfybox.com" always_nxdomain
+local-zone: "movil.particulares-secure.com" always_nxdomain
 local-zone: "mqzlsim.mindlogicinfotech.com" always_nxdomain
 local-zone: "mrpitchman.com" always_nxdomain
 local-zone: "msc-doelsach.at" always_nxdomain
@@ -2713,16 +2540,14 @@ local-zone: "my-site219.yolasite.com" always_nxdomain
 local-zone: "my.jcpwb.com" always_nxdomain
 local-zone: "my.nhs-get-pass.com" always_nxdomain
 local-zone: "my.paydi.login-index-home.x4typfc.cn" always_nxdomain
-local-zone: "my.paydi.logining-nexy-home.en6cnm.asia" always_nxdomain
 local-zone: "my02billing-login.com" always_nxdomain
-local-zone: "myaccount.aol.wallat-billing.com.authlog.gq" always_nxdomain
+local-zone: "mybeii.live" always_nxdomain
 local-zone: "mycoerver.es" always_nxdomain
 local-zone: "mygoogleaccount.stantrade.xyz" always_nxdomain
 local-zone: "myjcb.cyyptoi.cn" always_nxdomain
 local-zone: "myjcb.thxpj.cn" always_nxdomain
 local-zone: "mymbg-aa2e2.web.app" always_nxdomain
 local-zone: "mymeta-securearea.plesk07.zap-webspace.com" always_nxdomain
-local-zone: "mymetamask-clientarea.185-236-231-227.plesk.page" always_nxdomain
 local-zone: "mymweb-owner.at.ua" always_nxdomain
 local-zone: "mypo-delivery.com" always_nxdomain
 local-zone: "mypsm.psm.edu.mm" always_nxdomain
@@ -2734,7 +2559,6 @@ local-zone: "mzqualitycleaning.com" always_nxdomain
 local-zone: "n-naoko-0319.github.io" always_nxdomain
 local-zone: "n.salsomascard.top" always_nxdomain
 local-zone: "n26.sa-france.fr" always_nxdomain
-local-zone: "n26servicetechnique.click" always_nxdomain
 local-zone: "n7orton.com" always_nxdomain
 local-zone: "nab-access-breach.com" always_nxdomain
 local-zone: "nab-alert.mobi" always_nxdomain
@@ -2742,7 +2566,6 @@ local-zone: "nab-www.303.si" always_nxdomain
 local-zone: "naderkhani.ir" always_nxdomain
 local-zone: "najboljeuslugezavas.betterservicesforyou.com" always_nxdomain
 local-zone: "nalandaias.com" always_nxdomain
-local-zone: "nalodke.com.ua" always_nxdomain
 local-zone: "nanjing.itud167.cn" always_nxdomain
 local-zone: "napgamelienquan.net" always_nxdomain
 local-zone: "naranja-users.auth0.com" always_nxdomain
@@ -2757,8 +2580,10 @@ local-zone: "natwest.secured-personal-verify.com" always_nxdomain
 local-zone: "nayablabs.com" always_nxdomain
 local-zone: "nayameehomes.com" always_nxdomain
 local-zone: "nbcc.0bit08a.cn" always_nxdomain
+local-zone: "nbcd.xiu58rl.cn" always_nxdomain
 local-zone: "nbcvs.gd65y69.cn" always_nxdomain
 local-zone: "nbcxa.lctlfdq.cn" always_nxdomain
+local-zone: "nbcxas.551awvr.cn" always_nxdomain
 local-zone: "nbhjxa.hblhi96.cn" always_nxdomain
 local-zone: "nbnonres.com" always_nxdomain
 local-zone: "nbxaa.b1b6nac.cn" always_nxdomain
@@ -2770,12 +2595,9 @@ local-zone: "ncgroup.club" always_nxdomain
 local-zone: "necessitymag.com" always_nxdomain
 local-zone: "nedbankqa.flowblocks.com" always_nxdomain
 local-zone: "nedriw.xyz" always_nxdomain
-local-zone: "neftlexi.com" always_nxdomain
 local-zone: "negociebra.com.br" always_nxdomain
 local-zone: "neptuneinnovations.com" always_nxdomain
 local-zone: "netciti.id" always_nxdomain
-local-zone: "netf1ix.us-891691712-local-781652.airalgeriecanada.ca" always_nxdomain
-local-zone: "netfl-lixids938mailmealkas.duckdns.org" always_nxdomain
 local-zone: "netflix-techarmy.me" always_nxdomain
 local-zone: "netflixus-uwm-916726-sbi-917827.kamaliakhaddar.pk" always_nxdomain
 local-zone: "networksol-f35e7.web.app" always_nxdomain
@@ -2799,9 +2621,8 @@ local-zone: "nhri.net" always_nxdomain
 local-zone: "nhs.my-vaccine-status.com" always_nxdomain
 local-zone: "niagarapower.com" always_nxdomain
 local-zone: "nic-home.com" always_nxdomain
-local-zone: "nisuper.com" always_nxdomain
 local-zone: "nizotchauffage.bilty.be" always_nxdomain
-local-zone: "nontonvidioviral2022nohoax.duckdns.org" always_nxdomain
+local-zone: "nodesconnection.com" always_nxdomain
 local-zone: "northlane.esy.es" always_nxdomain
 local-zone: "notife.help.institutepages.workers.dev" always_nxdomain
 local-zone: "notification-fb.secure-pages.workers.dev" always_nxdomain
@@ -2842,23 +2663,22 @@ local-zone: "oidda.5s2iamp.cn" always_nxdomain
 local-zone: "oijcd.qvjcddv.cn" always_nxdomain
 local-zone: "oikca.smwceku.cn" always_nxdomain
 local-zone: "oikcas.6b914ty.cn" always_nxdomain
+local-zone: "oikcd.uf27ce8.cn" always_nxdomain
 local-zone: "oikcxa.zvvx01z.cn" always_nxdomain
 local-zone: "oivac.com" always_nxdomain
 local-zone: "okcs.qj8yua.cn" always_nxdomain
 local-zone: "okds.bbtlcve.cn" always_nxdomain
-local-zone: "okep-terbaru-viral-2022.duckdns.org" always_nxdomain
+local-zone: "okep-viral-terbaru-terhist-2022.duckdns.org" always_nxdomain
 local-zone: "okmca.8xcrn6w.cn" always_nxdomain
 local-zone: "okmca.bxkfham.cn" always_nxdomain
 local-zone: "okmca.uwudagu.cn" always_nxdomain
 local-zone: "okmxa.lfgpror.cn" always_nxdomain
 local-zone: "okpwtu.webwave.dev" always_nxdomain
+local-zone: "ol-run1.online" always_nxdomain
 local-zone: "olidooo.waca.tw" always_nxdomain
 local-zone: "olk.us7apye.cn" always_nxdomain
 local-zone: "olmnxa.wc2ikux.cn" always_nxdomain
-local-zone: "olx-pay-pl.pay-id22343.top" always_nxdomain
-local-zone: "olx.saferegulatory.com" always_nxdomain
 local-zone: "omesqiwines.de" always_nxdomain
-local-zone: "omicronvariat.pagedemo.co" always_nxdomain
 local-zone: "oncopharma-ae.com" always_nxdomain
 local-zone: "onecreator.info" always_nxdomain
 local-zone: "onedrive.zhaoge.workers.dev" always_nxdomain
@@ -2868,13 +2688,16 @@ local-zone: "oneone-19cd8.web.app" always_nxdomain
 local-zone: "oneone-a38ef.web.app" always_nxdomain
 local-zone: "online-sistem.com" always_nxdomain
 local-zone: "onlineasesor01.hostfree.pw" always_nxdomain
+local-zone: "onlinebanking.unrecognised-new-payee.com" always_nxdomain
 local-zone: "onlineffn2.temp.swtest.ru" always_nxdomain
+local-zone: "onlineislemlersayfasivkfgirisicom.tk" always_nxdomain
+local-zone: "onlinsfuco.temp.swtest.ru" always_nxdomain
 local-zone: "onlysportplus.com" always_nxdomain
 local-zone: "ooxvocalor.yolasite.com" always_nxdomain
 local-zone: "opansea.live" always_nxdomain
 local-zone: "open24.ie-tsb.email" always_nxdomain
+local-zone: "operationroofingllc3.com" always_nxdomain
 local-zone: "opticabattilana.com.ar" always_nxdomain
-local-zone: "optika-anda.hr" always_nxdomain
 local-zone: "ora-n.yolasite.com" always_nxdomain
 local-zone: "orabu.it" always_nxdomain
 local-zone: "orange-dcr.fr" always_nxdomain
@@ -2885,11 +2708,8 @@ local-zone: "orange2k22.wixsite.com" always_nxdomain
 local-zone: "orangeb191.temp.swtest.ru" always_nxdomain
 local-zone: "orangess.contactin.bio" always_nxdomain
 local-zone: "org-nr.yolasite.com" always_nxdomain
-local-zone: "orlen-inwe.web.app" always_nxdomain
-local-zone: "orlen-x.web.app" always_nxdomain
 local-zone: "orlen.digital" always_nxdomain
 local-zone: "ormantencs112.odoo.com" always_nxdomain
-local-zone: "oryxcaracalsecurity.com" always_nxdomain
 local-zone: "osis.world" always_nxdomain
 local-zone: "otomoto-h229.net" always_nxdomain
 local-zone: "otomoto3452.com" always_nxdomain
@@ -2898,6 +2718,7 @@ local-zone: "oudczfbniitcqdsrmaapdztwqo-dot-gl44393333333.rj.r.appspot.com" alwa
 local-zone: "ourgarden.us" always_nxdomain
 local-zone: "outlook1541489.webcindario.com" always_nxdomain
 local-zone: "outlookcom119.yolasite.com" always_nxdomain
+local-zone: "ouverturecompte.lbp-eer.fr" always_nxdomain
 local-zone: "oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com" always_nxdomain
 local-zone: "p1c.servleboncoinser.com" always_nxdomain
 local-zone: "package2021.blogspot.ba" always_nxdomain
@@ -2905,7 +2726,6 @@ local-zone: "package2021.blogspot.bg" always_nxdomain
 local-zone: "package2021.blogspot.com" always_nxdomain
 local-zone: "page-restrict-case22456548.help" always_nxdomain
 local-zone: "pages-1008009999700022199021.com" always_nxdomain
-local-zone: "pages-1008097555214021.com" always_nxdomain
 local-zone: "pages-alert-facebook.ezyro.com" always_nxdomain
 local-zone: "pages-community-standart-2022.co" always_nxdomain
 local-zone: "pages-marvelous-project.webflow.io" always_nxdomain
@@ -2914,11 +2734,11 @@ local-zone: "pages-support-office-2021.tk" always_nxdomain
 local-zone: "pages.secure-accts.workers.dev" always_nxdomain
 local-zone: "pagesdetectscopyrightpostingactivitiesreported.co.vu" always_nxdomain
 local-zone: "pagos.sinpemovil.cr" always_nxdomain
+local-zone: "paidpapers.net" always_nxdomain
 local-zone: "paleyeer.com" always_nxdomain
 local-zone: "palmm.ps" always_nxdomain
 local-zone: "pancaakesvap.com" always_nxdomain
 local-zone: "pancake-sawp.com" always_nxdomain
-local-zone: "pancake.ellipsis.finance" always_nxdomain
 local-zone: "pancake7wop.com" always_nxdomain
 local-zone: "pancakesawpes.com" always_nxdomain
 local-zone: "pancakesfinances.info" always_nxdomain
@@ -2928,7 +2748,6 @@ local-zone: "pancakeswap.men" always_nxdomain
 local-zone: "pancakeswap.multi-wallet.info" always_nxdomain
 local-zone: "pancakeswap.salsasourcing.com" always_nxdomain
 local-zone: "pancakeswapes.company" always_nxdomain
-local-zone: "pancakeswapex.com" always_nxdomain
 local-zone: "pancakeswapexcgn.com" always_nxdomain
 local-zone: "pancakeswapexch.com" always_nxdomain
 local-zone: "pancakeswapexchage.com" always_nxdomain
@@ -2936,17 +2755,15 @@ local-zone: "pancakeswapexchg.com" always_nxdomain
 local-zone: "pancakeswappshop.blogspot.com" always_nxdomain
 local-zone: "pancaku-swap.com" always_nxdomain
 local-zone: "pancalteswap.finance" always_nxdomain
+local-zone: "panccakesswap.org" always_nxdomain
 local-zone: "panckaceswap.finance" always_nxdomain
-local-zone: "pancoke.com" always_nxdomain
 local-zone: "pandaskin.ru.com" always_nxdomain
 local-zone: "panelweb-4cae2.web.app" always_nxdomain
 local-zone: "pankaceeswap.com" always_nxdomain
 local-zone: "pankaceswapes.finance" always_nxdomain
 local-zone: "pankakeswap.ledgity.com" always_nxdomain
 local-zone: "pannelpub-benin.com" always_nxdomain
-local-zone: "pansccakeswap.finance" always_nxdomain
 local-zone: "pantazisezopiiuurmail1.web.app" always_nxdomain
-local-zone: "pantekkalisakitkepalaku.blogspot.com" always_nxdomain
 local-zone: "parcel-support018.com" always_nxdomain
 local-zone: "pardot.assemblecommunities.com" always_nxdomain
 local-zone: "pasarbta.info" always_nxdomain
@@ -2957,6 +2774,7 @@ local-zone: "pathospitals.com" always_nxdomain
 local-zone: "patient-cell-40f5.updatedlogmylogin.workers.dev" always_nxdomain
 local-zone: "patwise.co.in" always_nxdomain
 local-zone: "paws.org.au" always_nxdomain
+local-zone: "paxfulacct.com" always_nxdomain
 local-zone: "paxfulmenu.com" always_nxdomain
 local-zone: "pay-sera.web.app" always_nxdomain
 local-zone: "pay16-olx.pl" always_nxdomain
@@ -2964,13 +2782,16 @@ local-zone: "paymentnotificationnow.blogspot.com" always_nxdomain
 local-zone: "paypal-online-2deposits-paymentaccept.tk" always_nxdomain
 local-zone: "paypal-opladen.be" always_nxdomain
 local-zone: "paypalforex.co.ke" always_nxdomain
+local-zone: "pbemail.youxiangdashui.com" always_nxdomain
 local-zone: "pdf-cloud-document.weeblysite.com" always_nxdomain
 local-zone: "pdf-sharefile-doc.weeblysite.com" always_nxdomain
 local-zone: "pdflogincnvwo.app.link" always_nxdomain
 local-zone: "pdfsecured.mystrikingly.com" always_nxdomain
 local-zone: "peaceful-black.193-70-50-31.plesk.page" always_nxdomain
+local-zone: "pedih.001www.com" always_nxdomain
 local-zone: "pembatalanakundinonaktifkan.weebly.com" always_nxdomain
 local-zone: "pencakecwap.com" always_nxdomain
+local-zone: "pensive-payne-505e1a.netlify.app" always_nxdomain
 local-zone: "perfectliker.net" always_nxdomain
 local-zone: "peringatanakunfb2k214.webnode.com" always_nxdomain
 local-zone: "phantom-walletweb.app" always_nxdomain
@@ -2996,7 +2817,8 @@ local-zone: "pikay13.github.io" always_nxdomain
 local-zone: "pilmezorda.temp.swtest.ru" always_nxdomain
 local-zone: "pinchinchaverify.webcindario.com" always_nxdomain
 local-zone: "pirana.co.rs" always_nxdomain
-local-zone: "pl-swiatowe-wiadomosci.pl" always_nxdomain
+local-zone: "pkobp.pl.justns.ru" always_nxdomain
+local-zone: "pl-wiadomosciswiatowe.pl" always_nxdomain
 local-zone: "pla1060604.nichost.ru" always_nxdomain
 local-zone: "plan-o2-monthlypayments.com" always_nxdomain
 local-zone: "planetaamor.org" always_nxdomain
@@ -3005,8 +2827,6 @@ local-zone: "platinumserviceac.com" always_nxdomain
 local-zone: "playgirlgold.com" always_nxdomain
 local-zone: "ploferta.com" always_nxdomain
 local-zone: "plugmailextraexpiredoldpolicynotificationscenter.pages.dev" always_nxdomain
-local-zone: "plwiadomosciwszystkie.pl" always_nxdomain
-local-zone: "po-deliver-fees.com" always_nxdomain
 local-zone: "po-service-page.com" always_nxdomain
 local-zone: "poc-rewards-program-c2dfc.web.app" always_nxdomain
 local-zone: "podpiska-darom.ru" always_nxdomain
@@ -3023,6 +2843,7 @@ local-zone: "poligrafiapias.com" always_nxdomain
 local-zone: "polkadot-france.fr" always_nxdomain
 local-zone: "polkastarter.app" always_nxdomain
 local-zone: "polsd.pa0cpof.cn" always_nxdomain
+local-zone: "polska-informacyjna.pl" always_nxdomain
 local-zone: "polxa.uh8dg67.cn" always_nxdomain
 local-zone: "polygon-pro.com" always_nxdomain
 local-zone: "polygon-secure.com" always_nxdomain
@@ -3040,7 +2861,6 @@ local-zone: "postch9192.cargo.site" always_nxdomain
 local-zone: "postechsuivre.ileanamlaw.com" always_nxdomain
 local-zone: "postnl.post-tracking-delivery.etelinfra.com" always_nxdomain
 local-zone: "poww.6hkjmb.cn" always_nxdomain
-local-zone: "ppkllp.com" always_nxdomain
 local-zone: "ppnnttcc.ppcnthsc.me" always_nxdomain
 local-zone: "precisionimpex.com" always_nxdomain
 local-zone: "preg.dspearhead.com" always_nxdomain
@@ -3057,11 +2877,13 @@ local-zone: "primecentral.jixinggaozhao2.shop" always_nxdomain
 local-zone: "primecentral.qiourn.shop" always_nxdomain
 local-zone: "primeone.org" always_nxdomain
 local-zone: "printtoner.com.mx" always_nxdomain
+local-zone: "prism.net.in" always_nxdomain
 local-zone: "privacy-update-page-prtections-association-recovry-secu.web.id" always_nxdomain
 local-zone: "privacy-update-secu-recovry-page-protection-4565544.web.id" always_nxdomain
 local-zone: "privacy-update-secu-recovry-page-protection-comunity-45.web.id" always_nxdomain
 local-zone: "priyankasandokar1606.github.io" always_nxdomain
 local-zone: "pro.icloudremovaltool.com" always_nxdomain
+local-zone: "pro.systemine.xyz" always_nxdomain
 local-zone: "procservautomatizacion.com" always_nxdomain
 local-zone: "production.anon-rest-keep-reset.sales18130.workers.dev" always_nxdomain
 local-zone: "production.anon-step-keep-object.sales18130.workers.dev" always_nxdomain
@@ -3075,6 +2897,7 @@ local-zone: "production.try-murpheos-keep.sales18130.workers.dev" always_nxdomai
 local-zone: "production.twilight-darkness-9e4b.updatelogaccountprogramedrfwerwrdhscsw.workers.dev" always_nxdomain
 local-zone: "project1-df3e9.web.app" always_nxdomain
 local-zone: "projectlovewell.com" always_nxdomain
+local-zone: "promashoppe.com" always_nxdomain
 local-zone: "promehedinti.ro" always_nxdomain
 local-zone: "promerica-sv.webcindario.com" always_nxdomain
 local-zone: "promericalinea01.webcindario.com" always_nxdomain
@@ -3083,8 +2906,6 @@ local-zone: "prosmate.com" always_nxdomain
 local-zone: "prosxsiuser.myfreesites.net" always_nxdomain
 local-zone: "prosys.poweredbygravit-e.co.uk" always_nxdomain
 local-zone: "protect-4d56vca.surge.sh" always_nxdomain
-local-zone: "proteczzguuaaardzzzpagess.000webhostapp.com" always_nxdomain
-local-zone: "proteczzpagezzguarddzzz.000webhostapp.com" always_nxdomain
 local-zone: "provodi.com" always_nxdomain
 local-zone: "proximus-account.azurewebsites.net" always_nxdomain
 local-zone: "ptxx.cc" always_nxdomain
@@ -3104,13 +2925,13 @@ local-zone: "qhmqhgnfqbcoxkwamsioilhdmv-dot-gl44393333333.rj.r.appspot.com" alwa
 local-zone: "qsh74pekkv5e8.clickfunnels.com" always_nxdomain
 local-zone: "qssa.x5yrlr.cn" always_nxdomain
 local-zone: "quinaroja.com" always_nxdomain
+local-zone: "quirky-jones.172-245-159-112.plesk.page" always_nxdomain
 local-zone: "quotex-qx.com" always_nxdomain
 local-zone: "qwas.nfi71vw.cn" always_nxdomain
 local-zone: "qwea.wvhee0w.cn" always_nxdomain
 local-zone: "qweas.hi5g95r.cn" always_nxdomain
 local-zone: "qweas.p6rhddj.cn" always_nxdomain
 local-zone: "qweas.zwfaclq.cn" always_nxdomain
-local-zone: "qxluatbght.cfolks.pl" always_nxdomain
 local-zone: "r3c31v30n3-1d3nt1ty.000webhostapp.com" always_nxdomain
 local-zone: "rabellartz.de" always_nxdomain
 local-zone: "rabofree.blogspot.com" always_nxdomain
@@ -3118,6 +2939,7 @@ local-zone: "rabofree.blogspot.li" always_nxdomain
 local-zone: "rackenfordlabs.com" always_nxdomain
 local-zone: "racuten.nuef.info" always_nxdomain
 local-zone: "radhikamd.github.io" always_nxdomain
+local-zone: "rafbbmx.ga" always_nxdomain
 local-zone: "rafbbmx.ml" always_nxdomain
 local-zone: "raipurrussianescorts.com" always_nxdomain
 local-zone: "rakoten-card.buogfbizkugf.gq" always_nxdomain
@@ -3128,17 +2950,12 @@ local-zone: "raktuen.laobanlocker.com" always_nxdomain
 local-zone: "rakuitan-card.info" always_nxdomain
 local-zone: "rakuten.awjoadc.cn" always_nxdomain
 local-zone: "rakuten.card.nuosreaoms.com" always_nxdomain
-local-zone: "rakuten.card.uosmcoua.com" always_nxdomain
-local-zone: "rakuthn.shop" always_nxdomain
-local-zone: "rakuttm.shop" always_nxdomain
+local-zone: "rakuten.co.jp.rakutenajp.xyz" always_nxdomain
 local-zone: "ramgarhiamatrimonial.ca" always_nxdomain
 local-zone: "rareelements.io" always_nxdomain
-local-zone: "rasmer.fi" always_nxdomain
 local-zone: "ratewatch.net" always_nxdomain
 local-zone: "raycargo.com" always_nxdomain
 local-zone: "raydiom.io" always_nxdomain
-local-zone: "razcjjf.ga" always_nxdomain
-local-zone: "razcjjf.ml" always_nxdomain
 local-zone: "rbcmontgomery.com" always_nxdomain
 local-zone: "rd8um.app.link" always_nxdomain
 local-zone: "rdirtfuo6t.vov.ru" always_nxdomain
@@ -3147,9 +2964,9 @@ local-zone: "re-redirection-acc-id923872635122.blogspot.com" always_nxdomain
 local-zone: "real-anon-keep-passing-word.rvsla.workers.dev" always_nxdomain
 local-zone: "realestate-page-10843446024.expresspestcontrol.co.nz" always_nxdomain
 local-zone: "realindiatravel.com" always_nxdomain
+local-zone: "recibeya.tufacilmoneyonline.online" always_nxdomain
 local-zone: "reconfirmpost287846656.us" always_nxdomain
 local-zone: "recover-pages-media-problems-secur-782.web.id" always_nxdomain
-local-zone: "recover-pages-secur-media-problems-393.web.id" always_nxdomain
 local-zone: "recover-pages-secur-media-problems-397.web.id" always_nxdomain
 local-zone: "recovery-chain.com" always_nxdomain
 local-zone: "recovery-fb.secure-acct.workers.dev" always_nxdomain
@@ -3167,12 +2984,12 @@ local-zone: "reglic.in" always_nxdomain
 local-zone: "regularsweeps.xyz" always_nxdomain
 local-zone: "reignbike.com" always_nxdomain
 local-zone: "reikisadhna.com" always_nxdomain
+local-zone: "rekoution.bcszxcd.shop" always_nxdomain
 local-zone: "relevant.systems" always_nxdomain
 local-zone: "remittance369297292749.goshly.com" always_nxdomain
 local-zone: "renovkonstruksi.com" always_nxdomain
 local-zone: "repl-mess.myfreesites.net" always_nxdomain
 local-zone: "restore.exodusapp.ru" always_nxdomain
-local-zone: "restoredabefore-com.filesusr.com" always_nxdomain
 local-zone: "restorewallet-activation.net" always_nxdomain
 local-zone: "retiro-extracash.com" always_nxdomain
 local-zone: "retiro.cl" always_nxdomain
@@ -3200,7 +3017,6 @@ local-zone: "roccobonheur1-my-cheetah-website-copy.cheetah.builderall.com" alway
 local-zone: "roisnoob.github.io" always_nxdomain
 local-zone: "rokulinktechnology.com" always_nxdomain
 local-zone: "rolinadd.surveysparrow.com" always_nxdomain
-local-zone: "romanceify.com" always_nxdomain
 local-zone: "rondalowa.blogspot.com" always_nxdomain
 local-zone: "rondelbarrilito.com" always_nxdomain
 local-zone: "ronin-help.com" always_nxdomain
@@ -3216,10 +3032,10 @@ local-zone: "rplg.co" always_nxdomain
 local-zone: "rrakutenn.co.jp.azii.cn" always_nxdomain
 local-zone: "rrakutenn.co.jp.nanofresh.cn" always_nxdomain
 local-zone: "rsujkblokqlyqfonpzgztejdji-dot-gl44393333333.rj.r.appspot.com" always_nxdomain
-local-zone: "rufoxxy.com" always_nxdomain
 local-zone: "runescape-info.com" always_nxdomain
+local-zone: "runescapebonds.com" always_nxdomain
+local-zone: "runescapeevents.com" always_nxdomain
 local-zone: "ruth.martulangbelulalng.workers.dev" always_nxdomain
-local-zone: "ryanicolehoward.com" always_nxdomain
 local-zone: "rymproducciones.com" always_nxdomain
 local-zone: "s-sarfati.co.il" always_nxdomain
 local-zone: "s.macecri.com" always_nxdomain
@@ -3244,7 +3060,6 @@ local-zone: "sanjilkumar.com" always_nxdomain
 local-zone: "sankyo-rz.com" always_nxdomain
 local-zone: "sanru.cd" always_nxdomain
 local-zone: "santander.secured-auth-login.com" always_nxdomain
-local-zone: "santanverifyfunction.com" always_nxdomain
 local-zone: "santepluspharma.eclatmediasolution.website" always_nxdomain
 local-zone: "santoshdangi.com.np" always_nxdomain
 local-zone: "saritapariyar.com.np" always_nxdomain
@@ -3266,16 +3081,16 @@ local-zone: "secure-boncoincontrol.net" always_nxdomain
 local-zone: "secure-halifax-device.com" always_nxdomain
 local-zone: "secure-mynew-devices.com" always_nxdomain
 local-zone: "secure-runescape.xgm.rnp.mybluehost.me" always_nxdomain
-local-zone: "secure-service-gateway.com" always_nxdomain
 local-zone: "secure-zirox.s3.ap-southeast-2.amazonaws.com" always_nxdomain
 local-zone: "secure.legalmetric.com" always_nxdomain
 local-zone: "secure.oldschool.com-cl.ru" always_nxdomain
 local-zone: "secure.oldschool.com-cu.ru" always_nxdomain
-local-zone: "secure.oldschool.com-cv.ru" always_nxdomain
 local-zone: "secure.oldschool.com-oz.ru" always_nxdomain
 local-zone: "secure.oldschool.com-rsu.ru" always_nxdomain
+local-zone: "secure.runescape.com-ak.ru" always_nxdomain
 local-zone: "secure.runescape.com-as.cz" always_nxdomain
 local-zone: "secure.runescape.com-az.ru" always_nxdomain
+local-zone: "secure.runescape.com-ca.ru" always_nxdomain
 local-zone: "secure.runescape.com-cl.ru" always_nxdomain
 local-zone: "secure.runescape.com-co.ru" always_nxdomain
 local-zone: "secure.runescape.com-cu.ru" always_nxdomain
@@ -3288,13 +3103,13 @@ local-zone: "secure.runescape.com-vs.ru" always_nxdomain
 local-zone: "secure300.inmotionhosting.com" always_nxdomain
 local-zone: "secure303.inmotionhosting.com" always_nxdomain
 local-zone: "secure55.webhostinghub.com" always_nxdomain
-local-zone: "secure7-servr01-log-in.4nmn.com" always_nxdomain
-local-zone: "securee37-authen21.duckdns.org" always_nxdomain
+local-zone: "secureaccount.ntflxauth.co" always_nxdomain
 local-zone: "securegateway-ovhcloud.csl-sl.de" always_nxdomain
 local-zone: "securelloyd-help-app.com" always_nxdomain
+local-zone: "securewalletprotocol.online" always_nxdomain
 local-zone: "security-page-community-standards.blogspot.com" always_nxdomain
 local-zone: "seguridad-oca.webcindario.com" always_nxdomain
-local-zone: "seleb-indo.duckdns.org" always_nxdomain
+local-zone: "seleccionperfil.xyz" always_nxdomain
 local-zone: "selector26.gg" always_nxdomain
 local-zone: "selector28.gg" always_nxdomain
 local-zone: "sem.my-drs.co.uk" always_nxdomain
@@ -3304,7 +3119,7 @@ local-zone: "sendung.eyecatch.ch" always_nxdomain
 local-zone: "sergebubnin.space" always_nxdomain
 local-zone: "sertyxese.myfreesites.net" always_nxdomain
 local-zone: "server-networksolutions.web.app" always_nxdomain
-local-zone: "serverprotocols.com" always_nxdomain
+local-zone: "server221.security.coinbase.com.gdone.co.ke" always_nxdomain
 local-zone: "servervalidationcheck103.web.app" always_nxdomain
 local-zone: "servervalidationcheck104.web.app" always_nxdomain
 local-zone: "servervalidationcheck105.web.app" always_nxdomain
@@ -3359,7 +3174,6 @@ local-zone: "serviceinfo-securehost.duckdns.org" always_nxdomain
 local-zone: "servicepage.service-page.workers.dev" always_nxdomain
 local-zone: "servicepichincha.webcindario.com" always_nxdomain
 local-zone: "services.runescape.com-as.cz" always_nxdomain
-local-zone: "services.runescape.com-oc.ru" always_nxdomain
 local-zone: "services.runescape.com-rse.ru" always_nxdomain
 local-zone: "services.runescape.com-rsu.ru" always_nxdomain
 local-zone: "servicesbancaire.com" always_nxdomain
@@ -3387,6 +3201,7 @@ local-zone: "sharedtris.com" always_nxdomain
 local-zone: "sharelink.sn.am" always_nxdomain
 local-zone: "shayvardphoto.ir" always_nxdomain
 local-zone: "shinex.lk" always_nxdomain
+local-zone: "shippment2.temp.swtest.ru" always_nxdomain
 local-zone: "shirhokos-mhalskbsiaoutfew43535.duckdns.org" always_nxdomain
 local-zone: "shirtshanger.com" always_nxdomain
 local-zone: "shiye666.cn" always_nxdomain
@@ -3398,11 +3213,9 @@ local-zone: "sidneyfcuorg.freshy.site" always_nxdomain
 local-zone: "sign-trk.empressmd.com" always_nxdomain
 local-zone: "signin-gcq7uwojrw58brcckylebjuy39nk2ivt65ol39k6ut6ura94zk.website.yandexcloud.net" always_nxdomain
 local-zone: "signin-payeer.com" always_nxdomain
-local-zone: "signin.eday.ed.ws.eday.ispi.dll.signin.using.ssl.hors-stade.com" always_nxdomain
-local-zone: "silkroadwines.com" always_nxdomain
 local-zone: "silpovsatb-ua.online" always_nxdomain
 local-zone: "silverberrygroup.com" always_nxdomain
-local-zone: "sim0nt0k-viral-terbaru-2022.duckdns.org" always_nxdomain
+local-zone: "simonecamposshop.com.br" always_nxdomain
 local-zone: "simpkk.karanganyarkab.go.id" always_nxdomain
 local-zone: "sindarspen.org.br" always_nxdomain
 local-zone: "siporados15585.blogspot.com" always_nxdomain
@@ -3435,12 +3248,11 @@ local-zone: "slavamel.github.io" always_nxdomain
 local-zone: "sleepmaskz.com" always_nxdomain
 local-zone: "slickparties.com" always_nxdomain
 local-zone: "slmkufeckf.jon-jensen.workers.dev" always_nxdomain
-local-zone: "slovenska-posta.sytes.net" always_nxdomain
 local-zone: "slowlinebag.jp" always_nxdomain
 local-zone: "sm.scicemecod.com" always_nxdomain
 local-zone: "sm777.csb.app" always_nxdomain
+local-zone: "smartfixconnect.live" always_nxdomain
 local-zone: "smbc-accout.com" always_nxdomain
-local-zone: "smbc-credit.shop" always_nxdomain
 local-zone: "smbc-veaiana.com" always_nxdomain
 local-zone: "smbcbc.com" always_nxdomain
 local-zone: "smbccjp.shop" always_nxdomain
@@ -3448,10 +3260,11 @@ local-zone: "smbcr.mrtka.info" always_nxdomain
 local-zone: "smbcwodeqingguoshoujicojp.top" always_nxdomain
 local-zone: "smeo.org.mx" always_nxdomain
 local-zone: "smgolamalif.github.io" always_nxdomain
-local-zone: "smirl.org" always_nxdomain
 local-zone: "smkkesehatanjember.sch.id" always_nxdomain
 local-zone: "smmsvocal.yolasite.com" always_nxdomain
+local-zone: "smpn2jeruklegi.sch.id" always_nxdomain
 local-zone: "sms-check.sc-q.top" always_nxdomain
+local-zone: "sms-infos.d2tt.co" always_nxdomain
 local-zone: "sms-shorter.com" always_nxdomain
 local-zone: "smsbc-info5.com" always_nxdomain
 local-zone: "smsenligne.myfreesites.net" always_nxdomain
@@ -3459,6 +3272,7 @@ local-zone: "smsorangephonemail.myfreesites.net" always_nxdomain
 local-zone: "smsorangesmsmessage.myfreesites.net" always_nxdomain
 local-zone: "smss-mms.yolasite.com" always_nxdomain
 local-zone: "smsverificationmms.myfreesites.net" always_nxdomain
+local-zone: "smvbc-info.com" always_nxdomain
 local-zone: "smwam.coms.cso.gov.tt" always_nxdomain
 local-zone: "so.macecri.com" always_nxdomain
 local-zone: "soaringskiesrentals.com" always_nxdomain
@@ -3471,7 +3285,6 @@ local-zone: "sognointerno.com" always_nxdomain
 local-zone: "solicitarfirmaelectronica-sv.com" always_nxdomain
 local-zone: "solyanayakomnata.ru" always_nxdomain
 local-zone: "sopac.org.py" always_nxdomain
-local-zone: "soracoes.xyz" always_nxdomain
 local-zone: "souaxwaoh.myfreesites.net" always_nxdomain
 local-zone: "soude-masi.firebaseapp.com" always_nxdomain
 local-zone: "soufsont.blogspot.com" always_nxdomain
@@ -3497,6 +3310,7 @@ local-zone: "spirit.gtwozone.com" always_nxdomain
 local-zone: "spk-entsperren.de" always_nxdomain
 local-zone: "spk-jahreswechsel.com" always_nxdomain
 local-zone: "spk-secure-de.com" always_nxdomain
+local-zone: "spkfod.coms.cso.gov.tt" always_nxdomain
 local-zone: "sport.protected-secur.workers.dev" always_nxdomain
 local-zone: "sportshoes.top" always_nxdomain
 local-zone: "sportybetpremium.wapka.co" always_nxdomain
@@ -3513,8 +3327,10 @@ local-zone: "ssia.org.sg" always_nxdomain
 local-zone: "ssl.dsl.isl.mll.aqmst6.stockestan.ir" always_nxdomain
 local-zone: "sso-garena.com" always_nxdomain
 local-zone: "sswebmail-4w5twsr.web.app" always_nxdomain
+local-zone: "staffportal.uoz.edu.krd" always_nxdomain
 local-zone: "stage.vannaryfowler.com" always_nxdomain
 local-zone: "staging.eliteautomotive.com.au" always_nxdomain
+local-zone: "standardcapbnk.com" always_nxdomain
 local-zone: "standardupdatesupportandhelpcenter2021.ga" always_nxdomain
 local-zone: "starforsure.com" always_nxdomain
 local-zone: "starliker.net" always_nxdomain
@@ -3524,11 +3340,10 @@ local-zone: "static-ak-fbcdn.atspace.com" always_nxdomain
 local-zone: "static-dev.o2alerts.com" always_nxdomain
 local-zone: "static-promote.weebly.com" always_nxdomain
 local-zone: "status-dev.o2alerts.com" always_nxdomain
-local-zone: "stbkcoltria.atwebpages.com" always_nxdomain
 local-zone: "stclarechurch.net" always_nxdomain
 local-zone: "steamcommunites.com" always_nxdomain
 local-zone: "steamcommunitj.com" always_nxdomain
-local-zone: "steamnitrof.com" always_nxdomain
+local-zone: "steamcommunityk.com" always_nxdomain
 local-zone: "steampoweredtrade.org" always_nxdomain
 local-zone: "steampoweredtrades.org" always_nxdomain
 local-zone: "stevemadden-sverige.com" always_nxdomain
@@ -3544,6 +3359,7 @@ local-zone: "stjohnmarol.com" always_nxdomain
 local-zone: "stjudes.in" always_nxdomain
 local-zone: "stolizaparketa.ru" always_nxdomain
 local-zone: "stollgroup.coms.cso.gov.tt" always_nxdomain
+local-zone: "stomkinscommercial.com.aus.cso.gov.tt" always_nxdomain
 local-zone: "storage.yandexcloud.net" always_nxdomain
 local-zone: "storenike365.top" always_nxdomain
 local-zone: "studio-lol.com" always_nxdomain
@@ -3558,13 +3374,11 @@ local-zone: "suiviticket.co" always_nxdomain
 local-zone: "sukien-pubgmoblevng.ga" always_nxdomain
 local-zone: "sultan-raza.github.io" always_nxdomain
 local-zone: "sumpandtankcleaners.in" always_nxdomain
-local-zone: "sunami.pagedemo.co" always_nxdomain
 local-zone: "sunbeltmembers.com" always_nxdomain
 local-zone: "sunge-ode.firebaseapp.com" always_nxdomain
 local-zone: "sunshineteam.in" always_nxdomain
 local-zone: "super-dawn-3035.ddahluwalia.workers.dev" always_nxdomain
 local-zone: "supermilhas.com" always_nxdomain
-local-zone: "suportecxacesso2020.com" always_nxdomain
 local-zone: "supotsstunes.servehttp.com" always_nxdomain
 local-zone: "suppliers.bitshepherd.org" always_nxdomain
 local-zone: "support-auwebaccessjpnaikpanggung.com" always_nxdomain
@@ -3596,6 +3410,7 @@ local-zone: "sysm5rn.cn" always_nxdomain
 local-zone: "system-fassil-net-2-3242353453453--12344443.repl.co" always_nxdomain
 local-zone: "t0nline0de0login-001-site1.itempurl.com" always_nxdomain
 local-zone: "taher-mohamed-ahmed-saad.github.io" always_nxdomain
+local-zone: "take-free-2022.duckdns.org" always_nxdomain
 local-zone: "taoistw345ie.co" always_nxdomain
 local-zone: "tarik-fitness.com" always_nxdomain
 local-zone: "taxcare.page.link" always_nxdomain
@@ -3617,11 +3432,13 @@ local-zone: "tellmeliu.github.io" always_nxdomain
 local-zone: "templat65sldh.myfreesites.net" always_nxdomain
 local-zone: "temporary-url.com" always_nxdomain
 local-zone: "terpelsicumple.com" always_nxdomain
-local-zone: "terracontiles.com" always_nxdomain
+local-zone: "tesladrive-event.com" always_nxdomain
 local-zone: "test.bayoucitybadges.org" always_nxdomain
 local-zone: "test.bitflye87.com" always_nxdomain
 local-zone: "test.dxbproductions.com" always_nxdomain
+local-zone: "test.myshopclub.ru" always_nxdomain
 local-zone: "test.webclient4.de" always_nxdomain
+local-zone: "testing-domain.duckdns.org" always_nxdomain
 local-zone: "texasfreedomrun.com" always_nxdomain
 local-zone: "tgpafasfsakkk.pages.dev" always_nxdomain
 local-zone: "theaceofspaeder.com" always_nxdomain
@@ -3643,8 +3460,6 @@ local-zone: "tieganford.ca" always_nxdomain
 local-zone: "tighi.creatorlink.net" always_nxdomain
 local-zone: "tight-samiuboc.co" always_nxdomain
 local-zone: "tikitaps.com" always_nxdomain
-local-zone: "tinhtrangdon.com" always_nxdomain
-local-zone: "tinyurl.mobi" always_nxdomain
 local-zone: "tipografieonline.ro" always_nxdomain
 local-zone: "tirozhjewelry.com" always_nxdomain
 local-zone: "titelinedrillingintl.yolasite.com" always_nxdomain
@@ -3663,7 +3478,6 @@ local-zone: "topskills.ru" always_nxdomain
 local-zone: "torccolborrachas.blogspot.com" always_nxdomain
 local-zone: "torrinwine.com" always_nxdomain
 local-zone: "touchidea.top" always_nxdomain
-local-zone: "touronline2022.com" always_nxdomain
 local-zone: "tovowhuqeojweawmubmaqmqlv.hofferflow.icu" always_nxdomain
 local-zone: "tpayleboncoin.com" always_nxdomain
 local-zone: "traders-joesxyz.com" always_nxdomain
@@ -3674,23 +3488,18 @@ local-zone: "triangarena-membership.ga" always_nxdomain
 local-zone: "tribratanewsbondowoso.com" always_nxdomain
 local-zone: "tribunbalikpapan.com" always_nxdomain
 local-zone: "truegrip.com" always_nxdomain
-local-zone: "trust-wallet.com.cn" always_nxdomain
 local-zone: "trustinpichincha.webcindario.com" always_nxdomain
 local-zone: "trustpress.gr" always_nxdomain
 local-zone: "trustypichincha.webcindario.com" always_nxdomain
-local-zone: "ts3cacd.jhfshm.com" always_nxdomain
 local-zone: "ts3cacd.rzjxbv.com" always_nxdomain
 local-zone: "turntekcnc.com" always_nxdomain
-local-zone: "twoje-zdjecia-622.herokuapp.com" always_nxdomain
 local-zone: "tx.vc" always_nxdomain
 local-zone: "txwnmdsbqghviqxpglgzjrgbzv-dot-gl44393333333.rj.r.appspot.com" always_nxdomain
 local-zone: "typedream.site" always_nxdomain
 local-zone: "typesmartlyocr.com" always_nxdomain
 local-zone: "tyrecentre.ru" always_nxdomain
 local-zone: "u08qv44zu5h.typeform.com" always_nxdomain
-local-zone: "u1571226.cp.regruhosting.ru" always_nxdomain
-local-zone: "u1571630.cp.regruhosting.ru" always_nxdomain
-local-zone: "u1571652.cp.regruhosting.ru" always_nxdomain
+local-zone: "u1565723.plsk.regruhosting.ru" always_nxdomain
 local-zone: "u18741649.ct.sendgrid.net" always_nxdomain
 local-zone: "u827857uw6.ha004.t.justns.ru" always_nxdomain
 local-zone: "uabaiieo.com" always_nxdomain
@@ -3713,7 +3522,6 @@ local-zone: "uhnsa.sdmpo0s.cn" always_nxdomain
 local-zone: "uhnxa.d23xsru.cn" always_nxdomain
 local-zone: "uhnxa.q83itv9.cn" always_nxdomain
 local-zone: "uhnxas.rvw56l.cn" always_nxdomain
-local-zone: "uiuui.pagedemo.co" always_nxdomain
 local-zone: "ujcd.um2nlru.cn" always_nxdomain
 local-zone: "ujdaa.fn3m4en.cn" always_nxdomain
 local-zone: "ujds.5e8tn13.cn" always_nxdomain
@@ -3734,6 +3542,7 @@ local-zone: "ujnca.wxuqxb7.cn" always_nxdomain
 local-zone: "ujnca.zgbo0g.cn" always_nxdomain
 local-zone: "ujncd.kzi68ra.cn" always_nxdomain
 local-zone: "ujncd.lw2djbm.cn" always_nxdomain
+local-zone: "ujnxas.vj135ih.cn" always_nxdomain
 local-zone: "ukcare.in" always_nxdomain
 local-zone: "umbrellaclubla.com" always_nxdomain
 local-zone: "unam.myfreesites.net" always_nxdomain
@@ -3744,9 +3553,8 @@ local-zone: "uniassessoria.com.br" always_nxdomain
 local-zone: "unicreditaustria.ucs.info" always_nxdomain
 local-zone: "unifacema.edu.br" always_nxdomain
 local-zone: "unifacvest.net" always_nxdomain
-local-zone: "unillantas.com.sv" always_nxdomain
+local-zone: "unifiedsmartsync.live" always_nxdomain
 local-zone: "unionheightsresidental.com" always_nxdomain
-local-zone: "unipo-a.web.app" always_nxdomain
 local-zone: "unisons.store" always_nxdomain
 local-zone: "unisonsouthayr.org.uk" always_nxdomain
 local-zone: "uniswap.ch" always_nxdomain
@@ -3756,7 +3564,6 @@ local-zone: "uniswap.pages.dev" always_nxdomain
 local-zone: "uniswap.seal.finance" always_nxdomain
 local-zone: "uniswap.token.im" always_nxdomain
 local-zone: "uniswap.trading" always_nxdomain
-local-zone: "uniswap.vn" always_nxdomain
 local-zone: "uniswapfinancing.info" always_nxdomain
 local-zone: "uniswaps.net" always_nxdomain
 local-zone: "unitedalliance-online.000webhostapp.com" always_nxdomain
@@ -3767,24 +3574,21 @@ local-zone: "unnxa.pqpchqo.cn" always_nxdomain
 local-zone: "unpocodearte.cl" always_nxdomain
 local-zone: "unregpayee-lb.com" always_nxdomain
 local-zone: "unsub.listhandlr.com" always_nxdomain
-local-zone: "upbeat-dhawan.179-43-173-14.plesk.page" always_nxdomain
 local-zone: "updateinfo-billingo2.com" always_nxdomain
+local-zone: "updatemy.software" always_nxdomain
 local-zone: "updateseason.com" always_nxdomain
 local-zone: "updatestory2022.co.vu" always_nxdomain
 local-zone: "updatevoda-billing.com" always_nxdomain
 local-zone: "upgrade-25gb-email.thecornerstudio.com.au" always_nxdomain
 local-zone: "upgradedserver.online" always_nxdomain
-local-zone: "upgradingattonlinee.weebly.com" always_nxdomain
 local-zone: "uploadpichincha.webcindario.com" always_nxdomain
 local-zone: "uploads.codesandbox.io" always_nxdomain
-local-zone: "upnew.site" always_nxdomain
 local-zone: "uppledpichincha.webcindario.com" always_nxdomain
 local-zone: "urbenorte.com" always_nxdomain
 local-zone: "urgent-halifaxlogin.com" always_nxdomain
 local-zone: "userboitevocalweb.flazio.com" always_nxdomain
 local-zone: "userinformationstoreupdatesmail.pages.dev" always_nxdomain
 local-zone: "usfn.net" always_nxdomain
-local-zone: "uspsconfirm.iconoomikert.com" always_nxdomain
 local-zone: "uspsexpressdeliveryline.com" always_nxdomain
 local-zone: "uswowgame.net" always_nxdomain
 local-zone: "uueer.7jgy5xe.cn" always_nxdomain
@@ -3794,6 +3598,7 @@ local-zone: "uyhnxx.urpzkva.cn" always_nxdomain
 local-zone: "uyqw.dykowec.cn" always_nxdomain
 local-zone: "uz154.sbs" always_nxdomain
 local-zone: "v.macecri.com" always_nxdomain
+local-zone: "v3r1f1c4t10ns-1d3nt1tys.000webhostapp.com" always_nxdomain
 local-zone: "v3r1f1c4t10ns-c3nt3rp4g3.000webhostapp.com" always_nxdomain
 local-zone: "vaccine-status-info.com" always_nxdomain
 local-zone: "vakif.albay-arnold.com" always_nxdomain
@@ -3801,45 +3606,45 @@ local-zone: "valax-wallet.com" always_nxdomain
 local-zone: "valenciaoptometry.com" always_nxdomain
 local-zone: "valenteplay.com.br" always_nxdomain
 local-zone: "validacionpichincha.odoo.com" always_nxdomain
+local-zone: "validate-chain.com" always_nxdomain
 local-zone: "validate-solana.com" always_nxdomain
 local-zone: "validator-fzkiy.run-us-west2.goorm.io" always_nxdomain
 local-zone: "vallion.motiffliterature.me" always_nxdomain
 local-zone: "vcz.gmoqkzu.cn" always_nxdomain
 local-zone: "velvish.com" always_nxdomain
 local-zone: "ventas.lnterbarnk.pe.jifad.org" always_nxdomain
-local-zone: "verfybadgeappform.com" always_nxdomain
 local-zone: "veri-pichincha.webcindario.com" always_nxdomain
-local-zone: "verificaciondeprioridad.com" always_nxdomain
 local-zone: "verification-trustwallet.4bl-eg.com" always_nxdomain
 local-zone: "verification.fb-page.workers.dev" always_nxdomain
 local-zone: "verificationmessage.blob.core.windows.net" always_nxdomain
+local-zone: "verifications-zones.com" always_nxdomain
 local-zone: "verififacebookid.wixsite.com" always_nxdomain
 local-zone: "verifiikasi-accounts.weebly.com" always_nxdomain
 local-zone: "verifikasi-akun-anda0011.weeblysite.com" always_nxdomain
 local-zone: "verifikasi-akun-facebook0022.weeblysite.com" always_nxdomain
 local-zone: "verifikasi-identitas47.weebly.com" always_nxdomain
 local-zone: "verifocaoffa.webcindario.com" always_nxdomain
+local-zone: "verifymywallets.com" always_nxdomain
 local-zone: "vgiuhkjnm.b9u6vh5l7g1797.workers.dev" always_nxdomain
 local-zone: "victorarath99.github.io" always_nxdomain
 local-zone: "videobigo.com" always_nxdomain
 local-zone: "vietlime.vn" always_nxdomain
 local-zone: "vietschi.de" always_nxdomain
 local-zone: "viettel-com-dot-c2c01-531c7.uc.r.appspot.com" always_nxdomain
-local-zone: "vigortech.com.np" always_nxdomain
+local-zone: "vigilant-murdock.45-81-232-15.plesk.page" always_nxdomain
 local-zone: "viguohilkasdsd.izwe6g6lyc.workers.dev" always_nxdomain
 local-zone: "vilaanimalviana.pt" always_nxdomain
 local-zone: "vinbpcfatfnkjftetwwkucfqsi-dot-gl44393333333.rj.r.appspot.com" always_nxdomain
 local-zone: "vinivet.mk" always_nxdomain
 local-zone: "vipfbtools.com" always_nxdomain
-local-zone: "vipprofessional.net" always_nxdomain
 local-zone: "viral-groub.duckdns.org" always_nxdomain
 local-zone: "virginia-spi.com" always_nxdomain
 local-zone: "virtual1dattss.com" always_nxdomain
 local-zone: "vis-stort.github.io" always_nxdomain
-local-zone: "visa-band.com" always_nxdomain
 local-zone: "vishaljangale01.github.io" always_nxdomain
 local-zone: "visione.co.id" always_nxdomain
 local-zone: "visionproperty.in" always_nxdomain
+local-zone: "vk-money.xyz" always_nxdomain
 local-zone: "vk-posters.ru" always_nxdomain
 local-zone: "vk-vhods.co" always_nxdomain
 local-zone: "vkjbm.4nt4nb464e6113.workers.dev" always_nxdomain
@@ -3858,25 +3663,30 @@ local-zone: "vugik.mecil33784.workers.dev" always_nxdomain
 local-zone: "vv.macecri.com" always_nxdomain
 local-zone: "vvjde0h0ttttf9hay.com" always_nxdomain
 local-zone: "vvpaes-me-index.egvtpp.cn" always_nxdomain
+local-zone: "vws.co.in" always_nxdomain
+local-zone: "vxcas.a35570.cn" always_nxdomain
 local-zone: "vxdse.myfreesites.net" always_nxdomain
 local-zone: "w2.deraya.org" always_nxdomain
 local-zone: "w5aproject.s3.us-east.cloud-object-storage.appdomain.cloud" always_nxdomain
-local-zone: "w5czf.csb.app" always_nxdomain
 local-zone: "wahed-koudsi2001.github.io" always_nxdomain
 local-zone: "walkers-dot-composite-store-326315.uk.r.appspot.com" always_nxdomain
 local-zone: "wallcertifyonmesh.com" always_nxdomain
 local-zone: "walldesign.com.tr" always_nxdomain
 local-zone: "wallet-connect012.web.app" always_nxdomain
 local-zone: "wallet-reconnection.xyz" always_nxdomain
+local-zone: "wallet-verified.com" always_nxdomain
 local-zone: "wallet.silesiacoin.com" always_nxdomain
 local-zone: "wallet22.000webhostapp.com" always_nxdomain
+local-zone: "walletconnect-tool.net" always_nxdomain
+local-zone: "walletconnect-tools.xyz" always_nxdomain
 local-zone: "walletconnectonline.pages.dev" always_nxdomain
 local-zone: "walletconnectors.com" always_nxdomain
 local-zone: "walleterrorsupport.com" always_nxdomain
+local-zone: "walletokenvalidation.com" always_nxdomain
+local-zone: "walletsconect.live" always_nxdomain
 local-zone: "walletsconnex.com" always_nxdomain
 local-zone: "walletsliveconnects.net" always_nxdomain
 local-zone: "walletsreauth.org" always_nxdomain
-local-zone: "walletsvalidator.org" always_nxdomain
 local-zone: "walletsynclive.com" always_nxdomain
 local-zone: "walletvalidation.me" always_nxdomain
 local-zone: "walletvalidators.com" always_nxdomain
@@ -3892,6 +3702,7 @@ local-zone: "warbonus.ru" always_nxdomain
 local-zone: "warningshadows.org" always_nxdomain
 local-zone: "warsa.bandungkab.go.id" always_nxdomain
 local-zone: "wasites.000webhostapp.com" always_nxdomain
+local-zone: "waterproofingengineer.com" always_nxdomain
 local-zone: "we-exodus-wallet.yahoosites.com" always_nxdomain
 local-zone: "web-armas.royale-freefire1garena-bonus.com" always_nxdomain
 local-zone: "web-b4119.web.app" always_nxdomain
@@ -3909,13 +3720,15 @@ local-zone: "web-verifi05.webcindario.com" always_nxdomain
 local-zone: "web-verifi06.webcindario.com" always_nxdomain
 local-zone: "web.bredbanque.trans.sylog.co" always_nxdomain
 local-zone: "web.royale-freefire1garena-bonus.com" always_nxdomain
-local-zone: "web7320.web07.bero-webspace.de" always_nxdomain
 local-zone: "webbbb.yolasite.com" always_nxdomain
 local-zone: "webbl.yolasite.com" always_nxdomain
+local-zone: "webdappsconnection.com" always_nxdomain
 local-zone: "webdatamltrainingdiag842.blob.core.windows.net" always_nxdomain
 local-zone: "webdesecure.clickfunnels.com" always_nxdomain
+local-zone: "webhost-verify.duckdns.org" always_nxdomain
 local-zone: "webip.yolasite.com" always_nxdomain
 local-zone: "webmail-2aaa0.web.app" always_nxdomain
+local-zone: "webmail-optusnet-com-au-sign1.weebly.com" always_nxdomain
 local-zone: "webmail-sso8uyg.web.app" always_nxdomain
 local-zone: "webmail.gourmer.co.in" always_nxdomain
 local-zone: "webmail.login.access.docs67.live" always_nxdomain
@@ -3925,20 +3738,17 @@ local-zone: "webpres.000webhostapp.com" always_nxdomain
 local-zone: "webregular.xyz" always_nxdomain
 local-zone: "webservice-verify.duckdns.org" always_nxdomain
 local-zone: "websitefun.club" always_nxdomain
-local-zone: "websiteorange.wixsite.com" always_nxdomain
 local-zone: "webstories.eu" always_nxdomain
 local-zone: "webvalidity.com" always_nxdomain
 local-zone: "well-42d74.web.app" always_nxdomain
-local-zone: "wellsfargo-online06.herokuapp.com" always_nxdomain
-local-zone: "weryfikacja-facebookowa-27.herokuapp.com" always_nxdomain
 local-zone: "weryfikacja-facebookowa-28.herokuapp.com" always_nxdomain
 local-zone: "weteachbh.com" always_nxdomain
 local-zone: "whare.100webspace.net" always_nxdomain
+local-zone: "whatsapp-grub99zyc.duckdns.org" always_nxdomain
 local-zone: "wheelsofmercy.org" always_nxdomain
 local-zone: "whitelist-network.com" always_nxdomain
 local-zone: "widadkamillah.github.io" always_nxdomain
 local-zone: "wiki.oceanreeflifegame.com" always_nxdomain
-local-zone: "wildcard.isiolo.go.ke" always_nxdomain
 local-zone: "windstream-net.firebaseapp.com" always_nxdomain
 local-zone: "winville.biz" always_nxdomain
 local-zone: "wireconfirmation68c10a25442a3e13.blogspot.com" always_nxdomain
@@ -3955,12 +3765,15 @@ local-zone: "wpsoar.com" always_nxdomain
 local-zone: "wqass-index.chobqu.cn" always_nxdomain
 local-zone: "wqass-index.dccigq.cn" always_nxdomain
 local-zone: "wqass-index.gbswz.cn" always_nxdomain
-local-zone: "wqass-index.jeewiki.cn" always_nxdomain
 local-zone: "wqass-index.pygbw.cn" always_nxdomain
 local-zone: "wrww-roblox.com" always_nxdomain
+local-zone: "wsertyzx.gq" always_nxdomain
 local-zone: "wteeoq.pfinanceiro.com.de" always_nxdomain
+local-zone: "ww.lnterbank.pe.personas.aaseguros.mx" always_nxdomain
 local-zone: "ww.lnterbank.pe.personas.onlinesocket.in" always_nxdomain
+local-zone: "ww.lnterbank.pe.personas.t-class.org" always_nxdomain
 local-zone: "ww16.inpost-pl-3dsecure.clear-id.xyz" always_nxdomain
+local-zone: "wwedealershipon.000webhostapp.com" always_nxdomain
 local-zone: "www-cursosdigitalesmx-com.filesusr.com" always_nxdomain
 local-zone: "www-degelyehuda-org-il.filesusr.com" always_nxdomain
 local-zone: "www-europe564598-com.filesusr.com" always_nxdomain
@@ -3968,10 +3781,9 @@ local-zone: "www-europessign-com.filesusr.com" always_nxdomain
 local-zone: "www-key-com.test.edgekey.net" always_nxdomain
 local-zone: "www-mufg-jp.handicraft.ltd" always_nxdomain
 local-zone: "www-mufg-jp.kaiqi.ink" always_nxdomain
-local-zone: "www-wattsapcom.duckdns.org" always_nxdomain
+local-zone: "www.facebook.com-sauuvazpjo.isiolo.go.ke" always_nxdomain
 local-zone: "www2.rakutan.co.jploginffd9dfg7.carwork.cn" always_nxdomain
 local-zone: "www2.rakutan.co.jploginffd9dfg7h.iotbaas.cn" always_nxdomain
-local-zone: "www2.rakutan.co.jploginvcx8ds.nanoart.cn" always_nxdomain
 local-zone: "www2.rakuten-card.co.jp.wzsrc.cn" always_nxdomain
 local-zone: "www2.rakutenn.co.jp.nanopark.cn" always_nxdomain
 local-zone: "www2.rakutenn.co.jp.zgyo.cn" always_nxdomain
@@ -3983,6 +3795,7 @@ local-zone: "x.scicemecod.com" always_nxdomain
 local-zone: "xcas.xoh29oz.cn" always_nxdomain
 local-zone: "xcasd.7vo6bt.cn" always_nxdomain
 local-zone: "xcasd.b204uje.cn" always_nxdomain
+local-zone: "xcasd.tcbjnhq.cn" always_nxdomain
 local-zone: "xcasd.yikn2gd.cn" always_nxdomain
 local-zone: "xcryptocars.blogspot.com" always_nxdomain
 local-zone: "xcvdsd.page.link" always_nxdomain
@@ -4001,10 +3814,10 @@ local-zone: "xjmr7.mjt.lu" always_nxdomain
 local-zone: "xjpyyds.pem4yp3.cn" always_nxdomain
 local-zone: "xkljfg.ml" always_nxdomain
 local-zone: "xn--gmal-sya.com" always_nxdomain
-local-zone: "xn--instagam-sf0d.com" always_nxdomain
 local-zone: "xn--ltappen-80a.se" always_nxdomain
 local-zone: "xn--metamsk-lwa.link" always_nxdomain
 local-zone: "xn--rpondeur-sfr2-bhb.yolasite.com" always_nxdomain
+local-zone: "xpubgfrozen.tk" always_nxdomain
 local-zone: "xqr3i.mjt.lu" always_nxdomain
 local-zone: "xqr3n.mjt.lu" always_nxdomain
 local-zone: "xqr3u.mjt.lu" always_nxdomain
@@ -4013,14 +3826,16 @@ local-zone: "xrxh1.mjt.lu" always_nxdomain
 local-zone: "xrxh2.mjt.lu" always_nxdomain
 local-zone: "xrxhl.mjt.lu" always_nxdomain
 local-zone: "xsbrookshhjx.top" always_nxdomain
+local-zone: "xspin.cawnibos.com" always_nxdomain
 local-zone: "xtio.ch" always_nxdomain
 local-zone: "xtw42.mjt.lu" always_nxdomain
+local-zone: "xvideokoreanwifesister18.duckdns.org" always_nxdomain
 local-zone: "xx.macecri.com" always_nxdomain
 local-zone: "xxaas.tp00jv9.cn" always_nxdomain
 local-zone: "xxasd.sf29hrg.cn" always_nxdomain
 local-zone: "xxx-com-dot-c2c01-531c7.uc.r.appspot.com" always_nxdomain
-local-zone: "xyproject.xtensio.com" always_nxdomain
 local-zone: "xzasd.uz64g3.cn" always_nxdomain
+local-zone: "yahoo%2eco%2ejp@asdxa.p2x11pi.cn" always_nxdomain
 local-zone: "yahoo%2eco%2ejp@bghgcd.psuxscm.cn" always_nxdomain
 local-zone: "yahoo%2eco%2ejp@bhgxa.eo76sni.cn" always_nxdomain
 local-zone: "yahoo%2eco%2ejp@cdas.nxzigco.cn" always_nxdomain
@@ -4042,12 +3857,11 @@ local-zone: "yahoo%2eco%2ejp@ujhdca.mdwclcb.cn" always_nxdomain
 local-zone: "yahoo%2eco%2ejp@uyhnxx.urpzkva.cn" always_nxdomain
 local-zone: "yahoo%2eco%2ejp@zxas.2nd0g8.cn" always_nxdomain
 local-zone: "yahoo%2eco%2ejp@zxass.jbkyj0o.cn" always_nxdomain
-local-zone: "yahoopoweredservice.duckdns.org" always_nxdomain
 local-zone: "yahuomall.square.site" always_nxdomain
 local-zone: "yairix.github.io" always_nxdomain
 local-zone: "yalena.me" always_nxdomain
+local-zone: "yandex-viral.duckdns.org" always_nxdomain
 local-zone: "yaqoobi.org" always_nxdomain
-local-zone: "yaranfayez.com" always_nxdomain
 local-zone: "yayanti.com" always_nxdomain
 local-zone: "ybdaa.oqsgm9r.cn" always_nxdomain
 local-zone: "ybggd.fjgjoux.cn" always_nxdomain
@@ -4067,11 +3881,13 @@ local-zone: "yma1ll0g0n.odoo.com" always_nxdomain
 local-zone: "ynbgdc.woprkzp.cn" always_nxdomain
 local-zone: "ynbxa.pvgulkz.cn" always_nxdomain
 local-zone: "yndda.m117s1s.cn" always_nxdomain
+local-zone: "yo7ka-anna.com" always_nxdomain
 local-zone: "yogeshwarwiremesh.com" always_nxdomain
 local-zone: "youknowar.com" always_nxdomain
 local-zone: "young-snow-7447.tcheviron5269.workers.dev" always_nxdomain
 local-zone: "youreasygoing2022.co.vu" always_nxdomain
 local-zone: "yqlpeitost.duckdns.org" always_nxdomain
+local-zone: "ytdjhstej.tk" always_nxdomain
 local-zone: "yuhjjkss.web.app" always_nxdomain
 local-zone: "yumpai.cn" always_nxdomain
 local-zone: "z.macecri.com" always_nxdomain
@@ -4079,10 +3895,12 @@ local-zone: "z.scicemecod.com" always_nxdomain
 local-zone: "z0massegurabclp1.shreeramwoodindustries.com" always_nxdomain
 local-zone: "z2qje.codesandbox.io" always_nxdomain
 local-zone: "z3voicrxxvs.typeform.com" always_nxdomain
+local-zone: "zacharytlasko.com" always_nxdomain
 local-zone: "zackselectronics.co.zw" always_nxdomain
 local-zone: "zaktualizacja-platnosci.netfxtv.co.pl" always_nxdomain
 local-zone: "zasd.yhxmd30.cn" always_nxdomain
 local-zone: "zb2-home.web.app" always_nxdomain
+local-zone: "zen-minsky-ef5931.netlify.app" always_nxdomain
 local-zone: "zenvinyl.com" always_nxdomain
 local-zone: "zepe.io" always_nxdomain
 local-zone: "zeroquiz.com" always_nxdomain
@@ -4095,10 +3913,8 @@ local-zone: "zmpcoacu.cyou" always_nxdomain
 local-zone: "zmpcoado.cyou" always_nxdomain
 local-zone: "zoho-online.web.app" always_nxdomain
 local-zone: "zoho-validationserv.web.app" always_nxdomain
-local-zone: "zonalnterbank.com" always_nxdomain
 local-zone: "zonmca.hxljatvw.cn" always_nxdomain
 local-zone: "zshrvvo.cn" always_nxdomain
-local-zone: "zuiunsya.com" always_nxdomain
 local-zone: "zxas.2nd0g8.cn" always_nxdomain
 local-zone: "zxas.hs0rgq8.cn" always_nxdomain
 local-zone: "zxass.jbkyj0o.cn" always_nxdomain
@@ -4107,6 +3923,5 @@ local-zone: "zxcaspx.aghwlup.cn" always_nxdomain
 local-zone: "zxcnash.seufhsk.cn" always_nxdomain
 local-zone: "zxcod.01l241.cn" always_nxdomain
 local-zone: "zxcuashs.e0n0gh5.cn" always_nxdomain
-local-zone: "zxdlbny.cn" always_nxdomain
 local-zone: "zxnahs.3cze6ri.cn" always_nxdomain
 local-zone: "zz.macecri.com" always_nxdomain
diff --git a/dist/phishing-filter-vivaldi.txt b/dist/phishing-filter-vivaldi.txt
index cd56659e..66420351 100644
--- a/dist/phishing-filter-vivaldi.txt
+++ b/dist/phishing-filter-vivaldi.txt
@@ -1,5 +1,5 @@
 ! Title: Phishing URL Blocklist (Vivaldi)
-! Updated: Sun, 16 Jan 2022 12:01:44 +0000
+! Updated: Mon, 17 Jan 2022 00:01:35 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/phishing-filter
 ! License: https://gitlab.com/curben/phishing-filter#license
@@ -17,11 +17,9 @@
 ||045a3c0.wcomhost.com/ameli-assurance/remboursement/login/iframe-page2.html$document
 ||048d7b4.wcomhost.com/ameli-assurance/remboursement/login$document
 ||048d7b4.wcomhost.com/ameli-assurance/remboursement/login/$document
+||0572f4b.wcomhost.com/escaixa/es/espace/home/$document
 ||08863299.sso-secure-mail0454etr.pages.dev$document
 ||0bs.de$document
-||0gjvj7a8eydbjz3au8anbg-on.drv.tw$document
-||1000000000347789523698541.tk$document
-||1000000000347789523698545.tk$document
 ||1000000000347789523698546.tk$document
 ||1000000000347789523698547.tk$document
 ||103.114.16.4$document
@@ -39,10 +37,12 @@
 ||149-210-143-165.colo.transip.net$document
 ||149.210.143.165$document
 ||15004083383734.data-store-company.com$document
+||154.222.224.81$document
 ||154.30.211.130.bc.googleusercontent.com$document
 ||161.35.142.2$document
 ||165.227.122.125$document
 ||16park.cn$document
+||1727365.com$document
 ||173.82.154.253$document
 ||178.128.108.233.dsl.dyn.forthnet.gr$document
 ||179.43.140.208$document
@@ -62,9 +62,9 @@
 ||2022-exodus.com$document
 ||2022-girobanken-sparkassen.xyz$document
 ||2022.intrebrkprsonas.xyz$document
+||205.185.113.221$document
 ||208.82.115.230$document
 ||217651.8b.io$document
-||2247317.verifyinguser426128734570198363.com$document
 ||228.94.92.rev.sfr.net.gghost.ru$document
 ||24611250.sibforms.com$document
 ||2482689012.yolasite.com$document
@@ -74,6 +74,7 @@
 ||2fa.bthei.com$document
 ||2pil.ru$document
 ||2rakuten.co.jp.happyyear.cn$document
+||2yfh.short.gy$document
 ||3-139-75-158.cprapid.com$document
 ||343i.org$document
 ||343t3dv9qdufp.clickfunnels.com$document
@@ -81,10 +82,11 @@
 ||35.199.84.117$document
 ||35.225.222.142$document
 ||3568365.com$document
-||377080202567359722137708020256735972.blogspot.com/?m=0%5c$document
+||365unfreezesecurity.com$document
+||3782365.com$document
 ||3a10a178.s6t6sj4s46tu4sys54y5.pages.dev$document
 ||3bvjh.sbs$document
-||3c5.com/tnrxs$document
+||3c5.com$document
 ||3ck.me$document
 ||3dprintersupplies.com.au$document
 ||3dsecure-update-service-info-live.duckdns.org$document
@@ -113,21 +115,21 @@
 ||613707.selcdn.ru$document
 ||61da8ae6.6u6566hrrthsh45.pages.dev$document
 ||638ca12d-ba2f-451c-8418-faf56b7de7ff.htmlcomponentservice.com$document
-||65451440241544.hyperphp.com$document
-||664876.verifyinguser426128734570198363.com$document
+||6734365.com$document
 ||67lksxgjd.bttmassage-thai-tanger.com$document
 ||6a7zu9he6mqh.clickfunnels.com$document
 ||6c7f0acc.sibforms.com$document
+||6stupefacentevideo2022.pagedemo.co$document
+||754675377.xyz$document
 ||78.108.89.240$document
 ||7837365.com$document
 ||7a4298b9.sso-mail-secure234ds23d23wd1.pages.dev$document
 ||7wr4u.csb.app$document
 ||7yu3v.csb.app$document
 ||8.215.32.173$document
-||8010361370310234068010361370310234.blogspot.be$document
-||8010361370310234068010361370310234.blogspot.com/?m=0%5c$document
 ||859411.icu$document
 ||8760365.com$document
+||885211.icu$document
 ||889381.icu$document
 ||8899.jp$document
 ||89ix7y0.cn$document
@@ -152,10 +154,13 @@
 ||aagamsteelcorporation.com$document
 ||aar.macecri.com$document
 ||abeermultimediadesign.com$document
+||abre.ai/dhhh?trackingid=gnevs68e&signature=newsletter$document
+||abre.ai/dmjg$document
 ||absaonline2021.website2.me$document
 ||absolute-containers-sip.business.site$document
 ||absolutepleasure.com.my$document
 ||acacia.webdevonline.net$document
+||account-recovery.org$document
 ||account.herephyshy.info$document
 ||account.verifications.help-page.workers.dev$document
 ||accounts-autoscout24.de$document
@@ -170,10 +175,12 @@
 ||ach111.xyz$document
 ||activartransferenciainternacional.com/?page_id=758$document
 ||activate-hulu-com-activate.sitey.me$document
+||activatingmymainnet.com$document
 ||adamfeber.com$document
 ||adcloudserver.com$document
 ||admin-formserviceupdates.weeblysite.com$document
 ||admin.fifoundry.net/en/bellcocreditunion/$document
+||administer-708aa.web.app$document
 ||administraciondefincaspereznovo.com$document
 ||adorablepomskyhome.net$document
 ||adpunemploymentclaims.sharefile.com$document
@@ -183,15 +190,14 @@
 ||afreemart.xyz$document
 ||africansecrets.ca$document
 ||agora.imb.br$document
-||agricolefr-99f918.ingress-erytho.easywp.com$document
 ||agrimetiersmartinique.fr$document
 ||agurimu-nagoya.com$document
 ||ahhhh.pe.kr$document
 ||ai.macecri.com$document
-||aib-unauthorized-access.com$document
 ||aid-validation-human.run-us-west2.goorm.io$document
 ||aijcs.blogspot.com/2005/03/colourful-life-of-aij.html$document
 ||aimekidya-recpag.web.id$document
+||airbnb.book-space-b851927.live$document
 ||airportprescreening.com$document
 ||aitsidihamh.my-place.us$document
 ||akanksha3012.github.io$document
@@ -216,8 +222,10 @@
 ||alkhalilgraphics.com$document
 ||allegrolokalnie-pl-3dsafe.id-43051.xyz$document
 ||allegrolokalnie-pl-3dsafe.id-91501.xyz$document
+||allegrolokalnie-pl-3dseif.id-43051.xyz$document
 ||allegrolokalnie-pl-safe.id-43051.xyz$document
 ||alliancesuper.com$document
+||almarjantours.com$document
 ||almighty.edu.np$document
 ||alnajahh.com$document
 ||aloun.ps$document
@@ -225,6 +233,7 @@
 ||alqadi.ps$document
 ||alquilervillora.net$document
 ||alsofft.com$document
+||alupi-frey.shop$document
 ||amacez.jyrtery4.top$document
 ||amacredit.amacardpkey.xyz$document
 ||amaenv.fgasdfw6.xyz$document
@@ -235,22 +244,21 @@
 ||amazomsse.shop$document
 ||amazon-gcatech.com$document
 ||amazon-interruption.com$document
-||amazon.co.ip.jlig.cn$document
 ||amazon.co.jp.abaiaccounting.cn$document
 ||amazon.gousana.casa$document
-||amazon.jp-m.win$document
+||amazon.logins-co.jp$document
 ||amazon.works.ga$document
 ||amazonhome.sfrmobiles.com$document
 ||amazonjapsne.cf$document
+||amazonses.authflows.com$document
 ||amazoon.co.op.o4j.top$document
-||ambil-hadiah-gratis-resmi-dari-freefire.duckdns.org$document
 ||ambrosecourt.com/our/ourtime/ourtime.html$document
 ||amc-training.com$document
-||amcgardiennage.com$document
+||amecmasmerd.ga$document
 ||ameozom.jp.onaworks.com$document
 ||americanexpress-auth.azurewebsites.net$document
-||americanexpress.heiwakai.com$document
 ||amguevara.com$document
+||amhsd.com$document
 ||amidabuli.com$document
 ||amlnov7.web.app$document
 ||amnzma-jp.top$document
@@ -261,8 +269,8 @@
 ||amoazom.rm82j6-t8.cn$document
 ||amonzau_co_take.ktbf.shop$document
 ||amosleh.com$document
-||amozom.co.ip.taxhod.club$document
 ||amreeth.github.io$document
+||ams3.digitaloceanspaces.com/faxwxagm72247832mhwuk7224783272247832/index.html?961961d961$document
 ||ams3.digitaloceanspaces.com/njk/25_40_24_5e_40_26_40_26_28_29_23_23_5e_23_24_26_5e_25_26_40_5e_28_23_26.html$document
 ||amusebouche-bg.com$document
 ||amzcredit.dearva.xyz$document
@@ -279,26 +287,23 @@
 ||anhduongjsc.com$document
 ||anj-azakp.run.goorm.io$document
 ||anjalijha167.github.io$document
-||anjayredit.duckdns.org$document
 ||annacatania.com.mt$document
 ||anon-keep-admin-keep.rvsla.workers.dev$document
 ||ansr.ro$document
 ||aolmailukhelplinecustomerservice.blogspot.com$document
 ||aolmailukhelplinecustomerservice.blogspot.com.au$document
-||aolpoweredservice.duckdns.org$document
 ||aolverixon11dfd.weebly.com$document
 ||aolxperience.com$document
 ||api-freewallet.com/app/$document
+||api-saisoncard-co-jp.md160.net$document
 ||api-saisoncard-co-jp.o4ay8.net$document
 ||api.addthis.com/oexchange/0.8/wrap/opengraph?url=ahr0chm6ly93zxetnmrlodiud2vilmfwcc8znzg1mje5lze1lziwmjfjdw5plmn6nto1nibbttu6ntygqu13zwjtyxn0zxi5lze1lziwmjeznzg1mjfjdw5plmn6nto1nibbttu6ntygqu13zwjtyxn0zxiznzg1mje5lze1lziwmjfjdw5plmn6nto1nibbttu6ntygqu0znzg1mjf3zwjtyxn0zxi5lze1lziwmjfjdw5plmn6nto1nibbttm3oduymtu6ntygqu13zwjtyxn0zxiznzg1mjejd2vibwfzdgvyqgn1bmkuy3o=$document
 ||api.florense.com.br$document
 ||api.redirect-bentobot199.com$document
 ||api.redirect-safebrowser-online.com$document
-||api.safe-directmail.com$document
 ||aplintec.com.mx$document
 ||app-928e4a31-5ecb-44ae-8c1e-5a710ac73f9f.cleverapps.io$document
 ||app-bombcrypto-io-login-ab.blogspot.com$document
-||app-panckswp.xyz$document
 ||app.box.com/s/b9fu9axf9rcv7bhjp80fpcm8zna5wcwi$document
 ||app.box.com/s/x6agocx9zvj049azirk4aw3xrqdedqhl$document
 ||app.box.com/s/ymr0ltw3hmn8icxebz16gjhcyhqa49w4$document
@@ -315,13 +320,14 @@
 ||appatualizecef.com$document
 ||appibsolicitud.com$document
 ||appleid-check.info$document
+||applekra.com$document
 ||applepichincha.webcindario.com$document
 ||apply.aua.am$document
 ||apps.mobile-form-verification40124572700208277579.xjzsg0tqkl-ewl6ngk8w352.p.runcloud.link$document
-||appttech.com$document
 ||appurl.io/6dfhh1yrol$document
 ||appurl.io/lsmho6dyl-$document
 ||appurl.io/wywajnlbtl$document
+||aprilgagenesh.com$document
 ||aquaqualitas.com$document
 ||arafathrumman.github.io$document
 ||arcacg.com$document
@@ -329,15 +335,18 @@
 ||are.scicemecod.com$document
 ||areueaom.gtpzcve.cn$document
 ||areueaom.gtva.cn$document
+||arif.com.bd$document
 ||aromatic.webenliven.in$document
 ||arthamahotels.com$document
 ||artlux.com.pl$document
 ||arub-service.org$document
 ||aruba.fatt.ids-sys.com$document
 ||as.macecri.com$document
+||as.scicemecod.com$document
 ||asaipestcontrol.com$document
 ||ascom.co.tz$document
 ||asd.9sw53wk.cn$document
+||asdxa.p2x11pi.cn$document
 ||asgard-ampqy.run-us-west2.goorm.io$document
 ||asimpwsh.com$document
 ||asistentetramitadordigitalda.com$document
@@ -347,20 +356,25 @@
 ||at-t-yahoo.sitey.me$document
 ||atento-fdi.plusoftomni.com.br$document
 ||ativacao-online73681.com$document
+||atlanticeconcrete.com$document
 ||atnr76dxku336szy.clickfunnels.com$document
 ||att-yahoo.meculinkvolt.com/at&t/$document
-||attcustomdesk.weebly.com$document
+||att556.weebly.com$document
+||att87.weebly.com$document
 ||attinfoser.weebly.com$document
 ||attonlinemanagementpage.weebly.com$document
+||attonlineuserverification.weebly.com$document
 ||attpage1121.weebly.com$document
 ||atualizacao-online547864.com$document
 ||atualizarmodolo.com$document
 ||atulrathore-dev.github.io$document
+||auid-japan.com$document
 ||aurumship.com$document
-||aushfew.tokyo$document
 ||aushotel.es$document
 ||auth-task1-m.web.app$document
 ||auth-webmailakeonetcom.yolasite.com$document
+||auth.topgamers.cn$document
+||authent54-sedure32.duckdns.org$document
 ||authorize-trustvallet-protocol.com$document
 ||authorizewallet.app$document
 ||authuxeehmutconjxmailssocl.web.app$document
@@ -370,17 +384,16 @@
 ||autoranplususeremailprocessingupdate.pages.dev$document
 ||autoscurt24.de$document
 ||autumn-sun-4a21.paqesads-scure.workers.dev$document
+||avelocidad.com$document
 ||avrorganics.com$document
 ||awesome-gates-8bdd6f.netlify.app$document
 ||ax.xiguw.workers.dev$document
-||axieinfinity-meta.com$document
 ||axieinfinity-supportwallet.com$document
 ||axlr.in$document
-||ayguru.com$document
+||ayushenterprise.in$document
 ||az.macecri.com$document
 ||azb3s.cf$document
 ||azeioaz.blogspot.com/?m=0$document
-||azmnsaz.000webhostapp.com$document
 ||azmznonos_co_long.akys.shop$document
 ||b.com.0cdb6084fc320a42a6418192753f5960.laremolonarestaurante.com$document
 ||b059c86968a6427389952025bcee9886.svc.dynamics.com$document
@@ -388,7 +401,6 @@
 ||b96f7f93.sibforms.com$document
 ||b97bca39.srvr-cloudmail-srvr6754e5rte.pages.dev$document
 ||bacteralia.com$document
-||badnewswegewroighgserhhg.xyz$document
 ||bag-macben.eu$document
 ||bakhai.vn$document
 ||balajihospital.net$document
@@ -408,7 +420,6 @@
 ||bancaporlnternetlnterbarnk.libertycanais.com.br$document
 ||bancoiinng.site44.com$document
 ||bancooccidentalb.com$document
-||bank-id.pl$document
 ||bankapolska.com$document
 ||banki0wa.us$document
 ||bankocaoffo.webcindario.com$document
@@ -416,9 +427,9 @@
 ||bannerbank.control-inc.com$document
 ||bannerchampnyc.com$document
 ||banproseguridadasistenteenlineanic.webnode.es$document
-||banqsuepoy.temp.swtest.ru$document
 ||baovesusonglcxt.com/wp-includes/index.html$document
 ||baradua.it$document
+||barbecuef.top$document
 ||bardaiconnect.com/app/listeners/ae/n-nv6588123/ae/ae/verify/sms.php$document
 ||baritasonte.blogspot.com/?m=0$document
 ||battlelastmont.cyou$document
@@ -431,7 +442,7 @@
 ||be-home.web.do$document
 ||bearmybrand.com$document
 ||beast-blog.com$document
-||beibys.com.br$document
+||beccu07.zzux.com$document
 ||beijing.vfzfy1v.cn$document
 ||belovedaroma.com$document
 ||bendmytrend.com$document
@@ -476,7 +487,6 @@
 ||bit.do/fs7cb$document
 ||bit.do/fs8cx$document
 ||bit.do/fsf6l$document
-||bit.do/ftahp$document
 ||bit.ly./3ijwsm2$document
 ||bit.ly/2iz03nf$document
 ||bit.ly/2kduy2u$document
@@ -627,6 +637,7 @@
 ||bitly.com/3koilft$document
 ||bitly.com/3xmjxs4$document
 ||bitly.com/taxirsxcy$document
+||bitly.ws/nlwp$document
 ||bitmexinc.com$document
 ||bitso.cm$document
 ||bitsrflyer.com$document
@@ -653,12 +664,15 @@
 ||bncre.odoo.com$document
 ||bncxz.9wx9b27.cn$document
 ||bndigitalpersonas.com$document
-||bnpparibas-pl.mob-app.xyz$document
 ||boaupdate.bfaoscr.com$document
 ||bodegalatinacorp-my.sharepoint.com/:x:/r/personal/012dsd_fiestamart_com/_layouts/15/wopiframe.aspx?guestaccesstoken=t3v5ldmmhrtlw5cyiohlp9z4yo7ufnrop9j1plyfdkm%3d&docid=1_1d89d259f7e704301aca26ac4dbabaa8d&wdformid=%7bfeb771e5%2d93ee%2d4015%2d8e87%2dd1c30d0f406a%7d&action=formsubmit&cid=f609fe16-56c4-4e2b-a964-75e250d31c99$document
 ||bogdonovlerer.com$document
 ||bogged-finance.com$document
+||boi.365online-replacement.com$document
+||boke4-indonesia-2022a7whatsapp.duckdns.org$document
+||bokep-virall-sange33.duckdns.org$document
 ||bokgabanesolutions.co.za$document
+||bold-lichterman.45-81-232-15.plesk.page$document
 ||bom.to/nlozan9lgoapq$document
 ||bonomequedoencasa.blogspot.com/?aplicar$document
 ||bookfbs.evangsamuelministries.com$document
@@ -666,10 +680,8 @@
 ||bpl.kr/s9x$document
 ||br4.in$document
 ||br622.teste.website$document
-||brave-knuth-96d329.netlify.app$document
 ||bre.is/2r9pyocy$document
 ||breople.com$document
-||brigida_cossette.gitlab.io$document
 ||brooks-forrunning.top$document
 ||brooks-justforjogging.top$document
 ||brooks-move.top$document
@@ -708,7 +720,6 @@
 ||bujikena.web.app$document
 ||bundel-cobragratis2022.duckdns.org$document
 ||busanopen.org$document
-||business-action-copyright11022.web.app$document
 ||business-action-page129591.web.app$document
 ||business-appeal-copyright8211.web.app$document
 ||business-appeal-form-18222.web.app$document
@@ -716,24 +727,22 @@
 ||business-copyright-alert198082.web.app$document
 ||business-copyright-alert19882.web.app$document
 ||business-copyright-detected920.web.app$document
-||business-page-content125882.web.app$document
 ||business-required-helpcenter82.web.app$document
 ||business-required-info188221.web.app$document
 ||businessemailss.biz$document
-||bussines.messages-redirect-to-page.e37uezyquk-rz83y0rwz4d7.p.runcloud.link$document
 ||buyelectronicsnyc.com$document
 ||c.curiousmorty.be$document
 ||c.jardindemiedo.es$document
 ||c.loveawaits.be$document
 ||c.mail.com$document
 ||c0m-r51znzlh8i.isiolo.go.ke$document
-||c10012022j.temp.swtest.ru$document
 ||c1christine.tjelmeland2e.cso.gov.tt$document
 ||c2dc5b99.chgmar.pages.dev$document
 ||c6ebv708.caspio.com$document
 ||cabsiler.com$document
 ||cache.nebula.phx3.secureserver.net$document
 ||cadeau-orange.fr$document
+||caixabanki.temp.swtest.ru$document
 ||caixaseguradora.quadientcloud.com$document
 ||cakesbyannemotha.com$document
 ||cammymiller.com$document
@@ -751,7 +760,6 @@
 ||capstroyinvest.com/assets/content/fcc3a33269bb5f281754c49ab86c3d4e/?user=3d{{email}}&amp;_verify?service=mail&amp;data:text/html;charset=utf-8;base64,pgh0bww%20dqo8c3r5bgu%20igjvzhkgeybtyxjnaw46ida7ig92zxjmbg93oiboawrkzw47ih0gpc9zdhlszt4nciagpglmcmft$document
 ||caracasmateriais.blogspot.com$document
 ||carpediemxp.com$document
-||carry.reduxservices.com$document
 ||carservicessaupdate.xyz$document
 ||cartamorin-geometres.fr$document
 ||carwash.tv$document
@@ -764,6 +772,7 @@
 ||caymanreno.com$document
 ||cbmonlinegroups.com$document
 ||cc.scicemecod.com$document
+||cc23674.tmweb.ru$document
 ||ccjrlaw.com$document
 ||cdas.nxzigco.cn$document
 ||cdn.shopify.com/s/files/1/0533/5367/6992/t/3/assets/home.html$document
@@ -778,14 +787,13 @@
 ||centromedicoviladomat.com/index.php?option=com_content&view=article&id=67$document
 ||ceresgulf.com$document
 ||certifica-montepaschii.com$document
-||chalokradocallkakuch.azurewebsites.net$document
-||changenotification.pricesamazonlogincard.monster$document
+||charitascb.com$document
 ||charperimagedesign.com$document
 ||chat-whatasapp.com$document
 ||chat-whatsaap99.duckdns.org$document
 ||chat-whatsapp-com-go8i7q-qregrabc-ibuxub.duckdns.org$document
-||chat-whatsapp-group-2022.duckdns.org$document
 ||chat-whatsapp-grupo-invitacion.blogspot.com$document
+||chat-whatsapp-gscfghjsgsu.duckdns.org$document
 ||chckmaill1.web.app$document
 ||chckmaill10.web.app$document
 ||chckmaill11.web.app$document
@@ -819,13 +827,13 @@
 ||chois.jp$document
 ||christienstudystl.wixsite.com$document
 ||christmas-dhl-express-delvr.hopekosmos.com$document
+||chronopostaws.com$document
 ||chronopostvalidation.blogspot.com/2021/02/blog-post_12.html$document
 ||chtbnk.uk$document
 ||chutomen.com$document
 ||ci3.googleusercontent.com/proxy/rdh-rjsrv9zzrx57iscgov74o1gka4qjdfj01qr7v8-pkjgyvn50tivt7pzqgm5kuqdmonqle3f8eq_t8f4xl6jdozabmf2lxy-888ai8hdji633rg$document
 ||ci4.googleusercontent.com/proxy/djc3ckf7jcnj8l0duyaqyjwffeskzbccy9spjiauj_jwrplgw0ahyaf1xozvm6n_fjn8q1-2vkhqqujjr1en3qej703lyxxujt6tto-ttwsl6hgsggp3ehcc$document
 ||ci4.googleusercontent.com/proxy/zjba9cvtmkfnoveyofx6gqong0kqi3s69d9o2y32fmu_gankb59tj-rb79bolx0bwbsemnonfhh2esy9olfdp-20gybztkzstfhfheqrrjuefxwiwkqws29wxm6tdobikwz-qkzfphpaldfr$document
-||ciiusea.com$document
 ||cimslp-my.sharepoint.com/:x:/r/personal/eric_cimsltd_com/_layouts/15/wopiframe.aspx?guestaccesstoken=wnhqsp58ikn1qzzozpe2oiw%2fmizdr53wegdbyscml7y%3d&amp;docid=1_1207bcf2f71094b5cb97dcb5bea3e1a3a&amp;wdformid=%7bd98de46a%2d2777%2d417f%2dbbcf%2d5f08c8244727%7d&amp;action=formsubmit$document
 ||cinemaleftech.com$document
 ||citagestionenlineabn.com$document
@@ -834,7 +842,6 @@
 ||claiimdiamondgratis84.duckdns.org$document
 ||claim-event-freefire-garena-oldfree-a4.duckdns.org$document
 ||claim-skingratis-mobailegends161.duckdns.org$document
-||claimgratisff2022.duckdns.org$document
 ||claims-funds-enczj.run-us-west2.goorm.io$document
 ||claimseventmlbb.duckdns.org$document
 ||claimshopee.yolasite.com$document
@@ -842,7 +849,6 @@
 ||claus.bz$document
 ||clck.ru/yc8bd&post=665308711_37&cc_key$document
 ||clck.ru/yzuft&post=665308711_32&cc_key$document
-||clefman.cl$document
 ||click-here-help.in$document
 ||click.icptrack.com/icp/relay.php?r=57372110&amp;msgid=807563&amp;act=af7a&amp;c=1365247&amp;destination=https://www.linkedin.com/&amp;cf=17638&amp;v=6023ca6bc5e4f8b8568ed04ff6a646a7d7757336e750d772ecc1cb2b3b6063b4$document
 ||click.message.fruit.com/?qs=6541641088c869552ced792d84ee93eabf075e23cd5eba83a7d07a40ad9cf2ce36c931984719b9df7de658999defbc87f999ec46970a0280$document
@@ -884,8 +890,10 @@
 ||co.jp.sefdvsi.cn$document
 ||co.jp.tezkkbp.cn$document
 ||co.jp.ztxzzup.cn$document
+||cobaincurlduluom.duckdns.org$document
 ||codepasta.app/paste/c4tl1sfout2tbkhn5810/raw$document
 ||codwarzonemobile.com$document
+||coindappsync.online$document
 ||cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev$document
 ||cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev/#investor-relations@cyient.com$document
 ||collab-land.net$document
@@ -901,26 +909,27 @@
 ||com-r51znzlh8i.isiolo.go.ke$document
 ||com-sauuvazpjo.isiolo.go.ke$document
 ||com-ugsyk69nqb.isiolo.go.ke$document
-||comefuck.co$document
 ||community-die.blogspot.com/?!=%25_col_email%20address_%25$document
 ||community.fb-pages-01138913366342885284.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link$document
 ||community.fb-pages-28202553629866144006.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link$document
 ||community.fb-pages-44883444930165123303.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link$document
 ||communitychurch-my.sharepoint.com/:b:/g/personal/infonoreply_communitychurch_tv/eburrky2tklimiiiqf0ia5kbbhkaxaypf06-08wf9wjebq?e=w5jmrb$document
 ||completeegali.webcindario.com$document
+||completeyorcorp.lunsrgovert.net$document
 ||comunicazione-europe.net$document
 ||comunity-isue-ideent-andromeda-29.web.id$document
 ||comunity-isue-ideent-andromeda-33.web.id$document
-||comunity-isue-ideent-andromeda-88.web.id$document
 ||con-firma.firebaseapp.com$document
 ||confabint.com/discounts_services/writing/loginform2d0e.php$document
-||confirming-pages-idntitysupport.web.id$document
 ||congresosba.com.ar$document
 ||conhecaonlinedigital.com.br$document
 ||connect.au-login.0662smt.com$document
+||connect.auone.jp-login.kddi-sys.com$document
+||connect.myauone.jp-auid.jp-auid.com$document
+||connect.myauone.jp-auid.kddi-mail.com$document
+||connectlivewallet.io$document
 ||connectwallet.me$document
 ||conoscofaturahiiiper.com$document
-||consultavirtuai.bieah.com$document
 ||consultorioveterinario7colinas.pt/it/userbcc/indexx.html$document
 ||contabilidaderabello.com.br$document
 ||contact2acceptpoilcyverifingyouracceptancemailfullinbox.pages.dev$document
@@ -932,7 +941,7 @@
 ||contratodeparceria.com.br$document
 ||controlpichincha.webcindario.com$document
 ||copyright-center-live.ml$document
-||corl-inv.web.app$document
+||coroplastusa.com$document
 ||correosdemexico-web.com$document
 ||corta.ai$document
 ||cosemu.com$document
@@ -966,7 +975,6 @@
 ||credicorpfiduciariasa.com$document
 ||credifinanciera.didacsis.com$document
 ||crediserfinanza.com$document
-||credita302.temp.swtest.ru$document
 ||creditagricole-sudrhonealpes.blogspot.ba$document
 ||creditagricole-sudrhonealpes.blogspot.com$document
 ||creditagricole-sudrhonealpes.blogspot.ro$document
@@ -975,13 +983,16 @@
 ||creditiperhabbogratissicuro100.blogspot.it$document
 ||cresvin.com$document
 ||criticalcarevizag.com$document
+||crrdxwjap7t.typeform.com$document
 ||cryptocars-plays.buzz$document
 ||cryptocarsme.com$document
 ||cryptscars-logs.com$document
 ||cryqtocars.me$document
 ||cuans.bkaamiv.cn$document
 ||currentlyupgrade.mystrikingly.com$document
+||cusnas.366wuv.cn$document
 ||cusstomerservicee.blogspot.com/?m=0$document
+||custream.com/91eb6b959cd1249d6877/$document
 ||cutt.ly/2isbc3k$document
 ||cutt.ly/3yqokjg$document
 ||cutt.ly/3yy01ci$document
@@ -999,6 +1010,7 @@
 ||cutt.ly/dkvkq49/$document
 ||cutt.ly/gyqdc7m$document
 ||cutt.ly/ingdirect-es$document
+||cutt.ly/irsgov$document
 ||cutt.ly/iyn1owx$document
 ||cutt.ly/kiiataa$document
 ||cutt.ly/mynrk6q$document
@@ -1022,7 +1034,10 @@
 ||cutt.ly/wyc154r$document
 ||cutt.ly/xynjuem$document
 ||cutt.ly/ytv0uzv$document
+||cxas.bvd2q18.cn$document
+||cxas.zk6w4dt.cn$document
 ||cxasd.easghbl.cn$document
+||cxmnsa.04frh0w.cn$document
 ||cxnbas.nmkbmqk.cn$document
 ||cxuahs.1wc9bxm.cn$document
 ||cy.tc/oglp$document
@@ -1037,8 +1052,10 @@
 ||d3ncuwwrr82.typeform.com$document
 ||d854c624d7.gesundheitundschonheit.com/#?act=cl&pid=34515_md&uid=1&vid=25&ofid=1615&lid=126&cid=17171$document
 ||daatahomes.com$document
+||dadafa88.com$document
 ||damp-f43e.recovery-page-secur.workers.dev$document
 ||danitraseoexperts.com$document
+||dappconnecttvalidator.net$document
 ||dapponlines.com$document
 ||dappscoins.com$document
 ||dappsiconnect.com$document
@@ -1054,8 +1071,8 @@
 ||db-web-client.com$document
 ||dbesmdcjzturhizszllesbthsn-dot-gl44393333333.rj.r.appspot.com$document
 ||dbkuzwes.online$document
-||dbs-interrnet.online$document
 ||dbs.limited$document
+||dbs.online.webdbslistinonline.com$document
 ||dbs.webdbslistinonline.com$document
 ||dbw.gr$document
 ||dcm1.ae.iwc.static.tungmung.co.id$document
@@ -1088,6 +1105,7 @@
 ||dev-nadaj.orlenpaczka.ce5.pl$document
 ||dev-secu-credit-union.pantheonsite.io$document
 ||dev-www.orlenpaczka.ce5.pl$document
+||dev.massageliabilityinsurancegroup.com$document
 ||dev.shivaxi.com$document
 ||devicepichincha.webcindario.com$document
 ||devops.help$document
@@ -1100,16 +1118,18 @@
 ||dhl.recruitmentplatform.com$document
 ||diamondplate.us$document
 ||die-post-swiss-id-19782635812.psd2any.com$document
+||diepost-paketevhost207932.lowhost.ru$document
 ||diginto.org$document
 ||digisigner.com/online/showdocument?documentid=1fce937a-ba39-4053-a83a-f07711ad8efd&invitationid=82f3e840-cd11-4da4-8579-304bd7e930b0$document
-||dilscord.gift$document
+||diligentverify.com$document
 ||directqpuprozaakp.weebly.com$document
 ||dirtyez.com$document
 ||disccrdapp.com$document
 ||disckord.club$document
 ||discoord-nittro.com$document
-||discorc.gift$document
 ||discordbugs.com$document
+||discordnitroos.com$document
+||discrods.gift$document
 ||dispositivoapp.azurewebsites.net$document
 ||distinctivei.com$document
 ||distrial.ec$document
@@ -1122,7 +1142,6 @@
 ||dl.9xu.com$document
 ||dlink.me$document
 ||dmaxpesca.com.es$document
-||dminer.cloud$document
 ||doclab-console-auth.firebaseapp.com$document
 ||docs-verify-c671.thajetiase.workers.dev$document
 ||docs.google.com/document/d/e/2pacx-1vszcwxk6nifthkg32wjxfjgq9yc-jjujkbsumqeeau8uw7xkcutyp0tbgux2mvwu8iqfrxxlunajob8/pub$document
@@ -1243,7 +1262,6 @@
 ||docs.google.com/forms/d/e/1faipqlsfanborkr2ivrhpsjdnvnb-jktwkjbuub3wnsxb-md7haddsq/viewform?usp=send_form$document
 ||docs.google.com/forms/d/e/1faipqlsfbu-bfa-om2nk21gbc1gbbeoy4veybh7qcrj8jw7nwthmh_w/viewform$document
 ||docs.google.com/forms/d/e/1faipqlsfeoy_w3jwkkz8psgsw4nrja9tmg2lx0x0nvtmv38k0hjzzmq/viewform?usp=send_form$document
-||docs.google.com/forms/d/e/1faipqlsfgomlcpbyhodks1bwjmx6f5jr0tqwhngun_juf2qk0jp8dbq/viewform?vc=0&amp;c=0&amp;w=1&amp;flr=0&amp;usp=mail_form_link$document
 ||docs.google.com/forms/d/e/1faipqlsfgrkvxsp4vv3h2jpge8n2rwi_acvt3o91y4av8-nbjpc0xxw/viewform?c=0&amp;w=1$document
 ||docs.google.com/forms/d/e/1faipqlsfhzli805cycnlai887dfo6ra8bwbwjbc8uehmv5amiaqdbyq/viewform$document
 ||docs.google.com/forms/d/e/1faipqlsfjpx-sxpejnp_q2fmfu0jy8oqoesrx9wbrqplcychw9luupa/viewform$document
@@ -1276,7 +1294,6 @@
 ||docsharex-authorize.firebaseapp.com$document
 ||docuservice.us$document
 ||docusign-lnc.info$document
-||dodgersdigest.com/wp-content/uploads/2013/12/thereal_dv$document
 ||domaincontroller.pmeimg.co.uk$document
 ||domainserverlawa100.web.app$document
 ||domainserverlawa101.web.app$document
@@ -1296,12 +1313,9 @@
 ||domainserverlawa117.web.app$document
 ||domainserverlawa118.web.app$document
 ||domainserverlawa119.web.app$document
-||domainserverlawa120.web.app$document
-||domainserverlawa121.web.app$document
 ||domainserverlawa122.web.app$document
 ||domainserverlawa123.web.app$document
 ||domainserverlawa124.web.app$document
-||domainserverlawa125.web.app$document
 ||domainserverlawa126.web.app$document
 ||domainserverlawa127.web.app$document
 ||domainserverlawa128.web.app$document
@@ -1310,32 +1324,24 @@
 ||domainserverlawa130.web.app$document
 ||domainserverlawa131.web.app$document
 ||domainserverlawa132.web.app$document
-||domainserverlawa133.web.app$document
 ||domainserverlawa134.web.app$document
 ||domainserverlawa135.web.app$document
 ||domainserverlawa136.web.app$document
 ||domainserverlawa137.web.app$document
-||domainserverlawa138.web.app$document
 ||domainserverlawa139.web.app$document
 ||domainserverlawa14.web.app$document
-||domainserverlawa140.web.app$document
-||domainserverlawa141.web.app$document
 ||domainserverlawa142.web.app$document
 ||domainserverlawa143.web.app$document
 ||domainserverlawa144.web.app$document
 ||domainserverlawa145.web.app$document
 ||domainserverlawa146.web.app$document
-||domainserverlawa147.web.app$document
 ||domainserverlawa148.web.app$document
 ||domainserverlawa149.web.app$document
 ||domainserverlawa150.web.app$document
-||domainserverlawa151.web.app$document
 ||domainserverlawa152.web.app$document
 ||domainserverlawa153.web.app$document
-||domainserverlawa154.web.app$document
 ||domainserverlawa155.web.app$document
 ||domainserverlawa156.web.app$document
-||domainserverlawa157.web.app$document
 ||domainserverlawa158.web.app$document
 ||domainserverlawa159.web.app$document
 ||domainserverlawa160.web.app$document
@@ -1343,20 +1349,15 @@
 ||domainserverlawa162.web.app$document
 ||domainserverlawa163.web.app$document
 ||domainserverlawa164.web.app$document
-||domainserverlawa165.web.app$document
 ||domainserverlawa166.web.app$document
 ||domainserverlawa167.web.app$document
 ||domainserverlawa168.web.app$document
 ||domainserverlawa169.web.app$document
-||domainserverlawa17.web.app$document
-||domainserverlawa170.web.app$document
 ||domainserverlawa171.web.app$document
 ||domainserverlawa172.web.app$document
 ||domainserverlawa173.web.app$document
 ||domainserverlawa174.web.app$document
-||domainserverlawa175.web.app$document
 ||domainserverlawa176.web.app$document
-||domainserverlawa177.web.app$document
 ||domainserverlawa178.web.app$document
 ||domainserverlawa179.web.app$document
 ||domainserverlawa18.web.app$document
@@ -1365,34 +1366,25 @@
 ||domainserverlawa182.web.app$document
 ||domainserverlawa183.web.app$document
 ||domainserverlawa184.web.app$document
-||domainserverlawa185.web.app$document
 ||domainserverlawa186.web.app$document
 ||domainserverlawa187.web.app$document
 ||domainserverlawa188.web.app$document
 ||domainserverlawa189.web.app$document
 ||domainserverlawa19.web.app$document
-||domainserverlawa190.web.app$document
 ||domainserverlawa191.web.app$document
 ||domainserverlawa193.web.app$document
 ||domainserverlawa194.web.app$document
 ||domainserverlawa195.web.app$document
-||domainserverlawa196.web.app$document
-||domainserverlawa197.web.app$document
 ||domainserverlawa198.web.app$document
-||domainserverlawa199.web.app$document
 ||domainserverlawa20.web.app$document
-||domainserverlawa200.web.app$document
 ||domainserverlawa201.web.app$document
 ||domainserverlawa202.web.app$document
-||domainserverlawa203.web.app$document
 ||domainserverlawa204.web.app$document
 ||domainserverlawa205.web.app$document
 ||domainserverlawa206.web.app$document
-||domainserverlawa207.web.app$document
 ||domainserverlawa208.web.app$document
 ||domainserverlawa209.web.app$document
 ||domainserverlawa21.web.app$document
-||domainserverlawa210.web.app$document
 ||domainserverlawa211.web.app$document
 ||domainserverlawa212.web.app$document
 ||domainserverlawa213.web.app$document
@@ -1406,7 +1398,6 @@
 ||domainserverlawa221.web.app$document
 ||domainserverlawa222.web.app$document
 ||domainserverlawa223.web.app$document
-||domainserverlawa224.web.app$document
 ||domainserverlawa225.web.app$document
 ||domainserverlawa226.web.app$document
 ||domainserverlawa227.web.app$document
@@ -1419,12 +1410,10 @@
 ||domainserverlawa234.web.app$document
 ||domainserverlawa235.web.app$document
 ||domainserverlawa237.web.app$document
-||domainserverlawa238.web.app$document
 ||domainserverlawa239.web.app$document
 ||domainserverlawa240.web.app$document
 ||domainserverlawa241.web.app$document
 ||domainserverlawa242.web.app$document
-||domainserverlawa243.web.app$document
 ||domainserverlawa244.web.app$document
 ||domainserverlawa245.web.app$document
 ||domainserverlawa246.web.app$document
@@ -1432,35 +1421,23 @@
 ||domainserverlawa248.web.app$document
 ||domainserverlawa249.web.app$document
 ||domainserverlawa25.web.app$document
-||domainserverlawa250.web.app$document
 ||domainserverlawa251.web.app$document
 ||domainserverlawa252.web.app$document
 ||domainserverlawa253.web.app$document
-||domainserverlawa254.web.app$document
-||domainserverlawa255.web.app$document
 ||domainserverlawa256.web.app$document
 ||domainserverlawa257.web.app$document
 ||domainserverlawa258.web.app$document
-||domainserverlawa259.web.app$document
-||domainserverlawa26.web.app$document
 ||domainserverlawa260.web.app$document
-||domainserverlawa261.web.app$document
-||domainserverlawa262.web.app$document
 ||domainserverlawa263.web.app$document
 ||domainserverlawa264.web.app$document
 ||domainserverlawa265.web.app$document
 ||domainserverlawa266.web.app$document
 ||domainserverlawa267.web.app$document
-||domainserverlawa268.web.app$document
 ||domainserverlawa269.web.app$document
 ||domainserverlawa270.web.app$document
-||domainserverlawa271.web.app$document
-||domainserverlawa272.web.app$document
 ||domainserverlawa273.web.app$document
 ||domainserverlawa274.web.app$document
-||domainserverlawa275.web.app$document
 ||domainserverlawa276.web.app$document
-||domainserverlawa277.web.app$document
 ||domainserverlawa278.web.app$document
 ||domainserverlawa279.web.app$document
 ||domainserverlawa280.web.app$document
@@ -1469,9 +1446,7 @@
 ||domainserverlawa283.web.app$document
 ||domainserverlawa284.web.app$document
 ||domainserverlawa285.web.app$document
-||domainserverlawa286.web.app$document
 ||domainserverlawa287.web.app$document
-||domainserverlawa289.web.app$document
 ||domainserverlawa29.web.app$document
 ||domainserverlawa290.web.app$document
 ||domainserverlawa292.web.app$document
@@ -1480,28 +1455,20 @@
 ||domainserverlawa295.web.app$document
 ||domainserverlawa296.web.app$document
 ||domainserverlawa297.web.app$document
-||domainserverlawa298.web.app$document
 ||domainserverlawa299.web.app$document
-||domainserverlawa30.web.app$document
 ||domainserverlawa300.web.app$document
 ||domainserverlawa301.web.app$document
 ||domainserverlawa302.web.app$document
 ||domainserverlawa303.web.app$document
 ||domainserverlawa304.web.app$document
 ||domainserverlawa305.web.app$document
-||domainserverlawa306.web.app$document
 ||domainserverlawa307.web.app$document
 ||domainserverlawa308.web.app$document
-||domainserverlawa309.web.app$document
-||domainserverlawa31.web.app$document
 ||domainserverlawa310.web.app$document
 ||domainserverlawa311.web.app$document
 ||domainserverlawa312.web.app$document
 ||domainserverlawa313.web.app$document
-||domainserverlawa314.web.app$document
 ||domainserverlawa315.web.app$document
-||domainserverlawa316.web.app$document
-||domainserverlawa317.web.app$document
 ||domainserverlawa318.web.app$document
 ||domainserverlawa319.web.app$document
 ||domainserverlawa32.web.app$document
@@ -1509,13 +1476,11 @@
 ||domainserverlawa321.web.app$document
 ||domainserverlawa322.web.app$document
 ||domainserverlawa323.web.app$document
-||domainserverlawa324.web.app$document
 ||domainserverlawa325.web.app$document
 ||domainserverlawa326.web.app$document
 ||domainserverlawa327.web.app$document
 ||domainserverlawa328.web.app$document
 ||domainserverlawa329.web.app$document
-||domainserverlawa33.web.app$document
 ||domainserverlawa330.web.app$document
 ||domainserverlawa331.web.app$document
 ||domainserverlawa332.web.app$document
@@ -1526,17 +1491,14 @@
 ||domainserverlawa337.web.app$document
 ||domainserverlawa338.web.app$document
 ||domainserverlawa339.web.app$document
-||domainserverlawa34.web.app$document
 ||domainserverlawa340.web.app$document
 ||domainserverlawa341.web.app$document
 ||domainserverlawa342.web.app$document
 ||domainserverlawa343.web.app$document
 ||domainserverlawa344.web.app$document
-||domainserverlawa345.web.app$document
 ||domainserverlawa346.web.app$document
 ||domainserverlawa347.web.app$document
 ||domainserverlawa348.web.app$document
-||domainserverlawa35.web.app$document
 ||domainserverlawa350.web.app$document
 ||domainserverlawa351.web.app$document
 ||domainserverlawa352.web.app$document
@@ -1550,7 +1512,6 @@
 ||domainserverlawa36.web.app$document
 ||domainserverlawa360.web.app$document
 ||domainserverlawa361.web.app$document
-||domainserverlawa362.web.app$document
 ||domainserverlawa363.web.app$document
 ||domainserverlawa364.web.app$document
 ||domainserverlawa365.web.app$document
@@ -1561,7 +1522,6 @@
 ||domainserverlawa370.web.app$document
 ||domainserverlawa371.web.app$document
 ||domainserverlawa372.web.app$document
-||domainserverlawa373.web.app$document
 ||domainserverlawa374.web.app$document
 ||domainserverlawa375.web.app$document
 ||domainserverlawa376.web.app$document
@@ -1577,11 +1537,7 @@
 ||domainserverlawa385.web.app$document
 ||domainserverlawa386.web.app$document
 ||domainserverlawa387.web.app$document
-||domainserverlawa388.web.app$document
-||domainserverlawa389.web.app$document
-||domainserverlawa39.web.app$document
 ||domainserverlawa390.web.app$document
-||domainserverlawa391.web.app$document
 ||domainserverlawa392.web.app$document
 ||domainserverlawa393.web.app$document
 ||domainserverlawa394.web.app$document
@@ -1592,11 +1548,8 @@
 ||domainserverlawa40.web.app$document
 ||domainserverlawa400.web.app$document
 ||domainserverlawa401.web.app$document
-||domainserverlawa402.web.app$document
 ||domainserverlawa403.web.app$document
-||domainserverlawa404.web.app$document
 ||domainserverlawa405.web.app$document
-||domainserverlawa406.web.app$document
 ||domainserverlawa407.web.app$document
 ||domainserverlawa408.web.app$document
 ||domainserverlawa409.web.app$document
@@ -1607,7 +1560,6 @@
 ||domainserverlawa413.web.app$document
 ||domainserverlawa414.web.app$document
 ||domainserverlawa415.web.app$document
-||domainserverlawa416.web.app$document
 ||domainserverlawa417.web.app$document
 ||domainserverlawa418.web.app$document
 ||domainserverlawa419.web.app$document
@@ -1620,12 +1572,10 @@
 ||domainserverlawa425.web.app$document
 ||domainserverlawa426.web.app$document
 ||domainserverlawa427.web.app$document
-||domainserverlawa428.web.app$document
 ||domainserverlawa429.web.app$document
 ||domainserverlawa43.web.app$document
 ||domainserverlawa430.web.app$document
 ||domainserverlawa431.web.app$document
-||domainserverlawa432.web.app$document
 ||domainserverlawa433.web.app$document
 ||domainserverlawa434.web.app$document
 ||domainserverlawa435.web.app$document
@@ -1635,36 +1585,27 @@
 ||domainserverlawa439.web.app$document
 ||domainserverlawa44.web.app$document
 ||domainserverlawa440.web.app$document
-||domainserverlawa441.web.app$document
 ||domainserverlawa442.web.app$document
 ||domainserverlawa443.web.app$document
 ||domainserverlawa444.web.app$document
 ||domainserverlawa445.web.app$document
 ||domainserverlawa446.web.app$document
 ||domainserverlawa447.web.app$document
-||domainserverlawa448.web.app$document
 ||domainserverlawa449.web.app$document
-||domainserverlawa45.web.app$document
 ||domainserverlawa450.web.app$document
 ||domainserverlawa451.web.app$document
 ||domainserverlawa452.web.app$document
 ||domainserverlawa453.web.app$document
-||domainserverlawa454.web.app$document
 ||domainserverlawa455.web.app$document
 ||domainserverlawa456.web.app$document
-||domainserverlawa457.web.app$document
-||domainserverlawa458.web.app$document
 ||domainserverlawa459.web.app$document
 ||domainserverlawa46.web.app$document
 ||domainserverlawa460.web.app$document
-||domainserverlawa461.web.app$document
 ||domainserverlawa462.web.app$document
 ||domainserverlawa463.web.app$document
 ||domainserverlawa464.web.app$document
 ||domainserverlawa465.web.app$document
 ||domainserverlawa466.web.app$document
-||domainserverlawa467.web.app$document
-||domainserverlawa468.web.app$document
 ||domainserverlawa469.web.app$document
 ||domainserverlawa47.web.app$document
 ||domainserverlawa470.web.app$document
@@ -1675,18 +1616,14 @@
 ||domainserverlawa475.web.app$document
 ||domainserverlawa476.web.app$document
 ||domainserverlawa477.web.app$document
-||domainserverlawa478.web.app$document
 ||domainserverlawa479.web.app$document
 ||domainserverlawa480.web.app$document
 ||domainserverlawa481.web.app$document
-||domainserverlawa482.web.app$document
 ||domainserverlawa483.web.app$document
 ||domainserverlawa484.web.app$document
 ||domainserverlawa485.web.app$document
 ||domainserverlawa486.web.app$document
 ||domainserverlawa487.web.app$document
-||domainserverlawa488.web.app$document
-||domainserverlawa489.web.app$document
 ||domainserverlawa49.web.app$document
 ||domainserverlawa490.web.app$document
 ||domainserverlawa491.web.app$document
@@ -1697,22 +1634,15 @@
 ||domainserverlawa496.web.app$document
 ||domainserverlawa497.web.app$document
 ||domainserverlawa498.web.app$document
-||domainserverlawa499.web.app$document
 ||domainserverlawa50.web.app$document
 ||domainserverlawa500.web.app$document
-||domainserverlawa501.web.app$document
 ||domainserverlawa502.web.app$document
-||domainserverlawa503.web.app$document
-||domainserverlawa504.web.app$document
-||domainserverlawa505.web.app$document
 ||domainserverlawa506.web.app$document
 ||domainserverlawa507.web.app$document
 ||domainserverlawa508.web.app$document
 ||domainserverlawa509.web.app$document
 ||domainserverlawa51.web.app$document
-||domainserverlawa510.web.app$document
 ||domainserverlawa511.web.app$document
-||domainserverlawa513.web.app$document
 ||domainserverlawa514.web.app$document
 ||domainserverlawa515.web.app$document
 ||domainserverlawa516.web.app$document
@@ -1721,10 +1651,8 @@
 ||domainserverlawa519.web.app$document
 ||domainserverlawa52.web.app$document
 ||domainserverlawa520.web.app$document
-||domainserverlawa521.web.app$document
 ||domainserverlawa522.web.app$document
 ||domainserverlawa523.web.app$document
-||domainserverlawa524.web.app$document
 ||domainserverlawa525.web.app$document
 ||domainserverlawa526.web.app$document
 ||domainserverlawa527.web.app$document
@@ -1735,28 +1663,21 @@
 ||domainserverlawa531.web.app$document
 ||domainserverlawa532.web.app$document
 ||domainserverlawa533.web.app$document
-||domainserverlawa534.web.app$document
-||domainserverlawa535.web.app$document
 ||domainserverlawa536.web.app$document
 ||domainserverlawa537.web.app$document
 ||domainserverlawa538.web.app$document
 ||domainserverlawa539.web.app$document
 ||domainserverlawa54.web.app$document
-||domainserverlawa540.web.app$document
 ||domainserverlawa541.web.app$document
 ||domainserverlawa542.web.app$document
 ||domainserverlawa543.web.app$document
-||domainserverlawa544.web.app$document
 ||domainserverlawa545.web.app$document
 ||domainserverlawa546.web.app$document
 ||domainserverlawa547.web.app$document
-||domainserverlawa548.web.app$document
 ||domainserverlawa549.web.app$document
 ||domainserverlawa550.web.app$document
 ||domainserverlawa551.web.app$document
-||domainserverlawa552.web.app$document
 ||domainserverlawa553.web.app$document
-||domainserverlawa554.web.app$document
 ||domainserverlawa555.web.app$document
 ||domainserverlawa556.web.app$document
 ||domainserverlawa557.web.app$document
@@ -1766,9 +1687,7 @@
 ||domainserverlawa560.web.app$document
 ||domainserverlawa561.web.app$document
 ||domainserverlawa562.web.app$document
-||domainserverlawa563.web.app$document
 ||domainserverlawa564.web.app$document
-||domainserverlawa565.web.app$document
 ||domainserverlawa566.web.app$document
 ||domainserverlawa567.web.app$document
 ||domainserverlawa568.web.app$document
@@ -1777,35 +1696,24 @@
 ||domainserverlawa570.web.app$document
 ||domainserverlawa571.web.app$document
 ||domainserverlawa572.web.app$document
-||domainserverlawa573.web.app$document
 ||domainserverlawa574.web.app$document
 ||domainserverlawa575.web.app$document
 ||domainserverlawa576.web.app$document
 ||domainserverlawa577.web.app$document
 ||domainserverlawa578.web.app$document
 ||domainserverlawa579.web.app$document
-||domainserverlawa58.web.app$document
-||domainserverlawa580.web.app$document
 ||domainserverlawa581.web.app$document
 ||domainserverlawa582.web.app$document
 ||domainserverlawa583.web.app$document
-||domainserverlawa584.web.app$document
-||domainserverlawa585.web.app$document
 ||domainserverlawa586.web.app$document
 ||domainserverlawa587.web.app$document
 ||domainserverlawa588.web.app$document
 ||domainserverlawa589.web.app$document
 ||domainserverlawa59.web.app$document
-||domainserverlawa590.web.app$document
-||domainserverlawa591.web.app$document
 ||domainserverlawa592.web.app$document
 ||domainserverlawa593.web.app$document
-||domainserverlawa594.web.app$document
-||domainserverlawa595.web.app$document
-||domainserverlawa596.web.app$document
 ||domainserverlawa597.web.app$document
 ||domainserverlawa598.web.app$document
-||domainserverlawa599.web.app$document
 ||domainserverlawa60.web.app$document
 ||domainserverlawa600.web.app$document
 ||domainserverlawa601.web.app$document
@@ -1813,25 +1721,18 @@
 ||domainserverlawa603.web.app$document
 ||domainserverlawa604.web.app$document
 ||domainserverlawa605.web.app$document
-||domainserverlawa606.web.app$document
 ||domainserverlawa607.web.app$document
 ||domainserverlawa608.web.app$document
 ||domainserverlawa609.web.app$document
-||domainserverlawa61.web.app$document
 ||domainserverlawa610.web.app$document
-||domainserverlawa611.web.app$document
 ||domainserverlawa612.web.app$document
 ||domainserverlawa613.web.app$document
 ||domainserverlawa614.web.app$document
-||domainserverlawa615.web.app$document
-||domainserverlawa616.web.app$document
-||domainserverlawa617.web.app$document
 ||domainserverlawa618.web.app$document
 ||domainserverlawa619.web.app$document
 ||domainserverlawa62.web.app$document
 ||domainserverlawa620.web.app$document
 ||domainserverlawa621.web.app$document
-||domainserverlawa622.web.app$document
 ||domainserverlawa623.web.app$document
 ||domainserverlawa624.web.app$document
 ||domainserverlawa625.web.app$document
@@ -1852,7 +1753,6 @@
 ||domainserverlawa639.web.app$document
 ||domainserverlawa64.web.app$document
 ||domainserverlawa640.web.app$document
-||domainserverlawa641.web.app$document
 ||domainserverlawa642.web.app$document
 ||domainserverlawa643.web.app$document
 ||domainserverlawa644.web.app$document
@@ -1868,11 +1768,6 @@
 ||domainserverlawa653.web.app$document
 ||domainserverlawa654.web.app$document
 ||domainserverlawa655.web.app$document
-||domainserverlawa656.web.app$document
-||domainserverlawa657.web.app$document
-||domainserverlawa658.web.app$document
-||domainserverlawa659.web.app$document
-||domainserverlawa66.web.app$document
 ||domainserverlawa660.web.app$document
 ||domainserverlawa661.web.app$document
 ||domainserverlawa662.web.app$document
@@ -1883,14 +1778,10 @@
 ||domainserverlawa667.web.app$document
 ||domainserverlawa668.web.app$document
 ||domainserverlawa669.web.app$document
-||domainserverlawa67.web.app$document
-||domainserverlawa670.web.app$document
 ||domainserverlawa671.web.app$document
 ||domainserverlawa672.web.app$document
 ||domainserverlawa673.web.app$document
-||domainserverlawa674.web.app$document
 ||domainserverlawa675.web.app$document
-||domainserverlawa676.web.app$document
 ||domainserverlawa677.web.app$document
 ||domainserverlawa678.web.app$document
 ||domainserverlawa679.web.app$document
@@ -1898,12 +1789,8 @@
 ||domainserverlawa680.web.app$document
 ||domainserverlawa681.web.app$document
 ||domainserverlawa682.web.app$document
-||domainserverlawa683.web.app$document
 ||domainserverlawa684.web.app$document
 ||domainserverlawa685.web.app$document
-||domainserverlawa686.web.app$document
-||domainserverlawa687.web.app$document
-||domainserverlawa688.web.app$document
 ||domainserverlawa689.web.app$document
 ||domainserverlawa69.web.app$document
 ||domainserverlawa690.web.app$document
@@ -1911,7 +1798,6 @@
 ||domainserverlawa692.web.app$document
 ||domainserverlawa693.web.app$document
 ||domainserverlawa694.web.app$document
-||domainserverlawa695.web.app$document
 ||domainserverlawa696.web.app$document
 ||domainserverlawa697.web.app$document
 ||domainserverlawa698.web.app$document
@@ -1922,15 +1808,11 @@
 ||domainserverlawa702.web.app$document
 ||domainserverlawa703.web.app$document
 ||domainserverlawa704.web.app$document
-||domainserverlawa705.web.app$document
 ||domainserverlawa706.web.app$document
-||domainserverlawa707.web.app$document
 ||domainserverlawa708.web.app$document
 ||domainserverlawa709.web.app$document
 ||domainserverlawa71.web.app$document
-||domainserverlawa710.web.app$document
 ||domainserverlawa711.web.app$document
-||domainserverlawa712.web.app$document
 ||domainserverlawa713.web.app$document
 ||domainserverlawa714.web.app$document
 ||domainserverlawa715.web.app$document
@@ -1939,17 +1821,13 @@
 ||domainserverlawa718.web.app$document
 ||domainserverlawa719.web.app$document
 ||domainserverlawa72.web.app$document
-||domainserverlawa720.web.app$document
 ||domainserverlawa721.web.app$document
 ||domainserverlawa722.web.app$document
-||domainserverlawa723.web.app$document
 ||domainserverlawa724.web.app$document
 ||domainserverlawa725.web.app$document
 ||domainserverlawa726.web.app$document
 ||domainserverlawa727.web.app$document
-||domainserverlawa728.web.app$document
 ||domainserverlawa729.web.app$document
-||domainserverlawa73.web.app$document
 ||domainserverlawa730.web.app$document
 ||domainserverlawa731.web.app$document
 ||domainserverlawa732.web.app$document
@@ -1962,31 +1840,22 @@
 ||domainserverlawa739.web.app$document
 ||domainserverlawa74.web.app$document
 ||domainserverlawa740.web.app$document
-||domainserverlawa741.web.app$document
 ||domainserverlawa742.web.app$document
 ||domainserverlawa743.web.app$document
 ||domainserverlawa744.web.app$document
-||domainserverlawa745.web.app$document
 ||domainserverlawa746.web.app$document
-||domainserverlawa747.web.app$document
-||domainserverlawa748.web.app$document
 ||domainserverlawa749.web.app$document
 ||domainserverlawa75.web.app$document
 ||domainserverlawa750.web.app$document
-||domainserverlawa751.web.app$document
 ||domainserverlawa752.web.app$document
 ||domainserverlawa753.web.app$document
 ||domainserverlawa754.web.app$document
 ||domainserverlawa755.web.app$document
-||domainserverlawa756.web.app$document
 ||domainserverlawa757.web.app$document
 ||domainserverlawa758.web.app$document
 ||domainserverlawa759.web.app$document
-||domainserverlawa76.web.app$document
-||domainserverlawa760.web.app$document
 ||domainserverlawa761.web.app$document
 ||domainserverlawa762.web.app$document
-||domainserverlawa763.web.app$document
 ||domainserverlawa764.web.app$document
 ||domainserverlawa765.web.app$document
 ||domainserverlawa766.web.app$document
@@ -2006,22 +1875,17 @@
 ||domainserverlawa779.web.app$document
 ||domainserverlawa78.web.app$document
 ||domainserverlawa780.web.app$document
-||domainserverlawa781.web.app$document
 ||domainserverlawa782.web.app$document
 ||domainserverlawa783.web.app$document
 ||domainserverlawa784.web.app$document
 ||domainserverlawa785.web.app$document
 ||domainserverlawa786.web.app$document
-||domainserverlawa787.web.app$document
 ||domainserverlawa788.web.app$document
 ||domainserverlawa789.web.app$document
 ||domainserverlawa79.web.app$document
 ||domainserverlawa790.web.app$document
-||domainserverlawa791.web.app$document
-||domainserverlawa792.web.app$document
 ||domainserverlawa793.web.app$document
 ||domainserverlawa794.web.app$document
-||domainserverlawa795.web.app$document
 ||domainserverlawa796.web.app$document
 ||domainserverlawa797.web.app$document
 ||domainserverlawa798.web.app$document
@@ -2030,7 +1894,6 @@
 ||domainserverlawa800.web.app$document
 ||domainserverlawa801.web.app$document
 ||domainserverlawa802.web.app$document
-||domainserverlawa803.web.app$document
 ||domainserverlawa804.web.app$document
 ||domainserverlawa806.web.app$document
 ||domainserverlawa807.web.app$document
@@ -2038,8 +1901,6 @@
 ||domainserverlawa809.web.app$document
 ||domainserverlawa81.web.app$document
 ||domainserverlawa810.web.app$document
-||domainserverlawa811.web.app$document
-||domainserverlawa812.web.app$document
 ||domainserverlawa813.web.app$document
 ||domainserverlawa814.web.app$document
 ||domainserverlawa815.web.app$document
@@ -2053,7 +1914,6 @@
 ||domainserverlawa822.web.app$document
 ||domainserverlawa823.web.app$document
 ||domainserverlawa824.web.app$document
-||domainserverlawa825.web.app$document
 ||domainserverlawa826.web.app$document
 ||domainserverlawa827.web.app$document
 ||domainserverlawa828.web.app$document
@@ -2065,9 +1925,7 @@
 ||domainserverlawa833.web.app$document
 ||domainserverlawa834.web.app$document
 ||domainserverlawa835.web.app$document
-||domainserverlawa836.web.app$document
 ||domainserverlawa837.web.app$document
-||domainserverlawa838.web.app$document
 ||domainserverlawa839.web.app$document
 ||domainserverlawa84.web.app$document
 ||domainserverlawa840.web.app$document
@@ -2075,29 +1933,21 @@
 ||domainserverlawa842.web.app$document
 ||domainserverlawa843.web.app$document
 ||domainserverlawa844.web.app$document
-||domainserverlawa845.web.app$document
 ||domainserverlawa846.web.app$document
-||domainserverlawa847.web.app$document
-||domainserverlawa848.web.app$document
-||domainserverlawa849.web.app$document
 ||domainserverlawa85.web.app$document
-||domainserverlawa850.web.app$document
 ||domainserverlawa851.web.app$document
 ||domainserverlawa852.web.app$document
 ||domainserverlawa853.web.app$document
-||domainserverlawa854.web.app$document
 ||domainserverlawa855.web.app$document
 ||domainserverlawa856.web.app$document
 ||domainserverlawa857.web.app$document
 ||domainserverlawa858.web.app$document
-||domainserverlawa859.web.app$document
 ||domainserverlawa86.web.app$document
 ||domainserverlawa860.web.app$document
 ||domainserverlawa861.web.app$document
 ||domainserverlawa862.web.app$document
 ||domainserverlawa863.web.app$document
 ||domainserverlawa864.web.app$document
-||domainserverlawa865.web.app$document
 ||domainserverlawa866.web.app$document
 ||domainserverlawa867.web.app$document
 ||domainserverlawa868.web.app$document
@@ -2108,7 +1958,6 @@
 ||domainserverlawa872.web.app$document
 ||domainserverlawa873.web.app$document
 ||domainserverlawa874.web.app$document
-||domainserverlawa875.web.app$document
 ||domainserverlawa877.web.app$document
 ||domainserverlawa878.web.app$document
 ||domainserverlawa879.web.app$document
@@ -2116,9 +1965,7 @@
 ||domainserverlawa880.web.app$document
 ||domainserverlawa881.web.app$document
 ||domainserverlawa882.web.app$document
-||domainserverlawa883.web.app$document
 ||domainserverlawa884.web.app$document
-||domainserverlawa885.web.app$document
 ||domainserverlawa886.web.app$document
 ||domainserverlawa888.web.app$document
 ||domainserverlawa889.web.app$document
@@ -2138,19 +1985,14 @@
 ||domainserverlawa902.web.app$document
 ||domainserverlawa903.web.app$document
 ||domainserverlawa904.web.app$document
-||domainserverlawa905.web.app$document
 ||domainserverlawa906.web.app$document
 ||domainserverlawa907.web.app$document
 ||domainserverlawa908.web.app$document
 ||domainserverlawa909.web.app$document
 ||domainserverlawa91.web.app$document
 ||domainserverlawa910.web.app$document
-||domainserverlawa911.web.app$document
 ||domainserverlawa912.web.app$document
 ||domainserverlawa913.web.app$document
-||domainserverlawa914.web.app$document
-||domainserverlawa915.web.app$document
-||domainserverlawa916.web.app$document
 ||domainserverlawa917.web.app$document
 ||domainserverlawa918.web.app$document
 ||domainserverlawa92.web.app$document
@@ -2159,22 +2001,14 @@
 ||domainserverlawa922.web.app$document
 ||domainserverlawa923.web.app$document
 ||domainserverlawa924.web.app$document
-||domainserverlawa925.web.app$document
 ||domainserverlawa926.web.app$document
 ||domainserverlawa927.web.app$document
 ||domainserverlawa929.web.app$document
-||domainserverlawa93.web.app$document
 ||domainserverlawa930.web.app$document
-||domainserverlawa931.web.app$document
 ||domainserverlawa932.web.app$document
-||domainserverlawa933.web.app$document
-||domainserverlawa934.web.app$document
 ||domainserverlawa935.web.app$document
-||domainserverlawa936.web.app$document
 ||domainserverlawa937.web.app$document
 ||domainserverlawa938.web.app$document
-||domainserverlawa939.web.app$document
-||domainserverlawa94.web.app$document
 ||domainserverlawa940.web.app$document
 ||domainserverlawa941.web.app$document
 ||domainserverlawa942.web.app$document
@@ -2183,45 +2017,33 @@
 ||domainserverlawa945.web.app$document
 ||domainserverlawa946.web.app$document
 ||domainserverlawa947.web.app$document
-||domainserverlawa948.web.app$document
 ||domainserverlawa949.web.app$document
 ||domainserverlawa95.web.app$document
 ||domainserverlawa950.web.app$document
-||domainserverlawa951.web.app$document
 ||domainserverlawa952.web.app$document
 ||domainserverlawa953.web.app$document
 ||domainserverlawa954.web.app$document
 ||domainserverlawa955.web.app$document
-||domainserverlawa957.web.app$document
 ||domainserverlawa958.web.app$document
 ||domainserverlawa959.web.app$document
 ||domainserverlawa96.web.app$document
-||domainserverlawa960.web.app$document
 ||domainserverlawa961.web.app$document
 ||domainserverlawa962.web.app$document
 ||domainserverlawa963.web.app$document
 ||domainserverlawa964.web.app$document
-||domainserverlawa965.web.app$document
 ||domainserverlawa966.web.app$document
 ||domainserverlawa967.web.app$document
-||domainserverlawa968.web.app$document
-||domainserverlawa969.web.app$document
 ||domainserverlawa97.web.app$document
 ||domainserverlawa970.web.app$document
-||domainserverlawa971.web.app$document
-||domainserverlawa972.web.app$document
 ||domainserverlawa973.web.app$document
 ||domainserverlawa974.web.app$document
 ||domainserverlawa975.web.app$document
 ||domainserverlawa976.web.app$document
 ||domainserverlawa977.web.app$document
-||domainserverlawa978.web.app$document
 ||domainserverlawa979.web.app$document
 ||domainserverlawa98.web.app$document
 ||domainserverlawa980.web.app$document
-||domainserverlawa981.web.app$document
 ||domainserverlawa982.web.app$document
-||domainserverlawa983.web.app$document
 ||domainserverlawa984.web.app$document
 ||domainserverlawa985.web.app$document
 ||domainserverlawa986.web.app$document
@@ -2231,14 +2053,11 @@
 ||domainserverlawa99.web.app$document
 ||domainserverlawa990.web.app$document
 ||domainserverlawa991.web.app$document
-||domainserverlawa992.web.app$document
 ||domainserverlawa993.web.app$document
-||domainserverlawa994.web.app$document
 ||domainserverlawa995.web.app$document
 ||domainserverlawa996.web.app$document
-||domainserverlawa997.web.app$document
-||domainserverlawa998.web.app$document
 ||domainserverlawa999.web.app$document
+||donaidrsilcio.com$document
 ||doooog.cn$document
 ||dopeydog.co.nz$document
 ||dorouscom.com$document
@@ -2246,10 +2065,12 @@
 ||dowaba-s2dhl.blogspot.com$document
 ||doz.tode.cz$document
 ||dpasdasfasfasfas.pages.dev$document
+||dpd-pl.566868.space$document
 ||dpd-redelivery-uk.com$document
 ||dpmasdaskj.pages.dev$document
 ||dr-joannepeeler.com$document
 ||dr3aq.byethost32.com$document
+||dreamhacker.pro$document
 ||dreamotion-jp.com$document
 ||drive.google.com/file/d/19zpw90jgon3j5merxi1pauvkjdmx8nfq/edit$document
 ||drive.google.com/file/d/1bcdyitw2vo5jp6yrbdmiy8cfrkcf4tby/view?usp=drive_web$document
@@ -2266,13 +2087,11 @@
 ||drive.google.com/file/d/1robiosanbh8doqa7yuiewn3akz4094ho/edit$document
 ||drivingschoolglasgow.co.uk$document
 ||drmarciovaleriano.com.br$document
-||dsadsadsa.diskstation.eu$document
 ||dsgcbeonline.com$document
+||dskedirekt.web.app$document
 ||dsp2codemdp.t.justns.ru$document
-||dswboot.cc$document
 ||dtpprtmwbtudyquwgytcqcthzc-dot-gl44393333333.rj.r.appspot.com$document
 ||dtrpsystasfasgas.pages.dev$document
-||duanemanor.tk$document
 ||dukhovnist.in.ua$document
 ||durecorpperu.com$document
 ||dwrat.andalous.org$document
@@ -2286,7 +2105,6 @@
 ||e63q45f9h5fr.clickfunnels.com$document
 ||eagleeyeapparel.com$document
 ||earth01.info$document
-||easy-webtdapp.com$document
 ||easywalletfix.net$document
 ||easywalletsfix.com$document
 ||eba0200d0c.nxcli.net$document
@@ -2295,17 +2113,14 @@
 ||eberhardtedwige.wixsite.com$document
 ||ebuddynews.com$document
 ||ec.snadc-oecddo.com$document
-||ecloanmoney.com$document
 ||ecogreenjanitorial.com$document
 ||ecomcrew.staging.wpengine.com$document
 ||ecomcrew.staging.wpengine.com/wp-content/plugins/alldomain/domain/dmain/index.php?i=i&amp;0=abuse@optusnet.com.au$document
 ||ecosteelsolution.ro$document
 ||ecusltd-my.sharepoint.com/:x:/r/personal/angela_ure_ecusltd_co_uk/_layouts/15/wopiframe.aspx?guestaccesstoken=umwosbguhwaqic3hhtqfly7zjwf8oggrcn6d%2bggohoc%3d&docid=1_1956f6e254d71417a89981b2a1c8d0a99&wdformid=%7be61ca4f5-c461-425a-a52e-4598e7b699e5%7d&action=formsubmit&cid=4ab9a2a7-7cf4-43ae-8149-ffead8d66e7b$document
-||editpdfonline.tk$document
 ||edje.com$document
 ||edukickmexico.com$document
 ||ee-sms.co.uk$document
-||ee.mseocri.com$document
 ||ee.scicemecod.com$document
 ||eeverywhere-my.sharepoint.com/personal/marco_eeverywhere_com/_layouts/15/onedrive.aspx?id=/personal/marco_eeverywhere_com/documents/documents&amp;originalpath=ahr0chm6ly9lzxzlcnl3agvyzs1tes5zagfyzxbvaw50lmnvbs86zjovcc9tyxjjby9fcwhvbeq1x3hltknorzbdmdvvmgjvvujoy1z3b25futjvejhtlwxqrg9svwvrp3j0aw1lpvduaunytfu4mlvn$document
 ||efarms.com.ng$document
@@ -2330,7 +2145,6 @@
 ||emsi-lobo.firebaseapp.com$document
 ||en-template-solicito-16414253314897.onepage.website$document
 ||enbolivia.com$document
-||enchanting-guiltless-suede.glitch.me$document
 ||encryptdrive.booogle.net$document
 ||engcamp.org$document
 ||enoman.fqzsdgtg.cn$document
@@ -2359,23 +2173,21 @@
 ||eth.coinscout.cc$document
 ||ethnictrendz.com$document
 ||ets.jwr.pa-fakfak.go.id$document
-||etwtny.cf$document
 ||eu.questionpro.com/a/takesurvey?tt=/p9xlsw/pwa97qdwq8ubbg%3d%3d$document
 ||eu.questionpro.com/t/ab3uufjzb3vk20$document
 ||eucriomeumundo.com$document
 ||eugnerally-wixsite-com.filesusr.com$document
-||euraby.com$document
 ||eurobankovnikredit.com/?fbclid=iwar3cu_8pblosqw-rwa7evcrs5jpl6zvzkou0qrf7vl9oqge4h2ctmcxrdyk$document
 ||eusa-lombo.firebaseapp.com$document
 ||evashoes.com.ua$document
+||even-besar-banget.duckdns.org$document
 ||even-ff-gratisterbaru2022.duckdns.org$document
-||even-ff-terbarugratis2022.duckdns.org$document
+||event-ff-bundle-baru.duckdns.org$document
 ||event-freefire728.duckdns.org$document
+||event-freeskkinmlbb.duckdns.org$document
 ||event-garenafreefire263.duckdns.org$document
-||event-skin-resmi-2022.duckdns.org$document
-||eventclaimfreefiregratis2022.duckdns.org$document
 ||eventclaimsff0.duckdns.org$document
-||eventgarenafreefiremax2022.duckdns.org$document
+||eventspinfreefire2022.duckdns.org$document
 ||everestmotors.com.np$document
 ||evernote.com/shard/s339/client/snv?noteguid=f48e12fd-48da-e57f-8e76-cdf6e4054e1d&amp;notekey=02a9fa6bd051dc6b4581ee3b617b3f88&amp;sn=https://www.evernote.com/shard/s339/sh/f48e12fd-48da-e57f-8e76-cdf6e4054e1d/02a9fa6bd051dc6b4581ee3b617b3f88&amp;title=optus%20webmail$document
 ||evernote.com/shard/s446/client/snv?noteguid=4dc119ab-57d6-b8e0-4fcb-c11c0a637b94&notekey=9ddb3753cb700b0c86a78176be71f4f5&sn=https%3a%2f%2fwww.evernote.com%2fshard%2fs446%2fsh%2f4dc119ab-57d6-b8e0-4fcb-c11c0a637b94%2f9ddb3753cb700b0c86a78176be71f4f5&title=you%2bhave%2breceived%2ban%2binvoice.$document
@@ -2391,6 +2203,7 @@
 ||exchange4free.com/remote/mandate/4jya9anuerrpmikrph7-j5pl9nyz_uw1bc7q1vvmmhw$document
 ||exchangedictionary.com$document
 ||exodlus.net$document
+||exodus-2022.com$document
 ||exodus.com-wallet-signin.com$document
 ||exodus.com-web-wallet-online.com$document
 ||exodus.com.tccaponline.com$document
@@ -2403,6 +2216,7 @@
 ||extracloud.com.au$document
 ||ezblox.site$document
 ||ezssausage.com$document
+||f2f.co.jp$document
 ||f6fr7.codesandbox.io$document
 ||f9w1lned0ruqblxi6jahwotak.filesusr.com$document
 ||faccebook.azurewebsites.net$document
@@ -2417,7 +2231,10 @@
 ||facebook.com-zxsrf038k.isiolo.go.ke$document
 ||facebook.eventspinff.wtf$document
 ||facebook.kingstopup.com$document
+||facebook.whcserverbox.com$document
+||facebook8facebook.blogspot.com$document
 ||facebookk.azurewebsites.net$document
+||facebookphisher.herokuapp.com$document
 ||facebooks.azurewebsites.net$document
 ||faic.in$document
 ||faizankhan0408.github.io$document
@@ -2431,13 +2248,13 @@
 ||fax.gruppobiesse.it$document
 ||fb-case-id-28031803-fcdc-48af.web.app$document
 ||fb-pages.proteksion-help.workers.dev$document
+||fb.10004682.review$document
 ||fb.expressturkeyi.com$document
 ||fb7927.bget.ru$document
 ||fbapps.milestoneinternet.com/gvrmpushnotification/nbproject/private/fbapps/melis/$document
 ||fclighting.sharepoint.com/:x:/r/customercare/_layouts/15/wopiframe.aspx?guestaccesstoken=ce%2fd5uzxeu8hlntd6e5v18nttv4whxgmlwyudt4igom%3d&docid=1_1eb5df03726a240859b223a44b8b16724&wdformid=%7bb8008e00-21bc-4a4a-91dc-1e1b63610c96%7d&action=formsubmit&cid=c766f7bd-9562-4c9e-a9b0-75cf38b33e48$document
 ||fdasd.2e4jept.cn$document
 ||fdhgf.xyz$document
-||feceboolk.blogspot.com$document
 ||federalaccesscredit.com$document
 ||fedner.net$document
 ||feeds.feedburner.com/investorway$document
@@ -2447,9 +2264,10 @@
 ||feriadempleos.com$document
 ||ferienhof-gempel.de$document
 ||ff-anivesary225.duckdns.org$document
+||ff-member-ganena.com$document
 ||ff-membership-garena.com$document
 ||ff-membershipz-garena.ga$document
-||ff.membership.garenaj.vn$document
+||ff.members.garera.vn$document
 ||ffim-event-2022.duckdns.org$document
 ||fghjr74rhudfguhtfguji.blogspot.com$document
 ||fi.uy$document
@@ -2460,7 +2278,6 @@
 ||fikir.id$document
 ||files.fm/f/75h75hd7v$document
 ||fileundelete.net$document
-||filmkenner.com$document
 ||filtrosmil.com.br$document
 ||finalfantasyguide.co.uk$document
 ||finiiishingedgex.tk$document
@@ -2497,12 +2314,15 @@
 ||flowcode.com/page/bttelecommunicaation$document
 ||flowcode.com/page/bttelecoommunication$document
 ||flowcode.com/page/hjbsvjhfb$document
+||flowcode.com/page/jhgcfghj$document
 ||flowcode.com/page/mnkpo$document
 ||flowerfactoryonline.com$document
 ||fluksrv.mycpanel.rs$document
 ||fmwebapp.azurewebsites.net$document
 ||foliar.pl$document
 ||foma-ura-lote.firebaseapp.com$document
+||foor1.com$document
+||for-pakage-delevry.tragaroleary.com$document
 ||foresta-mod.firebaseapp.com$document
 ||forhimself9999.co.vu$document
 ||formbuddy.com$document
@@ -2549,7 +2369,6 @@
 ||forms.office.com/pages/responsepage.aspx?id=jrbxvx3x9keewcq72hm6fnkqekonandcsjd9av060h5urepumvvgmks2te41rfewmlletulvufnuqy4u$document
 ||formtools.com$document
 ||forum-dofus.com.co$document
-||foryour.gov-information.info$document
 ||fpalpha.myportfolio.com$document
 ||fpmaam.org$document
 ||fr-europe564598-com.filesusr.com$document
@@ -2565,6 +2384,7 @@
 ||freefireevent-codashop2022.duckdns.org$document
 ||freeitemff-allreward.duckdns.org$document
 ||freeliker.net$document
+||freereward-ff.duckdns.org$document
 ||frefire-membership-garena.sukienfreefire2021.top$document
 ||freg-nine.pt$document
 ||friendsofnechockey.com$document
@@ -2580,21 +2400,22 @@
 ||ftx.cool$document
 ||ftxbonus.site$document
 ||funiswap.exchange$document
+||furgonetka-1.pl$document
 ||fusionrestobar.cl$document
+||futurebits.in$document
+||fwztmgr.cn$document
 ||fxhalifax.com$document
 ||fxxmpavktyihgyqitmuaimubui-dot-gl44393333333.rj.r.appspot.com$document
 ||g-mtcc.com$document
 ||g.greatsubstance.com.my$document
 ||ga.teesmith.shop$document
 ||gabrielamims.com$document
-||gabung-grubnew1342.duckdns.org$document
 ||gagaclinic.com$document
 ||gakrvwufrvhxjaabezdbltlhff-dot-gl44393333333.rj.r.appspot.com$document
 ||gallciaonllne.webcindario.com$document
 ||garena-xacminhtaikhoan.com$document
-||garenafreefire728.duckdns.org$document
-||gastronomiarobertos.com$document
 ||gasunige.mfs.gg$document
+||gbunggrup-pmrsatu13.duckdns.org$document
 ||gedfdfsd.eu$document
 ||geg.li$document
 ||generali-italia-ag.hrweb.it$document
@@ -2625,11 +2446,9 @@
 ||go.skimresources.com/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp;test=off&amp;id=355x561&amp;url=https://www.paypal.com/shopping/&amp;xguid=01ff0qxy635yfpkrdaxav47j5k&amp;persistence=1&amp;checksum=cb2e0f7328d6ffea0e15a24046095a0bb98d27d4488e822bea4b181763f2eb0b$document
 ||go24link.com$document
 ||goldenlasgidi10.web.app$document
-||golfloslagos.com/wp-includes/js/thickbox/connexion/connexion/app/cdn/?fmfcgzgljlrvjdlwthjpssjfsnvbwgbbfmfcgzgljltdnhmxflbfwpzhjxchnhhqfmfcgzgkzqqhdhckrlvrtkvlbxfdwlclfmfcgzgkzqqhdhckrlvrtkvlbxfdwlclfmfcgzgkzqqhdhckrlvrtkvlbxfdwlcl$document
 ||golkondaresorts.com$document
 ||goo-gl.me$document
 ||good12345.tripod.com$document
-||goofy-wozniak.192-210-226-164.plesk.page$document
 ||google.com/url?q=http%3a%2f%2fbit.do%2ffr6ci&sa=d&sntz=1&usg=afqjcne7joz-iz-adrzkrxcihj8t9fs9qw$document
 ||google.com/url?q=http%3a%2f%2fbit.do%2ffsgjq&amp;sa=d&amp;sntz=1&amp;usg=afqjcngvqc30z-4hiaizv03gpwblwu3vnw$document
 ||google.com/url?q=http://srv-auth.web.app/upd/index.html%23%5b%5b-email-%5d%5d&amp;source=gmail&amp;ust=1607952068298000&amp;usg=afqjcnet34jepejaewvja8unv7ycds1vjg$document
@@ -2650,39 +2469,28 @@
 ||greekinfra.com$document
 ||greenclasses.in$document
 ||grosshandel-mevida.de$document
-||group-mantap-seger.duckdns.org$document
 ||group-wa-1.duckdns.org$document
-||groupbkep-vral15.duckdns.org$document
 ||groworldinternational.com$document
 ||grp02.member.mycld-rakuten.info$document
-||grub-sangex.wikaba.com$document
-||grubgabung.duckdns.org$document
 ||grubnatajadeh12.duckdns.org$document
+||grubterbarukk037.duckdns.org$document
 ||grubviralterbaru65c.duckdns.org$document
-||grup-bokephot-terbaru2022.duckdns.org$document
-||grup-bokepviral4.duckdns.org$document
-||grup-dwsa-indomesia845.duckdns.org$document
-||grup-viral-seleb.duckdns.org$document
-||grup-viralbokep111.myftp.org$document
-||grup-viralbokep2.ddns.net$document
+||gruo-wa-okep-dewasa-2022.duckdns.org$document
+||grup-bokep-terbaru555.duckdns.org$document
 ||grup-whatsapp121.duckdns.org$document
 ||grup-whatsappbokep1.duckdns.org$document
 ||grup-whatsappbokep2.duckdns.org$document
-||grupbokeppadacantik.duckdns.org$document
+||grup2022ssx.duckdns.org$document
 ||grupofsp.com.br$document
 ||gruposanpio.com$document
-||gruptiktok.wikaba.com$document
-||grupviral-xx.duckdns.org$document
-||grupviral109.duckdns.org$document
-||grupviralterbaru.duckdns.org$document
+||grupwhatsaap-viral-2022.duckdns.org$document
 ||grupwhatsappnobar-2022.duckdns.org$document
 ||gscommunityspirit.greenschool.org$document
 ||gstsolutions.online$document
+||gtw420.com$document
 ||gunatanahku.perkimtan.sumbarprov.go.id$document
 ||gurukanth.com$document
 ||gwenet.org$document
-||gyfnqyk.cn$document
-||gymjaokhanakho.azurewebsites.net$document
 ||habbocreditosparati.blogspot.com$document
 ||hafslundno.blogspot.com/2021/12/hafslund.html$document
 ||haftteam.ir$document
@@ -2719,20 +2527,19 @@
 ||haunlimited.org$document
 ||hcnprdvz.azureedge.net$document
 ||hdmediahub.club$document
-||hdss-stream.org$document
 ||heaterintwintersz.ams3.digitaloceanspaces.com/yuhgbfvdfvbtytrvdfbgt.html$document
 ||heinthu1.github.io$document
 ||hellenic-postbank.com$document
-||helloparis.co.uk$document
 ||help-account-bxsfe.ondigitalocean.app$document
+||help-identity-recoveri-support-center.web.id$document
 ||help-notice-center-identity-6532.web.id$document
 ||help.insecur.saftyalert.workers.dev$document
 ||help.validation-page.workers.dev$document
+||helpingcentere.com$document
 ||henan.vxim58i.cn$document
 ||hermes.parcel-tracker.com$document
 ||hetershaven.net$document
 ||heuristic-gagarin.45-88-108-231.plesk.page$document
-||hfemail.ntneancns.com$document
 ||hgda.db0u4hs.cn$document
 ||hgdaa.lfoxcct.cn$document
 ||hghgda.erjl0hx.cn$document
@@ -2747,11 +2554,9 @@
 ||hifly39091.top$document
 ||hifly61215.top$document
 ||hifly71191.top$document
-||hikaheal.com$document
 ||himalayansherpa.com.au$document
 ||himbauane.blogspot.com$document
 ||hitman71hd-wixsite-com.filesusr.com$document
-||hjhjjhjhjh.pagedemo.co$document
 ||hm.ru/mz4yho$document
 ||hockian.com$document
 ||holobeam.000webhostapp.com$document
@@ -2760,7 +2565,6 @@
 ||homeentertainmentexpo.com/zeland.html$document
 ||homepichilinea2.webcindario.com$document
 ||homesinlogin.com$document
-||homestaylongho.com$document
 ||hostnix.net$document
 ||hostpoint.ch.17a902ef.tcorner.fr$document
 ||hotbrooks.com$document
@@ -2770,7 +2574,6 @@
 ||house18.info/themes/engines/ira.xml$document
 ||houseofscotland.com.au$document
 ||hpnepgnmwrgdrrsdshzrvyirlx-dot-gl44393333333.rj.r.appspot.com$document
-||hpnepgnmwrgdrrsdshzrvyirlx-dot-gl44393333333.rj.r.appspot.com/''''''''''''''''''''''''''''''''/$document
 ||hpplotters.in$document
 ||href.li/?https://trimurl.co/0wsx7z$document
 ||href.li/?https://www.rkat2.2r-p.xyz/$document
@@ -2781,6 +2584,7 @@
 ||ht.ly/hgav30ruohf$document
 ||ht.ly/shoh30rwmdj?10/13/2021$document
 ||htlgroup.com.my$document
+||httpcom-0d4tol437.isiolo.go.ke$document
 ||httpeugnerally-wixsite-com.filesusr.com$document
 ||https-scert-con04.xyz$document
 ||https-scert-srv02.xyz$document
@@ -2807,7 +2611,6 @@
 ||ialvkqkadlmcdltczoqpwoociz-dot-gl44393333333.rj.r.appspot.com$document
 ||ibpm.ru$document
 ||icloud-map-live.com$document
-||icloudstatus.com.ng$document
 ||icy.martulangbelulalng.workers.dev$document
 ||idappswallets.com$document
 ||identifiez-vous-avec-votre-compte.yolasite.com$document
@@ -2822,7 +2625,6 @@
 ||igsasso-my.sharepoint.com/:x:/r/personal/pginet_groupe-igs_fr/_layouts/15/wopiframe.aspx?guestaccesstoken=o1ljzjnq70g8yg6w%2fce3ec9zu3%2bg6ck6ibkmhwt3wl0%3d&amp;docid=1_1c2a91e87cc7a4ffb85611d8ebf31f653&amp;wdformid=%7bcdf56303%2d9250%2d4cf1%2d8370%2db3f9a84cd714%7d&amp;action=formsubmit$document
 ||iipvit.by$document
 ||ijcda.bukkats.cn$document
-||ijeioqhawdqioqho.weebly.com$document
 ||ijhca.0gb0h7z.cn$document
 ||ijjd.h8nmtcc.cn$document
 ||ijmna.p2y00vd.cn$document
@@ -2833,10 +2635,12 @@
 ||ikcsa.ajiqvjf.cn$document
 ||ikdff.jmo904i.cn$document
 ||ikja.lbanwqp.cn$document
+||ikjcd.p1z98hl.cn$document
 ||ikjd.uk0xnp8.cn$document
 ||ikjgd.rg6bzk7.cn$document
 ||ikmcd.u4jdbxm.cn$document
 ||ikmxaa.qcqxlrq.cn$document
+||ilooksrare.com$document
 ||iloveyourglasses.com$document
 ||ilpconnect.org$document
 ||im-creator.com/free/4t6u/bt$document
@@ -2844,11 +2648,11 @@
 ||im-creator.com/free/kfouo/btcommmms$document
 ||im-creator.com/free/msw0rd/att_word$document
 ||im-creator.com/viewer/vbid-fa0f29d5-fpsjmms8$document
+||image-pict-ig.duckdns.org$document
 ||imagematch300.com/survey/27415/source=39-4621$document
 ||imcreator.com/viewer/vbid-fa0f29d5-fpsjmms8$document
 ||imersao.impulseingles.com.br$document
 ||imf0rm4t10nc3nt3r-1d3nt1tys.000webhostapp.com$document
-||imi-ksa.jajainfo.net$document
 ||imobiliaria-cardinali-com-br.blogspot.com$document
 ||impostazionebper.000webhostapp.com$document
 ||improvproject.com/appmanager/renouvellement-automatique-obligatoire/ovh/managerweb-ovhdepartmenttechniqueovh/web.index.html5400configuration_hosting_database/web-ovh/vh/?user-agent=mozilla/5.0+(windows+nt+10.0;+win64;+x64)+applewebkit/537.36+(khtml,+like+gecko)+chrome/86.0.4240.75+safari/537.36$document
@@ -2856,11 +2660,11 @@
 ||imxprs.com/free/outlookwebaccessupgrade/outlookwebaccessupgrade$document
 ||imxprs.com/free/webmaiil/accounttportal$document
 ||in.deraya.org$document
-||inaueab.com$document
 ||indo-viral2022.duckdns.org$document
 ||info.lionnets.com$document
 ||infohypesquad.com$document
 ||infopichinchaweb.webcindario.com$document
+||information.safeamazoncardweb.cyou$document
 ||informations.recovery.confiryourpage.workers.dev$document
 ||infos00001.temp.swtest.ru$document
 ||infosecplace.com$document
@@ -2873,17 +2677,17 @@
 ||innca.ol90k56.cn$document
 ||innovasjon.as$document
 ||inps-ep.com$document
-||instagram-9.blogspot.com$document
-||instagramhelpp.agency$document
+||instahelppbaddge.ml$document
 ||insurance2019.moneynet.com.tw/wp-admin/maint/?hash=a2fyaw5hywxtzwlkyxjpymvpcm9aag90bwfpbc5jb20=$document
 ||intellidata-analytica.com$document
-||interbankempresahome.rankforever.com$document
 ||interbankempresas.pe-il.ru$document
+||interbankhomeweb.fullcircleteam.com$document
 ||intern.unibas-com.ch$document
 ||international-formulier.91-218-65-223.plesk.page$document
 ||internetbanking-caixa-gov.xyz$document
 ||internetbankinghelp.com$document
 ||internetservicetech.com$document
+||intesalife.ie$document
 ||intexargentina.com.ar$document
 ||inthewildproductions.com$document
 ||intoli.ru$document
@@ -2891,13 +2695,18 @@
 ||intranet.sztpe.info$document
 ||investpl.work$document
 ||iplogger.info$document
+||iqwea.soxr0u1.cn$document
 ||ironmantech.shop$document
-||irs-gov.us-get-funds-assistance.com$document
+||irs-gov-supportcenters.com$document
+||irs.gov-coronavirus-pandemic-tax-refund-submission.com$document
 ||is.gd/areawebmps$document
 ||is.gd/clnhxv$document
+||is.gd/f0iqhg?trackingid=lxyqpvnl&signature=newsletter$document
 ||is.gd/t1xeia$document
+||ise.com.ar$document
 ||isfirsatibul.com$document
 ||ismamorlin.my-place.us$document
+||isntagranmeta.pagedemo.co$document
 ||istudyalumni.com$document
 ||it-europe564598-com.filesusr.com$document
 ||it.melnikhotels.com$document
@@ -2908,12 +2717,17 @@
 ||iuhs.tyopfhn.cn$document
 ||iujdas.yfwxlc9.cn$document
 ||iuyydd.ebeg6uk.cn$document
-||j.mp/34vpnqn?muriitya$document
 ||j.mp/3arx6oo$document
 ||j.mp/3gydg8x?/supporrecovery$document
 ||j.mp/3i22f5g?jnlope$document
 ||j.mp/3kkkf0n$document
 ||j9w77d0.cn$document
+||jacco.co.jp-service-tranid-0001-00001m.jtlctj.cn$document
+||jacco.co.jp-service-tranid-0001-00001m.jxbehx.cn$document
+||jacco.co.jp-service-tranid-0001-00001m.qyb59bk.cn$document
+||jacco.co.jp-service-tranid-0001-00001m.v8vxqi.cn$document
+||jacco.co.jp-service-tranid-0001-00001m.v9iasv.cn$document
+||jacco.co.jp-service-tranid-0001-00001m.vjsj3y.cn$document
 ||jacobliston.com$document
 ||jadaart.org$document
 ||jagex-rewards.com$document
@@ -2925,32 +2739,31 @@
 ||jeanbaileyrobor.com$document
 ||jendelajogja.com$document
 ||jerinja.github.io$document
-||jessicasproul.com$document
 ||jetser-electrical-supply.business.site$document
-||jetstoop.top$document
 ||jett.gator.site$document
 ||jflkp.csb.app$document
 ||jfovukvysqnglcjghfxncklqih-dot-gl44393333333.rj.r.appspot.com$document
 ||jhda.wfdyk9p.cn$document
 ||jhdd.fjcslad.cn$document
 ||jhff.93oe0u9.cn$document
+||jhnd.0drhnjk.cn$document
 ||jiwanramchemical.com$document
 ||jjhcd.27ke98i.cn$document
 ||jk99j.sbs$document
-||jkhkjjkjk.pagedemo.co$document
 ||jlogine.com$document
+||jmcna.jiwayjc.cn$document
+||jmfykd.cyou$document
+||jncba.diiqsmm.cn$document
 ||jnlope.tangguakrapekpuik.link$document
 ||jnnc.grnxkoj.cn$document
 ||job-type.com$document
 ||jobs.job.com.bd$document
-||jobtima.com/wp-content/themes/swww04/?key=azhoi,email={email}$document
 ||joecamera.net$document
 ||john-ashley.de$document
-||join-chat-whatssap-viral-2022.duckdns.org$document
-||join-group-wa2022.duckdns.org$document
-||join-grub-bokep-gratis.duckdns.org$document
-||join-grubkienzy849.duckdns.org$document
-||join-whatsapp-tante-hot18.duckdns.org$document
+||join-group-1.duckdns.org$document
+||join-gruo-waku282.duckdns.org$document
+||joinedprice.com$document
+||joingrupku183.duckdns.org$document
 ||joingrupp-bkep156.duckdns.org$document
 ||joingrupterbaru-0.duckdns.org$document
 ||joinlinkviral729.duckdns.org$document
@@ -2958,13 +2771,15 @@
 ||joinssgropssney6.duckdns.org$document
 ||jow-japan.or.jp$document
 ||joyeriajireh.com.mx$document
-||jp-bnnk.japappoit.asdwb.xyz$document
-||jp-bnnk.japappoit.asdwd.xyz$document
+||jp-auid.com$document
+||jp.mercari.omany.buzz$document
 ||jptechdocsign.net$document
 ||jrhayley.plus.com$document
 ||jtbtigers.com/65g2g$document
 ||juandfar.github.io$document
+||jurisgeneral.com$document
 ||jurlebedev.ru$document
+||juscook.com$document
 ||justgot.gonevis.com$document
 ||justsayingbro.com$document
 ||jvk.zultifarza.workers.dev$document
@@ -2973,6 +2788,7 @@
 ||k12inc-my.sharepoint.com/personal/jdonahue_k12_com/_layouts/15/wopiframe.aspx?guestaccesstoken=jxndynkzmynao0nofzmhz4t%2fk%2br%2fg7qir2agrjo42ha%3d&docid=1_12252b23331654ef4bf8ef978a8eb83ee&wdformid=%7b2711d93c%2d7591%2d4baa%2db377%2dcf40ba8c7343%7d&action=formsubmit$document
 ||k3ja6d.webwave.dev$document
 ||kaamwalibais.co.in$document
+||kachinas.be$document
 ||kamdhenurealities.com$document
 ||kargonova.com$document
 ||kartaltepespor.com$document
@@ -2984,9 +2800,11 @@
 ||kdlscaffolding.co.uk$document
 ||kecc.com$document
 ||kecmanijada.com$document
+||kedai-gamers.com$document
 ||keep-passw0rd-supp0rt20211129-0106.supp0rtaaqkadq2zgnizte3ltbly2etnge5yi05ntm3lty2yjcwyzywzdjhmwa.workers.dev$document
 ||keepactive-8k98-l9k8-98j8-98j78u-d3d3-fr3d34d-2.pages.dev$document
 ||keepboxactive-msoe3e3-osd2rrf432-d342f4-3f34e32edetferef.pages.dev$document
+||kenanhusovic.com$document
 ||kevinsmovingservice.com$document
 ||kex81.sbs$document
 ||key-drcp.com$document
@@ -3010,7 +2828,6 @@
 ||konnect2kamadhenu.com$document
 ||koteng.odoo.com$document
 ||kr-bithumb.web.app$document
-||kraftongame.net$document
 ||krupije.com$document
 ||krx887.com$document
 ||ksschool.org.in$document
@@ -3018,6 +2835,7 @@
 ||kurortnoye.com.ua$document
 ||kutt.it/c07czi$document
 ||kutt.it/l3leph$document
+||ky79.com$document
 ||l-abe.com$document
 ||l-q.in$document
 ||l.wl.co/l?u=https://claimthirdpaymnet.page.link/mvfa?trackingid=4rcleqvo&signature=newsletter$document
@@ -3048,20 +2866,21 @@
 ||learningimpactmodel.com$document
 ||leboncoiinlbc.000webhostapp.com$document
 ||leboncoin.delivery01588.icu$document
+||lefaf77683.temp.swtest.ru$document
 ||lemeiesta.com$document
 ||lenagruessdich.net$document
 ||leroycu.ca$document
+||letoptuswebmail-9b69f0.ingress-comporellon.easywp.com$document
 ||lettertracing4kids.com$document
 ||lexnotes.com.ng$document
-||lg-bluebadgecenter.ml$document
 ||lg-onecom-io.web.app$document
 ||liberasrl.it$document
 ||lifeiswhatyoumakeofit.com/match_login/match.com/match/login1876.html$document
 ||lihi1.cc/fqg9x$document
 ||lihi1.cc/uh2xv$document
 ||lihi3.cc$document
-||linkcontract.tech$document
 ||linkedin.com/slink?code=ek5cbk8g$document
+||linkgrupkakak-disini.duckdns.org$document
 ||linkprotect.cudasvc.com/url?a=https://u25098085.ct.sendgrid.net/ls/click?upn=4o0yybebwwobmwye6nfxf74k9v8ctniui1j2zge2nz95e9lyg4bkzyeqhmb7dtwcz7ioun-2bn1j8mpzi-2fpiiskt0bhpz08nwukegu0uqqki2h1s5yghctgcifqu-2bw1xclixrd_0qvnbxqwscekttpgl5skkts6yu-2batmdqkyh3bke4v1frfd55qka72zddyevzyat2nxv1k3yz6k8mwivrnsgvysy0wagfn8g5lfrsekexaptnpwfu0cediip-2bx7vwnyo9s20tqt2-2bj-2bvkbnfrh9uuad9j9stqo-2bcbol-2fjxsacxht5mztqgwx1c5d6x4fkpu32hmnetd1eimxhhfmzkxiukogw4aalovfcjsym0u8gjpy-3d&amp;c=e,1,2vluk9dfc0eb8l7-rios2j4nvvlmg8fu0rs0_haoaqpf_7ary6vt_oiimum26g-03mgzmsvdmzlfwohfhlogn3z77jluyi415qw9iw3dptggs_9sfqsq4a,,&amp;typo=1$document
 ||linkr.bio/2oj172$document
 ||linkr.bio/5254ov$document
@@ -3073,6 +2892,7 @@
 ||linktr.ee/attmailserver$document
 ||linktr.ee/attonlineservice$document
 ||linktr.ee/attverificationpro$document
+||linktr.ee/btelop$document
 ||linktr.ee/btinternettt$document
 ||linktr.ee/d.emery1$document
 ||linktr.ee/dannygeez$document
@@ -3115,6 +2935,7 @@
 ||lloydsbank.secure-personal-device-login.com$document
 ||lloyduk-newdevice-registered-online.com$document
 ||llsckhuhskcamuqwbonsrhwpvk-dot-gl44393333333.rj.r.appspot.com$document
+||lmbanang.pgryuangbtusngka.link$document
 ||lnkd.dev$document
 ||lnkd.in/d8ruzprc$document
 ||lnkd.in/di6hueus$document
@@ -3125,26 +2946,30 @@
 ||lnkd.in/gib6fpsz$document
 ||lnterbancape-lbk.com$document
 ||lnterbank.pe.starneonsignsug.com$document
+||local-postoffice-deliver.com$document
 ||localwithg.com$document
 ||lockpichincha.webcindario.com$document
 ||loengregkuetngferu.live$document
 ||lofon-add.firebaseapp.com$document
 ||loftywallet.com$document
+||logfuliz.web.app$document
 ||login-a5x1ir9bkd0dfo9nrbe2akijf3ux35u2gard0djpitipusxxc8.website.yandexcloud.net$document
 ||login-facebook18.webnode.page$document
 ||login-live.com-s02.net$document
 ||login-np6hh1hdf6csg7hcskopd44b7e7z4clqa8lput68g5abukevka.website.yandexcloud.net$document
 ||login-postfinance.com$document
+||login-singaporee.apply-now-online-digital.com$document
 ||login.dbs.webdbslistinonline.com$document
 ||login.privategold.uytrtyuhij987.gowithapex.com$document
-||login.smbc.weddirecttop.com$document
 ||login.xfinity.meculinkvolt.com/home/?6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d-6c6f67696e2e7866696e6974792e6d6563756c696e6b766f6c742e636f6d$document
 ||logindhlaccess.dhlupdatelogin.workers.dev$document
+||loginnewatt.weebly.com$document
 ||logverify-df12e-verify-1230-eu.web.app$document
 ||loinesports.com$document
 ||lomadesarrollos.mx$document
 ||lombard11.eu$document
 ||lot-lp-x.web.app$document
+||love.gos-box.com$document
 ||lp.vp4.me$document
 ||lrs.financial$document
 ||lrs.foundation$document
@@ -3164,13 +2989,10 @@
 ||m.recovery.safetyacount.workers.dev$document
 ||m.recovery.saftypageupdate.workers.dev$document
 ||m.salsomascard.top$document
-||m4-appcaixia.com$document
 ||m42club.com$document
-||m5bundle.com$document
 ||machineryzoneservice.com$document
 ||macjakarta.com$document
 ||macst.cc$document
-||madamailru.temp.swtest.ru$document
 ||madens.com.pl$document
 ||madrhinoconsulting.com$document
 ||maestro.my.prod.dfg152.ru$document
@@ -3183,15 +3005,14 @@
 ||mail-gmxaktualisierung.yolasite.com$document
 ||mail-ovhcloud.web.app$document
 ||mail-ssocloud-srvr67yhguh.pages.dev$document
+||mail.atlanticeconcrete.com$document
 ||mail.enrollmoreclientsbootcamp.com$document
-||mail.gov-taxid.completofyours.info$document
-||mail.grup-dwsa-indomesia845.duckdns.org$document
 ||mail.hfcfit.com/forms/forms/form1.html$document
 ||mail.ims-fe.com$document
+||mail.kenanhusovic.com$document
 ||mail.kuttabalfatih.com$document
 ||mail.santepluspharma.com$document
 ||mail.sweetshopspecialtycoffee.com.au$document
-||mail.tariqalaraimi.com$document
 ||mail.trendset.com.ar.ci3.toservers.com/mua/179.32.144.1585349/sucursalpersonas.transaccionesbancolombia.com/mua$document
 ||mail.trendset.com.ar.ci3.toservers.com/mua/179.32.144.1585349/sucursalpersonas.transaccionesbancolombia.com/mua/$document
 ||mail.trendset.com.ar.ci3.toservers.com/mua/181.143.31.2028037/sucursalpersonas.transaccionesbancolombia.com/mua$document
@@ -3205,6 +3026,7 @@
 ||mail.trendset.com.ar.ci3.toservers.com/mua/191.95.152.1287758/sucursalpersonas.transaccionesbancolombia.com/mua/index.html$document
 ||mail.trendset.com.ar.ci3.toservers.com/mua/201.233.42.1501206/sucursalpersonas.transaccionesbancolombia.com/mua/index.html$document
 ||mail.updateinfo-billingo2.com$document
+||mail.wellsfargous.duckdns.org$document
 ||mail.wheel1factory.net$document
 ||mail.zenstream.com$document
 ||maildomaiincheck1.web.app$document
@@ -3232,60 +3054,57 @@
 ||mailupdattee10.web.app$document
 ||mailupdattee11.web.app$document
 ||mailupdattee12.web.app$document
-||mailupdattee13.web.app$document
 ||mailupdattee14.web.app$document
-||mailupdattee15.web.app$document
 ||mailupdattee16.web.app$document
 ||mailupdattee17.web.app$document
-||mailupdattee18.web.app$document
 ||mailupdattee19.web.app$document
 ||mailupdattee20.web.app$document
 ||mailupdattee21.web.app$document
 ||mailupdattee22.web.app$document
-||mailupdattee23.web.app$document
 ||mailupdattee24.web.app$document
 ||mailupdattee26.web.app$document
 ||mailupdattee27.web.app$document
 ||mailupdattee28.web.app$document
 ||mailupdattee29.web.app$document
-||mailupdattee32.web.app$document
 ||mailupdattee34.web.app$document
 ||mailupdattee35.web.app$document
 ||mailupdattee40.web.app$document
-||mailupdattee5.web.app$document
 ||mailupdattee6.web.app$document
 ||mailupdattee7.web.app$document
 ||mailupdattee8.web.app$document
-||mailupdattee9.web.app$document
+||mainbugerrorfixing.com$document
+||mainmobilerectify.live$document
+||mainsbscrestore.com$document
 ||maintoken.org$document
-||mainwalletappconnect.com$document
 ||makcts-go.ru$document
 ||make-anon-keep-past.rvsla.workers.dev$document
 ||mala-riba.com$document
 ||malaprontaargentina.com.br$document
 ||malehaenterprises.com$document
 ||malukutenggarakab.go.id$document
+||mamasitasont.blogspot.com$document
+||mamasitasont.blogspot.com/?m=0$document
 ||mandirilivinlinksystem.brizy.site$document
-||mandirilivinlinksystem2.brizy.site$document
 ||mandirilivinlinksystem3.brizy.site$document
-||manthsedty.live$document
 ||manualsync.com$document
+||maotun.xyz$document
 ||mapsa.com.pe$document
+||marifilmines.ca$document
 ||marinthe.poingaitongamlm.link$document
 ||marketplace-axieinfinity.io$document
 ||marketplace-axlelnfiniity.com$document
 ||marketplace.facebook.com-1b6x8r3ep.isiolo.go.ke$document
 ||marketplace.facebook.com-29ta3qbv.isiolo.go.ke$document
 ||marketplace.facebook.com-hzup1bae.isiolo.go.ke$document
+||marketplace.facebook.com-izkbuxmx.isiolo.go.ke$document
 ||marketplace.facebook.com-kq1oh2ae.isiolo.go.ke$document
+||marketplace.facebook.com-milt5ssm.isiolo.go.ke$document
 ||marketplace.facebook.com-qze9zt75vm.isiolo.go.ke$document
 ||marketplace.facebook.com-sauuvazpjo.isiolo.go.ke$document
 ||marketplace.facebook.com-tyeuieb7.isiolo.go.ke$document
 ||marketplace.facebook.com-wd5sulr0f5.isiolo.go.ke$document
 ||marketplace.facebook.com-z1au8cxghl.isiolo.go.ke$document
 ||marketplaceaxieinfiniity.com$document
-||marmardian.co.vu$document
-||marylkmatzenger.com$document
 ||masdas0932.co.vu$document
 ||masum.lawyer$document
 ||match.lookatmynewphotos.com$document
@@ -3325,22 +3144,28 @@
 ||mercariz.xyz$document
 ||meremanovegabana.website2.me$document
 ||mericarir.mbudeu.cn$document
-||mericarir.mg0gbo1.cn$document
+||mericarir.mednljn.cn$document
 ||mericarir.mgeukpx.cn$document
 ||mericarir.mglsffs.cn$document
-||mericarir.mksydb.cn$document
+||mericarir.mglxyul.cn$document
+||mericarir.mhgqdtv.cn$document
+||mericarir.mjrsrfo.cn$document
 ||mericarir.mktbbr.cn$document
+||mericarir.mkxbqnu.cn$document
 ||mericarir.mlyffa.cn$document
+||mericarir.mmsfzys.cn$document
 ||mericarir.mnfjwy.cn$document
 ||mericarir.mnheijt.cn$document
-||mericarir.mrzcafk.cn$document
 ||mericarir.msnygk.cn$document
-||mericorci-logining.sfhs26r.lyb6srb.cn$document
+||mericarir.mtlrnzu.cn$document
+||mericarir.mukkwvc.cn$document
+||mericarir.mxsoecl.cn$document
 ||meriocori-logining.2y3uio.pyqbas.cn$document
 ||mestertignseekjet4.blogspot.com$document
 ||mestertignseekjet5.blogspot.com$document
 ||mestertignseekjet6.blogspot.com$document
 ||mestredaobra.com$document
+||meta-support-centers.ml$document
 ||metalurgicagiom.com.br$document
 ||metamasc.club$document
 ||metamask-connect.com$document
@@ -3351,11 +3176,13 @@
 ||metamask.cam$document
 ||metamask.io-php.com$document
 ||metamask.kiwi$document
+||metamask.loan$document
 ||metamask.protocol-process.me$document
 ||metamask.security-information.cc$document
 ||metamask.social$document
 ||metamask.wallets-reauth.net$document
 ||metamaskdownloadandroid.xyz$document
+||metamaskextension.xyz$document
 ||metamassklogins-us.tumblr.com$document
 ||metaversepadapp.com$document
 ||meusabor.com.br$document
@@ -3363,21 +3190,22 @@
 ||mfacebook.blogspot.lt$document
 ||mfacebook.blogspot.rs$document
 ||mgpskartarpur.com$document
+||mgrandroyale.com$document
 ||mi.jetblue.com/p/cp/0ccc3066dc2bcd17/c?mi_u=87923176&mi_origin=&url=http://email.stickercanada.com/t?entity_type=2&entity_id=32534&email_pref_id=34785928&sent_id=1600423397&service_id=22668&redirect_url=https:/relievehotmailonly.cloudns.cl/imagineme/ionos.php$document
 ||mibancocrece.com.co$document
 ||micacd.elshov.com$document
-||michaelxrandazzo.com$document
 ||michiyado.com$document
 ||microcav.square.site$document
 ||microsoftonline.pages.dev$document
 ||microsoftwebserver.mfs.gg$document
 ||micuenta01.github.io$document
+||midasbuy1st.com$document
+||midsposc2.com$document
 ||mijnics-actualisatie.185-236-231-64.plesk.page$document
-||mikhali.com$document
+||mikayelxhovakimyan.com$document
 ||milanno342.blogspot.com/2020/11/fiyatlar.html$document
 ||milanobet301.com$document
 ||militarybikers.org$document
-||minamikaga.or.jp$document
 ||mingming20160152.github.io$document
 ||miozpro.com$document
 ||miracdoviz.com$document
@@ -3407,16 +3235,17 @@
 ||mk2.ge$document
 ||mkjiool.weebly.com$document
 ||mnbxa.73kfer9.cn$document
+||mnbxcas.zm7wwar.cn$document
 ||mncxx.qbeepor.cn$document
 ||mnnbx.r1rpj09.cn$document
+||mnncxa.fwffsyt.cn$document
 ||mobiile.systemredirect-pages.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link$document
-||mobil-singaporre.digital-online-login-opportunity.com$document
 ||mobile-orange-forever.yolasite.com$document
 ||mobile-portail.live$document
 ||mobile.hedgesportst.me$document
-||moccasinyellowbetatest--josekkk.repl.co$document
 ||moccasinyellowbetatest.josekkk.repl.co$document
 ||modest-hertz.45-81-232-15.plesk.page$document
+||moiksys.com$document
 ||mon-token.com$document
 ||mon.espace.lcl.fr.certosini.info$document
 ||monbudri.xyz$document
@@ -3432,6 +3261,7 @@
 ||monyeward.com$document
 ||morcario.xyz$document
 ||morfybox.com$document
+||movil.particulares-secure.com$document
 ||mqzlsim.mindlogicinfotech.com$document
 ||mrpitchman.com$document
 ||msc-doelsach.at$document
@@ -3455,16 +3285,15 @@
 ||my.jcpwb.com$document
 ||my.nhs-get-pass.com$document
 ||my.paydi.login-index-home.x4typfc.cn$document
-||my.paydi.logining-nexy-home.en6cnm.asia$document
 ||my02billing-login.com$document
-||myaccount.aol.wallat-billing.com.authlog.gq$document
+||mybeii.live$document
+||mybrenger-transport.com/app/views/abn/identification.php$document
 ||mycoerver.es$document
 ||mygoogleaccount.stantrade.xyz$document
 ||myjcb.cyyptoi.cn$document
 ||myjcb.thxpj.cn$document
 ||mymbg-aa2e2.web.app$document
 ||mymeta-securearea.plesk07.zap-webspace.com$document
-||mymetamask-clientarea.185-236-231-227.plesk.page$document
 ||mymweb-owner.at.ua$document
 ||myparc.sharepoint.com/:x:/r/_layouts/15/wopiframe.aspx?guestaccesstoken=xvdowzk%2bkm4wndrziofnpfcj8fb8rkrsqt%2bkybvollg%3d&docid=1_16fb1a2a3e2f9468aa7cebc35874c9da0&wdformid=%7b95111770-0103-492b-8c70-e9625f96b49a%7d&action=formsubmit&cid=4d02a372-8b83-4120-84b5-1d9a2a3492dd$document
 ||mypo-delivery.com$document
@@ -3477,7 +3306,6 @@
 ||n-naoko-0319.github.io$document
 ||n.salsomascard.top$document
 ||n26.sa-france.fr$document
-||n26servicetechnique.click$document
 ||n7orton.com$document
 ||nab-access-breach.com$document
 ||nab-alert.mobi$document
@@ -3485,7 +3313,6 @@
 ||naderkhani.ir$document
 ||najboljeuslugezavas.betterservicesforyou.com$document
 ||nalandaias.com$document
-||nalodke.com.ua$document
 ||nanjing.itud167.cn$document
 ||napgamelienquan.net$document
 ||naranja-users.auth0.com$document
@@ -3500,8 +3327,10 @@
 ||nayablabs.com$document
 ||nayameehomes.com$document
 ||nbcc.0bit08a.cn$document
+||nbcd.xiu58rl.cn$document
 ||nbcvs.gd65y69.cn$document
 ||nbcxa.lctlfdq.cn$document
+||nbcxas.551awvr.cn$document
 ||nbhjxa.hblhi96.cn$document
 ||nbnonres.com$document
 ||nbxaa.b1b6nac.cn$document
@@ -3513,12 +3342,9 @@
 ||necessitymag.com$document
 ||nedbankqa.flowblocks.com$document
 ||nedriw.xyz$document
-||neftlexi.com$document
 ||negociebra.com.br$document
 ||neptuneinnovations.com$document
 ||netciti.id$document
-||netf1ix.us-891691712-local-781652.airalgeriecanada.ca$document
-||netfl-lixids938mailmealkas.duckdns.org$document
 ||netflix-techarmy.me$document
 ||netflixus-uwm-916726-sbi-917827.kamaliakhaddar.pk$document
 ||netorg6600800-my.sharepoint.com/:x:/r/personal/ginger_gingerfountain_com/_layouts/15/wopiframe.aspx?guestaccesstoken=gpys8ex7ys1urrzbfeasvlexkodtrovmmcpn%2brsnebs%3d&amp;docid=1_1882b07b5eb5643d2bdaa63426324ef0e&amp;wdformid=%7b9bd54af1%2dee16%2d4e07%2d8d62%2d6e9b76e47512%7d&amp;action=formsubmit&amp;cid=9adf3e74-8cc1-4e36-b545-c9165fcafde7$document
@@ -3546,9 +3372,8 @@
 ||niagarapower.com$document
 ||nic-home.com$document
 ||nihmt.com/examination/admitpanel/filemanager/5365678587$document
-||nisuper.com$document
 ||nizotchauffage.bilty.be$document
-||nontonvidioviral2022nohoax.duckdns.org$document
+||nodesconnection.com$document
 ||northlane.esy.es$document
 ||norwayposten.blogspot.com/2021/02/blog-post.html$document
 ||notife.help.institutepages.workers.dev$document
@@ -3592,23 +3417,22 @@
 ||oijcd.qvjcddv.cn$document
 ||oikca.smwceku.cn$document
 ||oikcas.6b914ty.cn$document
+||oikcd.uf27ce8.cn$document
 ||oikcxa.zvvx01z.cn$document
 ||oivac.com$document
 ||okcs.qj8yua.cn$document
 ||okds.bbtlcve.cn$document
-||okep-terbaru-viral-2022.duckdns.org$document
+||okep-viral-terbaru-terhist-2022.duckdns.org$document
 ||okmca.8xcrn6w.cn$document
 ||okmca.bxkfham.cn$document
 ||okmca.uwudagu.cn$document
 ||okmxa.lfgpror.cn$document
 ||okpwtu.webwave.dev$document
+||ol-run1.online$document
 ||olidooo.waca.tw$document
 ||olk.us7apye.cn$document
 ||olmnxa.wc2ikux.cn$document
-||olx-pay-pl.pay-id22343.top$document
-||olx.saferegulatory.com$document
 ||omesqiwines.de$document
-||omicronvariat.pagedemo.co$document
 ||oncopharma-ae.com$document
 ||onecreator.info$document
 ||onedrive.zhaoge.workers.dev$document
@@ -3619,17 +3443,19 @@
 ||online-sistem.com$document
 ||online.visual-paradigm.com/app/forms/view/zalxyved/a9adea36-d163-4d46-a3de-0e990d86e78e$document
 ||onlineasesor01.hostfree.pw$document
+||onlinebanking.unrecognised-new-payee.com$document
 ||onlinecasinospark.com/ions/index.php?email=redacted@abuse.ionos.com$document
 ||onlineffn2.temp.swtest.ru$document
+||onlineislemlersayfasivkfgirisicom.tk$document
+||onlinsfuco.temp.swtest.ru$document
 ||onlysportplus.com$document
 ||ooxvocalor.yolasite.com$document
 ||opansea.live$document
 ||open24.ie-tsb.email$document
+||operationroofingllc3.com$document
 ||opticabattilana.com.ar$document
-||optika-anda.hr$document
 ||ora-n.yolasite.com$document
 ||orabu.it$document
-||oraclemart.com/ondedrive/onedrive/rolex/index.php$document
 ||orange-dcr.fr$document
 ||orange-security.cloud.coreoz.com$document
 ||orange.iobeya.com$document
@@ -3638,11 +3464,8 @@
 ||orangeb191.temp.swtest.ru$document
 ||orangess.contactin.bio$document
 ||org-nr.yolasite.com$document
-||orlen-inwe.web.app$document
-||orlen-x.web.app$document
 ||orlen.digital$document
 ||ormantencs112.odoo.com$document
-||oryxcaracalsecurity.com$document
 ||osis.world$document
 ||otomoto-h229.net$document
 ||otomoto3452.com$document
@@ -3651,6 +3474,7 @@
 ||ourgarden.us$document
 ||outlook1541489.webcindario.com$document
 ||outlookcom119.yolasite.com$document
+||ouverturecompte.lbp-eer.fr$document
 ||oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com$document
 ||oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com/''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''$document
 ||p1c.servleboncoinser.com$document
@@ -3659,7 +3483,6 @@
 ||package2021.blogspot.com$document
 ||page-restrict-case22456548.help$document
 ||pages-1008009999700022199021.com$document
-||pages-1008097555214021.com$document
 ||pages-alert-facebook.ezyro.com$document
 ||pages-community-standart-2022.co$document
 ||pages-marvelous-project.webflow.io$document
@@ -3668,11 +3491,11 @@
 ||pages.secure-accts.workers.dev$document
 ||pagesdetectscopyrightpostingactivitiesreported.co.vu$document
 ||pagos.sinpemovil.cr$document
+||paidpapers.net$document
 ||paleyeer.com$document
 ||palmm.ps$document
 ||pancaakesvap.com$document
 ||pancake-sawp.com$document
-||pancake.ellipsis.finance$document
 ||pancake7wop.com$document
 ||pancakesawpes.com$document
 ||pancakesfinances.info$document
@@ -3682,7 +3505,6 @@
 ||pancakeswap.multi-wallet.info$document
 ||pancakeswap.salsasourcing.com$document
 ||pancakeswapes.company$document
-||pancakeswapex.com$document
 ||pancakeswapexcgn.com$document
 ||pancakeswapexch.com$document
 ||pancakeswapexchage.com$document
@@ -3691,17 +3513,15 @@
 ||pancakeswapsupport.co/walletconnect/$document
 ||pancaku-swap.com$document
 ||pancalteswap.finance$document
+||panccakesswap.org$document
 ||panckaceswap.finance$document
-||pancoke.com$document
 ||pandaskin.ru.com$document
 ||panelweb-4cae2.web.app$document
 ||pankaceeswap.com$document
 ||pankaceswapes.finance$document
 ||pankakeswap.ledgity.com$document
 ||pannelpub-benin.com$document
-||pansccakeswap.finance$document
 ||pantazisezopiiuurmail1.web.app$document
-||pantekkalisakitkepalaku.blogspot.com$document
 ||paozeia.blogspot.com/?m=0$document
 ||parcel-support018.com$document
 ||pardot.assemblecommunities.com$document
@@ -3713,6 +3533,7 @@
 ||patient-cell-40f5.updatedlogmylogin.workers.dev$document
 ||patwise.co.in$document
 ||paws.org.au$document
+||paxfulacct.com$document
 ||paxfulmenu.com$document
 ||pay-sera.web.app$document
 ||pay16-olx.pl$document
@@ -3721,13 +3542,16 @@
 ||paypal-online-2deposits-paymentaccept.tk$document
 ||paypal-opladen.be$document
 ||paypalforex.co.ke$document
+||pbemail.youxiangdashui.com$document
 ||pdf-cloud-document.weeblysite.com$document
 ||pdf-sharefile-doc.weeblysite.com$document
 ||pdflogincnvwo.app.link$document
 ||pdfsecured.mystrikingly.com$document
 ||peaceful-black.193-70-50-31.plesk.page$document
+||pedih.001www.com$document
 ||pembatalanakundinonaktifkan.weebly.com$document
 ||pencakecwap.com$document
+||pensive-payne-505e1a.netlify.app$document
 ||perfectliker.net$document
 ||peringatanakunfb2k214.webnode.com$document
 ||phantom-walletweb.app$document
@@ -3754,7 +3578,8 @@
 ||pilmezorda.temp.swtest.ru$document
 ||pinchinchaverify.webcindario.com$document
 ||pirana.co.rs$document
-||pl-swiatowe-wiadomosci.pl$document
+||pkobp.pl.justns.ru$document
+||pl-wiadomosciswiatowe.pl$document
 ||pla1060604.nichost.ru$document
 ||plan-o2-monthlypayments.com$document
 ||planetaamor.org$document
@@ -3763,9 +3588,7 @@
 ||playgirlgold.com$document
 ||ploferta.com$document
 ||plugmailextraexpiredoldpolicynotificationscenter.pages.dev$document
-||plwiadomosciwszystkie.pl$document
 ||plytecfi-my.sharepoint.com/personal/pasi_puumalainen_plytec_fi/_layouts/15/wopiframe.aspx?sourcedoc={8f0414f2-e7a8-46f4-a2bb-d38353ed20d6}&amp;action=default&amp;originalpath=ahr0chm6ly9wbhl0zwnmas1tes5zagfyzxbvaw50lmnvbs86bzovzy9wzxjzb25hbc9wyxnpx3b1dw1hbgfpbmvux3bsexrly19mas9fdklvqkktbzvfukdvcnzuzzfqdelowui1vgg5bxf2ltjlvl9mohvka09sb2pnp3j0aw1lpxvysjgtvnb2mtbn$document
-||po-deliver-fees.com$document
 ||po-service-page.com$document
 ||poc-rewards-program-c2dfc.web.app$document
 ||podpiska-darom.ru$document
@@ -3782,6 +3605,7 @@
 ||polkadot-france.fr$document
 ||polkastarter.app$document
 ||polsd.pa0cpof.cn$document
+||polska-informacyjna.pl$document
 ||polxa.uh8dg67.cn$document
 ||polygon-pro.com$document
 ||polygon-secure.com$document
@@ -3799,7 +3623,6 @@
 ||postechsuivre.ileanamlaw.com$document
 ||postnl.post-tracking-delivery.etelinfra.com$document
 ||poww.6hkjmb.cn$document
-||ppkllp.com$document
 ||pplastmart.com/att/citi$document
 ||ppnnttcc.ppcnthsc.me$document
 ||ppt.cc/fia8mx$document
@@ -3821,11 +3644,13 @@
 ||primecentral.qiourn.shop$document
 ||primeone.org$document
 ||printtoner.com.mx$document
+||prism.net.in$document
 ||privacy-update-page-prtections-association-recovry-secu.web.id$document
 ||privacy-update-secu-recovry-page-protection-4565544.web.id$document
 ||privacy-update-secu-recovry-page-protection-comunity-45.web.id$document
 ||priyankasandokar1606.github.io$document
 ||pro.icloudremovaltool.com$document
+||pro.systemine.xyz$document
 ||procservautomatizacion.com$document
 ||production.anon-rest-keep-reset.sales18130.workers.dev$document
 ||production.anon-step-keep-object.sales18130.workers.dev$document
@@ -3839,6 +3664,7 @@
 ||production.twilight-darkness-9e4b.updatelogaccountprogramedrfwerwrdhscsw.workers.dev$document
 ||project1-df3e9.web.app$document
 ||projectlovewell.com$document
+||promashoppe.com$document
 ||promehedinti.ro$document
 ||promerica-sv.webcindario.com$document
 ||promericalinea01.webcindario.com$document
@@ -3848,8 +3674,6 @@
 ||prosxsiuser.myfreesites.net$document
 ||prosys.poweredbygravit-e.co.uk$document
 ||protect-4d56vca.surge.sh$document
-||proteczzguuaaardzzzpagess.000webhostapp.com$document
-||proteczzpagezzguarddzzz.000webhostapp.com$document
 ||provodi.com$document
 ||proximus-account.azurewebsites.net$document
 ||ptxx.cc$document
@@ -3877,13 +3701,13 @@
 ||quinaroja.com$document
 ||quip.com/jeh2aebbsh97$document
 ||quip.com/qv7malu8n7cz/you-have-some-messages-pending$document
+||quirky-jones.172-245-159-112.plesk.page$document
 ||quotex-qx.com$document
 ||qwas.nfi71vw.cn$document
 ||qwea.wvhee0w.cn$document
 ||qweas.hi5g95r.cn$document
 ||qweas.p6rhddj.cn$document
 ||qweas.zwfaclq.cn$document
-||qxluatbght.cfolks.pl$document
 ||r3c31v30n3-1d3nt1ty.000webhostapp.com$document
 ||r3g34.fra1.digitaloceanspaces.com/77ll23ween.html$document
 ||rabellartz.de$document
@@ -3893,6 +3717,7 @@
 ||rackenfordlabs.com$document
 ||racuten.nuef.info$document
 ||radhikamd.github.io$document
+||rafbbmx.ga$document
 ||rafbbmx.ml$document
 ||raipurrussianescorts.com$document
 ||rakoten-card.buogfbizkugf.gq$document
@@ -3903,31 +3728,29 @@
 ||rakuitan-card.info$document
 ||rakuten.awjoadc.cn$document
 ||rakuten.card.nuosreaoms.com$document
-||rakuten.card.uosmcoua.com$document
-||rakuthn.shop$document
-||rakuttm.shop$document
+||rakuten.co.jp.rakutenajp.xyz$document
 ||ramgarhiamatrimonial.ca$document
 ||rareelements.io$document
-||rasmer.fi$document
 ||ratewatch.net$document
 ||raycargo.com$document
 ||raydiom.io$document
-||razcjjf.ga$document
-||razcjjf.ml$document
 ||rbcmontgomery.com$document
 ||rd8um.app.link$document
 ||rdirtfuo6t.vov.ru$document
 ||re-direct-me.com$document
 ||re-redirection-acc-id923872635122.blogspot.com$document
+||readymag.com/u1496343659/3363308/$document
+||readymag.com/u3169021124/3364004/$document
+||readymag.com/u3908669287/3364075/$document
 ||real-anon-keep-passing-word.rvsla.workers.dev$document
 ||realestate-page-10843446024.expresspestcontrol.co.nz$document
 ||realindiatravel.com$document
 ||reamaam.blogspot.com/?m=0$document
 ||rebrand.ly/j7107dr$document
 ||rebrand.ly/z83ig2n?rb.routing.mode=proxy&amp;rb.routing.signature=123%20836$document
+||recibeya.tufacilmoneyonline.online$document
 ||reconfirmpost287846656.us$document
 ||recover-pages-media-problems-secur-782.web.id$document
-||recover-pages-secur-media-problems-393.web.id$document
 ||recover-pages-secur-media-problems-397.web.id$document
 ||recovery-chain.com$document
 ||recovery-fb.secure-acct.workers.dev$document
@@ -3948,6 +3771,7 @@
 ||reignbike.com$document
 ||reikisadhna.com$document
 ||reikreitel.blogspot.com/?m=0$document
+||rekoution.bcszxcd.shop$document
 ||release-held-messageshee.fra1.digitaloceanspaces.com/v01iebe3vicvgirviexv4sbdve1r03f.html$document
 ||relevant.systems$document
 ||remittance369297292749.goshly.com$document
@@ -3955,7 +3779,6 @@
 ||renovkonstruksi.com$document
 ||repl-mess.myfreesites.net$document
 ||restore.exodusapp.ru$document
-||restoredabefore-com.filesusr.com$document
 ||restorewallet-activation.net$document
 ||retiro-extracash.com$document
 ||retiro.cl$document
@@ -3987,7 +3810,6 @@
 ||roisnoob.github.io$document
 ||rokulinktechnology.com$document
 ||rolinadd.surveysparrow.com$document
-||romanceify.com$document
 ||rondalowa.blogspot.com$document
 ||rondelbarrilito.com$document
 ||ronin-help.com$document
@@ -3999,27 +3821,26 @@
 ||routeksa.com$document
 ||royalwindsorpub.com$document
 ||roygijvhluozwnflsypmewrstt-dot-gl44393333333.rj.r.appspot.com$document
-||roygijvhluozwnflsypmewrstt-dot-gl44393333333.rj.r.appspot.com/''''''''''''''''''''''''''''''''$document
 ||rplg.co$document
 ||rrakutenn.co.jp.azii.cn$document
 ||rrakutenn.co.jp.nanofresh.cn$document
 ||rsujkblokqlyqfonpzgztejdji-dot-gl44393333333.rj.r.appspot.com$document
-||rufoxxy.com$document
 ||runescape-info.com$document
+||runescapebonds.com$document
+||runescapeevents.com$document
 ||ruralaccounting.com.au/ruralaccoun/alibaba.com/portal.php?email=june3354@naver.com$document
 ||ruth.martulangbelulalng.workers.dev$document
-||ryanicolehoward.com$document
 ||rymproducciones.com$document
 ||s-sarfati.co.il$document
 ||s.id/-rb9g$document
+||s.id/actueel1$document
+||s.id/actueel2$document
 ||s.id/crsqh$document
 ||s.id/ytk-r$document
 ||s.macecri.com$document
-||s3-us-west-2.amazonaws.com/bvqs45qsd4azdqzz/a.html$document
 ||s3.amazonaws.com/progressivebank-uat/index.html$document
 ||s5vzr.app.link$document
 ||s787v.cn$document
-||s973454980238668645789827366497203975890547864598033674329.fra1.digitaloceanspaces.com/realtrue.html$document
 ||sa.macecri.com$document
 ||sadervoyages.intnet.mu$document
 ||safty.summarycheck.workers.dev$document
@@ -4041,7 +3862,6 @@
 ||sankyo-rz.com$document
 ||sanru.cd$document
 ||santander.secured-auth-login.com$document
-||santanverifyfunction.com$document
 ||santepluspharma.eclatmediasolution.website$document
 ||santoshdangi.com.np$document
 ||saritapariyar.com.np$document
@@ -4064,16 +3884,16 @@
 ||secure-halifax-device.com$document
 ||secure-mynew-devices.com$document
 ||secure-runescape.xgm.rnp.mybluehost.me$document
-||secure-service-gateway.com$document
 ||secure-zirox.s3.ap-southeast-2.amazonaws.com$document
 ||secure.legalmetric.com$document
 ||secure.oldschool.com-cl.ru$document
 ||secure.oldschool.com-cu.ru$document
-||secure.oldschool.com-cv.ru$document
 ||secure.oldschool.com-oz.ru$document
 ||secure.oldschool.com-rsu.ru$document
+||secure.runescape.com-ak.ru$document
 ||secure.runescape.com-as.cz$document
 ||secure.runescape.com-az.ru$document
+||secure.runescape.com-ca.ru$document
 ||secure.runescape.com-cl.ru$document
 ||secure.runescape.com-co.ru$document
 ||secure.runescape.com-cu.ru$document
@@ -4086,14 +3906,14 @@
 ||secure300.inmotionhosting.com$document
 ||secure303.inmotionhosting.com$document
 ||secure55.webhostinghub.com$document
-||secure7-servr01-log-in.4nmn.com$document
-||securee37-authen21.duckdns.org$document
+||secureaccount.ntflxauth.co$document
 ||securegateway-ovhcloud.csl-sl.de$document
 ||securelloyd-help-app.com$document
+||securewalletprotocol.online$document
 ||security-page-community-standards.blogspot.com$document
 ||sefonta.blogspot.com/?m=0$document
 ||seguridad-oca.webcindario.com$document
-||seleb-indo.duckdns.org$document
+||seleccionperfil.xyz$document
 ||selector26.gg$document
 ||selector28.gg$document
 ||sem.my-drs.co.uk$document
@@ -4104,7 +3924,7 @@
 ||sergebubnin.space$document
 ||sertyxese.myfreesites.net$document
 ||server-networksolutions.web.app$document
-||serverprotocols.com$document
+||server221.security.coinbase.com.gdone.co.ke$document
 ||servervalidationcheck103.web.app$document
 ||servervalidationcheck104.web.app$document
 ||servervalidationcheck105.web.app$document
@@ -4159,7 +3979,6 @@
 ||servicepage.service-page.workers.dev$document
 ||servicepichincha.webcindario.com$document
 ||services.runescape.com-as.cz$document
-||services.runescape.com-oc.ru$document
 ||services.runescape.com-rse.ru$document
 ||services.runescape.com-rsu.ru$document
 ||servicesbancaire.com$document
@@ -4190,6 +4009,7 @@
 ||sharelink.sn.am$document
 ||shayvardphoto.ir$document
 ||shinex.lk$document
+||shippment2.temp.swtest.ru$document
 ||shirhokos-mhalskbsiaoutfew43535.duckdns.org$document
 ||shirtshanger.com$document
 ||shiye666.cn$document
@@ -4202,12 +4022,10 @@
 ||sign-trk.empressmd.com$document
 ||signin-gcq7uwojrw58brcckylebjuy39nk2ivt65ol39k6ut6ura94zk.website.yandexcloud.net$document
 ||signin-payeer.com$document
-||signin.eday.ed.ws.eday.ispi.dll.signin.using.ssl.hors-stade.com$document
 ||silitrade-my.sharepoint.com/:x:/r/personal/jh_silitrade_com/_layouts/15/wopiframe.aspx?guestaccesstoken=8vzaur%2f5gb%2fwmmsfdszlpfueeb0ml%2fzkiljmp9hfa0o%3d&amp;docid=1_14a3d3f238b844155b59bb08023697365&amp;wdformid=%7b3395edb6%2d941b%2d49a6%2dbd04%2dc039ca27bb2b%7d&amp;action=formsubmit$document
-||silkroadwines.com$document
 ||silpovsatb-ua.online$document
 ||silverberrygroup.com$document
-||sim0nt0k-viral-terbaru-2022.duckdns.org$document
+||simonecamposshop.com.br$document
 ||simp.ly/p/3cd35d$document
 ||simp.ly/p/h45c89$document
 ||simp.ly/publish/xhrdvc$document
@@ -4460,12 +4278,11 @@
 ||sleepmaskz.com$document
 ||slickparties.com$document
 ||slmkufeckf.jon-jensen.workers.dev$document
-||slovenska-posta.sytes.net$document
 ||slowlinebag.jp$document
 ||sm.scicemecod.com$document
 ||sm777.csb.app$document
+||smartfixconnect.live$document
 ||smbc-accout.com$document
-||smbc-credit.shop$document
 ||smbc-veaiana.com$document
 ||smbcbc.com$document
 ||smbccjp.shop$document
@@ -4473,10 +4290,11 @@
 ||smbcwodeqingguoshoujicojp.top$document
 ||smeo.org.mx$document
 ||smgolamalif.github.io$document
-||smirl.org$document
 ||smkkesehatanjember.sch.id$document
 ||smmsvocal.yolasite.com$document
+||smpn2jeruklegi.sch.id$document
 ||sms-check.sc-q.top$document
+||sms-infos.d2tt.co$document
 ||sms-shorter.com$document
 ||smsbc-info5.com$document
 ||smsenligne.myfreesites.net$document
@@ -4484,7 +4302,9 @@
 ||smsorangesmsmessage.myfreesites.net$document
 ||smss-mms.yolasite.com$document
 ||smsverificationmms.myfreesites.net$document
+||smvbc-info.com$document
 ||smwam.coms.cso.gov.tt$document
+||snip.ly/qevjwc$document
 ||so.macecri.com$document
 ||soaringskiesrentals.com$document
 ||soci-molen.web.app$document
@@ -4497,7 +4317,6 @@
 ||solicitarfirmaelectronica-sv.com$document
 ||solyanayakomnata.ru$document
 ||sopac.org.py$document
-||soracoes.xyz$document
 ||souaxwaoh.myfreesites.net$document
 ||soude-masi.firebaseapp.com$document
 ||soufatanse.blogspot.com/?m=0$document
@@ -4525,6 +4344,7 @@
 ||spk-entsperren.de$document
 ||spk-jahreswechsel.com$document
 ||spk-secure-de.com$document
+||spkfod.coms.cso.gov.tt$document
 ||sport.protected-secur.workers.dev$document
 ||sportshoes.top$document
 ||sportybetpremium.wapka.co$document
@@ -4542,8 +4362,10 @@
 ||ssl.dsl.isl.mll.aqmst6.stockestan.ir$document
 ||sso-garena.com$document
 ||sswebmail-4w5twsr.web.app$document
+||staffportal.uoz.edu.krd$document
 ||stage.vannaryfowler.com$document
 ||staging.eliteautomotive.com.au$document
+||standardcapbnk.com$document
 ||standardupdatesupportandhelpcenter2021.ga$document
 ||starforsure.com$document
 ||starliker.net$document
@@ -4553,11 +4375,10 @@
 ||static-dev.o2alerts.com$document
 ||static-promote.weebly.com$document
 ||status-dev.o2alerts.com$document
-||stbkcoltria.atwebpages.com$document
 ||stclarechurch.net$document
 ||steamcommunites.com$document
 ||steamcommunitj.com$document
-||steamnitrof.com$document
+||steamcommunityk.com$document
 ||steampoweredtrade.org$document
 ||steampoweredtrades.org$document
 ||steinercoza-my.sharepoint.com/:b:/g/personal/mandyb_steiner_co_za/exxq1passetnrojoe83fzboboxufoggwb7uvmyfqbionla?e=4:su8jhq&amp;at=9$document
@@ -4575,6 +4396,7 @@
 ||stolizaparketa.ru$document
 ||stolizaparketa.ru/wp-content/themes/twentyfifteen/css/read/chinavali/index.php?email=jsmith@imaphost.com$document
 ||stollgroup.coms.cso.gov.tt$document
+||stomkinscommercial.com.aus.cso.gov.tt$document
 ||storage.cloud.google.com/1lordman1man3/oscman2.html#user@calstatela.edu$document
 ||storage.cloud.google.com/acc03lzzl4m3izm03iauserpowa.appspot.com/index.html#user@calstatela.edu$document
 ||storage.cloud.google.com/algebraic-pact-316913.appspot.com/index.html#jbell@legalshield.com$document
@@ -4647,7 +4469,6 @@
 ||sukien-pubgmoblevng.ga$document
 ||sultan-raza.github.io$document
 ||sumpandtankcleaners.in$document
-||sunami.pagedemo.co$document
 ||sunbeltmembers.com$document
 ||sunge-ode.firebaseapp.com$document
 ||sunnylandingpages.com/usroutput/themeset1_2021-12-21-23-15-13/$document
@@ -4655,7 +4476,6 @@
 ||super-dawn-3035.ddahluwalia.workers.dev$document
 ||supermilhas.com$document
 ||superpark-my.sharepoint.com/:x:/r/personal/adrian_ramos_superpark_com_hk/_layouts/15/wopiframe.aspx?guestaccesstoken=vofjngnui%2fslbameorlq62qlg8mcdnpo1dizu6i%2bc1m%3d&amp;docid=1_124bbb2f682ca4c7daba6cec6ee34dfb9&amp;wdformid=%7ba85c8abe%2d68be%2d43dd%2d91f3%2db397386186be%7d&amp;action=formsubmit$document
-||suportecxacesso2020.com$document
 ||supotsstunes.servehttp.com$document
 ||suppliers.bitshepherd.org$document
 ||support-auwebaccessjpnaikpanggung.com$document
@@ -4668,7 +4488,6 @@
 ||survey18-aws.surveycenter.com$document
 ||survey18-aws.toluna.com$document
 ||surveyheart.com/form/608bca7586919c70a2066ef7$document
-||surveylegend.com/s/2vze$document
 ||surveys.adytude.com$document
 ||suspicious-williamson.193-70-50-31.plesk.page$document
 ||suumc-one.com$document
@@ -4712,6 +4531,7 @@
 ||t.co/zwuq6zjpdj$document
 ||t0nline0de0login-001-site1.itempurl.com$document
 ||taher-mohamed-ahmed-saad.github.io$document
+||take-free-2022.duckdns.org$document
 ||taoistw345ie.co$document
 ||tarik-fitness.com$document
 ||tasteentertainment.com/helton.law/outlook.office.com/$document
@@ -4736,11 +4556,13 @@
 ||templat65sldh.myfreesites.net$document
 ||temporary-url.com$document
 ||terpelsicumple.com$document
-||terracontiles.com$document
+||tesladrive-event.com$document
 ||test.bayoucitybadges.org$document
 ||test.bitflye87.com$document
 ||test.dxbproductions.com$document
+||test.myshopclub.ru$document
 ||test.webclient4.de$document
+||testing-domain.duckdns.org$document
 ||texasfreedomrun.com$document
 ||tgpafasfsakkk.pages.dev$document
 ||theaceofspaeder.com$document
@@ -4753,7 +4575,6 @@
 ||thedom.kg$document
 ||theironinnparlour.co.uk$document
 ||thelibrarysamui.com/wp-content/uploads/2021/11/1/1and1/index.php$document
-||themcsoft.com/wp-track/parceverification9887id=291250485$document
 ||theneontree.in$document
 ||thepointcj.com.br$document
 ||thespiritualtransformation.com$document
@@ -4765,7 +4586,6 @@
 ||tighi.creatorlink.net$document
 ||tight-samiuboc.co$document
 ||tikitaps.com$document
-||tinhtrangdon.com$document
 ||tiny.one/ing587388$document
 ||tiny.one/ing67454$document
 ||tiny.one/reuswnzc$document
@@ -4779,7 +4599,6 @@
 ||tinyurl.com/yxb48kqj$document
 ||tinyurl.com/yxry9vf5$document
 ||tinyurl.com/yyvm8qr5$document
-||tinyurl.mobi$document
 ||tipografieonline.ro$document
 ||tirozhjewelry.com$document
 ||titelinedrillingintl.yolasite.com$document
@@ -4799,7 +4618,6 @@
 ||torccolborrachas.blogspot.com$document
 ||torrinwine.com$document
 ||touchidea.top$document
-||touronline2022.com$document
 ||tovowhuqeojweawmubmaqmqlv.hofferflow.icu$document
 ||tpayleboncoin.com$document
 ||tr.cloudmagic.com/h/v6/link-track/1.0/1612678003989072-e5f6d8cc-499b-ea4f-85f1-8b23ad935661/1612677988/2f5895837f8d3f0a667c6b92ad41f652/8af273ac431e289838c8bf7c490185f3/3fe2530ffaa60580b73b9eec6af02f4d?redirect_uri=http://amazon.com$document
@@ -4815,14 +4633,11 @@
 ||tribratanewsbondowoso.com/webapp/tribratanews/public/js/hughesnet.com/index.php$document
 ||tribunbalikpapan.com$document
 ||truegrip.com$document
-||trust-wallet.com.cn$document
 ||trustinpichincha.webcindario.com$document
 ||trustpress.gr$document
 ||trustypichincha.webcindario.com$document
-||ts3cacd.jhfshm.com$document
 ||ts3cacd.rzjxbv.com$document
 ||turntekcnc.com$document
-||twoje-zdjecia-622.herokuapp.com$document
 ||tx.vc$document
 ||txwnmdsbqghviqxpglgzjrgbzv-dot-gl44393333333.rj.r.appspot.com$document
 ||typedream.site$document
@@ -4832,9 +4647,7 @@
 ||u.to/unrpgg$document
 ||u.to/wsddga$document
 ||u08qv44zu5h.typeform.com$document
-||u1571226.cp.regruhosting.ru$document
-||u1571630.cp.regruhosting.ru$document
-||u1571652.cp.regruhosting.ru$document
+||u1565723.plsk.regruhosting.ru$document
 ||u18741649.ct.sendgrid.net$document
 ||u827857uw6.ha004.t.justns.ru$document
 ||uabaiieo.com$document
@@ -4858,7 +4671,6 @@
 ||uhnxa.d23xsru.cn$document
 ||uhnxa.q83itv9.cn$document
 ||uhnxas.rvw56l.cn$document
-||uiuui.pagedemo.co$document
 ||ujcd.um2nlru.cn$document
 ||ujdaa.fn3m4en.cn$document
 ||ujds.5e8tn13.cn$document
@@ -4879,6 +4691,7 @@
 ||ujnca.zgbo0g.cn$document
 ||ujncd.kzi68ra.cn$document
 ||ujncd.lw2djbm.cn$document
+||ujnxas.vj135ih.cn$document
 ||ukcare.in$document
 ||umbrellaclubla.com$document
 ||umconnectumt-my.sharepoint.com/personal/es127759_umconnect_umt_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=e%2f5p4lmr7oxtbuuzst9ihpacebtz%2bhbogl5i950bhau%3d&docid=1_151b39d9e7dd54cfba500875349d3beb6&wdformid=%7bda6fcad9%2d9684%2d43af%2db959%2de2fa774eaba6%7d&action=formsubmit$document
@@ -4895,10 +4708,9 @@
 ||unicreditaustria.ucs.info$document
 ||unifacema.edu.br$document
 ||unifacvest.net$document
+||unifiedsmartsync.live$document
 ||uniga.ac.id/wptracking/tracking2/tracking/tracking.php$document
-||unillantas.com.sv$document
 ||unionheightsresidental.com$document
-||unipo-a.web.app$document
 ||unisons.store$document
 ||unisonsouthayr.org.uk$document
 ||uniswap.ch$document
@@ -4908,7 +4720,6 @@
 ||uniswap.seal.finance$document
 ||uniswap.token.im$document
 ||uniswap.trading$document
-||uniswap.vn$document
 ||uniswapfinancing.info$document
 ||uniswaps.net$document
 ||unitedalliance-online.000webhostapp.com$document
@@ -4919,17 +4730,15 @@
 ||unpocodearte.cl$document
 ||unregpayee-lb.com$document
 ||unsub.listhandlr.com$document
-||upbeat-dhawan.179-43-173-14.plesk.page$document
 ||updateinfo-billingo2.com$document
+||updatemy.software$document
 ||updateseason.com$document
 ||updatestory2022.co.vu$document
 ||updatevoda-billing.com$document
 ||upgrade-25gb-email.thecornerstudio.com.au$document
 ||upgradedserver.online$document
-||upgradingattonlinee.weebly.com$document
 ||uploadpichincha.webcindario.com$document
 ||uploads.codesandbox.io$document
-||upnew.site$document
 ||uppledpichincha.webcindario.com$document
 ||urbenorte.com$document
 ||urgent-halifaxlogin.com$document
@@ -4938,7 +4747,6 @@
 ||userinformationstoreupdatesmail.pages.dev$document
 ||users.tpg.com.au/kcornwall/email-verification/notice/account_login/login.html#accounting@utu.fi$document
 ||usfn.net$document
-||uspsconfirm.iconoomikert.com$document
 ||uspsexpressdeliveryline.com$document
 ||uswowgame.net$document
 ||uueer.7jgy5xe.cn$document
@@ -4950,6 +4758,7 @@
 ||v.ht/1pxak$document
 ||v.ht/yogs$document
 ||v.macecri.com$document
+||v3r1f1c4t10ns-1d3nt1tys.000webhostapp.com$document
 ||v3r1f1c4t10ns-c3nt3rp4g3.000webhostapp.com$document
 ||vaccine-status-info.com$document
 ||vaiddzed.cc/rd/c56498tvifh29711728hupj8172asy17489blob7311$document
@@ -4958,6 +4767,7 @@
 ||valenciaoptometry.com$document
 ||valenteplay.com.br$document
 ||validacionpichincha.odoo.com$document
+||validate-chain.com$document
 ||validate-solana.com$document
 ||validator-fzkiy.run-us-west2.goorm.io$document
 ||vallion.motiffliterature.me$document
@@ -4967,18 +4777,18 @@
 ||velvish.com$document
 ||ventas.lnterbarnk.pe.jifad.org$document
 ||veredesafs.blogspot.com/?m=0$document
-||verfybadgeappform.com$document
 ||veri-pichincha.webcindario.com$document
-||verificaciondeprioridad.com$document
 ||verification-trustwallet.4bl-eg.com$document
 ||verification.fb-page.workers.dev$document
 ||verificationmessage.blob.core.windows.net$document
+||verifications-zones.com$document
 ||verififacebookid.wixsite.com$document
 ||verifiikasi-accounts.weebly.com$document
 ||verifikasi-akun-anda0011.weeblysite.com$document
 ||verifikasi-akun-facebook0022.weeblysite.com$document
 ||verifikasi-identitas47.weebly.com$document
 ||verifocaoffa.webcindario.com$document
+||verifymywallets.com$document
 ||vetrfedsonte.blogspot.com/?m=0$document
 ||vgiuhkjnm.b9u6vh5l7g1797.workers.dev$document
 ||viamobte.blogspot.com/2021/03/blog-post.html$document
@@ -4989,22 +4799,21 @@
 ||viettel-com-dot-c2c01-531c7.uc.r.appspot.com$document
 ||view.genial.ly/61e168ca67f4550de805d006/interactive-content-secured-document$document
 ||view.genial.ly/61e168ca67f4550de805d006/interactive-content-untitled-genially$document
-||vigortech.com.np$document
+||vigilant-murdock.45-81-232-15.plesk.page$document
 ||viguohilkasdsd.izwe6g6lyc.workers.dev$document
 ||vilaanimalviana.pt$document
 ||vinbpcfatfnkjftetwwkucfqsi-dot-gl44393333333.rj.r.appspot.com$document
 ||vinivet.mk$document
 ||vipfbtools.com$document
-||vipprofessional.net$document
 ||viral-groub.duckdns.org$document
 ||virginia-spi.com$document
 ||virtual1dattss.com$document
 ||vis-stort.github.io$document
-||visa-band.com$document
 ||vishaljangale01.github.io$document
 ||visione.co.id$document
 ||visionproperty.in$document
 ||vivaterouna.blogspot.com/?m=0$document
+||vk-money.xyz$document
 ||vk-posters.ru$document
 ||vk-vhods.co$document
 ||vk.com/away.php?cc_key=&amp;post=%7brandom_number_5%7d_1&amp;to=http://18.118.206.123/index.php?key=%7brandom_letternumberuplow_5%7d,email=%7bemail%7d$document
@@ -5047,6 +4856,7 @@
 ||vkjbm.4nt4nb464e6113.workers.dev$document
 ||vodaupdatepayment.com$document
 ||volvocarskc.us1.list-manage.com$document
+||vps3920.ultahost.com/all.php$document
 ||vps56290.servconfig.com$document
 ||vqed.5xcv81zrx0530.workers.dev$document
 ||vqwd.soboja1994.workers.dev$document
@@ -5060,25 +4870,30 @@
 ||vv.macecri.com$document
 ||vvjde0h0ttttf9hay.com$document
 ||vvpaes-me-index.egvtpp.cn$document
+||vws.co.in$document
+||vxcas.a35570.cn$document
 ||vxdse.myfreesites.net$document
 ||w2.deraya.org$document
 ||w5aproject.s3.us-east.cloud-object-storage.appdomain.cloud$document
-||w5czf.csb.app$document
 ||wahed-koudsi2001.github.io$document
 ||walkers-dot-composite-store-326315.uk.r.appspot.com$document
 ||wallcertifyonmesh.com$document
 ||walldesign.com.tr$document
 ||wallet-connect012.web.app$document
 ||wallet-reconnection.xyz$document
+||wallet-verified.com$document
 ||wallet.silesiacoin.com$document
 ||wallet22.000webhostapp.com$document
+||walletconnect-tool.net$document
+||walletconnect-tools.xyz$document
 ||walletconnectonline.pages.dev$document
 ||walletconnectors.com$document
 ||walleterrorsupport.com$document
+||walletokenvalidation.com$document
+||walletsconect.live$document
 ||walletsconnex.com$document
 ||walletsliveconnects.net$document
 ||walletsreauth.org$document
-||walletsvalidator.org$document
 ||walletsynclive.com$document
 ||walletvalidation.me$document
 ||walletvalidators.com$document
@@ -5098,6 +4913,7 @@
 ||warriorplus.com/o2/a/f5s4y/0$document
 ||warsa.bandungkab.go.id$document
 ||wasites.000webhostapp.com$document
+||waterproofingengineer.com$document
 ||we-exodus-wallet.yahoosites.com$document
 ||web-armas.royale-freefire1garena-bonus.com$document
 ||web-b4119.web.app$document
@@ -5115,13 +4931,15 @@
 ||web-verifi06.webcindario.com$document
 ||web.bredbanque.trans.sylog.co$document
 ||web.royale-freefire1garena-bonus.com$document
-||web7320.web07.bero-webspace.de$document
 ||webbbb.yolasite.com$document
 ||webbl.yolasite.com$document
+||webdappsconnection.com$document
 ||webdatamltrainingdiag842.blob.core.windows.net$document
 ||webdesecure.clickfunnels.com$document
+||webhost-verify.duckdns.org$document
 ||webip.yolasite.com$document
 ||webmail-2aaa0.web.app$document
+||webmail-optusnet-com-au-sign1.weebly.com$document
 ||webmail-sso8uyg.web.app$document
 ||webmail.gourmer.co.in$document
 ||webmail.login.access.docs67.live$document
@@ -5132,24 +4950,21 @@
 ||webregular.xyz$document
 ||webservice-verify.duckdns.org$document
 ||websitefun.club$document
-||websiteorange.wixsite.com$document
 ||webstories.eu$document
 ||webuyworkshopequipment.com/wp-content/themes/sketch/js/sf_trash/c45b222914e3c78d$document
 ||webuyworkshopequipment.com/wp-content/themes/sketch/js/sf_trash/c45b222914e3c78d/$document
 ||webvalidity.com$document
 ||well-42d74.web.app$document
-||wellsfargo-online06.herokuapp.com$document
-||weryfikacja-facebookowa-27.herokuapp.com$document
 ||weryfikacja-facebookowa-28.herokuapp.com$document
 ||weteachbh.com$document
 ||whare.100webspace.net$document
+||whatsapp-grub99zyc.duckdns.org$document
 ||wheelsofmercy.org$document
 ||whitelist-network.com$document
 ||whitmansasphalt.com/secure/wells$document
 ||whitmansasphalt.com/secure/wells/$document
 ||widadkamillah.github.io$document
 ||wiki.oceanreeflifegame.com$document
-||wildcard.isiolo.go.ke$document
 ||windstream-net.firebaseapp.com$document
 ||winville.biz$document
 ||wireconfirmation68c10a25442a3e13.blogspot.com$document
@@ -5173,14 +4988,17 @@
 ||wqass-index.chobqu.cn$document
 ||wqass-index.dccigq.cn$document
 ||wqass-index.gbswz.cn$document
-||wqass-index.jeewiki.cn$document
 ||wqass-index.pygbw.cn$document
 ||wrww-roblox.com$document
+||wsertyzx.gq$document
 ||wteeoq.pfinanceiro.com.de$document
 ||wvk12-my.sharepoint.com/:x:/r/personal/pklewis_k12_wv_us/_layouts/15/wopiframe.aspx?guestaccesstoken=tqintdtuii%2bam%2fbqmtnjkenggs2dptoi8hs2jqftjkq%3d&docid=1_1446052cffa4c4871bd24bb98fe86ed6d&wdformid=%7bdf30d25d%2d0b59%2d47e5%2d956e%2dc601397ea4d7%7d&action=formsubmit&cid=57cdb8ab-426b-4eff-a51f-903ee3684f96$document
 ||wvk12-my.sharepoint.com/personal/pklewis_k12_wv_us/_layouts/15/wopiframe.aspx?guestaccesstoken=tqintdtuii%2bam%2fbqmtnjkenggs2dptoi8hs2jqftjkq%3d&docid=1_1446052cffa4c4871bd24bb98fe86ed6d&wdformid=%7bdf30d25d%2d0b59%2d47e5%2d956e%2dc601397ea4d7%7d&action=formsubmit&cid=57cdb8ab-426b-4eff-a51f-903ee3684f96$document
+||ww.lnterbank.pe.personas.aaseguros.mx$document
 ||ww.lnterbank.pe.personas.onlinesocket.in$document
+||ww.lnterbank.pe.personas.t-class.org$document
 ||ww16.inpost-pl-3dsecure.clear-id.xyz$document
+||wwedealershipon.000webhostapp.com$document
 ||www-cursosdigitalesmx-com.filesusr.com$document
 ||www-degelyehuda-org-il.filesusr.com$document
 ||www-europe564598-com.filesusr.com$document
@@ -5188,10 +5006,9 @@
 ||www-key-com.test.edgekey.net$document
 ||www-mufg-jp.handicraft.ltd$document
 ||www-mufg-jp.kaiqi.ink$document
-||www-wattsapcom.duckdns.org$document
+||www.facebook.com-sauuvazpjo.isiolo.go.ke$document
 ||www2.rakutan.co.jploginffd9dfg7.carwork.cn$document
 ||www2.rakutan.co.jploginffd9dfg7h.iotbaas.cn$document
-||www2.rakutan.co.jploginvcx8ds.nanoart.cn$document
 ||www2.rakuten-card.co.jp.wzsrc.cn$document
 ||www2.rakutenn.co.jp.nanopark.cn$document
 ||www2.rakutenn.co.jp.zgyo.cn$document
@@ -5203,6 +5020,7 @@
 ||xcas.xoh29oz.cn$document
 ||xcasd.7vo6bt.cn$document
 ||xcasd.b204uje.cn$document
+||xcasd.tcbjnhq.cn$document
 ||xcasd.yikn2gd.cn$document
 ||xcryptocars.blogspot.com$document
 ||xcvdsd.page.link$document
@@ -5222,10 +5040,10 @@
 ||xjpyyds.pem4yp3.cn$document
 ||xkljfg.ml$document
 ||xn--gmal-sya.com$document
-||xn--instagam-sf0d.com$document
 ||xn--ltappen-80a.se$document
 ||xn--metamsk-lwa.link$document
 ||xn--rpondeur-sfr2-bhb.yolasite.com$document
+||xpubgfrozen.tk$document
 ||xqr3i.mjt.lu$document
 ||xqr3n.mjt.lu$document
 ||xqr3u.mjt.lu$document
@@ -5234,14 +5052,16 @@
 ||xrxh2.mjt.lu$document
 ||xrxhl.mjt.lu$document
 ||xsbrookshhjx.top$document
+||xspin.cawnibos.com$document
 ||xtio.ch$document
 ||xtw42.mjt.lu$document
+||xvideokoreanwifesister18.duckdns.org$document
 ||xx.macecri.com$document
 ||xxaas.tp00jv9.cn$document
 ||xxasd.sf29hrg.cn$document
 ||xxx-com-dot-c2c01-531c7.uc.r.appspot.com$document
-||xyproject.xtensio.com$document
 ||xzasd.uz64g3.cn$document
+||yahoo%2eco%2ejp@asdxa.p2x11pi.cn$document
 ||yahoo%2eco%2ejp@bghgcd.psuxscm.cn$document
 ||yahoo%2eco%2ejp@bhgxa.eo76sni.cn$document
 ||yahoo%2eco%2ejp@cdas.nxzigco.cn$document
@@ -5263,12 +5083,11 @@
 ||yahoo%2eco%2ejp@uyhnxx.urpzkva.cn$document
 ||yahoo%2eco%2ejp@zxas.2nd0g8.cn$document
 ||yahoo%2eco%2ejp@zxass.jbkyj0o.cn$document
-||yahoopoweredservice.duckdns.org$document
 ||yahuomall.square.site$document
 ||yairix.github.io$document
 ||yalena.me$document
+||yandex-viral.duckdns.org$document
 ||yaqoobi.org$document
-||yaranfayez.com$document
 ||yayanti.com$document
 ||ybdaa.oqsgm9r.cn$document
 ||ybggd.fjgjoux.cn$document
@@ -5288,11 +5107,13 @@
 ||ynbgdc.woprkzp.cn$document
 ||ynbxa.pvgulkz.cn$document
 ||yndda.m117s1s.cn$document
+||yo7ka-anna.com$document
 ||yogeshwarwiremesh.com$document
 ||youknowar.com$document
 ||young-snow-7447.tcheviron5269.workers.dev$document
 ||youreasygoing2022.co.vu$document
 ||yqlpeitost.duckdns.org$document
+||ytdjhstej.tk$document
 ||yuhjjkss.web.app$document
 ||yumpai.cn$document
 ||z.macecri.com$document
@@ -5300,10 +5121,12 @@
 ||z0massegurabclp1.shreeramwoodindustries.com$document
 ||z2qje.codesandbox.io$document
 ||z3voicrxxvs.typeform.com$document
+||zacharytlasko.com$document
 ||zackselectronics.co.zw$document
 ||zaktualizacja-platnosci.netfxtv.co.pl$document
 ||zasd.yhxmd30.cn$document
 ||zb2-home.web.app$document
+||zen-minsky-ef5931.netlify.app$document
 ||zenvinyl.com$document
 ||zepe.io$document
 ||zeroquiz.com$document
@@ -5317,13 +5140,11 @@
 ||znbint.com/fire/dhl/load.php?0=aw5mb0btzxrhbg9naxmuy29t&amp;guce_referrer=ahr0chm6ly9sb2dpbi55ywhvby5jb20v&amp;guce_referrer_sig=aqaaaba99nmgr9inqoyu5mi3asjqfyjcpatd_a8modgjxpnxynmo8n5zxdi8ezv7gfypzosc_rpmz0hyfdck0olmxnmb6tpfznd5enc$document
 ||zoho-online.web.app$document
 ||zoho-validationserv.web.app$document
-||zonalnterbank.com$document
 ||zonmca.hxljatvw.cn$document
 ||zpr.io/kms8u47zlxwk$document
 ||zpr.io/mxvzwlcdizyq$document
 ||zpr.io/nckeqquhrpuf$document
 ||zshrvvo.cn$document
-||zuiunsya.com$document
 ||zxas.2nd0g8.cn$document
 ||zxas.hs0rgq8.cn$document
 ||zxass.jbkyj0o.cn$document
@@ -5332,6 +5153,5 @@
 ||zxcnash.seufhsk.cn$document
 ||zxcod.01l241.cn$document
 ||zxcuashs.e0n0gh5.cn$document
-||zxdlbny.cn$document
 ||zxnahs.3cze6ri.cn$document
 ||zz.macecri.com$document
diff --git a/dist/phishing-filter.tpl b/dist/phishing-filter.tpl
index 9848e36b..43643fd7 100644
--- a/dist/phishing-filter.tpl
+++ b/dist/phishing-filter.tpl
@@ -1,6 +1,6 @@
 msFilterList
 # Title: Phishing Hosts Blocklist (IE)
-# Updated: Sun, 16 Jan 2022 12:01:44 +0000
+# Updated: Mon, 17 Jan 2022 00:01:35 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/phishing-filter
 # License: https://gitlab.com/curben/phishing-filter#license
@@ -16,9 +16,6 @@ msFilterList
 -d 02-billing-support.org
 -d 08863299.sso-secure-mail0454etr.pages.dev
 -d 0bs.de
--d 0gjvj7a8eydbjz3au8anbg-on.drv.tw
--d 1000000000347789523698541.tk
--d 1000000000347789523698545.tk
 -d 1000000000347789523698546.tk
 -d 1000000000347789523698547.tk
 -d 109edc5b.ssdtfgyb09.pages.dev
@@ -28,6 +25,7 @@ msFilterList
 -d 15004083383734.data-store-company.com
 -d 154.30.211.130.bc.googleusercontent.com
 -d 16park.cn
+-d 1727365.com
 -d 178.128.108.233.dsl.dyn.forthnet.gr
 -d 1800poolservice.com
 -d 185-46-10-159.cloudvps.regruhosting.ru
@@ -42,7 +40,6 @@ msFilterList
 -d 2022-girobanken-sparkassen.xyz
 -d 2022.intrebrkprsonas.xyz
 -d 217651.8b.io
--d 2247317.verifyinguser426128734570198363.com
 -d 228.94.92.rev.sfr.net.gghost.ru
 -d 24611250.sibforms.com
 -d 2482689012.yolasite.com
@@ -51,12 +48,16 @@ msFilterList
 -d 2fa.bthei.com
 -d 2pil.ru
 -d 2rakuten.co.jp.happyyear.cn
+-d 2yfh.short.gy
 -d 3-139-75-158.cprapid.com
 -d 343i.org
 -d 343t3dv9qdufp.clickfunnels.com
 -d 3568365.com
+-d 365unfreezesecurity.com
+-d 3782365.com
 -d 3a10a178.s6t6sj4s46tu4sys54y5.pages.dev
 -d 3bvjh.sbs
+-d 3c5.com
 -d 3ck.me
 -d 3dprintersupplies.com.au
 -d 3dsecure-update-service-info-live.duckdns.org
@@ -80,18 +81,19 @@ msFilterList
 -d 613707.selcdn.ru
 -d 61da8ae6.6u6566hrrthsh45.pages.dev
 -d 638ca12d-ba2f-451c-8418-faf56b7de7ff.htmlcomponentservice.com
--d 65451440241544.hyperphp.com
--d 664876.verifyinguser426128734570198363.com
+-d 6734365.com
 -d 67lksxgjd.bttmassage-thai-tanger.com
 -d 6a7zu9he6mqh.clickfunnels.com
 -d 6c7f0acc.sibforms.com
+-d 6stupefacentevideo2022.pagedemo.co
+-d 754675377.xyz
 -d 7837365.com
 -d 7a4298b9.sso-mail-secure234ds23d23wd1.pages.dev
 -d 7wr4u.csb.app
 -d 7yu3v.csb.app
--d 8010361370310234068010361370310234.blogspot.be
 -d 859411.icu
 -d 8760365.com
+-d 885211.icu
 -d 889381.icu
 -d 8899.jp
 -d 89ix7y0.cn
@@ -119,15 +121,18 @@ msFilterList
 -d absolute-containers-sip.business.site
 -d absolutepleasure.com.my
 -d acacia.webdevonline.net
+-d account-recovery.org
 -d account.herephyshy.info
 -d account.verifications.help-page.workers.dev
 -d accounts-autoscout24.de
 -d acessobradesco.digital
 -d ach111.xyz
 -d activate-hulu-com-activate.sitey.me
+-d activatingmymainnet.com
 -d adamfeber.com
 -d adcloudserver.com
 -d admin-formserviceupdates.weeblysite.com
+-d administer-708aa.web.app
 -d administraciondefincaspereznovo.com
 -d adorablepomskyhome.net
 -d adpunemploymentclaims.sharefile.com
@@ -137,14 +142,13 @@ msFilterList
 -d afreemart.xyz
 -d africansecrets.ca
 -d agora.imb.br
--d agricolefr-99f918.ingress-erytho.easywp.com
 -d agrimetiersmartinique.fr
 -d agurimu-nagoya.com
 -d ahhhh.pe.kr
 -d ai.macecri.com
--d aib-unauthorized-access.com
 -d aid-validation-human.run-us-west2.goorm.io
 -d aimekidya-recpag.web.id
+-d airbnb.book-space-b851927.live
 -d airportprescreening.com
 -d aitsidihamh.my-place.us
 -d akanksha3012.github.io
@@ -165,8 +169,10 @@ msFilterList
 -d alkhalilgraphics.com
 -d allegrolokalnie-pl-3dsafe.id-43051.xyz
 -d allegrolokalnie-pl-3dsafe.id-91501.xyz
+-d allegrolokalnie-pl-3dseif.id-43051.xyz
 -d allegrolokalnie-pl-safe.id-43051.xyz
 -d alliancesuper.com
+-d almarjantours.com
 -d almighty.edu.np
 -d alnajahh.com
 -d aloun.ps
@@ -174,6 +180,7 @@ msFilterList
 -d alqadi.ps
 -d alquilervillora.net
 -d alsofft.com
+-d alupi-frey.shop
 -d amacez.jyrtery4.top
 -d amacredit.amacardpkey.xyz
 -d amaenv.fgasdfw6.xyz
@@ -184,21 +191,20 @@ msFilterList
 -d amazomsse.shop
 -d amazon-gcatech.com
 -d amazon-interruption.com
--d amazon.co.ip.jlig.cn
 -d amazon.co.jp.abaiaccounting.cn
 -d amazon.gousana.casa
--d amazon.jp-m.win
+-d amazon.logins-co.jp
 -d amazon.works.ga
 -d amazonhome.sfrmobiles.com
 -d amazonjapsne.cf
+-d amazonses.authflows.com
 -d amazoon.co.op.o4j.top
--d ambil-hadiah-gratis-resmi-dari-freefire.duckdns.org
 -d amc-training.com
--d amcgardiennage.com
+-d amecmasmerd.ga
 -d ameozom.jp.onaworks.com
 -d americanexpress-auth.azurewebsites.net
--d americanexpress.heiwakai.com
 -d amguevara.com
+-d amhsd.com
 -d amidabuli.com
 -d amlnov7.web.app
 -d amnzma-jp.top
@@ -209,7 +215,6 @@ msFilterList
 -d amoazom.rm82j6-t8.cn
 -d amonzau_co_take.ktbf.shop
 -d amosleh.com
--d amozom.co.ip.taxhod.club
 -d amreeth.github.io
 -d amusebouche-bg.com
 -d amzcredit.dearva.xyz
@@ -225,24 +230,21 @@ msFilterList
 -d anhduongjsc.com
 -d anj-azakp.run.goorm.io
 -d anjalijha167.github.io
--d anjayredit.duckdns.org
 -d annacatania.com.mt
 -d anon-keep-admin-keep.rvsla.workers.dev
 -d ansr.ro
 -d aolmailukhelplinecustomerservice.blogspot.com
 -d aolmailukhelplinecustomerservice.blogspot.com.au
--d aolpoweredservice.duckdns.org
 -d aolverixon11dfd.weebly.com
 -d aolxperience.com
+-d api-saisoncard-co-jp.md160.net
 -d api-saisoncard-co-jp.o4ay8.net
 -d api.florense.com.br
 -d api.redirect-bentobot199.com
 -d api.redirect-safebrowser-online.com
--d api.safe-directmail.com
 -d aplintec.com.mx
 -d app-928e4a31-5ecb-44ae-8c1e-5a710ac73f9f.cleverapps.io
 -d app-bombcrypto-io-login-ab.blogspot.com
--d app-panckswp.xyz
 -d app.bydn217.club
 -d app.duel.network
 -d app.fiiber.ca
@@ -252,10 +254,11 @@ msFilterList
 -d appatualizecef.com
 -d appibsolicitud.com
 -d appleid-check.info
+-d applekra.com
 -d applepichincha.webcindario.com
 -d apply.aua.am
 -d apps.mobile-form-verification40124572700208277579.xjzsg0tqkl-ewl6ngk8w352.p.runcloud.link
--d appttech.com
+-d aprilgagenesh.com
 -d aquaqualitas.com
 -d arafathrumman.github.io
 -d arcacg.com
@@ -263,15 +266,18 @@ msFilterList
 -d are.scicemecod.com
 -d areueaom.gtpzcve.cn
 -d areueaom.gtva.cn
+-d arif.com.bd
 -d aromatic.webenliven.in
 -d arthamahotels.com
 -d artlux.com.pl
 -d arub-service.org
 -d aruba.fatt.ids-sys.com
 -d as.macecri.com
+-d as.scicemecod.com
 -d asaipestcontrol.com
 -d ascom.co.tz
 -d asd.9sw53wk.cn
+-d asdxa.p2x11pi.cn
 -d asgard-ampqy.run-us-west2.goorm.io
 -d asimpwsh.com
 -d asistentetramitadordigitalda.com
@@ -281,19 +287,24 @@ msFilterList
 -d at-t-yahoo.sitey.me
 -d atento-fdi.plusoftomni.com.br
 -d ativacao-online73681.com
+-d atlanticeconcrete.com
 -d atnr76dxku336szy.clickfunnels.com
--d attcustomdesk.weebly.com
+-d att556.weebly.com
+-d att87.weebly.com
 -d attinfoser.weebly.com
 -d attonlinemanagementpage.weebly.com
+-d attonlineuserverification.weebly.com
 -d attpage1121.weebly.com
 -d atualizacao-online547864.com
 -d atualizarmodolo.com
 -d atulrathore-dev.github.io
+-d auid-japan.com
 -d aurumship.com
--d aushfew.tokyo
 -d aushotel.es
 -d auth-task1-m.web.app
 -d auth-webmailakeonetcom.yolasite.com
+-d auth.topgamers.cn
+-d authent54-sedure32.duckdns.org
 -d authorize-trustvallet-protocol.com
 -d authorizewallet.app
 -d authuxeehmutconjxmailssocl.web.app
@@ -303,16 +314,15 @@ msFilterList
 -d autoranplususeremailprocessingupdate.pages.dev
 -d autoscurt24.de
 -d autumn-sun-4a21.paqesads-scure.workers.dev
+-d avelocidad.com
 -d avrorganics.com
 -d awesome-gates-8bdd6f.netlify.app
 -d ax.xiguw.workers.dev
--d axieinfinity-meta.com
 -d axieinfinity-supportwallet.com
 -d axlr.in
--d ayguru.com
+-d ayushenterprise.in
 -d az.macecri.com
 -d azb3s.cf
--d azmnsaz.000webhostapp.com
 -d azmznonos_co_long.akys.shop
 -d b.com.0cdb6084fc320a42a6418192753f5960.laremolonarestaurante.com
 -d b059c86968a6427389952025bcee9886.svc.dynamics.com
@@ -320,7 +330,6 @@ msFilterList
 -d b96f7f93.sibforms.com
 -d b97bca39.srvr-cloudmail-srvr6754e5rte.pages.dev
 -d bacteralia.com
--d badnewswegewroighgserhhg.xyz
 -d bag-macben.eu
 -d bakhai.vn
 -d balajihospital.net
@@ -340,7 +349,6 @@ msFilterList
 -d bancaporlnternetlnterbarnk.libertycanais.com.br
 -d bancoiinng.site44.com
 -d bancooccidentalb.com
--d bank-id.pl
 -d bankapolska.com
 -d banki0wa.us
 -d bankocaoffo.webcindario.com
@@ -348,8 +356,8 @@ msFilterList
 -d bannerbank.control-inc.com
 -d bannerchampnyc.com
 -d banproseguridadasistenteenlineanic.webnode.es
--d banqsuepoy.temp.swtest.ru
 -d baradua.it
+-d barbecuef.top
 -d battlelastmont.cyou
 -d bc1.paiementervice.com
 -d bconclutmjy.ru
@@ -358,7 +366,7 @@ msFilterList
 -d be-home.web.do
 -d bearmybrand.com
 -d beast-blog.com
--d beibys.com.br
+-d beccu07.zzux.com
 -d beijing.vfzfy1v.cn
 -d belovedaroma.com
 -d bendmytrend.com
@@ -424,18 +432,19 @@ msFilterList
 -d bncre.odoo.com
 -d bncxz.9wx9b27.cn
 -d bndigitalpersonas.com
--d bnpparibas-pl.mob-app.xyz
 -d boaupdate.bfaoscr.com
 -d bogdonovlerer.com
 -d bogged-finance.com
+-d boi.365online-replacement.com
+-d boke4-indonesia-2022a7whatsapp.duckdns.org
+-d bokep-virall-sange33.duckdns.org
 -d bokgabanesolutions.co.za
+-d bold-lichterman.45-81-232-15.plesk.page
 -d bookfbs.evangsamuelministries.com
 -d boxes.com.py
 -d br4.in
 -d br622.teste.website
--d brave-knuth-96d329.netlify.app
 -d breople.com
--d brigida_cossette.gitlab.io
 -d brooks-forrunning.top
 -d brooks-justforjogging.top
 -d brooks-move.top
@@ -474,7 +483,6 @@ msFilterList
 -d bujikena.web.app
 -d bundel-cobragratis2022.duckdns.org
 -d busanopen.org
--d business-action-copyright11022.web.app
 -d business-action-page129591.web.app
 -d business-appeal-copyright8211.web.app
 -d business-appeal-form-18222.web.app
@@ -482,24 +490,22 @@ msFilterList
 -d business-copyright-alert198082.web.app
 -d business-copyright-alert19882.web.app
 -d business-copyright-detected920.web.app
--d business-page-content125882.web.app
 -d business-required-helpcenter82.web.app
 -d business-required-info188221.web.app
 -d businessemailss.biz
--d bussines.messages-redirect-to-page.e37uezyquk-rz83y0rwz4d7.p.runcloud.link
 -d buyelectronicsnyc.com
 -d c.curiousmorty.be
 -d c.jardindemiedo.es
 -d c.loveawaits.be
 -d c.mail.com
 -d c0m-r51znzlh8i.isiolo.go.ke
--d c10012022j.temp.swtest.ru
 -d c1christine.tjelmeland2e.cso.gov.tt
 -d c2dc5b99.chgmar.pages.dev
 -d c6ebv708.caspio.com
 -d cabsiler.com
 -d cache.nebula.phx3.secureserver.net
 -d cadeau-orange.fr
+-d caixabanki.temp.swtest.ru
 -d caixaseguradora.quadientcloud.com
 -d cakesbyannemotha.com
 -d cammymiller.com
@@ -509,7 +515,6 @@ msFilterList
 -d capservice.online
 -d caracasmateriais.blogspot.com
 -d carpediemxp.com
--d carry.reduxservices.com
 -d carservicessaupdate.xyz
 -d cartamorin-geometres.fr
 -d carwash.tv
@@ -522,6 +527,7 @@ msFilterList
 -d caymanreno.com
 -d cbmonlinegroups.com
 -d cc.scicemecod.com
+-d cc23674.tmweb.ru
 -d ccjrlaw.com
 -d cdas.nxzigco.cn
 -d cdsoa.wuefyta.cn
@@ -534,14 +540,13 @@ msFilterList
 -d centre1.bubbleapps.io
 -d ceresgulf.com
 -d certifica-montepaschii.com
--d chalokradocallkakuch.azurewebsites.net
--d changenotification.pricesamazonlogincard.monster
+-d charitascb.com
 -d charperimagedesign.com
 -d chat-whatasapp.com
 -d chat-whatsaap99.duckdns.org
 -d chat-whatsapp-com-go8i7q-qregrabc-ibuxub.duckdns.org
--d chat-whatsapp-group-2022.duckdns.org
 -d chat-whatsapp-grupo-invitacion.blogspot.com
+-d chat-whatsapp-gscfghjsgsu.duckdns.org
 -d chckmaill1.web.app
 -d chckmaill10.web.app
 -d chckmaill11.web.app
@@ -575,9 +580,9 @@ msFilterList
 -d chois.jp
 -d christienstudystl.wixsite.com
 -d christmas-dhl-express-delvr.hopekosmos.com
+-d chronopostaws.com
 -d chtbnk.uk
 -d chutomen.com
--d ciiusea.com
 -d cinemaleftech.com
 -d citagestionenlineabn.com
 -d city-of-jazz.de
@@ -585,13 +590,11 @@ msFilterList
 -d claiimdiamondgratis84.duckdns.org
 -d claim-event-freefire-garena-oldfree-a4.duckdns.org
 -d claim-skingratis-mobailegends161.duckdns.org
--d claimgratisff2022.duckdns.org
 -d claims-funds-enczj.run-us-west2.goorm.io
 -d claimseventmlbb.duckdns.org
 -d claimshopee.yolasite.com
 -d claro-link.brsafe.com.br
 -d claus.bz
--d clefman.cl
 -d click-here-help.in
 -d client-support-page.com
 -d clientid-h5p8n7f9e6fbmkhbr3i4gbnia7e9zpts4nbk3ebk0zj625t2ol.website.yandexcloud.net
@@ -630,7 +633,9 @@ msFilterList
 -d co.jp.sefdvsi.cn
 -d co.jp.tezkkbp.cn
 -d co.jp.ztxzzup.cn
+-d cobaincurlduluom.duckdns.org
 -d codwarzonemobile.com
+-d coindappsync.online
 -d cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev
 -d collab-land.net
 -d collabland.info
@@ -645,23 +650,24 @@ msFilterList
 -d com-r51znzlh8i.isiolo.go.ke
 -d com-sauuvazpjo.isiolo.go.ke
 -d com-ugsyk69nqb.isiolo.go.ke
--d comefuck.co
 -d community.fb-pages-01138913366342885284.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
 -d community.fb-pages-28202553629866144006.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
 -d community.fb-pages-44883444930165123303.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
 -d completeegali.webcindario.com
+-d completeyorcorp.lunsrgovert.net
 -d comunicazione-europe.net
 -d comunity-isue-ideent-andromeda-29.web.id
 -d comunity-isue-ideent-andromeda-33.web.id
--d comunity-isue-ideent-andromeda-88.web.id
 -d con-firma.firebaseapp.com
--d confirming-pages-idntitysupport.web.id
 -d congresosba.com.ar
 -d conhecaonlinedigital.com.br
 -d connect.au-login.0662smt.com
+-d connect.auone.jp-login.kddi-sys.com
+-d connect.myauone.jp-auid.jp-auid.com
+-d connect.myauone.jp-auid.kddi-mail.com
+-d connectlivewallet.io
 -d connectwallet.me
 -d conoscofaturahiiiper.com
--d consultavirtuai.bieah.com
 -d contabilidaderabello.com.br
 -d contact2acceptpoilcyverifingyouracceptancemailfullinbox.pages.dev
 -d contapessoal.digital
@@ -672,7 +678,7 @@ msFilterList
 -d contratodeparceria.com.br
 -d controlpichincha.webcindario.com
 -d copyright-center-live.ml
--d corl-inv.web.app
+-d coroplastusa.com
 -d correosdemexico-web.com
 -d corta.ai
 -d cosemu.com
@@ -692,7 +698,6 @@ msFilterList
 -d credicorpfiduciariasa.com
 -d credifinanciera.didacsis.com
 -d crediserfinanza.com
--d credita302.temp.swtest.ru
 -d creditagricole-sudrhonealpes.blogspot.ba
 -d creditagricole-sudrhonealpes.blogspot.com
 -d creditagricole-sudrhonealpes.blogspot.ro
@@ -700,13 +705,18 @@ msFilterList
 -d creditiperhabbogratissicuro100.blogspot.it
 -d cresvin.com
 -d criticalcarevizag.com
+-d crrdxwjap7t.typeform.com
 -d cryptocars-plays.buzz
 -d cryptocarsme.com
 -d cryptscars-logs.com
 -d cryqtocars.me
 -d cuans.bkaamiv.cn
 -d currentlyupgrade.mystrikingly.com
+-d cusnas.366wuv.cn
+-d cxas.bvd2q18.cn
+-d cxas.zk6w4dt.cn
 -d cxasd.easghbl.cn
+-d cxmnsa.04frh0w.cn
 -d cxnbas.nmkbmqk.cn
 -d cxuahs.1wc9bxm.cn
 -d cyna.rkpmage.cn
@@ -719,8 +729,10 @@ msFilterList
 -d d2aae6a6.srvr-cloudmail-srvr675eu6r.pages.dev
 -d d3ncuwwrr82.typeform.com
 -d daatahomes.com
+-d dadafa88.com
 -d damp-f43e.recovery-page-secur.workers.dev
 -d danitraseoexperts.com
+-d dappconnecttvalidator.net
 -d dapponlines.com
 -d dappscoins.com
 -d dappsiconnect.com
@@ -736,8 +748,8 @@ msFilterList
 -d db-web-client.com
 -d dbesmdcjzturhizszllesbthsn-dot-gl44393333333.rj.r.appspot.com
 -d dbkuzwes.online
--d dbs-interrnet.online
 -d dbs.limited
+-d dbs.online.webdbslistinonline.com
 -d dbs.webdbslistinonline.com
 -d dbw.gr
 -d dcm1.ae.iwc.static.tungmung.co.id
@@ -770,6 +782,7 @@ msFilterList
 -d dev-nadaj.orlenpaczka.ce5.pl
 -d dev-secu-credit-union.pantheonsite.io
 -d dev-www.orlenpaczka.ce5.pl
+-d dev.massageliabilityinsurancegroup.com
 -d dev.shivaxi.com
 -d devicepichincha.webcindario.com
 -d devops.help
@@ -782,15 +795,17 @@ msFilterList
 -d dhl.recruitmentplatform.com
 -d diamondplate.us
 -d die-post-swiss-id-19782635812.psd2any.com
+-d diepost-paketevhost207932.lowhost.ru
 -d diginto.org
--d dilscord.gift
+-d diligentverify.com
 -d directqpuprozaakp.weebly.com
 -d dirtyez.com
 -d disccrdapp.com
 -d disckord.club
 -d discoord-nittro.com
--d discorc.gift
 -d discordbugs.com
+-d discordnitroos.com
+-d discrods.gift
 -d dispositivoapp.azurewebsites.net
 -d distinctivei.com
 -d distrial.ec
@@ -803,7 +818,6 @@ msFilterList
 -d dl.9xu.com
 -d dlink.me
 -d dmaxpesca.com.es
--d dminer.cloud
 -d doclab-console-auth.firebaseapp.com
 -d docs-verify-c671.thajetiase.workers.dev
 -d docs.revv.so
@@ -829,12 +843,9 @@ msFilterList
 -d domainserverlawa117.web.app
 -d domainserverlawa118.web.app
 -d domainserverlawa119.web.app
--d domainserverlawa120.web.app
--d domainserverlawa121.web.app
 -d domainserverlawa122.web.app
 -d domainserverlawa123.web.app
 -d domainserverlawa124.web.app
--d domainserverlawa125.web.app
 -d domainserverlawa126.web.app
 -d domainserverlawa127.web.app
 -d domainserverlawa128.web.app
@@ -843,32 +854,24 @@ msFilterList
 -d domainserverlawa130.web.app
 -d domainserverlawa131.web.app
 -d domainserverlawa132.web.app
--d domainserverlawa133.web.app
 -d domainserverlawa134.web.app
 -d domainserverlawa135.web.app
 -d domainserverlawa136.web.app
 -d domainserverlawa137.web.app
--d domainserverlawa138.web.app
 -d domainserverlawa139.web.app
 -d domainserverlawa14.web.app
--d domainserverlawa140.web.app
--d domainserverlawa141.web.app
 -d domainserverlawa142.web.app
 -d domainserverlawa143.web.app
 -d domainserverlawa144.web.app
 -d domainserverlawa145.web.app
 -d domainserverlawa146.web.app
--d domainserverlawa147.web.app
 -d domainserverlawa148.web.app
 -d domainserverlawa149.web.app
 -d domainserverlawa150.web.app
--d domainserverlawa151.web.app
 -d domainserverlawa152.web.app
 -d domainserverlawa153.web.app
--d domainserverlawa154.web.app
 -d domainserverlawa155.web.app
 -d domainserverlawa156.web.app
--d domainserverlawa157.web.app
 -d domainserverlawa158.web.app
 -d domainserverlawa159.web.app
 -d domainserverlawa160.web.app
@@ -876,20 +879,15 @@ msFilterList
 -d domainserverlawa162.web.app
 -d domainserverlawa163.web.app
 -d domainserverlawa164.web.app
--d domainserverlawa165.web.app
 -d domainserverlawa166.web.app
 -d domainserverlawa167.web.app
 -d domainserverlawa168.web.app
 -d domainserverlawa169.web.app
--d domainserverlawa17.web.app
--d domainserverlawa170.web.app
 -d domainserverlawa171.web.app
 -d domainserverlawa172.web.app
 -d domainserverlawa173.web.app
 -d domainserverlawa174.web.app
--d domainserverlawa175.web.app
 -d domainserverlawa176.web.app
--d domainserverlawa177.web.app
 -d domainserverlawa178.web.app
 -d domainserverlawa179.web.app
 -d domainserverlawa18.web.app
@@ -898,34 +896,25 @@ msFilterList
 -d domainserverlawa182.web.app
 -d domainserverlawa183.web.app
 -d domainserverlawa184.web.app
--d domainserverlawa185.web.app
 -d domainserverlawa186.web.app
 -d domainserverlawa187.web.app
 -d domainserverlawa188.web.app
 -d domainserverlawa189.web.app
 -d domainserverlawa19.web.app
--d domainserverlawa190.web.app
 -d domainserverlawa191.web.app
 -d domainserverlawa193.web.app
 -d domainserverlawa194.web.app
 -d domainserverlawa195.web.app
--d domainserverlawa196.web.app
--d domainserverlawa197.web.app
 -d domainserverlawa198.web.app
--d domainserverlawa199.web.app
 -d domainserverlawa20.web.app
--d domainserverlawa200.web.app
 -d domainserverlawa201.web.app
 -d domainserverlawa202.web.app
--d domainserverlawa203.web.app
 -d domainserverlawa204.web.app
 -d domainserverlawa205.web.app
 -d domainserverlawa206.web.app
--d domainserverlawa207.web.app
 -d domainserverlawa208.web.app
 -d domainserverlawa209.web.app
 -d domainserverlawa21.web.app
--d domainserverlawa210.web.app
 -d domainserverlawa211.web.app
 -d domainserverlawa212.web.app
 -d domainserverlawa213.web.app
@@ -939,7 +928,6 @@ msFilterList
 -d domainserverlawa221.web.app
 -d domainserverlawa222.web.app
 -d domainserverlawa223.web.app
--d domainserverlawa224.web.app
 -d domainserverlawa225.web.app
 -d domainserverlawa226.web.app
 -d domainserverlawa227.web.app
@@ -952,12 +940,10 @@ msFilterList
 -d domainserverlawa234.web.app
 -d domainserverlawa235.web.app
 -d domainserverlawa237.web.app
--d domainserverlawa238.web.app
 -d domainserverlawa239.web.app
 -d domainserverlawa240.web.app
 -d domainserverlawa241.web.app
 -d domainserverlawa242.web.app
--d domainserverlawa243.web.app
 -d domainserverlawa244.web.app
 -d domainserverlawa245.web.app
 -d domainserverlawa246.web.app
@@ -965,35 +951,23 @@ msFilterList
 -d domainserverlawa248.web.app
 -d domainserverlawa249.web.app
 -d domainserverlawa25.web.app
--d domainserverlawa250.web.app
 -d domainserverlawa251.web.app
 -d domainserverlawa252.web.app
 -d domainserverlawa253.web.app
--d domainserverlawa254.web.app
--d domainserverlawa255.web.app
 -d domainserverlawa256.web.app
 -d domainserverlawa257.web.app
 -d domainserverlawa258.web.app
--d domainserverlawa259.web.app
--d domainserverlawa26.web.app
 -d domainserverlawa260.web.app
--d domainserverlawa261.web.app
--d domainserverlawa262.web.app
 -d domainserverlawa263.web.app
 -d domainserverlawa264.web.app
 -d domainserverlawa265.web.app
 -d domainserverlawa266.web.app
 -d domainserverlawa267.web.app
--d domainserverlawa268.web.app
 -d domainserverlawa269.web.app
 -d domainserverlawa270.web.app
--d domainserverlawa271.web.app
--d domainserverlawa272.web.app
 -d domainserverlawa273.web.app
 -d domainserverlawa274.web.app
--d domainserverlawa275.web.app
 -d domainserverlawa276.web.app
--d domainserverlawa277.web.app
 -d domainserverlawa278.web.app
 -d domainserverlawa279.web.app
 -d domainserverlawa280.web.app
@@ -1002,9 +976,7 @@ msFilterList
 -d domainserverlawa283.web.app
 -d domainserverlawa284.web.app
 -d domainserverlawa285.web.app
--d domainserverlawa286.web.app
 -d domainserverlawa287.web.app
--d domainserverlawa289.web.app
 -d domainserverlawa29.web.app
 -d domainserverlawa290.web.app
 -d domainserverlawa292.web.app
@@ -1013,28 +985,20 @@ msFilterList
 -d domainserverlawa295.web.app
 -d domainserverlawa296.web.app
 -d domainserverlawa297.web.app
--d domainserverlawa298.web.app
 -d domainserverlawa299.web.app
--d domainserverlawa30.web.app
 -d domainserverlawa300.web.app
 -d domainserverlawa301.web.app
 -d domainserverlawa302.web.app
 -d domainserverlawa303.web.app
 -d domainserverlawa304.web.app
 -d domainserverlawa305.web.app
--d domainserverlawa306.web.app
 -d domainserverlawa307.web.app
 -d domainserverlawa308.web.app
--d domainserverlawa309.web.app
--d domainserverlawa31.web.app
 -d domainserverlawa310.web.app
 -d domainserverlawa311.web.app
 -d domainserverlawa312.web.app
 -d domainserverlawa313.web.app
--d domainserverlawa314.web.app
 -d domainserverlawa315.web.app
--d domainserverlawa316.web.app
--d domainserverlawa317.web.app
 -d domainserverlawa318.web.app
 -d domainserverlawa319.web.app
 -d domainserverlawa32.web.app
@@ -1042,13 +1006,11 @@ msFilterList
 -d domainserverlawa321.web.app
 -d domainserverlawa322.web.app
 -d domainserverlawa323.web.app
--d domainserverlawa324.web.app
 -d domainserverlawa325.web.app
 -d domainserverlawa326.web.app
 -d domainserverlawa327.web.app
 -d domainserverlawa328.web.app
 -d domainserverlawa329.web.app
--d domainserverlawa33.web.app
 -d domainserverlawa330.web.app
 -d domainserverlawa331.web.app
 -d domainserverlawa332.web.app
@@ -1059,17 +1021,14 @@ msFilterList
 -d domainserverlawa337.web.app
 -d domainserverlawa338.web.app
 -d domainserverlawa339.web.app
--d domainserverlawa34.web.app
 -d domainserverlawa340.web.app
 -d domainserverlawa341.web.app
 -d domainserverlawa342.web.app
 -d domainserverlawa343.web.app
 -d domainserverlawa344.web.app
--d domainserverlawa345.web.app
 -d domainserverlawa346.web.app
 -d domainserverlawa347.web.app
 -d domainserverlawa348.web.app
--d domainserverlawa35.web.app
 -d domainserverlawa350.web.app
 -d domainserverlawa351.web.app
 -d domainserverlawa352.web.app
@@ -1083,7 +1042,6 @@ msFilterList
 -d domainserverlawa36.web.app
 -d domainserverlawa360.web.app
 -d domainserverlawa361.web.app
--d domainserverlawa362.web.app
 -d domainserverlawa363.web.app
 -d domainserverlawa364.web.app
 -d domainserverlawa365.web.app
@@ -1094,7 +1052,6 @@ msFilterList
 -d domainserverlawa370.web.app
 -d domainserverlawa371.web.app
 -d domainserverlawa372.web.app
--d domainserverlawa373.web.app
 -d domainserverlawa374.web.app
 -d domainserverlawa375.web.app
 -d domainserverlawa376.web.app
@@ -1110,11 +1067,7 @@ msFilterList
 -d domainserverlawa385.web.app
 -d domainserverlawa386.web.app
 -d domainserverlawa387.web.app
--d domainserverlawa388.web.app
--d domainserverlawa389.web.app
--d domainserverlawa39.web.app
 -d domainserverlawa390.web.app
--d domainserverlawa391.web.app
 -d domainserverlawa392.web.app
 -d domainserverlawa393.web.app
 -d domainserverlawa394.web.app
@@ -1125,11 +1078,8 @@ msFilterList
 -d domainserverlawa40.web.app
 -d domainserverlawa400.web.app
 -d domainserverlawa401.web.app
--d domainserverlawa402.web.app
 -d domainserverlawa403.web.app
--d domainserverlawa404.web.app
 -d domainserverlawa405.web.app
--d domainserverlawa406.web.app
 -d domainserverlawa407.web.app
 -d domainserverlawa408.web.app
 -d domainserverlawa409.web.app
@@ -1140,7 +1090,6 @@ msFilterList
 -d domainserverlawa413.web.app
 -d domainserverlawa414.web.app
 -d domainserverlawa415.web.app
--d domainserverlawa416.web.app
 -d domainserverlawa417.web.app
 -d domainserverlawa418.web.app
 -d domainserverlawa419.web.app
@@ -1153,12 +1102,10 @@ msFilterList
 -d domainserverlawa425.web.app
 -d domainserverlawa426.web.app
 -d domainserverlawa427.web.app
--d domainserverlawa428.web.app
 -d domainserverlawa429.web.app
 -d domainserverlawa43.web.app
 -d domainserverlawa430.web.app
 -d domainserverlawa431.web.app
--d domainserverlawa432.web.app
 -d domainserverlawa433.web.app
 -d domainserverlawa434.web.app
 -d domainserverlawa435.web.app
@@ -1168,36 +1115,27 @@ msFilterList
 -d domainserverlawa439.web.app
 -d domainserverlawa44.web.app
 -d domainserverlawa440.web.app
--d domainserverlawa441.web.app
 -d domainserverlawa442.web.app
 -d domainserverlawa443.web.app
 -d domainserverlawa444.web.app
 -d domainserverlawa445.web.app
 -d domainserverlawa446.web.app
 -d domainserverlawa447.web.app
--d domainserverlawa448.web.app
 -d domainserverlawa449.web.app
--d domainserverlawa45.web.app
 -d domainserverlawa450.web.app
 -d domainserverlawa451.web.app
 -d domainserverlawa452.web.app
 -d domainserverlawa453.web.app
--d domainserverlawa454.web.app
 -d domainserverlawa455.web.app
 -d domainserverlawa456.web.app
--d domainserverlawa457.web.app
--d domainserverlawa458.web.app
 -d domainserverlawa459.web.app
 -d domainserverlawa46.web.app
 -d domainserverlawa460.web.app
--d domainserverlawa461.web.app
 -d domainserverlawa462.web.app
 -d domainserverlawa463.web.app
 -d domainserverlawa464.web.app
 -d domainserverlawa465.web.app
 -d domainserverlawa466.web.app
--d domainserverlawa467.web.app
--d domainserverlawa468.web.app
 -d domainserverlawa469.web.app
 -d domainserverlawa47.web.app
 -d domainserverlawa470.web.app
@@ -1208,18 +1146,14 @@ msFilterList
 -d domainserverlawa475.web.app
 -d domainserverlawa476.web.app
 -d domainserverlawa477.web.app
--d domainserverlawa478.web.app
 -d domainserverlawa479.web.app
 -d domainserverlawa480.web.app
 -d domainserverlawa481.web.app
--d domainserverlawa482.web.app
 -d domainserverlawa483.web.app
 -d domainserverlawa484.web.app
 -d domainserverlawa485.web.app
 -d domainserverlawa486.web.app
 -d domainserverlawa487.web.app
--d domainserverlawa488.web.app
--d domainserverlawa489.web.app
 -d domainserverlawa49.web.app
 -d domainserverlawa490.web.app
 -d domainserverlawa491.web.app
@@ -1230,22 +1164,15 @@ msFilterList
 -d domainserverlawa496.web.app
 -d domainserverlawa497.web.app
 -d domainserverlawa498.web.app
--d domainserverlawa499.web.app
 -d domainserverlawa50.web.app
 -d domainserverlawa500.web.app
--d domainserverlawa501.web.app
 -d domainserverlawa502.web.app
--d domainserverlawa503.web.app
--d domainserverlawa504.web.app
--d domainserverlawa505.web.app
 -d domainserverlawa506.web.app
 -d domainserverlawa507.web.app
 -d domainserverlawa508.web.app
 -d domainserverlawa509.web.app
 -d domainserverlawa51.web.app
--d domainserverlawa510.web.app
 -d domainserverlawa511.web.app
--d domainserverlawa513.web.app
 -d domainserverlawa514.web.app
 -d domainserverlawa515.web.app
 -d domainserverlawa516.web.app
@@ -1254,10 +1181,8 @@ msFilterList
 -d domainserverlawa519.web.app
 -d domainserverlawa52.web.app
 -d domainserverlawa520.web.app
--d domainserverlawa521.web.app
 -d domainserverlawa522.web.app
 -d domainserverlawa523.web.app
--d domainserverlawa524.web.app
 -d domainserverlawa525.web.app
 -d domainserverlawa526.web.app
 -d domainserverlawa527.web.app
@@ -1268,28 +1193,21 @@ msFilterList
 -d domainserverlawa531.web.app
 -d domainserverlawa532.web.app
 -d domainserverlawa533.web.app
--d domainserverlawa534.web.app
--d domainserverlawa535.web.app
 -d domainserverlawa536.web.app
 -d domainserverlawa537.web.app
 -d domainserverlawa538.web.app
 -d domainserverlawa539.web.app
 -d domainserverlawa54.web.app
--d domainserverlawa540.web.app
 -d domainserverlawa541.web.app
 -d domainserverlawa542.web.app
 -d domainserverlawa543.web.app
--d domainserverlawa544.web.app
 -d domainserverlawa545.web.app
 -d domainserverlawa546.web.app
 -d domainserverlawa547.web.app
--d domainserverlawa548.web.app
 -d domainserverlawa549.web.app
 -d domainserverlawa550.web.app
 -d domainserverlawa551.web.app
--d domainserverlawa552.web.app
 -d domainserverlawa553.web.app
--d domainserverlawa554.web.app
 -d domainserverlawa555.web.app
 -d domainserverlawa556.web.app
 -d domainserverlawa557.web.app
@@ -1299,9 +1217,7 @@ msFilterList
 -d domainserverlawa560.web.app
 -d domainserverlawa561.web.app
 -d domainserverlawa562.web.app
--d domainserverlawa563.web.app
 -d domainserverlawa564.web.app
--d domainserverlawa565.web.app
 -d domainserverlawa566.web.app
 -d domainserverlawa567.web.app
 -d domainserverlawa568.web.app
@@ -1310,35 +1226,24 @@ msFilterList
 -d domainserverlawa570.web.app
 -d domainserverlawa571.web.app
 -d domainserverlawa572.web.app
--d domainserverlawa573.web.app
 -d domainserverlawa574.web.app
 -d domainserverlawa575.web.app
 -d domainserverlawa576.web.app
 -d domainserverlawa577.web.app
 -d domainserverlawa578.web.app
 -d domainserverlawa579.web.app
--d domainserverlawa58.web.app
--d domainserverlawa580.web.app
 -d domainserverlawa581.web.app
 -d domainserverlawa582.web.app
 -d domainserverlawa583.web.app
--d domainserverlawa584.web.app
--d domainserverlawa585.web.app
 -d domainserverlawa586.web.app
 -d domainserverlawa587.web.app
 -d domainserverlawa588.web.app
 -d domainserverlawa589.web.app
 -d domainserverlawa59.web.app
--d domainserverlawa590.web.app
--d domainserverlawa591.web.app
 -d domainserverlawa592.web.app
 -d domainserverlawa593.web.app
--d domainserverlawa594.web.app
--d domainserverlawa595.web.app
--d domainserverlawa596.web.app
 -d domainserverlawa597.web.app
 -d domainserverlawa598.web.app
--d domainserverlawa599.web.app
 -d domainserverlawa60.web.app
 -d domainserverlawa600.web.app
 -d domainserverlawa601.web.app
@@ -1346,25 +1251,18 @@ msFilterList
 -d domainserverlawa603.web.app
 -d domainserverlawa604.web.app
 -d domainserverlawa605.web.app
--d domainserverlawa606.web.app
 -d domainserverlawa607.web.app
 -d domainserverlawa608.web.app
 -d domainserverlawa609.web.app
--d domainserverlawa61.web.app
 -d domainserverlawa610.web.app
--d domainserverlawa611.web.app
 -d domainserverlawa612.web.app
 -d domainserverlawa613.web.app
 -d domainserverlawa614.web.app
--d domainserverlawa615.web.app
--d domainserverlawa616.web.app
--d domainserverlawa617.web.app
 -d domainserverlawa618.web.app
 -d domainserverlawa619.web.app
 -d domainserverlawa62.web.app
 -d domainserverlawa620.web.app
 -d domainserverlawa621.web.app
--d domainserverlawa622.web.app
 -d domainserverlawa623.web.app
 -d domainserverlawa624.web.app
 -d domainserverlawa625.web.app
@@ -1385,7 +1283,6 @@ msFilterList
 -d domainserverlawa639.web.app
 -d domainserverlawa64.web.app
 -d domainserverlawa640.web.app
--d domainserverlawa641.web.app
 -d domainserverlawa642.web.app
 -d domainserverlawa643.web.app
 -d domainserverlawa644.web.app
@@ -1401,11 +1298,6 @@ msFilterList
 -d domainserverlawa653.web.app
 -d domainserverlawa654.web.app
 -d domainserverlawa655.web.app
--d domainserverlawa656.web.app
--d domainserverlawa657.web.app
--d domainserverlawa658.web.app
--d domainserverlawa659.web.app
--d domainserverlawa66.web.app
 -d domainserverlawa660.web.app
 -d domainserverlawa661.web.app
 -d domainserverlawa662.web.app
@@ -1416,14 +1308,10 @@ msFilterList
 -d domainserverlawa667.web.app
 -d domainserverlawa668.web.app
 -d domainserverlawa669.web.app
--d domainserverlawa67.web.app
--d domainserverlawa670.web.app
 -d domainserverlawa671.web.app
 -d domainserverlawa672.web.app
 -d domainserverlawa673.web.app
--d domainserverlawa674.web.app
 -d domainserverlawa675.web.app
--d domainserverlawa676.web.app
 -d domainserverlawa677.web.app
 -d domainserverlawa678.web.app
 -d domainserverlawa679.web.app
@@ -1431,12 +1319,8 @@ msFilterList
 -d domainserverlawa680.web.app
 -d domainserverlawa681.web.app
 -d domainserverlawa682.web.app
--d domainserverlawa683.web.app
 -d domainserverlawa684.web.app
 -d domainserverlawa685.web.app
--d domainserverlawa686.web.app
--d domainserverlawa687.web.app
--d domainserverlawa688.web.app
 -d domainserverlawa689.web.app
 -d domainserverlawa69.web.app
 -d domainserverlawa690.web.app
@@ -1444,7 +1328,6 @@ msFilterList
 -d domainserverlawa692.web.app
 -d domainserverlawa693.web.app
 -d domainserverlawa694.web.app
--d domainserverlawa695.web.app
 -d domainserverlawa696.web.app
 -d domainserverlawa697.web.app
 -d domainserverlawa698.web.app
@@ -1455,15 +1338,11 @@ msFilterList
 -d domainserverlawa702.web.app
 -d domainserverlawa703.web.app
 -d domainserverlawa704.web.app
--d domainserverlawa705.web.app
 -d domainserverlawa706.web.app
--d domainserverlawa707.web.app
 -d domainserverlawa708.web.app
 -d domainserverlawa709.web.app
 -d domainserverlawa71.web.app
--d domainserverlawa710.web.app
 -d domainserverlawa711.web.app
--d domainserverlawa712.web.app
 -d domainserverlawa713.web.app
 -d domainserverlawa714.web.app
 -d domainserverlawa715.web.app
@@ -1472,17 +1351,13 @@ msFilterList
 -d domainserverlawa718.web.app
 -d domainserverlawa719.web.app
 -d domainserverlawa72.web.app
--d domainserverlawa720.web.app
 -d domainserverlawa721.web.app
 -d domainserverlawa722.web.app
--d domainserverlawa723.web.app
 -d domainserverlawa724.web.app
 -d domainserverlawa725.web.app
 -d domainserverlawa726.web.app
 -d domainserverlawa727.web.app
--d domainserverlawa728.web.app
 -d domainserverlawa729.web.app
--d domainserverlawa73.web.app
 -d domainserverlawa730.web.app
 -d domainserverlawa731.web.app
 -d domainserverlawa732.web.app
@@ -1495,31 +1370,22 @@ msFilterList
 -d domainserverlawa739.web.app
 -d domainserverlawa74.web.app
 -d domainserverlawa740.web.app
--d domainserverlawa741.web.app
 -d domainserverlawa742.web.app
 -d domainserverlawa743.web.app
 -d domainserverlawa744.web.app
--d domainserverlawa745.web.app
 -d domainserverlawa746.web.app
--d domainserverlawa747.web.app
--d domainserverlawa748.web.app
 -d domainserverlawa749.web.app
 -d domainserverlawa75.web.app
 -d domainserverlawa750.web.app
--d domainserverlawa751.web.app
 -d domainserverlawa752.web.app
 -d domainserverlawa753.web.app
 -d domainserverlawa754.web.app
 -d domainserverlawa755.web.app
--d domainserverlawa756.web.app
 -d domainserverlawa757.web.app
 -d domainserverlawa758.web.app
 -d domainserverlawa759.web.app
--d domainserverlawa76.web.app
--d domainserverlawa760.web.app
 -d domainserverlawa761.web.app
 -d domainserverlawa762.web.app
--d domainserverlawa763.web.app
 -d domainserverlawa764.web.app
 -d domainserverlawa765.web.app
 -d domainserverlawa766.web.app
@@ -1539,22 +1405,17 @@ msFilterList
 -d domainserverlawa779.web.app
 -d domainserverlawa78.web.app
 -d domainserverlawa780.web.app
--d domainserverlawa781.web.app
 -d domainserverlawa782.web.app
 -d domainserverlawa783.web.app
 -d domainserverlawa784.web.app
 -d domainserverlawa785.web.app
 -d domainserverlawa786.web.app
--d domainserverlawa787.web.app
 -d domainserverlawa788.web.app
 -d domainserverlawa789.web.app
 -d domainserverlawa79.web.app
 -d domainserverlawa790.web.app
--d domainserverlawa791.web.app
--d domainserverlawa792.web.app
 -d domainserverlawa793.web.app
 -d domainserverlawa794.web.app
--d domainserverlawa795.web.app
 -d domainserverlawa796.web.app
 -d domainserverlawa797.web.app
 -d domainserverlawa798.web.app
@@ -1563,7 +1424,6 @@ msFilterList
 -d domainserverlawa800.web.app
 -d domainserverlawa801.web.app
 -d domainserverlawa802.web.app
--d domainserverlawa803.web.app
 -d domainserverlawa804.web.app
 -d domainserverlawa806.web.app
 -d domainserverlawa807.web.app
@@ -1571,8 +1431,6 @@ msFilterList
 -d domainserverlawa809.web.app
 -d domainserverlawa81.web.app
 -d domainserverlawa810.web.app
--d domainserverlawa811.web.app
--d domainserverlawa812.web.app
 -d domainserverlawa813.web.app
 -d domainserverlawa814.web.app
 -d domainserverlawa815.web.app
@@ -1586,7 +1444,6 @@ msFilterList
 -d domainserverlawa822.web.app
 -d domainserverlawa823.web.app
 -d domainserverlawa824.web.app
--d domainserverlawa825.web.app
 -d domainserverlawa826.web.app
 -d domainserverlawa827.web.app
 -d domainserverlawa828.web.app
@@ -1598,9 +1455,7 @@ msFilterList
 -d domainserverlawa833.web.app
 -d domainserverlawa834.web.app
 -d domainserverlawa835.web.app
--d domainserverlawa836.web.app
 -d domainserverlawa837.web.app
--d domainserverlawa838.web.app
 -d domainserverlawa839.web.app
 -d domainserverlawa84.web.app
 -d domainserverlawa840.web.app
@@ -1608,29 +1463,21 @@ msFilterList
 -d domainserverlawa842.web.app
 -d domainserverlawa843.web.app
 -d domainserverlawa844.web.app
--d domainserverlawa845.web.app
 -d domainserverlawa846.web.app
--d domainserverlawa847.web.app
--d domainserverlawa848.web.app
--d domainserverlawa849.web.app
 -d domainserverlawa85.web.app
--d domainserverlawa850.web.app
 -d domainserverlawa851.web.app
 -d domainserverlawa852.web.app
 -d domainserverlawa853.web.app
--d domainserverlawa854.web.app
 -d domainserverlawa855.web.app
 -d domainserverlawa856.web.app
 -d domainserverlawa857.web.app
 -d domainserverlawa858.web.app
--d domainserverlawa859.web.app
 -d domainserverlawa86.web.app
 -d domainserverlawa860.web.app
 -d domainserverlawa861.web.app
 -d domainserverlawa862.web.app
 -d domainserverlawa863.web.app
 -d domainserverlawa864.web.app
--d domainserverlawa865.web.app
 -d domainserverlawa866.web.app
 -d domainserverlawa867.web.app
 -d domainserverlawa868.web.app
@@ -1641,7 +1488,6 @@ msFilterList
 -d domainserverlawa872.web.app
 -d domainserverlawa873.web.app
 -d domainserverlawa874.web.app
--d domainserverlawa875.web.app
 -d domainserverlawa877.web.app
 -d domainserverlawa878.web.app
 -d domainserverlawa879.web.app
@@ -1649,9 +1495,7 @@ msFilterList
 -d domainserverlawa880.web.app
 -d domainserverlawa881.web.app
 -d domainserverlawa882.web.app
--d domainserverlawa883.web.app
 -d domainserverlawa884.web.app
--d domainserverlawa885.web.app
 -d domainserverlawa886.web.app
 -d domainserverlawa888.web.app
 -d domainserverlawa889.web.app
@@ -1671,19 +1515,14 @@ msFilterList
 -d domainserverlawa902.web.app
 -d domainserverlawa903.web.app
 -d domainserverlawa904.web.app
--d domainserverlawa905.web.app
 -d domainserverlawa906.web.app
 -d domainserverlawa907.web.app
 -d domainserverlawa908.web.app
 -d domainserverlawa909.web.app
 -d domainserverlawa91.web.app
 -d domainserverlawa910.web.app
--d domainserverlawa911.web.app
 -d domainserverlawa912.web.app
 -d domainserverlawa913.web.app
--d domainserverlawa914.web.app
--d domainserverlawa915.web.app
--d domainserverlawa916.web.app
 -d domainserverlawa917.web.app
 -d domainserverlawa918.web.app
 -d domainserverlawa92.web.app
@@ -1692,22 +1531,14 @@ msFilterList
 -d domainserverlawa922.web.app
 -d domainserverlawa923.web.app
 -d domainserverlawa924.web.app
--d domainserverlawa925.web.app
 -d domainserverlawa926.web.app
 -d domainserverlawa927.web.app
 -d domainserverlawa929.web.app
--d domainserverlawa93.web.app
 -d domainserverlawa930.web.app
--d domainserverlawa931.web.app
 -d domainserverlawa932.web.app
--d domainserverlawa933.web.app
--d domainserverlawa934.web.app
 -d domainserverlawa935.web.app
--d domainserverlawa936.web.app
 -d domainserverlawa937.web.app
 -d domainserverlawa938.web.app
--d domainserverlawa939.web.app
--d domainserverlawa94.web.app
 -d domainserverlawa940.web.app
 -d domainserverlawa941.web.app
 -d domainserverlawa942.web.app
@@ -1716,45 +1547,33 @@ msFilterList
 -d domainserverlawa945.web.app
 -d domainserverlawa946.web.app
 -d domainserverlawa947.web.app
--d domainserverlawa948.web.app
 -d domainserverlawa949.web.app
 -d domainserverlawa95.web.app
 -d domainserverlawa950.web.app
--d domainserverlawa951.web.app
 -d domainserverlawa952.web.app
 -d domainserverlawa953.web.app
 -d domainserverlawa954.web.app
 -d domainserverlawa955.web.app
--d domainserverlawa957.web.app
 -d domainserverlawa958.web.app
 -d domainserverlawa959.web.app
 -d domainserverlawa96.web.app
--d domainserverlawa960.web.app
 -d domainserverlawa961.web.app
 -d domainserverlawa962.web.app
 -d domainserverlawa963.web.app
 -d domainserverlawa964.web.app
--d domainserverlawa965.web.app
 -d domainserverlawa966.web.app
 -d domainserverlawa967.web.app
--d domainserverlawa968.web.app
--d domainserverlawa969.web.app
 -d domainserverlawa97.web.app
 -d domainserverlawa970.web.app
--d domainserverlawa971.web.app
--d domainserverlawa972.web.app
 -d domainserverlawa973.web.app
 -d domainserverlawa974.web.app
 -d domainserverlawa975.web.app
 -d domainserverlawa976.web.app
 -d domainserverlawa977.web.app
--d domainserverlawa978.web.app
 -d domainserverlawa979.web.app
 -d domainserverlawa98.web.app
 -d domainserverlawa980.web.app
--d domainserverlawa981.web.app
 -d domainserverlawa982.web.app
--d domainserverlawa983.web.app
 -d domainserverlawa984.web.app
 -d domainserverlawa985.web.app
 -d domainserverlawa986.web.app
@@ -1764,14 +1583,11 @@ msFilterList
 -d domainserverlawa99.web.app
 -d domainserverlawa990.web.app
 -d domainserverlawa991.web.app
--d domainserverlawa992.web.app
 -d domainserverlawa993.web.app
--d domainserverlawa994.web.app
 -d domainserverlawa995.web.app
 -d domainserverlawa996.web.app
--d domainserverlawa997.web.app
--d domainserverlawa998.web.app
 -d domainserverlawa999.web.app
+-d donaidrsilcio.com
 -d doooog.cn
 -d dopeydog.co.nz
 -d dorouscom.com
@@ -1779,20 +1595,20 @@ msFilterList
 -d dowaba-s2dhl.blogspot.com
 -d doz.tode.cz
 -d dpasdasfasfasfas.pages.dev
+-d dpd-pl.566868.space
 -d dpd-redelivery-uk.com
 -d dpmasdaskj.pages.dev
 -d dr-joannepeeler.com
 -d dr3aq.byethost32.com
+-d dreamhacker.pro
 -d dreamotion-jp.com
 -d drivingschoolglasgow.co.uk
 -d drmarciovaleriano.com.br
--d dsadsadsa.diskstation.eu
 -d dsgcbeonline.com
+-d dskedirekt.web.app
 -d dsp2codemdp.t.justns.ru
--d dswboot.cc
 -d dtpprtmwbtudyquwgytcqcthzc-dot-gl44393333333.rj.r.appspot.com
 -d dtrpsystasfasgas.pages.dev
--d duanemanor.tk
 -d dukhovnist.in.ua
 -d durecorpperu.com
 -d dwrat.andalous.org
@@ -1806,7 +1622,6 @@ msFilterList
 -d e63q45f9h5fr.clickfunnels.com
 -d eagleeyeapparel.com
 -d earth01.info
--d easy-webtdapp.com
 -d easywalletfix.net
 -d easywalletsfix.com
 -d eba0200d0c.nxcli.net
@@ -1815,15 +1630,12 @@ msFilterList
 -d eberhardtedwige.wixsite.com
 -d ebuddynews.com
 -d ec.snadc-oecddo.com
--d ecloanmoney.com
 -d ecogreenjanitorial.com
 -d ecomcrew.staging.wpengine.com
 -d ecosteelsolution.ro
--d editpdfonline.tk
 -d edje.com
 -d edukickmexico.com
 -d ee-sms.co.uk
--d ee.mseocri.com
 -d ee.scicemecod.com
 -d efarms.com.ng
 -d eharmonyservice.com
@@ -1846,7 +1658,6 @@ msFilterList
 -d emsi-lobo.firebaseapp.com
 -d en-template-solicito-16414253314897.onepage.website
 -d enbolivia.com
--d enchanting-guiltless-suede.glitch.me
 -d encryptdrive.booogle.net
 -d engcamp.org
 -d enoman.fqzsdgtg.cn
@@ -1872,20 +1683,18 @@ msFilterList
 -d eth.coinscout.cc
 -d ethnictrendz.com
 -d ets.jwr.pa-fakfak.go.id
--d etwtny.cf
 -d eucriomeumundo.com
 -d eugnerally-wixsite-com.filesusr.com
--d euraby.com
 -d eusa-lombo.firebaseapp.com
 -d evashoes.com.ua
+-d even-besar-banget.duckdns.org
 -d even-ff-gratisterbaru2022.duckdns.org
--d even-ff-terbarugratis2022.duckdns.org
+-d event-ff-bundle-baru.duckdns.org
 -d event-freefire728.duckdns.org
+-d event-freeskkinmlbb.duckdns.org
 -d event-garenafreefire263.duckdns.org
--d event-skin-resmi-2022.duckdns.org
--d eventclaimfreefiregratis2022.duckdns.org
 -d eventclaimsff0.duckdns.org
--d eventgarenafreefiremax2022.duckdns.org
+-d eventspinfreefire2022.duckdns.org
 -d everestmotors.com.np
 -d evo-revolutioncups.com
 -d evolbithman.web.app
@@ -1894,6 +1703,7 @@ msFilterList
 -d exchange-pancakeswaps.com
 -d exchangedictionary.com
 -d exodlus.net
+-d exodus-2022.com
 -d exodus.com-wallet-signin.com
 -d exodus.com-web-wallet-online.com
 -d exodus.com.tccaponline.com
@@ -1905,6 +1715,7 @@ msFilterList
 -d extracloud.com.au
 -d ezblox.site
 -d ezssausage.com
+-d f2f.co.jp
 -d f6fr7.codesandbox.io
 -d f9w1lned0ruqblxi6jahwotak.filesusr.com
 -d faccebook.azurewebsites.net
@@ -1919,7 +1730,10 @@ msFilterList
 -d facebook.com-zxsrf038k.isiolo.go.ke
 -d facebook.eventspinff.wtf
 -d facebook.kingstopup.com
+-d facebook.whcserverbox.com
+-d facebook8facebook.blogspot.com
 -d facebookk.azurewebsites.net
+-d facebookphisher.herokuapp.com
 -d facebooks.azurewebsites.net
 -d faic.in
 -d faizankhan0408.github.io
@@ -1933,20 +1747,21 @@ msFilterList
 -d fax.gruppobiesse.it
 -d fb-case-id-28031803-fcdc-48af.web.app
 -d fb-pages.proteksion-help.workers.dev
+-d fb.10004682.review
 -d fb.expressturkeyi.com
 -d fb7927.bget.ru
 -d fdasd.2e4jept.cn
 -d fdhgf.xyz
--d feceboolk.blogspot.com
 -d federalaccesscredit.com
 -d fedner.net
 -d fer-brooks.top
 -d feriadempleos.com
 -d ferienhof-gempel.de
 -d ff-anivesary225.duckdns.org
+-d ff-member-ganena.com
 -d ff-membership-garena.com
 -d ff-membershipz-garena.ga
--d ff.membership.garenaj.vn
+-d ff.members.garera.vn
 -d ffim-event-2022.duckdns.org
 -d fghjr74rhudfguhtfguji.blogspot.com
 -d fi.uy
@@ -1955,7 +1770,6 @@ msFilterList
 -d fighting40s.com
 -d fikir.id
 -d fileundelete.net
--d filmkenner.com
 -d filtrosmil.com.br
 -d finalfantasyguide.co.uk
 -d finiiishingedgex.tk
@@ -1970,13 +1784,14 @@ msFilterList
 -d fmwebapp.azurewebsites.net
 -d foliar.pl
 -d foma-ura-lote.firebaseapp.com
+-d foor1.com
+-d for-pakage-delevry.tragaroleary.com
 -d foresta-mod.firebaseapp.com
 -d forhimself9999.co.vu
 -d formbuddy.com
 -d forms.formium.io
 -d formtools.com
 -d forum-dofus.com.co
--d foryour.gov-information.info
 -d fpalpha.myportfolio.com
 -d fpmaam.org
 -d fr-europe564598-com.filesusr.com
@@ -1989,6 +1804,7 @@ msFilterList
 -d freefireevent-codashop2022.duckdns.org
 -d freeitemff-allreward.duckdns.org
 -d freeliker.net
+-d freereward-ff.duckdns.org
 -d frefire-membership-garena.sukienfreefire2021.top
 -d freg-nine.pt
 -d friendsofnechockey.com
@@ -2004,21 +1820,22 @@ msFilterList
 -d ftx.cool
 -d ftxbonus.site
 -d funiswap.exchange
+-d furgonetka-1.pl
 -d fusionrestobar.cl
+-d futurebits.in
+-d fwztmgr.cn
 -d fxhalifax.com
 -d fxxmpavktyihgyqitmuaimubui-dot-gl44393333333.rj.r.appspot.com
 -d g-mtcc.com
 -d g.greatsubstance.com.my
 -d ga.teesmith.shop
 -d gabrielamims.com
--d gabung-grubnew1342.duckdns.org
 -d gagaclinic.com
 -d gakrvwufrvhxjaabezdbltlhff-dot-gl44393333333.rj.r.appspot.com
 -d gallciaonllne.webcindario.com
 -d garena-xacminhtaikhoan.com
--d garenafreefire728.duckdns.org
--d gastronomiarobertos.com
 -d gasunige.mfs.gg
+-d gbunggrup-pmrsatu13.duckdns.org
 -d gedfdfsd.eu
 -d geg.li
 -d generali-italia-ag.hrweb.it
@@ -2044,7 +1861,6 @@ msFilterList
 -d golkondaresorts.com
 -d goo-gl.me
 -d good12345.tripod.com
--d goofy-wozniak.192-210-226-164.plesk.page
 -d gorol-cost.web.app
 -d gorol-investor.web.app
 -d gosafes.com
@@ -2054,39 +1870,28 @@ msFilterList
 -d greekinfra.com
 -d greenclasses.in
 -d grosshandel-mevida.de
--d group-mantap-seger.duckdns.org
 -d group-wa-1.duckdns.org
--d groupbkep-vral15.duckdns.org
 -d groworldinternational.com
 -d grp02.member.mycld-rakuten.info
--d grub-sangex.wikaba.com
--d grubgabung.duckdns.org
 -d grubnatajadeh12.duckdns.org
+-d grubterbarukk037.duckdns.org
 -d grubviralterbaru65c.duckdns.org
--d grup-bokephot-terbaru2022.duckdns.org
--d grup-bokepviral4.duckdns.org
--d grup-dwsa-indomesia845.duckdns.org
--d grup-viral-seleb.duckdns.org
--d grup-viralbokep111.myftp.org
--d grup-viralbokep2.ddns.net
+-d gruo-wa-okep-dewasa-2022.duckdns.org
+-d grup-bokep-terbaru555.duckdns.org
 -d grup-whatsapp121.duckdns.org
 -d grup-whatsappbokep1.duckdns.org
 -d grup-whatsappbokep2.duckdns.org
--d grupbokeppadacantik.duckdns.org
+-d grup2022ssx.duckdns.org
 -d grupofsp.com.br
 -d gruposanpio.com
--d gruptiktok.wikaba.com
--d grupviral-xx.duckdns.org
--d grupviral109.duckdns.org
--d grupviralterbaru.duckdns.org
+-d grupwhatsaap-viral-2022.duckdns.org
 -d grupwhatsappnobar-2022.duckdns.org
 -d gscommunityspirit.greenschool.org
 -d gstsolutions.online
+-d gtw420.com
 -d gunatanahku.perkimtan.sumbarprov.go.id
 -d gurukanth.com
 -d gwenet.org
--d gyfnqyk.cn
--d gymjaokhanakho.azurewebsites.net
 -d habbocreditosparati.blogspot.com
 -d haftteam.ir
 -d hahdaeupdate.es.tl
@@ -2103,19 +1908,18 @@ msFilterList
 -d haunlimited.org
 -d hcnprdvz.azureedge.net
 -d hdmediahub.club
--d hdss-stream.org
 -d heinthu1.github.io
 -d hellenic-postbank.com
--d helloparis.co.uk
 -d help-account-bxsfe.ondigitalocean.app
+-d help-identity-recoveri-support-center.web.id
 -d help-notice-center-identity-6532.web.id
 -d help.insecur.saftyalert.workers.dev
 -d help.validation-page.workers.dev
+-d helpingcentere.com
 -d henan.vxim58i.cn
 -d hermes.parcel-tracker.com
 -d hetershaven.net
 -d heuristic-gagarin.45-88-108-231.plesk.page
--d hfemail.ntneancns.com
 -d hgda.db0u4hs.cn
 -d hgdaa.lfoxcct.cn
 -d hghgda.erjl0hx.cn
@@ -2130,18 +1934,15 @@ msFilterList
 -d hifly39091.top
 -d hifly61215.top
 -d hifly71191.top
--d hikaheal.com
 -d himalayansherpa.com.au
 -d himbauane.blogspot.com
 -d hitman71hd-wixsite-com.filesusr.com
--d hjhjjhjhjh.pagedemo.co
 -d hockian.com
 -d holobeam.000webhostapp.com
 -d home.ei1ns.de
 -d home.myfairpoint.net
 -d homepichilinea2.webcindario.com
 -d homesinlogin.com
--d homestaylongho.com
 -d hostnix.net
 -d hostpoint.ch.17a902ef.tcorner.fr
 -d hotbrooks.com
@@ -2154,6 +1955,7 @@ msFilterList
 -d hs-giveaways.ca
 -d ht-cargo.com.vn
 -d htlgroup.com.my
+-d httpcom-0d4tol437.isiolo.go.ke
 -d httpeugnerally-wixsite-com.filesusr.com
 -d https-scert-con04.xyz
 -d https-scert-srv02.xyz
@@ -2178,7 +1980,6 @@ msFilterList
 -d ialvkqkadlmcdltczoqpwoociz-dot-gl44393333333.rj.r.appspot.com
 -d ibpm.ru
 -d icloud-map-live.com
--d icloudstatus.com.ng
 -d icy.martulangbelulalng.workers.dev
 -d idappswallets.com
 -d identifiez-vous-avec-votre-compte.yolasite.com
@@ -2191,7 +1992,6 @@ msFilterList
 -d ighk.umjlrs7uci2751.workers.dev
 -d iipvit.by
 -d ijcda.bukkats.cn
--d ijeioqhawdqioqho.weebly.com
 -d ijhca.0gb0h7z.cn
 -d ijjd.h8nmtcc.cn
 -d ijmna.p2y00vd.cn
@@ -2202,23 +2002,25 @@ msFilterList
 -d ikcsa.ajiqvjf.cn
 -d ikdff.jmo904i.cn
 -d ikja.lbanwqp.cn
+-d ikjcd.p1z98hl.cn
 -d ikjd.uk0xnp8.cn
 -d ikjgd.rg6bzk7.cn
 -d ikmcd.u4jdbxm.cn
 -d ikmxaa.qcqxlrq.cn
+-d ilooksrare.com
 -d iloveyourglasses.com
 -d ilpconnect.org
+-d image-pict-ig.duckdns.org
 -d imersao.impulseingles.com.br
 -d imf0rm4t10nc3nt3r-1d3nt1tys.000webhostapp.com
--d imi-ksa.jajainfo.net
 -d imobiliaria-cardinali-com-br.blogspot.com
 -d impostazionebper.000webhostapp.com
 -d in.deraya.org
--d inaueab.com
 -d indo-viral2022.duckdns.org
 -d info.lionnets.com
 -d infohypesquad.com
 -d infopichinchaweb.webcindario.com
+-d information.safeamazoncardweb.cyou
 -d informations.recovery.confiryourpage.workers.dev
 -d infos00001.temp.swtest.ru
 -d infosecplace.com
@@ -2231,16 +2033,16 @@ msFilterList
 -d innca.ol90k56.cn
 -d innovasjon.as
 -d inps-ep.com
--d instagram-9.blogspot.com
--d instagramhelpp.agency
+-d instahelppbaddge.ml
 -d intellidata-analytica.com
--d interbankempresahome.rankforever.com
 -d interbankempresas.pe-il.ru
+-d interbankhomeweb.fullcircleteam.com
 -d intern.unibas-com.ch
 -d international-formulier.91-218-65-223.plesk.page
 -d internetbanking-caixa-gov.xyz
 -d internetbankinghelp.com
 -d internetservicetech.com
+-d intesalife.ie
 -d intexargentina.com.ar
 -d inthewildproductions.com
 -d intoli.ru
@@ -2248,10 +2050,14 @@ msFilterList
 -d intranet.sztpe.info
 -d investpl.work
 -d iplogger.info
+-d iqwea.soxr0u1.cn
 -d ironmantech.shop
--d irs-gov.us-get-funds-assistance.com
+-d irs-gov-supportcenters.com
+-d irs.gov-coronavirus-pandemic-tax-refund-submission.com
+-d ise.com.ar
 -d isfirsatibul.com
 -d ismamorlin.my-place.us
+-d isntagranmeta.pagedemo.co
 -d istudyalumni.com
 -d it-europe564598-com.filesusr.com
 -d it.melnikhotels.com
@@ -2263,6 +2069,12 @@ msFilterList
 -d iujdas.yfwxlc9.cn
 -d iuyydd.ebeg6uk.cn
 -d j9w77d0.cn
+-d jacco.co.jp-service-tranid-0001-00001m.jtlctj.cn
+-d jacco.co.jp-service-tranid-0001-00001m.jxbehx.cn
+-d jacco.co.jp-service-tranid-0001-00001m.qyb59bk.cn
+-d jacco.co.jp-service-tranid-0001-00001m.v8vxqi.cn
+-d jacco.co.jp-service-tranid-0001-00001m.v9iasv.cn
+-d jacco.co.jp-service-tranid-0001-00001m.vjsj3y.cn
 -d jacobliston.com
 -d jadaart.org
 -d jagex-rewards.com
@@ -2274,31 +2086,31 @@ msFilterList
 -d jeanbaileyrobor.com
 -d jendelajogja.com
 -d jerinja.github.io
--d jessicasproul.com
 -d jetser-electrical-supply.business.site
--d jetstoop.top
 -d jett.gator.site
 -d jflkp.csb.app
 -d jfovukvysqnglcjghfxncklqih-dot-gl44393333333.rj.r.appspot.com
 -d jhda.wfdyk9p.cn
 -d jhdd.fjcslad.cn
 -d jhff.93oe0u9.cn
+-d jhnd.0drhnjk.cn
 -d jiwanramchemical.com
 -d jjhcd.27ke98i.cn
 -d jk99j.sbs
--d jkhkjjkjk.pagedemo.co
 -d jlogine.com
+-d jmcna.jiwayjc.cn
+-d jmfykd.cyou
+-d jncba.diiqsmm.cn
 -d jnlope.tangguakrapekpuik.link
 -d jnnc.grnxkoj.cn
 -d job-type.com
 -d jobs.job.com.bd
 -d joecamera.net
 -d john-ashley.de
--d join-chat-whatssap-viral-2022.duckdns.org
--d join-group-wa2022.duckdns.org
--d join-grub-bokep-gratis.duckdns.org
--d join-grubkienzy849.duckdns.org
--d join-whatsapp-tante-hot18.duckdns.org
+-d join-group-1.duckdns.org
+-d join-gruo-waku282.duckdns.org
+-d joinedprice.com
+-d joingrupku183.duckdns.org
 -d joingrupp-bkep156.duckdns.org
 -d joingrupterbaru-0.duckdns.org
 -d joinlinkviral729.duckdns.org
@@ -2306,12 +2118,14 @@ msFilterList
 -d joinssgropssney6.duckdns.org
 -d jow-japan.or.jp
 -d joyeriajireh.com.mx
--d jp-bnnk.japappoit.asdwb.xyz
--d jp-bnnk.japappoit.asdwd.xyz
+-d jp-auid.com
+-d jp.mercari.omany.buzz
 -d jptechdocsign.net
 -d jrhayley.plus.com
 -d juandfar.github.io
+-d jurisgeneral.com
 -d jurlebedev.ru
+-d juscook.com
 -d justgot.gonevis.com
 -d justsayingbro.com
 -d jvk.zultifarza.workers.dev
@@ -2319,6 +2133,7 @@ msFilterList
 -d jz2bab.webwave.dev
 -d k3ja6d.webwave.dev
 -d kaamwalibais.co.in
+-d kachinas.be
 -d kamdhenurealities.com
 -d kargonova.com
 -d kartaltepespor.com
@@ -2330,9 +2145,11 @@ msFilterList
 -d kdlscaffolding.co.uk
 -d kecc.com
 -d kecmanijada.com
+-d kedai-gamers.com
 -d keep-passw0rd-supp0rt20211129-0106.supp0rtaaqkadq2zgnizte3ltbly2etnge5yi05ntm3lty2yjcwyzywzdjhmwa.workers.dev
 -d keepactive-8k98-l9k8-98j8-98j78u-d3d3-fr3d34d-2.pages.dev
 -d keepboxactive-msoe3e3-osd2rrf432-d342f4-3f34e32edetferef.pages.dev
+-d kenanhusovic.com
 -d kevinsmovingservice.com
 -d kex81.sbs
 -d key-drcp.com
@@ -2356,12 +2173,12 @@ msFilterList
 -d konnect2kamadhenu.com
 -d koteng.odoo.com
 -d kr-bithumb.web.app
--d kraftongame.net
 -d krupije.com
 -d krx887.com
 -d ksschool.org.in
 -d kuchkuchnights.com
 -d kurortnoye.com.ua
+-d ky79.com
 -d l-abe.com
 -d l-q.in
 -d lambdaweb.info
@@ -2383,16 +2200,17 @@ msFilterList
 -d learningimpactmodel.com
 -d leboncoiinlbc.000webhostapp.com
 -d leboncoin.delivery01588.icu
+-d lefaf77683.temp.swtest.ru
 -d lemeiesta.com
 -d lenagruessdich.net
 -d leroycu.ca
+-d letoptuswebmail-9b69f0.ingress-comporellon.easywp.com
 -d lettertracing4kids.com
 -d lexnotes.com.ng
--d lg-bluebadgecenter.ml
 -d lg-onecom-io.web.app
 -d liberasrl.it
 -d lihi3.cc
--d linkcontract.tech
+-d linkgrupkakak-disini.duckdns.org
 -d liongear.com
 -d lirc.cep.edu.vn
 -d little-frost-1a15.chrisc11004842.workers.dev
@@ -2416,28 +2234,33 @@ msFilterList
 -d lloydsbank.secure-personal-device-login.com
 -d lloyduk-newdevice-registered-online.com
 -d llsckhuhskcamuqwbonsrhwpvk-dot-gl44393333333.rj.r.appspot.com
+-d lmbanang.pgryuangbtusngka.link
 -d lnkd.dev
 -d lnterbancape-lbk.com
 -d lnterbank.pe.starneonsignsug.com
+-d local-postoffice-deliver.com
 -d localwithg.com
 -d lockpichincha.webcindario.com
 -d loengregkuetngferu.live
 -d lofon-add.firebaseapp.com
 -d loftywallet.com
+-d logfuliz.web.app
 -d login-a5x1ir9bkd0dfo9nrbe2akijf3ux35u2gard0djpitipusxxc8.website.yandexcloud.net
 -d login-facebook18.webnode.page
 -d login-live.com-s02.net
 -d login-np6hh1hdf6csg7hcskopd44b7e7z4clqa8lput68g5abukevka.website.yandexcloud.net
 -d login-postfinance.com
+-d login-singaporee.apply-now-online-digital.com
 -d login.dbs.webdbslistinonline.com
 -d login.privategold.uytrtyuhij987.gowithapex.com
--d login.smbc.weddirecttop.com
 -d logindhlaccess.dhlupdatelogin.workers.dev
+-d loginnewatt.weebly.com
 -d logverify-df12e-verify-1230-eu.web.app
 -d loinesports.com
 -d lomadesarrollos.mx
 -d lombard11.eu
 -d lot-lp-x.web.app
+-d love.gos-box.com
 -d lp.vp4.me
 -d lrs.financial
 -d lrs.foundation
@@ -2457,13 +2280,10 @@ msFilterList
 -d m.recovery.safetyacount.workers.dev
 -d m.recovery.saftypageupdate.workers.dev
 -d m.salsomascard.top
--d m4-appcaixia.com
 -d m42club.com
--d m5bundle.com
 -d machineryzoneservice.com
 -d macjakarta.com
 -d macst.cc
--d madamailru.temp.swtest.ru
 -d madens.com.pl
 -d madrhinoconsulting.com
 -d maestro.my.prod.dfg152.ru
@@ -2475,15 +2295,15 @@ msFilterList
 -d mail-gmxaktualisierung.yolasite.com
 -d mail-ovhcloud.web.app
 -d mail-ssocloud-srvr67yhguh.pages.dev
+-d mail.atlanticeconcrete.com
 -d mail.enrollmoreclientsbootcamp.com
--d mail.gov-taxid.completofyours.info
--d mail.grup-dwsa-indomesia845.duckdns.org
 -d mail.ims-fe.com
+-d mail.kenanhusovic.com
 -d mail.kuttabalfatih.com
 -d mail.santepluspharma.com
 -d mail.sweetshopspecialtycoffee.com.au
--d mail.tariqalaraimi.com
 -d mail.updateinfo-billingo2.com
+-d mail.wellsfargous.duckdns.org
 -d mail.wheel1factory.net
 -d mail.zenstream.com
 -d maildomaiincheck1.web.app
@@ -2511,60 +2331,56 @@ msFilterList
 -d mailupdattee10.web.app
 -d mailupdattee11.web.app
 -d mailupdattee12.web.app
--d mailupdattee13.web.app
 -d mailupdattee14.web.app
--d mailupdattee15.web.app
 -d mailupdattee16.web.app
 -d mailupdattee17.web.app
--d mailupdattee18.web.app
 -d mailupdattee19.web.app
 -d mailupdattee20.web.app
 -d mailupdattee21.web.app
 -d mailupdattee22.web.app
--d mailupdattee23.web.app
 -d mailupdattee24.web.app
 -d mailupdattee26.web.app
 -d mailupdattee27.web.app
 -d mailupdattee28.web.app
 -d mailupdattee29.web.app
--d mailupdattee32.web.app
 -d mailupdattee34.web.app
 -d mailupdattee35.web.app
 -d mailupdattee40.web.app
--d mailupdattee5.web.app
 -d mailupdattee6.web.app
 -d mailupdattee7.web.app
 -d mailupdattee8.web.app
--d mailupdattee9.web.app
+-d mainbugerrorfixing.com
+-d mainmobilerectify.live
+-d mainsbscrestore.com
 -d maintoken.org
--d mainwalletappconnect.com
 -d makcts-go.ru
 -d make-anon-keep-past.rvsla.workers.dev
 -d mala-riba.com
 -d malaprontaargentina.com.br
 -d malehaenterprises.com
 -d malukutenggarakab.go.id
+-d mamasitasont.blogspot.com
 -d mandirilivinlinksystem.brizy.site
--d mandirilivinlinksystem2.brizy.site
 -d mandirilivinlinksystem3.brizy.site
--d manthsedty.live
 -d manualsync.com
+-d maotun.xyz
 -d mapsa.com.pe
+-d marifilmines.ca
 -d marinthe.poingaitongamlm.link
 -d marketplace-axieinfinity.io
 -d marketplace-axlelnfiniity.com
 -d marketplace.facebook.com-1b6x8r3ep.isiolo.go.ke
 -d marketplace.facebook.com-29ta3qbv.isiolo.go.ke
 -d marketplace.facebook.com-hzup1bae.isiolo.go.ke
+-d marketplace.facebook.com-izkbuxmx.isiolo.go.ke
 -d marketplace.facebook.com-kq1oh2ae.isiolo.go.ke
+-d marketplace.facebook.com-milt5ssm.isiolo.go.ke
 -d marketplace.facebook.com-qze9zt75vm.isiolo.go.ke
 -d marketplace.facebook.com-sauuvazpjo.isiolo.go.ke
 -d marketplace.facebook.com-tyeuieb7.isiolo.go.ke
 -d marketplace.facebook.com-wd5sulr0f5.isiolo.go.ke
 -d marketplace.facebook.com-z1au8cxghl.isiolo.go.ke
 -d marketplaceaxieinfiniity.com
--d marmardian.co.vu
--d marylkmatzenger.com
 -d masdas0932.co.vu
 -d masum.lawyer
 -d match.lookatmynewphotos.com
@@ -2592,22 +2408,28 @@ msFilterList
 -d mercariz.xyz
 -d meremanovegabana.website2.me
 -d mericarir.mbudeu.cn
--d mericarir.mg0gbo1.cn
+-d mericarir.mednljn.cn
 -d mericarir.mgeukpx.cn
 -d mericarir.mglsffs.cn
--d mericarir.mksydb.cn
+-d mericarir.mglxyul.cn
+-d mericarir.mhgqdtv.cn
+-d mericarir.mjrsrfo.cn
 -d mericarir.mktbbr.cn
+-d mericarir.mkxbqnu.cn
 -d mericarir.mlyffa.cn
+-d mericarir.mmsfzys.cn
 -d mericarir.mnfjwy.cn
 -d mericarir.mnheijt.cn
--d mericarir.mrzcafk.cn
 -d mericarir.msnygk.cn
--d mericorci-logining.sfhs26r.lyb6srb.cn
+-d mericarir.mtlrnzu.cn
+-d mericarir.mukkwvc.cn
+-d mericarir.mxsoecl.cn
 -d meriocori-logining.2y3uio.pyqbas.cn
 -d mestertignseekjet4.blogspot.com
 -d mestertignseekjet5.blogspot.com
 -d mestertignseekjet6.blogspot.com
 -d mestredaobra.com
+-d meta-support-centers.ml
 -d metalurgicagiom.com.br
 -d metamasc.club
 -d metamask-connect.com
@@ -2618,11 +2440,13 @@ msFilterList
 -d metamask.cam
 -d metamask.io-php.com
 -d metamask.kiwi
+-d metamask.loan
 -d metamask.protocol-process.me
 -d metamask.security-information.cc
 -d metamask.social
 -d metamask.wallets-reauth.net
 -d metamaskdownloadandroid.xyz
+-d metamaskextension.xyz
 -d metamassklogins-us.tumblr.com
 -d metaversepadapp.com
 -d meusabor.com.br
@@ -2630,19 +2454,20 @@ msFilterList
 -d mfacebook.blogspot.lt
 -d mfacebook.blogspot.rs
 -d mgpskartarpur.com
+-d mgrandroyale.com
 -d mibancocrece.com.co
 -d micacd.elshov.com
--d michaelxrandazzo.com
 -d michiyado.com
 -d microcav.square.site
 -d microsoftonline.pages.dev
 -d microsoftwebserver.mfs.gg
 -d micuenta01.github.io
+-d midasbuy1st.com
+-d midsposc2.com
 -d mijnics-actualisatie.185-236-231-64.plesk.page
--d mikhali.com
+-d mikayelxhovakimyan.com
 -d milanobet301.com
 -d militarybikers.org
--d minamikaga.or.jp
 -d mingming20160152.github.io
 -d miozpro.com
 -d miracdoviz.com
@@ -2672,16 +2497,17 @@ msFilterList
 -d mk2.ge
 -d mkjiool.weebly.com
 -d mnbxa.73kfer9.cn
+-d mnbxcas.zm7wwar.cn
 -d mncxx.qbeepor.cn
 -d mnnbx.r1rpj09.cn
+-d mnncxa.fwffsyt.cn
 -d mobiile.systemredirect-pages.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
--d mobil-singaporre.digital-online-login-opportunity.com
 -d mobile-orange-forever.yolasite.com
 -d mobile-portail.live
 -d mobile.hedgesportst.me
--d moccasinyellowbetatest--josekkk.repl.co
 -d moccasinyellowbetatest.josekkk.repl.co
 -d modest-hertz.45-81-232-15.plesk.page
+-d moiksys.com
 -d mon-token.com
 -d mon.espace.lcl.fr.certosini.info
 -d monbudri.xyz
@@ -2696,6 +2522,7 @@ msFilterList
 -d monyeward.com
 -d morcario.xyz
 -d morfybox.com
+-d movil.particulares-secure.com
 -d mqzlsim.mindlogicinfotech.com
 -d mrpitchman.com
 -d msc-doelsach.at
@@ -2716,16 +2543,14 @@ msFilterList
 -d my.jcpwb.com
 -d my.nhs-get-pass.com
 -d my.paydi.login-index-home.x4typfc.cn
--d my.paydi.logining-nexy-home.en6cnm.asia
 -d my02billing-login.com
--d myaccount.aol.wallat-billing.com.authlog.gq
+-d mybeii.live
 -d mycoerver.es
 -d mygoogleaccount.stantrade.xyz
 -d myjcb.cyyptoi.cn
 -d myjcb.thxpj.cn
 -d mymbg-aa2e2.web.app
 -d mymeta-securearea.plesk07.zap-webspace.com
--d mymetamask-clientarea.185-236-231-227.plesk.page
 -d mymweb-owner.at.ua
 -d mypo-delivery.com
 -d mypsm.psm.edu.mm
@@ -2737,7 +2562,6 @@ msFilterList
 -d n-naoko-0319.github.io
 -d n.salsomascard.top
 -d n26.sa-france.fr
--d n26servicetechnique.click
 -d n7orton.com
 -d nab-access-breach.com
 -d nab-alert.mobi
@@ -2745,7 +2569,6 @@ msFilterList
 -d naderkhani.ir
 -d najboljeuslugezavas.betterservicesforyou.com
 -d nalandaias.com
--d nalodke.com.ua
 -d nanjing.itud167.cn
 -d napgamelienquan.net
 -d naranja-users.auth0.com
@@ -2760,8 +2583,10 @@ msFilterList
 -d nayablabs.com
 -d nayameehomes.com
 -d nbcc.0bit08a.cn
+-d nbcd.xiu58rl.cn
 -d nbcvs.gd65y69.cn
 -d nbcxa.lctlfdq.cn
+-d nbcxas.551awvr.cn
 -d nbhjxa.hblhi96.cn
 -d nbnonres.com
 -d nbxaa.b1b6nac.cn
@@ -2773,12 +2598,9 @@ msFilterList
 -d necessitymag.com
 -d nedbankqa.flowblocks.com
 -d nedriw.xyz
--d neftlexi.com
 -d negociebra.com.br
 -d neptuneinnovations.com
 -d netciti.id
--d netf1ix.us-891691712-local-781652.airalgeriecanada.ca
--d netfl-lixids938mailmealkas.duckdns.org
 -d netflix-techarmy.me
 -d netflixus-uwm-916726-sbi-917827.kamaliakhaddar.pk
 -d networksol-f35e7.web.app
@@ -2802,9 +2624,8 @@ msFilterList
 -d nhs.my-vaccine-status.com
 -d niagarapower.com
 -d nic-home.com
--d nisuper.com
 -d nizotchauffage.bilty.be
--d nontonvidioviral2022nohoax.duckdns.org
+-d nodesconnection.com
 -d northlane.esy.es
 -d notife.help.institutepages.workers.dev
 -d notification-fb.secure-pages.workers.dev
@@ -2845,23 +2666,22 @@ msFilterList
 -d oijcd.qvjcddv.cn
 -d oikca.smwceku.cn
 -d oikcas.6b914ty.cn
+-d oikcd.uf27ce8.cn
 -d oikcxa.zvvx01z.cn
 -d oivac.com
 -d okcs.qj8yua.cn
 -d okds.bbtlcve.cn
--d okep-terbaru-viral-2022.duckdns.org
+-d okep-viral-terbaru-terhist-2022.duckdns.org
 -d okmca.8xcrn6w.cn
 -d okmca.bxkfham.cn
 -d okmca.uwudagu.cn
 -d okmxa.lfgpror.cn
 -d okpwtu.webwave.dev
+-d ol-run1.online
 -d olidooo.waca.tw
 -d olk.us7apye.cn
 -d olmnxa.wc2ikux.cn
--d olx-pay-pl.pay-id22343.top
--d olx.saferegulatory.com
 -d omesqiwines.de
--d omicronvariat.pagedemo.co
 -d oncopharma-ae.com
 -d onecreator.info
 -d onedrive.zhaoge.workers.dev
@@ -2871,13 +2691,16 @@ msFilterList
 -d oneone-a38ef.web.app
 -d online-sistem.com
 -d onlineasesor01.hostfree.pw
+-d onlinebanking.unrecognised-new-payee.com
 -d onlineffn2.temp.swtest.ru
+-d onlineislemlersayfasivkfgirisicom.tk
+-d onlinsfuco.temp.swtest.ru
 -d onlysportplus.com
 -d ooxvocalor.yolasite.com
 -d opansea.live
 -d open24.ie-tsb.email
+-d operationroofingllc3.com
 -d opticabattilana.com.ar
--d optika-anda.hr
 -d ora-n.yolasite.com
 -d orabu.it
 -d orange-dcr.fr
@@ -2888,11 +2711,8 @@ msFilterList
 -d orangeb191.temp.swtest.ru
 -d orangess.contactin.bio
 -d org-nr.yolasite.com
--d orlen-inwe.web.app
--d orlen-x.web.app
 -d orlen.digital
 -d ormantencs112.odoo.com
--d oryxcaracalsecurity.com
 -d osis.world
 -d otomoto-h229.net
 -d otomoto3452.com
@@ -2901,6 +2721,7 @@ msFilterList
 -d ourgarden.us
 -d outlook1541489.webcindario.com
 -d outlookcom119.yolasite.com
+-d ouverturecompte.lbp-eer.fr
 -d oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com
 -d p1c.servleboncoinser.com
 -d package2021.blogspot.ba
@@ -2908,7 +2729,6 @@ msFilterList
 -d package2021.blogspot.com
 -d page-restrict-case22456548.help
 -d pages-1008009999700022199021.com
--d pages-1008097555214021.com
 -d pages-alert-facebook.ezyro.com
 -d pages-community-standart-2022.co
 -d pages-marvelous-project.webflow.io
@@ -2917,11 +2737,11 @@ msFilterList
 -d pages.secure-accts.workers.dev
 -d pagesdetectscopyrightpostingactivitiesreported.co.vu
 -d pagos.sinpemovil.cr
+-d paidpapers.net
 -d paleyeer.com
 -d palmm.ps
 -d pancaakesvap.com
 -d pancake-sawp.com
--d pancake.ellipsis.finance
 -d pancake7wop.com
 -d pancakesawpes.com
 -d pancakesfinances.info
@@ -2931,7 +2751,6 @@ msFilterList
 -d pancakeswap.multi-wallet.info
 -d pancakeswap.salsasourcing.com
 -d pancakeswapes.company
--d pancakeswapex.com
 -d pancakeswapexcgn.com
 -d pancakeswapexch.com
 -d pancakeswapexchage.com
@@ -2939,17 +2758,15 @@ msFilterList
 -d pancakeswappshop.blogspot.com
 -d pancaku-swap.com
 -d pancalteswap.finance
+-d panccakesswap.org
 -d panckaceswap.finance
--d pancoke.com
 -d pandaskin.ru.com
 -d panelweb-4cae2.web.app
 -d pankaceeswap.com
 -d pankaceswapes.finance
 -d pankakeswap.ledgity.com
 -d pannelpub-benin.com
--d pansccakeswap.finance
 -d pantazisezopiiuurmail1.web.app
--d pantekkalisakitkepalaku.blogspot.com
 -d parcel-support018.com
 -d pardot.assemblecommunities.com
 -d pasarbta.info
@@ -2960,6 +2777,7 @@ msFilterList
 -d patient-cell-40f5.updatedlogmylogin.workers.dev
 -d patwise.co.in
 -d paws.org.au
+-d paxfulacct.com
 -d paxfulmenu.com
 -d pay-sera.web.app
 -d pay16-olx.pl
@@ -2967,13 +2785,16 @@ msFilterList
 -d paypal-online-2deposits-paymentaccept.tk
 -d paypal-opladen.be
 -d paypalforex.co.ke
+-d pbemail.youxiangdashui.com
 -d pdf-cloud-document.weeblysite.com
 -d pdf-sharefile-doc.weeblysite.com
 -d pdflogincnvwo.app.link
 -d pdfsecured.mystrikingly.com
 -d peaceful-black.193-70-50-31.plesk.page
+-d pedih.001www.com
 -d pembatalanakundinonaktifkan.weebly.com
 -d pencakecwap.com
+-d pensive-payne-505e1a.netlify.app
 -d perfectliker.net
 -d peringatanakunfb2k214.webnode.com
 -d phantom-walletweb.app
@@ -2999,7 +2820,8 @@ msFilterList
 -d pilmezorda.temp.swtest.ru
 -d pinchinchaverify.webcindario.com
 -d pirana.co.rs
--d pl-swiatowe-wiadomosci.pl
+-d pkobp.pl.justns.ru
+-d pl-wiadomosciswiatowe.pl
 -d pla1060604.nichost.ru
 -d plan-o2-monthlypayments.com
 -d planetaamor.org
@@ -3008,8 +2830,6 @@ msFilterList
 -d playgirlgold.com
 -d ploferta.com
 -d plugmailextraexpiredoldpolicynotificationscenter.pages.dev
--d plwiadomosciwszystkie.pl
--d po-deliver-fees.com
 -d po-service-page.com
 -d poc-rewards-program-c2dfc.web.app
 -d podpiska-darom.ru
@@ -3026,6 +2846,7 @@ msFilterList
 -d polkadot-france.fr
 -d polkastarter.app
 -d polsd.pa0cpof.cn
+-d polska-informacyjna.pl
 -d polxa.uh8dg67.cn
 -d polygon-pro.com
 -d polygon-secure.com
@@ -3043,7 +2864,6 @@ msFilterList
 -d postechsuivre.ileanamlaw.com
 -d postnl.post-tracking-delivery.etelinfra.com
 -d poww.6hkjmb.cn
--d ppkllp.com
 -d ppnnttcc.ppcnthsc.me
 -d precisionimpex.com
 -d preg.dspearhead.com
@@ -3060,11 +2880,13 @@ msFilterList
 -d primecentral.qiourn.shop
 -d primeone.org
 -d printtoner.com.mx
+-d prism.net.in
 -d privacy-update-page-prtections-association-recovry-secu.web.id
 -d privacy-update-secu-recovry-page-protection-4565544.web.id
 -d privacy-update-secu-recovry-page-protection-comunity-45.web.id
 -d priyankasandokar1606.github.io
 -d pro.icloudremovaltool.com
+-d pro.systemine.xyz
 -d procservautomatizacion.com
 -d production.anon-rest-keep-reset.sales18130.workers.dev
 -d production.anon-step-keep-object.sales18130.workers.dev
@@ -3078,6 +2900,7 @@ msFilterList
 -d production.twilight-darkness-9e4b.updatelogaccountprogramedrfwerwrdhscsw.workers.dev
 -d project1-df3e9.web.app
 -d projectlovewell.com
+-d promashoppe.com
 -d promehedinti.ro
 -d promerica-sv.webcindario.com
 -d promericalinea01.webcindario.com
@@ -3086,8 +2909,6 @@ msFilterList
 -d prosxsiuser.myfreesites.net
 -d prosys.poweredbygravit-e.co.uk
 -d protect-4d56vca.surge.sh
--d proteczzguuaaardzzzpagess.000webhostapp.com
--d proteczzpagezzguarddzzz.000webhostapp.com
 -d provodi.com
 -d proximus-account.azurewebsites.net
 -d ptxx.cc
@@ -3107,13 +2928,13 @@ msFilterList
 -d qsh74pekkv5e8.clickfunnels.com
 -d qssa.x5yrlr.cn
 -d quinaroja.com
+-d quirky-jones.172-245-159-112.plesk.page
 -d quotex-qx.com
 -d qwas.nfi71vw.cn
 -d qwea.wvhee0w.cn
 -d qweas.hi5g95r.cn
 -d qweas.p6rhddj.cn
 -d qweas.zwfaclq.cn
--d qxluatbght.cfolks.pl
 -d r3c31v30n3-1d3nt1ty.000webhostapp.com
 -d rabellartz.de
 -d rabofree.blogspot.com
@@ -3121,6 +2942,7 @@ msFilterList
 -d rackenfordlabs.com
 -d racuten.nuef.info
 -d radhikamd.github.io
+-d rafbbmx.ga
 -d rafbbmx.ml
 -d raipurrussianescorts.com
 -d rakoten-card.buogfbizkugf.gq
@@ -3131,17 +2953,12 @@ msFilterList
 -d rakuitan-card.info
 -d rakuten.awjoadc.cn
 -d rakuten.card.nuosreaoms.com
--d rakuten.card.uosmcoua.com
--d rakuthn.shop
--d rakuttm.shop
+-d rakuten.co.jp.rakutenajp.xyz
 -d ramgarhiamatrimonial.ca
 -d rareelements.io
--d rasmer.fi
 -d ratewatch.net
 -d raycargo.com
 -d raydiom.io
--d razcjjf.ga
--d razcjjf.ml
 -d rbcmontgomery.com
 -d rd8um.app.link
 -d rdirtfuo6t.vov.ru
@@ -3150,9 +2967,9 @@ msFilterList
 -d real-anon-keep-passing-word.rvsla.workers.dev
 -d realestate-page-10843446024.expresspestcontrol.co.nz
 -d realindiatravel.com
+-d recibeya.tufacilmoneyonline.online
 -d reconfirmpost287846656.us
 -d recover-pages-media-problems-secur-782.web.id
--d recover-pages-secur-media-problems-393.web.id
 -d recover-pages-secur-media-problems-397.web.id
 -d recovery-chain.com
 -d recovery-fb.secure-acct.workers.dev
@@ -3170,12 +2987,12 @@ msFilterList
 -d regularsweeps.xyz
 -d reignbike.com
 -d reikisadhna.com
+-d rekoution.bcszxcd.shop
 -d relevant.systems
 -d remittance369297292749.goshly.com
 -d renovkonstruksi.com
 -d repl-mess.myfreesites.net
 -d restore.exodusapp.ru
--d restoredabefore-com.filesusr.com
 -d restorewallet-activation.net
 -d retiro-extracash.com
 -d retiro.cl
@@ -3203,7 +3020,6 @@ msFilterList
 -d roisnoob.github.io
 -d rokulinktechnology.com
 -d rolinadd.surveysparrow.com
--d romanceify.com
 -d rondalowa.blogspot.com
 -d rondelbarrilito.com
 -d ronin-help.com
@@ -3219,10 +3035,10 @@ msFilterList
 -d rrakutenn.co.jp.azii.cn
 -d rrakutenn.co.jp.nanofresh.cn
 -d rsujkblokqlyqfonpzgztejdji-dot-gl44393333333.rj.r.appspot.com
--d rufoxxy.com
 -d runescape-info.com
+-d runescapebonds.com
+-d runescapeevents.com
 -d ruth.martulangbelulalng.workers.dev
--d ryanicolehoward.com
 -d rymproducciones.com
 -d s-sarfati.co.il
 -d s.macecri.com
@@ -3247,7 +3063,6 @@ msFilterList
 -d sankyo-rz.com
 -d sanru.cd
 -d santander.secured-auth-login.com
--d santanverifyfunction.com
 -d santepluspharma.eclatmediasolution.website
 -d santoshdangi.com.np
 -d saritapariyar.com.np
@@ -3269,16 +3084,16 @@ msFilterList
 -d secure-halifax-device.com
 -d secure-mynew-devices.com
 -d secure-runescape.xgm.rnp.mybluehost.me
--d secure-service-gateway.com
 -d secure-zirox.s3.ap-southeast-2.amazonaws.com
 -d secure.legalmetric.com
 -d secure.oldschool.com-cl.ru
 -d secure.oldschool.com-cu.ru
--d secure.oldschool.com-cv.ru
 -d secure.oldschool.com-oz.ru
 -d secure.oldschool.com-rsu.ru
+-d secure.runescape.com-ak.ru
 -d secure.runescape.com-as.cz
 -d secure.runescape.com-az.ru
+-d secure.runescape.com-ca.ru
 -d secure.runescape.com-cl.ru
 -d secure.runescape.com-co.ru
 -d secure.runescape.com-cu.ru
@@ -3291,13 +3106,13 @@ msFilterList
 -d secure300.inmotionhosting.com
 -d secure303.inmotionhosting.com
 -d secure55.webhostinghub.com
--d secure7-servr01-log-in.4nmn.com
--d securee37-authen21.duckdns.org
+-d secureaccount.ntflxauth.co
 -d securegateway-ovhcloud.csl-sl.de
 -d securelloyd-help-app.com
+-d securewalletprotocol.online
 -d security-page-community-standards.blogspot.com
 -d seguridad-oca.webcindario.com
--d seleb-indo.duckdns.org
+-d seleccionperfil.xyz
 -d selector26.gg
 -d selector28.gg
 -d sem.my-drs.co.uk
@@ -3307,7 +3122,7 @@ msFilterList
 -d sergebubnin.space
 -d sertyxese.myfreesites.net
 -d server-networksolutions.web.app
--d serverprotocols.com
+-d server221.security.coinbase.com.gdone.co.ke
 -d servervalidationcheck103.web.app
 -d servervalidationcheck104.web.app
 -d servervalidationcheck105.web.app
@@ -3362,7 +3177,6 @@ msFilterList
 -d servicepage.service-page.workers.dev
 -d servicepichincha.webcindario.com
 -d services.runescape.com-as.cz
--d services.runescape.com-oc.ru
 -d services.runescape.com-rse.ru
 -d services.runescape.com-rsu.ru
 -d servicesbancaire.com
@@ -3390,6 +3204,7 @@ msFilterList
 -d sharelink.sn.am
 -d shayvardphoto.ir
 -d shinex.lk
+-d shippment2.temp.swtest.ru
 -d shirhokos-mhalskbsiaoutfew43535.duckdns.org
 -d shirtshanger.com
 -d shiye666.cn
@@ -3401,11 +3216,9 @@ msFilterList
 -d sign-trk.empressmd.com
 -d signin-gcq7uwojrw58brcckylebjuy39nk2ivt65ol39k6ut6ura94zk.website.yandexcloud.net
 -d signin-payeer.com
--d signin.eday.ed.ws.eday.ispi.dll.signin.using.ssl.hors-stade.com
--d silkroadwines.com
 -d silpovsatb-ua.online
 -d silverberrygroup.com
--d sim0nt0k-viral-terbaru-2022.duckdns.org
+-d simonecamposshop.com.br
 -d simpkk.karanganyarkab.go.id
 -d sindarspen.org.br
 -d siporados15585.blogspot.com
@@ -3438,12 +3251,11 @@ msFilterList
 -d sleepmaskz.com
 -d slickparties.com
 -d slmkufeckf.jon-jensen.workers.dev
--d slovenska-posta.sytes.net
 -d slowlinebag.jp
 -d sm.scicemecod.com
 -d sm777.csb.app
+-d smartfixconnect.live
 -d smbc-accout.com
--d smbc-credit.shop
 -d smbc-veaiana.com
 -d smbcbc.com
 -d smbccjp.shop
@@ -3451,10 +3263,11 @@ msFilterList
 -d smbcwodeqingguoshoujicojp.top
 -d smeo.org.mx
 -d smgolamalif.github.io
--d smirl.org
 -d smkkesehatanjember.sch.id
 -d smmsvocal.yolasite.com
+-d smpn2jeruklegi.sch.id
 -d sms-check.sc-q.top
+-d sms-infos.d2tt.co
 -d sms-shorter.com
 -d smsbc-info5.com
 -d smsenligne.myfreesites.net
@@ -3462,6 +3275,7 @@ msFilterList
 -d smsorangesmsmessage.myfreesites.net
 -d smss-mms.yolasite.com
 -d smsverificationmms.myfreesites.net
+-d smvbc-info.com
 -d smwam.coms.cso.gov.tt
 -d so.macecri.com
 -d soaringskiesrentals.com
@@ -3474,7 +3288,6 @@ msFilterList
 -d solicitarfirmaelectronica-sv.com
 -d solyanayakomnata.ru
 -d sopac.org.py
--d soracoes.xyz
 -d souaxwaoh.myfreesites.net
 -d soude-masi.firebaseapp.com
 -d soufsont.blogspot.com
@@ -3500,6 +3313,7 @@ msFilterList
 -d spk-entsperren.de
 -d spk-jahreswechsel.com
 -d spk-secure-de.com
+-d spkfod.coms.cso.gov.tt
 -d sport.protected-secur.workers.dev
 -d sportshoes.top
 -d sportybetpremium.wapka.co
@@ -3516,8 +3330,10 @@ msFilterList
 -d ssl.dsl.isl.mll.aqmst6.stockestan.ir
 -d sso-garena.com
 -d sswebmail-4w5twsr.web.app
+-d staffportal.uoz.edu.krd
 -d stage.vannaryfowler.com
 -d staging.eliteautomotive.com.au
+-d standardcapbnk.com
 -d standardupdatesupportandhelpcenter2021.ga
 -d starforsure.com
 -d starliker.net
@@ -3527,11 +3343,10 @@ msFilterList
 -d static-dev.o2alerts.com
 -d static-promote.weebly.com
 -d status-dev.o2alerts.com
--d stbkcoltria.atwebpages.com
 -d stclarechurch.net
 -d steamcommunites.com
 -d steamcommunitj.com
--d steamnitrof.com
+-d steamcommunityk.com
 -d steampoweredtrade.org
 -d steampoweredtrades.org
 -d stevemadden-sverige.com
@@ -3547,6 +3362,7 @@ msFilterList
 -d stjudes.in
 -d stolizaparketa.ru
 -d stollgroup.coms.cso.gov.tt
+-d stomkinscommercial.com.aus.cso.gov.tt
 -d storage.yandexcloud.net
 -d storenike365.top
 -d studio-lol.com
@@ -3561,13 +3377,11 @@ msFilterList
 -d sukien-pubgmoblevng.ga
 -d sultan-raza.github.io
 -d sumpandtankcleaners.in
--d sunami.pagedemo.co
 -d sunbeltmembers.com
 -d sunge-ode.firebaseapp.com
 -d sunshineteam.in
 -d super-dawn-3035.ddahluwalia.workers.dev
 -d supermilhas.com
--d suportecxacesso2020.com
 -d supotsstunes.servehttp.com
 -d suppliers.bitshepherd.org
 -d support-auwebaccessjpnaikpanggung.com
@@ -3599,6 +3413,7 @@ msFilterList
 -d system-fassil-net-2-3242353453453--12344443.repl.co
 -d t0nline0de0login-001-site1.itempurl.com
 -d taher-mohamed-ahmed-saad.github.io
+-d take-free-2022.duckdns.org
 -d taoistw345ie.co
 -d tarik-fitness.com
 -d taxcare.page.link
@@ -3620,11 +3435,13 @@ msFilterList
 -d templat65sldh.myfreesites.net
 -d temporary-url.com
 -d terpelsicumple.com
--d terracontiles.com
+-d tesladrive-event.com
 -d test.bayoucitybadges.org
 -d test.bitflye87.com
 -d test.dxbproductions.com
+-d test.myshopclub.ru
 -d test.webclient4.de
+-d testing-domain.duckdns.org
 -d texasfreedomrun.com
 -d tgpafasfsakkk.pages.dev
 -d theaceofspaeder.com
@@ -3646,8 +3463,6 @@ msFilterList
 -d tighi.creatorlink.net
 -d tight-samiuboc.co
 -d tikitaps.com
--d tinhtrangdon.com
--d tinyurl.mobi
 -d tipografieonline.ro
 -d tirozhjewelry.com
 -d titelinedrillingintl.yolasite.com
@@ -3666,7 +3481,6 @@ msFilterList
 -d torccolborrachas.blogspot.com
 -d torrinwine.com
 -d touchidea.top
--d touronline2022.com
 -d tovowhuqeojweawmubmaqmqlv.hofferflow.icu
 -d tpayleboncoin.com
 -d traders-joesxyz.com
@@ -3677,23 +3491,18 @@ msFilterList
 -d tribratanewsbondowoso.com
 -d tribunbalikpapan.com
 -d truegrip.com
--d trust-wallet.com.cn
 -d trustinpichincha.webcindario.com
 -d trustpress.gr
 -d trustypichincha.webcindario.com
--d ts3cacd.jhfshm.com
 -d ts3cacd.rzjxbv.com
 -d turntekcnc.com
--d twoje-zdjecia-622.herokuapp.com
 -d tx.vc
 -d txwnmdsbqghviqxpglgzjrgbzv-dot-gl44393333333.rj.r.appspot.com
 -d typedream.site
 -d typesmartlyocr.com
 -d tyrecentre.ru
 -d u08qv44zu5h.typeform.com
--d u1571226.cp.regruhosting.ru
--d u1571630.cp.regruhosting.ru
--d u1571652.cp.regruhosting.ru
+-d u1565723.plsk.regruhosting.ru
 -d u18741649.ct.sendgrid.net
 -d u827857uw6.ha004.t.justns.ru
 -d uabaiieo.com
@@ -3716,7 +3525,6 @@ msFilterList
 -d uhnxa.d23xsru.cn
 -d uhnxa.q83itv9.cn
 -d uhnxas.rvw56l.cn
--d uiuui.pagedemo.co
 -d ujcd.um2nlru.cn
 -d ujdaa.fn3m4en.cn
 -d ujds.5e8tn13.cn
@@ -3737,6 +3545,7 @@ msFilterList
 -d ujnca.zgbo0g.cn
 -d ujncd.kzi68ra.cn
 -d ujncd.lw2djbm.cn
+-d ujnxas.vj135ih.cn
 -d ukcare.in
 -d umbrellaclubla.com
 -d unam.myfreesites.net
@@ -3747,9 +3556,8 @@ msFilterList
 -d unicreditaustria.ucs.info
 -d unifacema.edu.br
 -d unifacvest.net
--d unillantas.com.sv
+-d unifiedsmartsync.live
 -d unionheightsresidental.com
--d unipo-a.web.app
 -d unisons.store
 -d unisonsouthayr.org.uk
 -d uniswap.ch
@@ -3759,7 +3567,6 @@ msFilterList
 -d uniswap.seal.finance
 -d uniswap.token.im
 -d uniswap.trading
--d uniswap.vn
 -d uniswapfinancing.info
 -d uniswaps.net
 -d unitedalliance-online.000webhostapp.com
@@ -3770,24 +3577,21 @@ msFilterList
 -d unpocodearte.cl
 -d unregpayee-lb.com
 -d unsub.listhandlr.com
--d upbeat-dhawan.179-43-173-14.plesk.page
 -d updateinfo-billingo2.com
+-d updatemy.software
 -d updateseason.com
 -d updatestory2022.co.vu
 -d updatevoda-billing.com
 -d upgrade-25gb-email.thecornerstudio.com.au
 -d upgradedserver.online
--d upgradingattonlinee.weebly.com
 -d uploadpichincha.webcindario.com
 -d uploads.codesandbox.io
--d upnew.site
 -d uppledpichincha.webcindario.com
 -d urbenorte.com
 -d urgent-halifaxlogin.com
 -d userboitevocalweb.flazio.com
 -d userinformationstoreupdatesmail.pages.dev
 -d usfn.net
--d uspsconfirm.iconoomikert.com
 -d uspsexpressdeliveryline.com
 -d uswowgame.net
 -d uueer.7jgy5xe.cn
@@ -3797,6 +3601,7 @@ msFilterList
 -d uyqw.dykowec.cn
 -d uz154.sbs
 -d v.macecri.com
+-d v3r1f1c4t10ns-1d3nt1tys.000webhostapp.com
 -d v3r1f1c4t10ns-c3nt3rp4g3.000webhostapp.com
 -d vaccine-status-info.com
 -d vakif.albay-arnold.com
@@ -3804,45 +3609,45 @@ msFilterList
 -d valenciaoptometry.com
 -d valenteplay.com.br
 -d validacionpichincha.odoo.com
+-d validate-chain.com
 -d validate-solana.com
 -d validator-fzkiy.run-us-west2.goorm.io
 -d vallion.motiffliterature.me
 -d vcz.gmoqkzu.cn
 -d velvish.com
 -d ventas.lnterbarnk.pe.jifad.org
--d verfybadgeappform.com
 -d veri-pichincha.webcindario.com
--d verificaciondeprioridad.com
 -d verification-trustwallet.4bl-eg.com
 -d verification.fb-page.workers.dev
 -d verificationmessage.blob.core.windows.net
+-d verifications-zones.com
 -d verififacebookid.wixsite.com
 -d verifiikasi-accounts.weebly.com
 -d verifikasi-akun-anda0011.weeblysite.com
 -d verifikasi-akun-facebook0022.weeblysite.com
 -d verifikasi-identitas47.weebly.com
 -d verifocaoffa.webcindario.com
+-d verifymywallets.com
 -d vgiuhkjnm.b9u6vh5l7g1797.workers.dev
 -d victorarath99.github.io
 -d videobigo.com
 -d vietlime.vn
 -d vietschi.de
 -d viettel-com-dot-c2c01-531c7.uc.r.appspot.com
--d vigortech.com.np
+-d vigilant-murdock.45-81-232-15.plesk.page
 -d viguohilkasdsd.izwe6g6lyc.workers.dev
 -d vilaanimalviana.pt
 -d vinbpcfatfnkjftetwwkucfqsi-dot-gl44393333333.rj.r.appspot.com
 -d vinivet.mk
 -d vipfbtools.com
--d vipprofessional.net
 -d viral-groub.duckdns.org
 -d virginia-spi.com
 -d virtual1dattss.com
 -d vis-stort.github.io
--d visa-band.com
 -d vishaljangale01.github.io
 -d visione.co.id
 -d visionproperty.in
+-d vk-money.xyz
 -d vk-posters.ru
 -d vk-vhods.co
 -d vkjbm.4nt4nb464e6113.workers.dev
@@ -3861,25 +3666,30 @@ msFilterList
 -d vv.macecri.com
 -d vvjde0h0ttttf9hay.com
 -d vvpaes-me-index.egvtpp.cn
+-d vws.co.in
+-d vxcas.a35570.cn
 -d vxdse.myfreesites.net
 -d w2.deraya.org
 -d w5aproject.s3.us-east.cloud-object-storage.appdomain.cloud
--d w5czf.csb.app
 -d wahed-koudsi2001.github.io
 -d walkers-dot-composite-store-326315.uk.r.appspot.com
 -d wallcertifyonmesh.com
 -d walldesign.com.tr
 -d wallet-connect012.web.app
 -d wallet-reconnection.xyz
+-d wallet-verified.com
 -d wallet.silesiacoin.com
 -d wallet22.000webhostapp.com
+-d walletconnect-tool.net
+-d walletconnect-tools.xyz
 -d walletconnectonline.pages.dev
 -d walletconnectors.com
 -d walleterrorsupport.com
+-d walletokenvalidation.com
+-d walletsconect.live
 -d walletsconnex.com
 -d walletsliveconnects.net
 -d walletsreauth.org
--d walletsvalidator.org
 -d walletsynclive.com
 -d walletvalidation.me
 -d walletvalidators.com
@@ -3895,6 +3705,7 @@ msFilterList
 -d warningshadows.org
 -d warsa.bandungkab.go.id
 -d wasites.000webhostapp.com
+-d waterproofingengineer.com
 -d we-exodus-wallet.yahoosites.com
 -d web-armas.royale-freefire1garena-bonus.com
 -d web-b4119.web.app
@@ -3912,13 +3723,15 @@ msFilterList
 -d web-verifi06.webcindario.com
 -d web.bredbanque.trans.sylog.co
 -d web.royale-freefire1garena-bonus.com
--d web7320.web07.bero-webspace.de
 -d webbbb.yolasite.com
 -d webbl.yolasite.com
+-d webdappsconnection.com
 -d webdatamltrainingdiag842.blob.core.windows.net
 -d webdesecure.clickfunnels.com
+-d webhost-verify.duckdns.org
 -d webip.yolasite.com
 -d webmail-2aaa0.web.app
+-d webmail-optusnet-com-au-sign1.weebly.com
 -d webmail-sso8uyg.web.app
 -d webmail.gourmer.co.in
 -d webmail.login.access.docs67.live
@@ -3928,20 +3741,17 @@ msFilterList
 -d webregular.xyz
 -d webservice-verify.duckdns.org
 -d websitefun.club
--d websiteorange.wixsite.com
 -d webstories.eu
 -d webvalidity.com
 -d well-42d74.web.app
--d wellsfargo-online06.herokuapp.com
--d weryfikacja-facebookowa-27.herokuapp.com
 -d weryfikacja-facebookowa-28.herokuapp.com
 -d weteachbh.com
 -d whare.100webspace.net
+-d whatsapp-grub99zyc.duckdns.org
 -d wheelsofmercy.org
 -d whitelist-network.com
 -d widadkamillah.github.io
 -d wiki.oceanreeflifegame.com
--d wildcard.isiolo.go.ke
 -d windstream-net.firebaseapp.com
 -d winville.biz
 -d wireconfirmation68c10a25442a3e13.blogspot.com
@@ -3958,12 +3768,15 @@ msFilterList
 -d wqass-index.chobqu.cn
 -d wqass-index.dccigq.cn
 -d wqass-index.gbswz.cn
--d wqass-index.jeewiki.cn
 -d wqass-index.pygbw.cn
 -d wrww-roblox.com
+-d wsertyzx.gq
 -d wteeoq.pfinanceiro.com.de
+-d ww.lnterbank.pe.personas.aaseguros.mx
 -d ww.lnterbank.pe.personas.onlinesocket.in
+-d ww.lnterbank.pe.personas.t-class.org
 -d ww16.inpost-pl-3dsecure.clear-id.xyz
+-d wwedealershipon.000webhostapp.com
 -d www-cursosdigitalesmx-com.filesusr.com
 -d www-degelyehuda-org-il.filesusr.com
 -d www-europe564598-com.filesusr.com
@@ -3971,10 +3784,9 @@ msFilterList
 -d www-key-com.test.edgekey.net
 -d www-mufg-jp.handicraft.ltd
 -d www-mufg-jp.kaiqi.ink
--d www-wattsapcom.duckdns.org
+-d www.facebook.com-sauuvazpjo.isiolo.go.ke
 -d www2.rakutan.co.jploginffd9dfg7.carwork.cn
 -d www2.rakutan.co.jploginffd9dfg7h.iotbaas.cn
--d www2.rakutan.co.jploginvcx8ds.nanoart.cn
 -d www2.rakuten-card.co.jp.wzsrc.cn
 -d www2.rakutenn.co.jp.nanopark.cn
 -d www2.rakutenn.co.jp.zgyo.cn
@@ -3986,6 +3798,7 @@ msFilterList
 -d xcas.xoh29oz.cn
 -d xcasd.7vo6bt.cn
 -d xcasd.b204uje.cn
+-d xcasd.tcbjnhq.cn
 -d xcasd.yikn2gd.cn
 -d xcryptocars.blogspot.com
 -d xcvdsd.page.link
@@ -4004,10 +3817,10 @@ msFilterList
 -d xjpyyds.pem4yp3.cn
 -d xkljfg.ml
 -d xn--gmal-sya.com
--d xn--instagam-sf0d.com
 -d xn--ltappen-80a.se
 -d xn--metamsk-lwa.link
 -d xn--rpondeur-sfr2-bhb.yolasite.com
+-d xpubgfrozen.tk
 -d xqr3i.mjt.lu
 -d xqr3n.mjt.lu
 -d xqr3u.mjt.lu
@@ -4016,14 +3829,16 @@ msFilterList
 -d xrxh2.mjt.lu
 -d xrxhl.mjt.lu
 -d xsbrookshhjx.top
+-d xspin.cawnibos.com
 -d xtio.ch
 -d xtw42.mjt.lu
+-d xvideokoreanwifesister18.duckdns.org
 -d xx.macecri.com
 -d xxaas.tp00jv9.cn
 -d xxasd.sf29hrg.cn
 -d xxx-com-dot-c2c01-531c7.uc.r.appspot.com
--d xyproject.xtensio.com
 -d xzasd.uz64g3.cn
+-d yahoo%2eco%2ejp@asdxa.p2x11pi.cn
 -d yahoo%2eco%2ejp@bghgcd.psuxscm.cn
 -d yahoo%2eco%2ejp@bhgxa.eo76sni.cn
 -d yahoo%2eco%2ejp@cdas.nxzigco.cn
@@ -4045,12 +3860,11 @@ msFilterList
 -d yahoo%2eco%2ejp@uyhnxx.urpzkva.cn
 -d yahoo%2eco%2ejp@zxas.2nd0g8.cn
 -d yahoo%2eco%2ejp@zxass.jbkyj0o.cn
--d yahoopoweredservice.duckdns.org
 -d yahuomall.square.site
 -d yairix.github.io
 -d yalena.me
+-d yandex-viral.duckdns.org
 -d yaqoobi.org
--d yaranfayez.com
 -d yayanti.com
 -d ybdaa.oqsgm9r.cn
 -d ybggd.fjgjoux.cn
@@ -4070,11 +3884,13 @@ msFilterList
 -d ynbgdc.woprkzp.cn
 -d ynbxa.pvgulkz.cn
 -d yndda.m117s1s.cn
+-d yo7ka-anna.com
 -d yogeshwarwiremesh.com
 -d youknowar.com
 -d young-snow-7447.tcheviron5269.workers.dev
 -d youreasygoing2022.co.vu
 -d yqlpeitost.duckdns.org
+-d ytdjhstej.tk
 -d yuhjjkss.web.app
 -d yumpai.cn
 -d z.macecri.com
@@ -4082,10 +3898,12 @@ msFilterList
 -d z0massegurabclp1.shreeramwoodindustries.com
 -d z2qje.codesandbox.io
 -d z3voicrxxvs.typeform.com
+-d zacharytlasko.com
 -d zackselectronics.co.zw
 -d zaktualizacja-platnosci.netfxtv.co.pl
 -d zasd.yhxmd30.cn
 -d zb2-home.web.app
+-d zen-minsky-ef5931.netlify.app
 -d zenvinyl.com
 -d zepe.io
 -d zeroquiz.com
@@ -4098,10 +3916,8 @@ msFilterList
 -d zmpcoado.cyou
 -d zoho-online.web.app
 -d zoho-validationserv.web.app
--d zonalnterbank.com
 -d zonmca.hxljatvw.cn
 -d zshrvvo.cn
--d zuiunsya.com
 -d zxas.2nd0g8.cn
 -d zxas.hs0rgq8.cn
 -d zxass.jbkyj0o.cn
@@ -4110,6 +3926,5 @@ msFilterList
 -d zxcnash.seufhsk.cn
 -d zxcod.01l241.cn
 -d zxcuashs.e0n0gh5.cn
--d zxdlbny.cn
 -d zxnahs.3cze6ri.cn
 -d zz.macecri.com
diff --git a/dist/phishing-filter.txt b/dist/phishing-filter.txt
index ef37521c..9967422d 100644
--- a/dist/phishing-filter.txt
+++ b/dist/phishing-filter.txt
@@ -1,5 +1,5 @@
 ! Title: Phishing URL Blocklist
-! Updated: Sun, 16 Jan 2022 12:01:44 +0000
+! Updated: Mon, 17 Jan 2022 00:01:35 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/phishing-filter
 ! License: https://gitlab.com/curben/phishing-filter#license
@@ -14,9 +14,6 @@
 02-billing-support.org
 08863299.sso-secure-mail0454etr.pages.dev
 0bs.de
-0gjvj7a8eydbjz3au8anbg-on.drv.tw
-1000000000347789523698541.tk
-1000000000347789523698545.tk
 1000000000347789523698546.tk
 1000000000347789523698547.tk
 103.114.16.4
@@ -33,10 +30,12 @@
 149-210-143-165.colo.transip.net
 149.210.143.165
 15004083383734.data-store-company.com
+154.222.224.81
 154.30.211.130.bc.googleusercontent.com
 161.35.142.2
 165.227.122.125
 16park.cn
+1727365.com
 173.82.154.253
 178.128.108.233.dsl.dyn.forthnet.gr
 179.43.140.208
@@ -56,9 +55,9 @@
 2022-exodus.com
 2022-girobanken-sparkassen.xyz
 2022.intrebrkprsonas.xyz
+205.185.113.221
 208.82.115.230
 217651.8b.io
-2247317.verifyinguser426128734570198363.com
 228.94.92.rev.sfr.net.gghost.ru
 24611250.sibforms.com
 2482689012.yolasite.com
@@ -67,6 +66,7 @@
 2fa.bthei.com
 2pil.ru
 2rakuten.co.jp.happyyear.cn
+2yfh.short.gy
 3-139-75-158.cprapid.com
 343i.org
 343t3dv9qdufp.clickfunnels.com
@@ -74,8 +74,11 @@
 35.199.84.117
 35.225.222.142
 3568365.com
+365unfreezesecurity.com
+3782365.com
 3a10a178.s6t6sj4s46tu4sys54y5.pages.dev
 3bvjh.sbs
+3c5.com
 3ck.me
 3dprintersupplies.com.au
 3dsecure-update-service-info-live.duckdns.org
@@ -103,20 +106,21 @@
 613707.selcdn.ru
 61da8ae6.6u6566hrrthsh45.pages.dev
 638ca12d-ba2f-451c-8418-faf56b7de7ff.htmlcomponentservice.com
-65451440241544.hyperphp.com
-664876.verifyinguser426128734570198363.com
+6734365.com
 67lksxgjd.bttmassage-thai-tanger.com
 6a7zu9he6mqh.clickfunnels.com
 6c7f0acc.sibforms.com
+6stupefacentevideo2022.pagedemo.co
+754675377.xyz
 78.108.89.240
 7837365.com
 7a4298b9.sso-mail-secure234ds23d23wd1.pages.dev
 7wr4u.csb.app
 7yu3v.csb.app
 8.215.32.173
-8010361370310234068010361370310234.blogspot.be
 859411.icu
 8760365.com
+885211.icu
 889381.icu
 8899.jp
 89ix7y0.cn
@@ -144,15 +148,18 @@ absaonline2021.website2.me
 absolute-containers-sip.business.site
 absolutepleasure.com.my
 acacia.webdevonline.net
+account-recovery.org
 account.herephyshy.info
 account.verifications.help-page.workers.dev
 accounts-autoscout24.de
 acessobradesco.digital
 ach111.xyz
 activate-hulu-com-activate.sitey.me
+activatingmymainnet.com
 adamfeber.com
 adcloudserver.com
 admin-formserviceupdates.weeblysite.com
+administer-708aa.web.app
 administraciondefincaspereznovo.com
 adorablepomskyhome.net
 adpunemploymentclaims.sharefile.com
@@ -162,14 +169,13 @@ affixsports.net
 afreemart.xyz
 africansecrets.ca
 agora.imb.br
-agricolefr-99f918.ingress-erytho.easywp.com
 agrimetiersmartinique.fr
 agurimu-nagoya.com
 ahhhh.pe.kr
 ai.macecri.com
-aib-unauthorized-access.com
 aid-validation-human.run-us-west2.goorm.io
 aimekidya-recpag.web.id
+airbnb.book-space-b851927.live
 airportprescreening.com
 aitsidihamh.my-place.us
 akanksha3012.github.io
@@ -190,8 +196,10 @@ aliciabot.azurewebsites.net
 alkhalilgraphics.com
 allegrolokalnie-pl-3dsafe.id-43051.xyz
 allegrolokalnie-pl-3dsafe.id-91501.xyz
+allegrolokalnie-pl-3dseif.id-43051.xyz
 allegrolokalnie-pl-safe.id-43051.xyz
 alliancesuper.com
+almarjantours.com
 almighty.edu.np
 alnajahh.com
 aloun.ps
@@ -199,6 +207,7 @@ alphabnkgre.com
 alqadi.ps
 alquilervillora.net
 alsofft.com
+alupi-frey.shop
 amacez.jyrtery4.top
 amacredit.amacardpkey.xyz
 amaenv.fgasdfw6.xyz
@@ -209,21 +218,20 @@ amazom.supwwe.xyz
 amazomsse.shop
 amazon-gcatech.com
 amazon-interruption.com
-amazon.co.ip.jlig.cn
 amazon.co.jp.abaiaccounting.cn
 amazon.gousana.casa
-amazon.jp-m.win
+amazon.logins-co.jp
 amazon.works.ga
 amazonhome.sfrmobiles.com
 amazonjapsne.cf
+amazonses.authflows.com
 amazoon.co.op.o4j.top
-ambil-hadiah-gratis-resmi-dari-freefire.duckdns.org
 amc-training.com
-amcgardiennage.com
+amecmasmerd.ga
 ameozom.jp.onaworks.com
 americanexpress-auth.azurewebsites.net
-americanexpress.heiwakai.com
 amguevara.com
+amhsd.com
 amidabuli.com
 amlnov7.web.app
 amnzma-jp.top
@@ -234,7 +242,6 @@ amnzmsn3-jp.shop
 amoazom.rm82j6-t8.cn
 amonzau_co_take.ktbf.shop
 amosleh.com
-amozom.co.ip.taxhod.club
 amreeth.github.io
 amusebouche-bg.com
 amzcredit.dearva.xyz
@@ -250,24 +257,21 @@ angryezgames.com
 anhduongjsc.com
 anj-azakp.run.goorm.io
 anjalijha167.github.io
-anjayredit.duckdns.org
 annacatania.com.mt
 anon-keep-admin-keep.rvsla.workers.dev
 ansr.ro
 aolmailukhelplinecustomerservice.blogspot.com
 aolmailukhelplinecustomerservice.blogspot.com.au
-aolpoweredservice.duckdns.org
 aolverixon11dfd.weebly.com
 aolxperience.com
+api-saisoncard-co-jp.md160.net
 api-saisoncard-co-jp.o4ay8.net
 api.florense.com.br
 api.redirect-bentobot199.com
 api.redirect-safebrowser-online.com
-api.safe-directmail.com
 aplintec.com.mx
 app-928e4a31-5ecb-44ae-8c1e-5a710ac73f9f.cleverapps.io
 app-bombcrypto-io-login-ab.blogspot.com
-app-panckswp.xyz
 app.bydn217.club
 app.duel.network
 app.fiiber.ca
@@ -277,10 +281,11 @@ app.sugarsync.com
 appatualizecef.com
 appibsolicitud.com
 appleid-check.info
+applekra.com
 applepichincha.webcindario.com
 apply.aua.am
 apps.mobile-form-verification40124572700208277579.xjzsg0tqkl-ewl6ngk8w352.p.runcloud.link
-appttech.com
+aprilgagenesh.com
 aquaqualitas.com
 arafathrumman.github.io
 arcacg.com
@@ -288,15 +293,18 @@ archivio-supporto.sitoper.it
 are.scicemecod.com
 areueaom.gtpzcve.cn
 areueaom.gtva.cn
+arif.com.bd
 aromatic.webenliven.in
 arthamahotels.com
 artlux.com.pl
 arub-service.org
 aruba.fatt.ids-sys.com
 as.macecri.com
+as.scicemecod.com
 asaipestcontrol.com
 ascom.co.tz
 asd.9sw53wk.cn
+asdxa.p2x11pi.cn
 asgard-ampqy.run-us-west2.goorm.io
 asimpwsh.com
 asistentetramitadordigitalda.com
@@ -306,19 +314,24 @@ at-t-support-service1.sitey.me
 at-t-yahoo.sitey.me
 atento-fdi.plusoftomni.com.br
 ativacao-online73681.com
+atlanticeconcrete.com
 atnr76dxku336szy.clickfunnels.com
-attcustomdesk.weebly.com
+att556.weebly.com
+att87.weebly.com
 attinfoser.weebly.com
 attonlinemanagementpage.weebly.com
+attonlineuserverification.weebly.com
 attpage1121.weebly.com
 atualizacao-online547864.com
 atualizarmodolo.com
 atulrathore-dev.github.io
+auid-japan.com
 aurumship.com
-aushfew.tokyo
 aushotel.es
 auth-task1-m.web.app
 auth-webmailakeonetcom.yolasite.com
+auth.topgamers.cn
+authent54-sedure32.duckdns.org
 authorize-trustvallet-protocol.com
 authorizewallet.app
 authuxeehmutconjxmailssocl.web.app
@@ -328,16 +341,15 @@ autoexprs.com
 autoranplususeremailprocessingupdate.pages.dev
 autoscurt24.de
 autumn-sun-4a21.paqesads-scure.workers.dev
+avelocidad.com
 avrorganics.com
 awesome-gates-8bdd6f.netlify.app
 ax.xiguw.workers.dev
-axieinfinity-meta.com
 axieinfinity-supportwallet.com
 axlr.in
-ayguru.com
+ayushenterprise.in
 az.macecri.com
 azb3s.cf
-azmnsaz.000webhostapp.com
 azmznonos_co_long.akys.shop
 b.com.0cdb6084fc320a42a6418192753f5960.laremolonarestaurante.com
 b059c86968a6427389952025bcee9886.svc.dynamics.com
@@ -345,7 +357,6 @@ b4e921f0.sso-mailsrvr-4344e5teed.pages.dev
 b96f7f93.sibforms.com
 b97bca39.srvr-cloudmail-srvr6754e5rte.pages.dev
 bacteralia.com
-badnewswegewroighgserhhg.xyz
 bag-macben.eu
 bakhai.vn
 balajihospital.net
@@ -365,7 +376,6 @@ bancaporlnternetlnterbarnk.jifad.org
 bancaporlnternetlnterbarnk.libertycanais.com.br
 bancoiinng.site44.com
 bancooccidentalb.com
-bank-id.pl
 bankapolska.com
 banki0wa.us
 bankocaoffo.webcindario.com
@@ -373,8 +383,8 @@ bankofamer86.ddns.net
 bannerbank.control-inc.com
 bannerchampnyc.com
 banproseguridadasistenteenlineanic.webnode.es
-banqsuepoy.temp.swtest.ru
 baradua.it
+barbecuef.top
 battlelastmont.cyou
 bc1.paiementervice.com
 bconclutmjy.ru
@@ -383,7 +393,7 @@ bcpzonaseguirabeta.com
 be-home.web.do
 bearmybrand.com
 beast-blog.com
-beibys.com.br
+beccu07.zzux.com
 beijing.vfzfy1v.cn
 belovedaroma.com
 bendmytrend.com
@@ -449,18 +459,19 @@ bnconacional.odoo.com
 bncre.odoo.com
 bncxz.9wx9b27.cn
 bndigitalpersonas.com
-bnpparibas-pl.mob-app.xyz
 boaupdate.bfaoscr.com
 bogdonovlerer.com
 bogged-finance.com
+boi.365online-replacement.com
+boke4-indonesia-2022a7whatsapp.duckdns.org
+bokep-virall-sange33.duckdns.org
 bokgabanesolutions.co.za
+bold-lichterman.45-81-232-15.plesk.page
 bookfbs.evangsamuelministries.com
 boxes.com.py
 br4.in
 br622.teste.website
-brave-knuth-96d329.netlify.app
 breople.com
-brigida_cossette.gitlab.io
 brooks-forrunning.top
 brooks-justforjogging.top
 brooks-move.top
@@ -499,7 +510,6 @@ builmon.xyz
 bujikena.web.app
 bundel-cobragratis2022.duckdns.org
 busanopen.org
-business-action-copyright11022.web.app
 business-action-page129591.web.app
 business-appeal-copyright8211.web.app
 business-appeal-form-18222.web.app
@@ -507,24 +517,22 @@ business-copyright-alert100821.web.app
 business-copyright-alert198082.web.app
 business-copyright-alert19882.web.app
 business-copyright-detected920.web.app
-business-page-content125882.web.app
 business-required-helpcenter82.web.app
 business-required-info188221.web.app
 businessemailss.biz
-bussines.messages-redirect-to-page.e37uezyquk-rz83y0rwz4d7.p.runcloud.link
 buyelectronicsnyc.com
 c.curiousmorty.be
 c.jardindemiedo.es
 c.loveawaits.be
 c.mail.com
 c0m-r51znzlh8i.isiolo.go.ke
-c10012022j.temp.swtest.ru
 c1christine.tjelmeland2e.cso.gov.tt
 c2dc5b99.chgmar.pages.dev
 c6ebv708.caspio.com
 cabsiler.com
 cache.nebula.phx3.secureserver.net
 cadeau-orange.fr
+caixabanki.temp.swtest.ru
 caixaseguradora.quadientcloud.com
 cakesbyannemotha.com
 cammymiller.com
@@ -534,7 +542,6 @@ cannellandcoflooring.co.uk
 capservice.online
 caracasmateriais.blogspot.com
 carpediemxp.com
-carry.reduxservices.com
 carservicessaupdate.xyz
 cartamorin-geometres.fr
 carwash.tv
@@ -547,6 +554,7 @@ caycos.beispielseite-wmka.de
 caymanreno.com
 cbmonlinegroups.com
 cc.scicemecod.com
+cc23674.tmweb.ru
 ccjrlaw.com
 cdas.nxzigco.cn
 cdsoa.wuefyta.cn
@@ -559,14 +567,13 @@ centralconsulta.link
 centre1.bubbleapps.io
 ceresgulf.com
 certifica-montepaschii.com
-chalokradocallkakuch.azurewebsites.net
-changenotification.pricesamazonlogincard.monster
+charitascb.com
 charperimagedesign.com
 chat-whatasapp.com
 chat-whatsaap99.duckdns.org
 chat-whatsapp-com-go8i7q-qregrabc-ibuxub.duckdns.org
-chat-whatsapp-group-2022.duckdns.org
 chat-whatsapp-grupo-invitacion.blogspot.com
+chat-whatsapp-gscfghjsgsu.duckdns.org
 chckmaill1.web.app
 chckmaill10.web.app
 chckmaill11.web.app
@@ -600,9 +607,9 @@ chiragrajoria.github.io
 chois.jp
 christienstudystl.wixsite.com
 christmas-dhl-express-delvr.hopekosmos.com
+chronopostaws.com
 chtbnk.uk
 chutomen.com
-ciiusea.com
 cinemaleftech.com
 citagestionenlineabn.com
 city-of-jazz.de
@@ -610,13 +617,11 @@ ckwgruppe.service-now.com
 claiimdiamondgratis84.duckdns.org
 claim-event-freefire-garena-oldfree-a4.duckdns.org
 claim-skingratis-mobailegends161.duckdns.org
-claimgratisff2022.duckdns.org
 claims-funds-enczj.run-us-west2.goorm.io
 claimseventmlbb.duckdns.org
 claimshopee.yolasite.com
 claro-link.brsafe.com.br
 claus.bz
-clefman.cl
 click-here-help.in
 client-support-page.com
 clientid-h5p8n7f9e6fbmkhbr3i4gbnia7e9zpts4nbk3ebk0zj625t2ol.website.yandexcloud.net
@@ -655,7 +660,9 @@ co.jp.rukbcga.cn
 co.jp.sefdvsi.cn
 co.jp.tezkkbp.cn
 co.jp.ztxzzup.cn
+cobaincurlduluom.duckdns.org
 codwarzonemobile.com
+coindappsync.online
 cold-recipe-bf5b.updatelogaccountprogramedrfwerwrdhsll.workers.dev
 collab-land.net
 collabland.info
@@ -670,23 +677,24 @@ com-mm2ai86orr.isiolo.go.ke
 com-r51znzlh8i.isiolo.go.ke
 com-sauuvazpjo.isiolo.go.ke
 com-ugsyk69nqb.isiolo.go.ke
-comefuck.co
 community.fb-pages-01138913366342885284.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
 community.fb-pages-28202553629866144006.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
 community.fb-pages-44883444930165123303.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
 completeegali.webcindario.com
+completeyorcorp.lunsrgovert.net
 comunicazione-europe.net
 comunity-isue-ideent-andromeda-29.web.id
 comunity-isue-ideent-andromeda-33.web.id
-comunity-isue-ideent-andromeda-88.web.id
 con-firma.firebaseapp.com
-confirming-pages-idntitysupport.web.id
 congresosba.com.ar
 conhecaonlinedigital.com.br
 connect.au-login.0662smt.com
+connect.auone.jp-login.kddi-sys.com
+connect.myauone.jp-auid.jp-auid.com
+connect.myauone.jp-auid.kddi-mail.com
+connectlivewallet.io
 connectwallet.me
 conoscofaturahiiiper.com
-consultavirtuai.bieah.com
 contabilidaderabello.com.br
 contact2acceptpoilcyverifingyouracceptancemailfullinbox.pages.dev
 contapessoal.digital
@@ -697,7 +705,7 @@ continentepecas.com
 contratodeparceria.com.br
 controlpichincha.webcindario.com
 copyright-center-live.ml
-corl-inv.web.app
+coroplastusa.com
 correosdemexico-web.com
 corta.ai
 cosemu.com
@@ -717,7 +725,6 @@ credicorp-capital.net
 credicorpfiduciariasa.com
 credifinanciera.didacsis.com
 crediserfinanza.com
-credita302.temp.swtest.ru
 creditagricole-sudrhonealpes.blogspot.ba
 creditagricole-sudrhonealpes.blogspot.com
 creditagricole-sudrhonealpes.blogspot.ro
@@ -725,13 +732,18 @@ creditinternationalbank.com
 creditiperhabbogratissicuro100.blogspot.it
 cresvin.com
 criticalcarevizag.com
+crrdxwjap7t.typeform.com
 cryptocars-plays.buzz
 cryptocarsme.com
 cryptscars-logs.com
 cryqtocars.me
 cuans.bkaamiv.cn
 currentlyupgrade.mystrikingly.com
+cusnas.366wuv.cn
+cxas.bvd2q18.cn
+cxas.zk6w4dt.cn
 cxasd.easghbl.cn
+cxmnsa.04frh0w.cn
 cxnbas.nmkbmqk.cn
 cxuahs.1wc9bxm.cn
 cyna.rkpmage.cn
@@ -744,8 +756,10 @@ d18gc1ytkdv37u.cloudfront.net
 d2aae6a6.srvr-cloudmail-srvr675eu6r.pages.dev
 d3ncuwwrr82.typeform.com
 daatahomes.com
+dadafa88.com
 damp-f43e.recovery-page-secur.workers.dev
 danitraseoexperts.com
+dappconnecttvalidator.net
 dapponlines.com
 dappscoins.com
 dappsiconnect.com
@@ -761,8 +775,8 @@ daycoval.facildepagar.com.br
 db-web-client.com
 dbesmdcjzturhizszllesbthsn-dot-gl44393333333.rj.r.appspot.com
 dbkuzwes.online
-dbs-interrnet.online
 dbs.limited
+dbs.online.webdbslistinonline.com
 dbs.webdbslistinonline.com
 dbw.gr
 dcm1.ae.iwc.static.tungmung.co.id
@@ -795,6 +809,7 @@ deutsche-post.apurvathespygenesh.com
 dev-nadaj.orlenpaczka.ce5.pl
 dev-secu-credit-union.pantheonsite.io
 dev-www.orlenpaczka.ce5.pl
+dev.massageliabilityinsurancegroup.com
 dev.shivaxi.com
 devicepichincha.webcindario.com
 devops.help
@@ -807,15 +822,17 @@ dhl-event.app
 dhl.recruitmentplatform.com
 diamondplate.us
 die-post-swiss-id-19782635812.psd2any.com
+diepost-paketevhost207932.lowhost.ru
 diginto.org
-dilscord.gift
+diligentverify.com
 directqpuprozaakp.weebly.com
 dirtyez.com
 disccrdapp.com
 disckord.club
 discoord-nittro.com
-discorc.gift
 discordbugs.com
+discordnitroos.com
+discrods.gift
 dispositivoapp.azurewebsites.net
 distinctivei.com
 distrial.ec
@@ -828,7 +845,6 @@ dkglobaljobs.com
 dl.9xu.com
 dlink.me
 dmaxpesca.com.es
-dminer.cloud
 doclab-console-auth.firebaseapp.com
 docs-verify-c671.thajetiase.workers.dev
 docs.revv.so
@@ -854,12 +870,9 @@ domainserverlawa116.web.app
 domainserverlawa117.web.app
 domainserverlawa118.web.app
 domainserverlawa119.web.app
-domainserverlawa120.web.app
-domainserverlawa121.web.app
 domainserverlawa122.web.app
 domainserverlawa123.web.app
 domainserverlawa124.web.app
-domainserverlawa125.web.app
 domainserverlawa126.web.app
 domainserverlawa127.web.app
 domainserverlawa128.web.app
@@ -868,32 +881,24 @@ domainserverlawa13.web.app
 domainserverlawa130.web.app
 domainserverlawa131.web.app
 domainserverlawa132.web.app
-domainserverlawa133.web.app
 domainserverlawa134.web.app
 domainserverlawa135.web.app
 domainserverlawa136.web.app
 domainserverlawa137.web.app
-domainserverlawa138.web.app
 domainserverlawa139.web.app
 domainserverlawa14.web.app
-domainserverlawa140.web.app
-domainserverlawa141.web.app
 domainserverlawa142.web.app
 domainserverlawa143.web.app
 domainserverlawa144.web.app
 domainserverlawa145.web.app
 domainserverlawa146.web.app
-domainserverlawa147.web.app
 domainserverlawa148.web.app
 domainserverlawa149.web.app
 domainserverlawa150.web.app
-domainserverlawa151.web.app
 domainserverlawa152.web.app
 domainserverlawa153.web.app
-domainserverlawa154.web.app
 domainserverlawa155.web.app
 domainserverlawa156.web.app
-domainserverlawa157.web.app
 domainserverlawa158.web.app
 domainserverlawa159.web.app
 domainserverlawa160.web.app
@@ -901,20 +906,15 @@ domainserverlawa161.web.app
 domainserverlawa162.web.app
 domainserverlawa163.web.app
 domainserverlawa164.web.app
-domainserverlawa165.web.app
 domainserverlawa166.web.app
 domainserverlawa167.web.app
 domainserverlawa168.web.app
 domainserverlawa169.web.app
-domainserverlawa17.web.app
-domainserverlawa170.web.app
 domainserverlawa171.web.app
 domainserverlawa172.web.app
 domainserverlawa173.web.app
 domainserverlawa174.web.app
-domainserverlawa175.web.app
 domainserverlawa176.web.app
-domainserverlawa177.web.app
 domainserverlawa178.web.app
 domainserverlawa179.web.app
 domainserverlawa18.web.app
@@ -923,34 +923,25 @@ domainserverlawa181.web.app
 domainserverlawa182.web.app
 domainserverlawa183.web.app
 domainserverlawa184.web.app
-domainserverlawa185.web.app
 domainserverlawa186.web.app
 domainserverlawa187.web.app
 domainserverlawa188.web.app
 domainserverlawa189.web.app
 domainserverlawa19.web.app
-domainserverlawa190.web.app
 domainserverlawa191.web.app
 domainserverlawa193.web.app
 domainserverlawa194.web.app
 domainserverlawa195.web.app
-domainserverlawa196.web.app
-domainserverlawa197.web.app
 domainserverlawa198.web.app
-domainserverlawa199.web.app
 domainserverlawa20.web.app
-domainserverlawa200.web.app
 domainserverlawa201.web.app
 domainserverlawa202.web.app
-domainserverlawa203.web.app
 domainserverlawa204.web.app
 domainserverlawa205.web.app
 domainserverlawa206.web.app
-domainserverlawa207.web.app
 domainserverlawa208.web.app
 domainserverlawa209.web.app
 domainserverlawa21.web.app
-domainserverlawa210.web.app
 domainserverlawa211.web.app
 domainserverlawa212.web.app
 domainserverlawa213.web.app
@@ -964,7 +955,6 @@ domainserverlawa220.web.app
 domainserverlawa221.web.app
 domainserverlawa222.web.app
 domainserverlawa223.web.app
-domainserverlawa224.web.app
 domainserverlawa225.web.app
 domainserverlawa226.web.app
 domainserverlawa227.web.app
@@ -977,12 +967,10 @@ domainserverlawa233.web.app
 domainserverlawa234.web.app
 domainserverlawa235.web.app
 domainserverlawa237.web.app
-domainserverlawa238.web.app
 domainserverlawa239.web.app
 domainserverlawa240.web.app
 domainserverlawa241.web.app
 domainserverlawa242.web.app
-domainserverlawa243.web.app
 domainserverlawa244.web.app
 domainserverlawa245.web.app
 domainserverlawa246.web.app
@@ -990,35 +978,23 @@ domainserverlawa247.web.app
 domainserverlawa248.web.app
 domainserverlawa249.web.app
 domainserverlawa25.web.app
-domainserverlawa250.web.app
 domainserverlawa251.web.app
 domainserverlawa252.web.app
 domainserverlawa253.web.app
-domainserverlawa254.web.app
-domainserverlawa255.web.app
 domainserverlawa256.web.app
 domainserverlawa257.web.app
 domainserverlawa258.web.app
-domainserverlawa259.web.app
-domainserverlawa26.web.app
 domainserverlawa260.web.app
-domainserverlawa261.web.app
-domainserverlawa262.web.app
 domainserverlawa263.web.app
 domainserverlawa264.web.app
 domainserverlawa265.web.app
 domainserverlawa266.web.app
 domainserverlawa267.web.app
-domainserverlawa268.web.app
 domainserverlawa269.web.app
 domainserverlawa270.web.app
-domainserverlawa271.web.app
-domainserverlawa272.web.app
 domainserverlawa273.web.app
 domainserverlawa274.web.app
-domainserverlawa275.web.app
 domainserverlawa276.web.app
-domainserverlawa277.web.app
 domainserverlawa278.web.app
 domainserverlawa279.web.app
 domainserverlawa280.web.app
@@ -1027,9 +1003,7 @@ domainserverlawa282.web.app
 domainserverlawa283.web.app
 domainserverlawa284.web.app
 domainserverlawa285.web.app
-domainserverlawa286.web.app
 domainserverlawa287.web.app
-domainserverlawa289.web.app
 domainserverlawa29.web.app
 domainserverlawa290.web.app
 domainserverlawa292.web.app
@@ -1038,28 +1012,20 @@ domainserverlawa294.web.app
 domainserverlawa295.web.app
 domainserverlawa296.web.app
 domainserverlawa297.web.app
-domainserverlawa298.web.app
 domainserverlawa299.web.app
-domainserverlawa30.web.app
 domainserverlawa300.web.app
 domainserverlawa301.web.app
 domainserverlawa302.web.app
 domainserverlawa303.web.app
 domainserverlawa304.web.app
 domainserverlawa305.web.app
-domainserverlawa306.web.app
 domainserverlawa307.web.app
 domainserverlawa308.web.app
-domainserverlawa309.web.app
-domainserverlawa31.web.app
 domainserverlawa310.web.app
 domainserverlawa311.web.app
 domainserverlawa312.web.app
 domainserverlawa313.web.app
-domainserverlawa314.web.app
 domainserverlawa315.web.app
-domainserverlawa316.web.app
-domainserverlawa317.web.app
 domainserverlawa318.web.app
 domainserverlawa319.web.app
 domainserverlawa32.web.app
@@ -1067,13 +1033,11 @@ domainserverlawa320.web.app
 domainserverlawa321.web.app
 domainserverlawa322.web.app
 domainserverlawa323.web.app
-domainserverlawa324.web.app
 domainserverlawa325.web.app
 domainserverlawa326.web.app
 domainserverlawa327.web.app
 domainserverlawa328.web.app
 domainserverlawa329.web.app
-domainserverlawa33.web.app
 domainserverlawa330.web.app
 domainserverlawa331.web.app
 domainserverlawa332.web.app
@@ -1084,17 +1048,14 @@ domainserverlawa336.web.app
 domainserverlawa337.web.app
 domainserverlawa338.web.app
 domainserverlawa339.web.app
-domainserverlawa34.web.app
 domainserverlawa340.web.app
 domainserverlawa341.web.app
 domainserverlawa342.web.app
 domainserverlawa343.web.app
 domainserverlawa344.web.app
-domainserverlawa345.web.app
 domainserverlawa346.web.app
 domainserverlawa347.web.app
 domainserverlawa348.web.app
-domainserverlawa35.web.app
 domainserverlawa350.web.app
 domainserverlawa351.web.app
 domainserverlawa352.web.app
@@ -1108,7 +1069,6 @@ domainserverlawa359.web.app
 domainserverlawa36.web.app
 domainserverlawa360.web.app
 domainserverlawa361.web.app
-domainserverlawa362.web.app
 domainserverlawa363.web.app
 domainserverlawa364.web.app
 domainserverlawa365.web.app
@@ -1119,7 +1079,6 @@ domainserverlawa37.web.app
 domainserverlawa370.web.app
 domainserverlawa371.web.app
 domainserverlawa372.web.app
-domainserverlawa373.web.app
 domainserverlawa374.web.app
 domainserverlawa375.web.app
 domainserverlawa376.web.app
@@ -1135,11 +1094,7 @@ domainserverlawa384.web.app
 domainserverlawa385.web.app
 domainserverlawa386.web.app
 domainserverlawa387.web.app
-domainserverlawa388.web.app
-domainserverlawa389.web.app
-domainserverlawa39.web.app
 domainserverlawa390.web.app
-domainserverlawa391.web.app
 domainserverlawa392.web.app
 domainserverlawa393.web.app
 domainserverlawa394.web.app
@@ -1150,11 +1105,8 @@ domainserverlawa398.web.app
 domainserverlawa40.web.app
 domainserverlawa400.web.app
 domainserverlawa401.web.app
-domainserverlawa402.web.app
 domainserverlawa403.web.app
-domainserverlawa404.web.app
 domainserverlawa405.web.app
-domainserverlawa406.web.app
 domainserverlawa407.web.app
 domainserverlawa408.web.app
 domainserverlawa409.web.app
@@ -1165,7 +1117,6 @@ domainserverlawa412.web.app
 domainserverlawa413.web.app
 domainserverlawa414.web.app
 domainserverlawa415.web.app
-domainserverlawa416.web.app
 domainserverlawa417.web.app
 domainserverlawa418.web.app
 domainserverlawa419.web.app
@@ -1178,12 +1129,10 @@ domainserverlawa424.web.app
 domainserverlawa425.web.app
 domainserverlawa426.web.app
 domainserverlawa427.web.app
-domainserverlawa428.web.app
 domainserverlawa429.web.app
 domainserverlawa43.web.app
 domainserverlawa430.web.app
 domainserverlawa431.web.app
-domainserverlawa432.web.app
 domainserverlawa433.web.app
 domainserverlawa434.web.app
 domainserverlawa435.web.app
@@ -1193,36 +1142,27 @@ domainserverlawa438.web.app
 domainserverlawa439.web.app
 domainserverlawa44.web.app
 domainserverlawa440.web.app
-domainserverlawa441.web.app
 domainserverlawa442.web.app
 domainserverlawa443.web.app
 domainserverlawa444.web.app
 domainserverlawa445.web.app
 domainserverlawa446.web.app
 domainserverlawa447.web.app
-domainserverlawa448.web.app
 domainserverlawa449.web.app
-domainserverlawa45.web.app
 domainserverlawa450.web.app
 domainserverlawa451.web.app
 domainserverlawa452.web.app
 domainserverlawa453.web.app
-domainserverlawa454.web.app
 domainserverlawa455.web.app
 domainserverlawa456.web.app
-domainserverlawa457.web.app
-domainserverlawa458.web.app
 domainserverlawa459.web.app
 domainserverlawa46.web.app
 domainserverlawa460.web.app
-domainserverlawa461.web.app
 domainserverlawa462.web.app
 domainserverlawa463.web.app
 domainserverlawa464.web.app
 domainserverlawa465.web.app
 domainserverlawa466.web.app
-domainserverlawa467.web.app
-domainserverlawa468.web.app
 domainserverlawa469.web.app
 domainserverlawa47.web.app
 domainserverlawa470.web.app
@@ -1233,18 +1173,14 @@ domainserverlawa474.web.app
 domainserverlawa475.web.app
 domainserverlawa476.web.app
 domainserverlawa477.web.app
-domainserverlawa478.web.app
 domainserverlawa479.web.app
 domainserverlawa480.web.app
 domainserverlawa481.web.app
-domainserverlawa482.web.app
 domainserverlawa483.web.app
 domainserverlawa484.web.app
 domainserverlawa485.web.app
 domainserverlawa486.web.app
 domainserverlawa487.web.app
-domainserverlawa488.web.app
-domainserverlawa489.web.app
 domainserverlawa49.web.app
 domainserverlawa490.web.app
 domainserverlawa491.web.app
@@ -1255,22 +1191,15 @@ domainserverlawa495.web.app
 domainserverlawa496.web.app
 domainserverlawa497.web.app
 domainserverlawa498.web.app
-domainserverlawa499.web.app
 domainserverlawa50.web.app
 domainserverlawa500.web.app
-domainserverlawa501.web.app
 domainserverlawa502.web.app
-domainserverlawa503.web.app
-domainserverlawa504.web.app
-domainserverlawa505.web.app
 domainserverlawa506.web.app
 domainserverlawa507.web.app
 domainserverlawa508.web.app
 domainserverlawa509.web.app
 domainserverlawa51.web.app
-domainserverlawa510.web.app
 domainserverlawa511.web.app
-domainserverlawa513.web.app
 domainserverlawa514.web.app
 domainserverlawa515.web.app
 domainserverlawa516.web.app
@@ -1279,10 +1208,8 @@ domainserverlawa518.web.app
 domainserverlawa519.web.app
 domainserverlawa52.web.app
 domainserverlawa520.web.app
-domainserverlawa521.web.app
 domainserverlawa522.web.app
 domainserverlawa523.web.app
-domainserverlawa524.web.app
 domainserverlawa525.web.app
 domainserverlawa526.web.app
 domainserverlawa527.web.app
@@ -1293,28 +1220,21 @@ domainserverlawa530.web.app
 domainserverlawa531.web.app
 domainserverlawa532.web.app
 domainserverlawa533.web.app
-domainserverlawa534.web.app
-domainserverlawa535.web.app
 domainserverlawa536.web.app
 domainserverlawa537.web.app
 domainserverlawa538.web.app
 domainserverlawa539.web.app
 domainserverlawa54.web.app
-domainserverlawa540.web.app
 domainserverlawa541.web.app
 domainserverlawa542.web.app
 domainserverlawa543.web.app
-domainserverlawa544.web.app
 domainserverlawa545.web.app
 domainserverlawa546.web.app
 domainserverlawa547.web.app
-domainserverlawa548.web.app
 domainserverlawa549.web.app
 domainserverlawa550.web.app
 domainserverlawa551.web.app
-domainserverlawa552.web.app
 domainserverlawa553.web.app
-domainserverlawa554.web.app
 domainserverlawa555.web.app
 domainserverlawa556.web.app
 domainserverlawa557.web.app
@@ -1324,9 +1244,7 @@ domainserverlawa56.web.app
 domainserverlawa560.web.app
 domainserverlawa561.web.app
 domainserverlawa562.web.app
-domainserverlawa563.web.app
 domainserverlawa564.web.app
-domainserverlawa565.web.app
 domainserverlawa566.web.app
 domainserverlawa567.web.app
 domainserverlawa568.web.app
@@ -1335,35 +1253,24 @@ domainserverlawa57.web.app
 domainserverlawa570.web.app
 domainserverlawa571.web.app
 domainserverlawa572.web.app
-domainserverlawa573.web.app
 domainserverlawa574.web.app
 domainserverlawa575.web.app
 domainserverlawa576.web.app
 domainserverlawa577.web.app
 domainserverlawa578.web.app
 domainserverlawa579.web.app
-domainserverlawa58.web.app
-domainserverlawa580.web.app
 domainserverlawa581.web.app
 domainserverlawa582.web.app
 domainserverlawa583.web.app
-domainserverlawa584.web.app
-domainserverlawa585.web.app
 domainserverlawa586.web.app
 domainserverlawa587.web.app
 domainserverlawa588.web.app
 domainserverlawa589.web.app
 domainserverlawa59.web.app
-domainserverlawa590.web.app
-domainserverlawa591.web.app
 domainserverlawa592.web.app
 domainserverlawa593.web.app
-domainserverlawa594.web.app
-domainserverlawa595.web.app
-domainserverlawa596.web.app
 domainserverlawa597.web.app
 domainserverlawa598.web.app
-domainserverlawa599.web.app
 domainserverlawa60.web.app
 domainserverlawa600.web.app
 domainserverlawa601.web.app
@@ -1371,25 +1278,18 @@ domainserverlawa602.web.app
 domainserverlawa603.web.app
 domainserverlawa604.web.app
 domainserverlawa605.web.app
-domainserverlawa606.web.app
 domainserverlawa607.web.app
 domainserverlawa608.web.app
 domainserverlawa609.web.app
-domainserverlawa61.web.app
 domainserverlawa610.web.app
-domainserverlawa611.web.app
 domainserverlawa612.web.app
 domainserverlawa613.web.app
 domainserverlawa614.web.app
-domainserverlawa615.web.app
-domainserverlawa616.web.app
-domainserverlawa617.web.app
 domainserverlawa618.web.app
 domainserverlawa619.web.app
 domainserverlawa62.web.app
 domainserverlawa620.web.app
 domainserverlawa621.web.app
-domainserverlawa622.web.app
 domainserverlawa623.web.app
 domainserverlawa624.web.app
 domainserverlawa625.web.app
@@ -1410,7 +1310,6 @@ domainserverlawa638.web.app
 domainserverlawa639.web.app
 domainserverlawa64.web.app
 domainserverlawa640.web.app
-domainserverlawa641.web.app
 domainserverlawa642.web.app
 domainserverlawa643.web.app
 domainserverlawa644.web.app
@@ -1426,11 +1325,6 @@ domainserverlawa652.web.app
 domainserverlawa653.web.app
 domainserverlawa654.web.app
 domainserverlawa655.web.app
-domainserverlawa656.web.app
-domainserverlawa657.web.app
-domainserverlawa658.web.app
-domainserverlawa659.web.app
-domainserverlawa66.web.app
 domainserverlawa660.web.app
 domainserverlawa661.web.app
 domainserverlawa662.web.app
@@ -1441,14 +1335,10 @@ domainserverlawa666.web.app
 domainserverlawa667.web.app
 domainserverlawa668.web.app
 domainserverlawa669.web.app
-domainserverlawa67.web.app
-domainserverlawa670.web.app
 domainserverlawa671.web.app
 domainserverlawa672.web.app
 domainserverlawa673.web.app
-domainserverlawa674.web.app
 domainserverlawa675.web.app
-domainserverlawa676.web.app
 domainserverlawa677.web.app
 domainserverlawa678.web.app
 domainserverlawa679.web.app
@@ -1456,12 +1346,8 @@ domainserverlawa68.web.app
 domainserverlawa680.web.app
 domainserverlawa681.web.app
 domainserverlawa682.web.app
-domainserverlawa683.web.app
 domainserverlawa684.web.app
 domainserverlawa685.web.app
-domainserverlawa686.web.app
-domainserverlawa687.web.app
-domainserverlawa688.web.app
 domainserverlawa689.web.app
 domainserverlawa69.web.app
 domainserverlawa690.web.app
@@ -1469,7 +1355,6 @@ domainserverlawa691.web.app
 domainserverlawa692.web.app
 domainserverlawa693.web.app
 domainserverlawa694.web.app
-domainserverlawa695.web.app
 domainserverlawa696.web.app
 domainserverlawa697.web.app
 domainserverlawa698.web.app
@@ -1480,15 +1365,11 @@ domainserverlawa701.web.app
 domainserverlawa702.web.app
 domainserverlawa703.web.app
 domainserverlawa704.web.app
-domainserverlawa705.web.app
 domainserverlawa706.web.app
-domainserverlawa707.web.app
 domainserverlawa708.web.app
 domainserverlawa709.web.app
 domainserverlawa71.web.app
-domainserverlawa710.web.app
 domainserverlawa711.web.app
-domainserverlawa712.web.app
 domainserverlawa713.web.app
 domainserverlawa714.web.app
 domainserverlawa715.web.app
@@ -1497,17 +1378,13 @@ domainserverlawa717.web.app
 domainserverlawa718.web.app
 domainserverlawa719.web.app
 domainserverlawa72.web.app
-domainserverlawa720.web.app
 domainserverlawa721.web.app
 domainserverlawa722.web.app
-domainserverlawa723.web.app
 domainserverlawa724.web.app
 domainserverlawa725.web.app
 domainserverlawa726.web.app
 domainserverlawa727.web.app
-domainserverlawa728.web.app
 domainserverlawa729.web.app
-domainserverlawa73.web.app
 domainserverlawa730.web.app
 domainserverlawa731.web.app
 domainserverlawa732.web.app
@@ -1520,31 +1397,22 @@ domainserverlawa738.web.app
 domainserverlawa739.web.app
 domainserverlawa74.web.app
 domainserverlawa740.web.app
-domainserverlawa741.web.app
 domainserverlawa742.web.app
 domainserverlawa743.web.app
 domainserverlawa744.web.app
-domainserverlawa745.web.app
 domainserverlawa746.web.app
-domainserverlawa747.web.app
-domainserverlawa748.web.app
 domainserverlawa749.web.app
 domainserverlawa75.web.app
 domainserverlawa750.web.app
-domainserverlawa751.web.app
 domainserverlawa752.web.app
 domainserverlawa753.web.app
 domainserverlawa754.web.app
 domainserverlawa755.web.app
-domainserverlawa756.web.app
 domainserverlawa757.web.app
 domainserverlawa758.web.app
 domainserverlawa759.web.app
-domainserverlawa76.web.app
-domainserverlawa760.web.app
 domainserverlawa761.web.app
 domainserverlawa762.web.app
-domainserverlawa763.web.app
 domainserverlawa764.web.app
 domainserverlawa765.web.app
 domainserverlawa766.web.app
@@ -1564,22 +1432,17 @@ domainserverlawa778.web.app
 domainserverlawa779.web.app
 domainserverlawa78.web.app
 domainserverlawa780.web.app
-domainserverlawa781.web.app
 domainserverlawa782.web.app
 domainserverlawa783.web.app
 domainserverlawa784.web.app
 domainserverlawa785.web.app
 domainserverlawa786.web.app
-domainserverlawa787.web.app
 domainserverlawa788.web.app
 domainserverlawa789.web.app
 domainserverlawa79.web.app
 domainserverlawa790.web.app
-domainserverlawa791.web.app
-domainserverlawa792.web.app
 domainserverlawa793.web.app
 domainserverlawa794.web.app
-domainserverlawa795.web.app
 domainserverlawa796.web.app
 domainserverlawa797.web.app
 domainserverlawa798.web.app
@@ -1588,7 +1451,6 @@ domainserverlawa80.web.app
 domainserverlawa800.web.app
 domainserverlawa801.web.app
 domainserverlawa802.web.app
-domainserverlawa803.web.app
 domainserverlawa804.web.app
 domainserverlawa806.web.app
 domainserverlawa807.web.app
@@ -1596,8 +1458,6 @@ domainserverlawa808.web.app
 domainserverlawa809.web.app
 domainserverlawa81.web.app
 domainserverlawa810.web.app
-domainserverlawa811.web.app
-domainserverlawa812.web.app
 domainserverlawa813.web.app
 domainserverlawa814.web.app
 domainserverlawa815.web.app
@@ -1611,7 +1471,6 @@ domainserverlawa821.web.app
 domainserverlawa822.web.app
 domainserverlawa823.web.app
 domainserverlawa824.web.app
-domainserverlawa825.web.app
 domainserverlawa826.web.app
 domainserverlawa827.web.app
 domainserverlawa828.web.app
@@ -1623,9 +1482,7 @@ domainserverlawa832.web.app
 domainserverlawa833.web.app
 domainserverlawa834.web.app
 domainserverlawa835.web.app
-domainserverlawa836.web.app
 domainserverlawa837.web.app
-domainserverlawa838.web.app
 domainserverlawa839.web.app
 domainserverlawa84.web.app
 domainserverlawa840.web.app
@@ -1633,29 +1490,21 @@ domainserverlawa841.web.app
 domainserverlawa842.web.app
 domainserverlawa843.web.app
 domainserverlawa844.web.app
-domainserverlawa845.web.app
 domainserverlawa846.web.app
-domainserverlawa847.web.app
-domainserverlawa848.web.app
-domainserverlawa849.web.app
 domainserverlawa85.web.app
-domainserverlawa850.web.app
 domainserverlawa851.web.app
 domainserverlawa852.web.app
 domainserverlawa853.web.app
-domainserverlawa854.web.app
 domainserverlawa855.web.app
 domainserverlawa856.web.app
 domainserverlawa857.web.app
 domainserverlawa858.web.app
-domainserverlawa859.web.app
 domainserverlawa86.web.app
 domainserverlawa860.web.app
 domainserverlawa861.web.app
 domainserverlawa862.web.app
 domainserverlawa863.web.app
 domainserverlawa864.web.app
-domainserverlawa865.web.app
 domainserverlawa866.web.app
 domainserverlawa867.web.app
 domainserverlawa868.web.app
@@ -1666,7 +1515,6 @@ domainserverlawa871.web.app
 domainserverlawa872.web.app
 domainserverlawa873.web.app
 domainserverlawa874.web.app
-domainserverlawa875.web.app
 domainserverlawa877.web.app
 domainserverlawa878.web.app
 domainserverlawa879.web.app
@@ -1674,9 +1522,7 @@ domainserverlawa88.web.app
 domainserverlawa880.web.app
 domainserverlawa881.web.app
 domainserverlawa882.web.app
-domainserverlawa883.web.app
 domainserverlawa884.web.app
-domainserverlawa885.web.app
 domainserverlawa886.web.app
 domainserverlawa888.web.app
 domainserverlawa889.web.app
@@ -1696,19 +1542,14 @@ domainserverlawa901.web.app
 domainserverlawa902.web.app
 domainserverlawa903.web.app
 domainserverlawa904.web.app
-domainserverlawa905.web.app
 domainserverlawa906.web.app
 domainserverlawa907.web.app
 domainserverlawa908.web.app
 domainserverlawa909.web.app
 domainserverlawa91.web.app
 domainserverlawa910.web.app
-domainserverlawa911.web.app
 domainserverlawa912.web.app
 domainserverlawa913.web.app
-domainserverlawa914.web.app
-domainserverlawa915.web.app
-domainserverlawa916.web.app
 domainserverlawa917.web.app
 domainserverlawa918.web.app
 domainserverlawa92.web.app
@@ -1717,22 +1558,14 @@ domainserverlawa921.web.app
 domainserverlawa922.web.app
 domainserverlawa923.web.app
 domainserverlawa924.web.app
-domainserverlawa925.web.app
 domainserverlawa926.web.app
 domainserverlawa927.web.app
 domainserverlawa929.web.app
-domainserverlawa93.web.app
 domainserverlawa930.web.app
-domainserverlawa931.web.app
 domainserverlawa932.web.app
-domainserverlawa933.web.app
-domainserverlawa934.web.app
 domainserverlawa935.web.app
-domainserverlawa936.web.app
 domainserverlawa937.web.app
 domainserverlawa938.web.app
-domainserverlawa939.web.app
-domainserverlawa94.web.app
 domainserverlawa940.web.app
 domainserverlawa941.web.app
 domainserverlawa942.web.app
@@ -1741,45 +1574,33 @@ domainserverlawa944.web.app
 domainserverlawa945.web.app
 domainserverlawa946.web.app
 domainserverlawa947.web.app
-domainserverlawa948.web.app
 domainserverlawa949.web.app
 domainserverlawa95.web.app
 domainserverlawa950.web.app
-domainserverlawa951.web.app
 domainserverlawa952.web.app
 domainserverlawa953.web.app
 domainserverlawa954.web.app
 domainserverlawa955.web.app
-domainserverlawa957.web.app
 domainserverlawa958.web.app
 domainserverlawa959.web.app
 domainserverlawa96.web.app
-domainserverlawa960.web.app
 domainserverlawa961.web.app
 domainserverlawa962.web.app
 domainserverlawa963.web.app
 domainserverlawa964.web.app
-domainserverlawa965.web.app
 domainserverlawa966.web.app
 domainserverlawa967.web.app
-domainserverlawa968.web.app
-domainserverlawa969.web.app
 domainserverlawa97.web.app
 domainserverlawa970.web.app
-domainserverlawa971.web.app
-domainserverlawa972.web.app
 domainserverlawa973.web.app
 domainserverlawa974.web.app
 domainserverlawa975.web.app
 domainserverlawa976.web.app
 domainserverlawa977.web.app
-domainserverlawa978.web.app
 domainserverlawa979.web.app
 domainserverlawa98.web.app
 domainserverlawa980.web.app
-domainserverlawa981.web.app
 domainserverlawa982.web.app
-domainserverlawa983.web.app
 domainserverlawa984.web.app
 domainserverlawa985.web.app
 domainserverlawa986.web.app
@@ -1789,14 +1610,11 @@ domainserverlawa989.web.app
 domainserverlawa99.web.app
 domainserverlawa990.web.app
 domainserverlawa991.web.app
-domainserverlawa992.web.app
 domainserverlawa993.web.app
-domainserverlawa994.web.app
 domainserverlawa995.web.app
 domainserverlawa996.web.app
-domainserverlawa997.web.app
-domainserverlawa998.web.app
 domainserverlawa999.web.app
+donaidrsilcio.com
 doooog.cn
 dopeydog.co.nz
 dorouscom.com
@@ -1804,20 +1622,20 @@ douuodwoman.com
 dowaba-s2dhl.blogspot.com
 doz.tode.cz
 dpasdasfasfasfas.pages.dev
+dpd-pl.566868.space
 dpd-redelivery-uk.com
 dpmasdaskj.pages.dev
 dr-joannepeeler.com
 dr3aq.byethost32.com
+dreamhacker.pro
 dreamotion-jp.com
 drivingschoolglasgow.co.uk
 drmarciovaleriano.com.br
-dsadsadsa.diskstation.eu
 dsgcbeonline.com
+dskedirekt.web.app
 dsp2codemdp.t.justns.ru
-dswboot.cc
 dtpprtmwbtudyquwgytcqcthzc-dot-gl44393333333.rj.r.appspot.com
 dtrpsystasfasgas.pages.dev
-duanemanor.tk
 dukhovnist.in.ua
 durecorpperu.com
 dwrat.andalous.org
@@ -1831,7 +1649,6 @@ e4ra.byethost8.com
 e63q45f9h5fr.clickfunnels.com
 eagleeyeapparel.com
 earth01.info
-easy-webtdapp.com
 easywalletfix.net
 easywalletsfix.com
 eba0200d0c.nxcli.net
@@ -1840,15 +1657,12 @@ ebay.com.dashboard-seller.center
 eberhardtedwige.wixsite.com
 ebuddynews.com
 ec.snadc-oecddo.com
-ecloanmoney.com
 ecogreenjanitorial.com
 ecomcrew.staging.wpengine.com
 ecosteelsolution.ro
-editpdfonline.tk
 edje.com
 edukickmexico.com
 ee-sms.co.uk
-ee.mseocri.com
 ee.scicemecod.com
 efarms.com.ng
 eharmonyservice.com
@@ -1871,7 +1685,6 @@ emojis.dels.bar
 emsi-lobo.firebaseapp.com
 en-template-solicito-16414253314897.onepage.website
 enbolivia.com
-enchanting-guiltless-suede.glitch.me
 encryptdrive.booogle.net
 engcamp.org
 enoman.fqzsdgtg.cn
@@ -1897,20 +1710,18 @@ eth-coinwallet.net
 eth.coinscout.cc
 ethnictrendz.com
 ets.jwr.pa-fakfak.go.id
-etwtny.cf
 eucriomeumundo.com
 eugnerally-wixsite-com.filesusr.com
-euraby.com
 eusa-lombo.firebaseapp.com
 evashoes.com.ua
+even-besar-banget.duckdns.org
 even-ff-gratisterbaru2022.duckdns.org
-even-ff-terbarugratis2022.duckdns.org
+event-ff-bundle-baru.duckdns.org
 event-freefire728.duckdns.org
+event-freeskkinmlbb.duckdns.org
 event-garenafreefire263.duckdns.org
-event-skin-resmi-2022.duckdns.org
-eventclaimfreefiregratis2022.duckdns.org
 eventclaimsff0.duckdns.org
-eventgarenafreefiremax2022.duckdns.org
+eventspinfreefire2022.duckdns.org
 everestmotors.com.np
 evo-revolutioncups.com
 evolbithman.web.app
@@ -1919,6 +1730,7 @@ excelhana.com
 exchange-pancakeswaps.com
 exchangedictionary.com
 exodlus.net
+exodus-2022.com
 exodus.com-wallet-signin.com
 exodus.com-web-wallet-online.com
 exodus.com.tccaponline.com
@@ -1930,6 +1742,7 @@ extracash-interlbankonline.com
 extracloud.com.au
 ezblox.site
 ezssausage.com
+f2f.co.jp
 f6fr7.codesandbox.io
 f9w1lned0ruqblxi6jahwotak.filesusr.com
 faccebook.azurewebsites.net
@@ -1944,7 +1757,10 @@ facebook.com-r51znzih8i.isiolo.go.ke
 facebook.com-zxsrf038k.isiolo.go.ke
 facebook.eventspinff.wtf
 facebook.kingstopup.com
+facebook.whcserverbox.com
+facebook8facebook.blogspot.com
 facebookk.azurewebsites.net
+facebookphisher.herokuapp.com
 facebooks.azurewebsites.net
 faic.in
 faizankhan0408.github.io
@@ -1958,20 +1774,21 @@ fassilnet5.ultimatefreehost.in
 fax.gruppobiesse.it
 fb-case-id-28031803-fcdc-48af.web.app
 fb-pages.proteksion-help.workers.dev
+fb.10004682.review
 fb.expressturkeyi.com
 fb7927.bget.ru
 fdasd.2e4jept.cn
 fdhgf.xyz
-feceboolk.blogspot.com
 federalaccesscredit.com
 fedner.net
 fer-brooks.top
 feriadempleos.com
 ferienhof-gempel.de
 ff-anivesary225.duckdns.org
+ff-member-ganena.com
 ff-membership-garena.com
 ff-membershipz-garena.ga
-ff.membership.garenaj.vn
+ff.members.garera.vn
 ffim-event-2022.duckdns.org
 fghjr74rhudfguhtfguji.blogspot.com
 fi.uy
@@ -1980,7 +1797,6 @@ fidelitybank-mn.net
 fighting40s.com
 fikir.id
 fileundelete.net
-filmkenner.com
 filtrosmil.com.br
 finalfantasyguide.co.uk
 finiiishingedgex.tk
@@ -1995,13 +1811,14 @@ fluksrv.mycpanel.rs
 fmwebapp.azurewebsites.net
 foliar.pl
 foma-ura-lote.firebaseapp.com
+foor1.com
+for-pakage-delevry.tragaroleary.com
 foresta-mod.firebaseapp.com
 forhimself9999.co.vu
 formbuddy.com
 forms.formium.io
 formtools.com
 forum-dofus.com.co
-foryour.gov-information.info
 fpalpha.myportfolio.com
 fpmaam.org
 fr-europe564598-com.filesusr.com
@@ -2014,6 +1831,7 @@ freefiredot-comerhadiah.duckdns.org
 freefireevent-codashop2022.duckdns.org
 freeitemff-allreward.duckdns.org
 freeliker.net
+freereward-ff.duckdns.org
 frefire-membership-garena.sukienfreefire2021.top
 freg-nine.pt
 friendsofnechockey.com
@@ -2029,21 +1847,22 @@ ftx.com.vn
 ftx.cool
 ftxbonus.site
 funiswap.exchange
+furgonetka-1.pl
 fusionrestobar.cl
+futurebits.in
+fwztmgr.cn
 fxhalifax.com
 fxxmpavktyihgyqitmuaimubui-dot-gl44393333333.rj.r.appspot.com
 g-mtcc.com
 g.greatsubstance.com.my
 ga.teesmith.shop
 gabrielamims.com
-gabung-grubnew1342.duckdns.org
 gagaclinic.com
 gakrvwufrvhxjaabezdbltlhff-dot-gl44393333333.rj.r.appspot.com
 gallciaonllne.webcindario.com
 garena-xacminhtaikhoan.com
-garenafreefire728.duckdns.org
-gastronomiarobertos.com
 gasunige.mfs.gg
+gbunggrup-pmrsatu13.duckdns.org
 gedfdfsd.eu
 geg.li
 generali-italia-ag.hrweb.it
@@ -2069,7 +1888,6 @@ goldenlasgidi10.web.app
 golkondaresorts.com
 goo-gl.me
 good12345.tripod.com
-goofy-wozniak.192-210-226-164.plesk.page
 gorol-cost.web.app
 gorol-investor.web.app
 gosafes.com
@@ -2079,39 +1897,28 @@ gramarcales.com.br
 greekinfra.com
 greenclasses.in
 grosshandel-mevida.de
-group-mantap-seger.duckdns.org
 group-wa-1.duckdns.org
-groupbkep-vral15.duckdns.org
 groworldinternational.com
 grp02.member.mycld-rakuten.info
-grub-sangex.wikaba.com
-grubgabung.duckdns.org
 grubnatajadeh12.duckdns.org
+grubterbarukk037.duckdns.org
 grubviralterbaru65c.duckdns.org
-grup-bokephot-terbaru2022.duckdns.org
-grup-bokepviral4.duckdns.org
-grup-dwsa-indomesia845.duckdns.org
-grup-viral-seleb.duckdns.org
-grup-viralbokep111.myftp.org
-grup-viralbokep2.ddns.net
+gruo-wa-okep-dewasa-2022.duckdns.org
+grup-bokep-terbaru555.duckdns.org
 grup-whatsapp121.duckdns.org
 grup-whatsappbokep1.duckdns.org
 grup-whatsappbokep2.duckdns.org
-grupbokeppadacantik.duckdns.org
+grup2022ssx.duckdns.org
 grupofsp.com.br
 gruposanpio.com
-gruptiktok.wikaba.com
-grupviral-xx.duckdns.org
-grupviral109.duckdns.org
-grupviralterbaru.duckdns.org
+grupwhatsaap-viral-2022.duckdns.org
 grupwhatsappnobar-2022.duckdns.org
 gscommunityspirit.greenschool.org
 gstsolutions.online
+gtw420.com
 gunatanahku.perkimtan.sumbarprov.go.id
 gurukanth.com
 gwenet.org
-gyfnqyk.cn
-gymjaokhanakho.azurewebsites.net
 habbocreditosparati.blogspot.com
 haftteam.ir
 hahdaeupdate.es.tl
@@ -2128,19 +1935,18 @@ hasseanhannitybeenwaterboarded.com
 haunlimited.org
 hcnprdvz.azureedge.net
 hdmediahub.club
-hdss-stream.org
 heinthu1.github.io
 hellenic-postbank.com
-helloparis.co.uk
 help-account-bxsfe.ondigitalocean.app
+help-identity-recoveri-support-center.web.id
 help-notice-center-identity-6532.web.id
 help.insecur.saftyalert.workers.dev
 help.validation-page.workers.dev
+helpingcentere.com
 henan.vxim58i.cn
 hermes.parcel-tracker.com
 hetershaven.net
 heuristic-gagarin.45-88-108-231.plesk.page
-hfemail.ntneancns.com
 hgda.db0u4hs.cn
 hgdaa.lfoxcct.cn
 hghgda.erjl0hx.cn
@@ -2155,18 +1961,15 @@ hifly38926.top
 hifly39091.top
 hifly61215.top
 hifly71191.top
-hikaheal.com
 himalayansherpa.com.au
 himbauane.blogspot.com
 hitman71hd-wixsite-com.filesusr.com
-hjhjjhjhjh.pagedemo.co
 hockian.com
 holobeam.000webhostapp.com
 home.ei1ns.de
 home.myfairpoint.net
 homepichilinea2.webcindario.com
 homesinlogin.com
-homestaylongho.com
 hostnix.net
 hostpoint.ch.17a902ef.tcorner.fr
 hotbrooks.com
@@ -2179,6 +1982,7 @@ hpplotters.in
 hs-giveaways.ca
 ht-cargo.com.vn
 htlgroup.com.my
+httpcom-0d4tol437.isiolo.go.ke
 httpeugnerally-wixsite-com.filesusr.com
 https-scert-con04.xyz
 https-scert-srv02.xyz
@@ -2203,7 +2007,6 @@ i.violationspage.validationspege.workers.dev
 ialvkqkadlmcdltczoqpwoociz-dot-gl44393333333.rj.r.appspot.com
 ibpm.ru
 icloud-map-live.com
-icloudstatus.com.ng
 icy.martulangbelulalng.workers.dev
 idappswallets.com
 identifiez-vous-avec-votre-compte.yolasite.com
@@ -2216,7 +2019,6 @@ iframejld.avent-media.fr
 ighk.umjlrs7uci2751.workers.dev
 iipvit.by
 ijcda.bukkats.cn
-ijeioqhawdqioqho.weebly.com
 ijhca.0gb0h7z.cn
 ijjd.h8nmtcc.cn
 ijmna.p2y00vd.cn
@@ -2227,23 +2029,25 @@ ikcda.a2g5xvs.cn
 ikcsa.ajiqvjf.cn
 ikdff.jmo904i.cn
 ikja.lbanwqp.cn
+ikjcd.p1z98hl.cn
 ikjd.uk0xnp8.cn
 ikjgd.rg6bzk7.cn
 ikmcd.u4jdbxm.cn
 ikmxaa.qcqxlrq.cn
+ilooksrare.com
 iloveyourglasses.com
 ilpconnect.org
+image-pict-ig.duckdns.org
 imersao.impulseingles.com.br
 imf0rm4t10nc3nt3r-1d3nt1tys.000webhostapp.com
-imi-ksa.jajainfo.net
 imobiliaria-cardinali-com-br.blogspot.com
 impostazionebper.000webhostapp.com
 in.deraya.org
-inaueab.com
 indo-viral2022.duckdns.org
 info.lionnets.com
 infohypesquad.com
 infopichinchaweb.webcindario.com
+information.safeamazoncardweb.cyou
 informations.recovery.confiryourpage.workers.dev
 infos00001.temp.swtest.ru
 infosecplace.com
@@ -2256,16 +2060,16 @@ inna.cedymll.cn
 innca.ol90k56.cn
 innovasjon.as
 inps-ep.com
-instagram-9.blogspot.com
-instagramhelpp.agency
+instahelppbaddge.ml
 intellidata-analytica.com
-interbankempresahome.rankforever.com
 interbankempresas.pe-il.ru
+interbankhomeweb.fullcircleteam.com
 intern.unibas-com.ch
 international-formulier.91-218-65-223.plesk.page
 internetbanking-caixa-gov.xyz
 internetbankinghelp.com
 internetservicetech.com
+intesalife.ie
 intexargentina.com.ar
 inthewildproductions.com
 intoli.ru
@@ -2273,10 +2077,14 @@ intrafloraplants.com
 intranet.sztpe.info
 investpl.work
 iplogger.info
+iqwea.soxr0u1.cn
 ironmantech.shop
-irs-gov.us-get-funds-assistance.com
+irs-gov-supportcenters.com
+irs.gov-coronavirus-pandemic-tax-refund-submission.com
+ise.com.ar
 isfirsatibul.com
 ismamorlin.my-place.us
+isntagranmeta.pagedemo.co
 istudyalumni.com
 it-europe564598-com.filesusr.com
 it.melnikhotels.com
@@ -2288,6 +2096,12 @@ iuhs.tyopfhn.cn
 iujdas.yfwxlc9.cn
 iuyydd.ebeg6uk.cn
 j9w77d0.cn
+jacco.co.jp-service-tranid-0001-00001m.jtlctj.cn
+jacco.co.jp-service-tranid-0001-00001m.jxbehx.cn
+jacco.co.jp-service-tranid-0001-00001m.qyb59bk.cn
+jacco.co.jp-service-tranid-0001-00001m.v8vxqi.cn
+jacco.co.jp-service-tranid-0001-00001m.v9iasv.cn
+jacco.co.jp-service-tranid-0001-00001m.vjsj3y.cn
 jacobliston.com
 jadaart.org
 jagex-rewards.com
@@ -2299,31 +2113,31 @@ jbwbzta.alfens8.cc
 jeanbaileyrobor.com
 jendelajogja.com
 jerinja.github.io
-jessicasproul.com
 jetser-electrical-supply.business.site
-jetstoop.top
 jett.gator.site
 jflkp.csb.app
 jfovukvysqnglcjghfxncklqih-dot-gl44393333333.rj.r.appspot.com
 jhda.wfdyk9p.cn
 jhdd.fjcslad.cn
 jhff.93oe0u9.cn
+jhnd.0drhnjk.cn
 jiwanramchemical.com
 jjhcd.27ke98i.cn
 jk99j.sbs
-jkhkjjkjk.pagedemo.co
 jlogine.com
+jmcna.jiwayjc.cn
+jmfykd.cyou
+jncba.diiqsmm.cn
 jnlope.tangguakrapekpuik.link
 jnnc.grnxkoj.cn
 job-type.com
 jobs.job.com.bd
 joecamera.net
 john-ashley.de
-join-chat-whatssap-viral-2022.duckdns.org
-join-group-wa2022.duckdns.org
-join-grub-bokep-gratis.duckdns.org
-join-grubkienzy849.duckdns.org
-join-whatsapp-tante-hot18.duckdns.org
+join-group-1.duckdns.org
+join-gruo-waku282.duckdns.org
+joinedprice.com
+joingrupku183.duckdns.org
 joingrupp-bkep156.duckdns.org
 joingrupterbaru-0.duckdns.org
 joinlinkviral729.duckdns.org
@@ -2331,12 +2145,14 @@ joinssgropshot18.duckdns.org
 joinssgropssney6.duckdns.org
 jow-japan.or.jp
 joyeriajireh.com.mx
-jp-bnnk.japappoit.asdwb.xyz
-jp-bnnk.japappoit.asdwd.xyz
+jp-auid.com
+jp.mercari.omany.buzz
 jptechdocsign.net
 jrhayley.plus.com
 juandfar.github.io
+jurisgeneral.com
 jurlebedev.ru
+juscook.com
 justgot.gonevis.com
 justsayingbro.com
 jvk.zultifarza.workers.dev
@@ -2344,6 +2160,7 @@ jyeue43rm95p.clickfunnels.com
 jz2bab.webwave.dev
 k3ja6d.webwave.dev
 kaamwalibais.co.in
+kachinas.be
 kamdhenurealities.com
 kargonova.com
 kartaltepespor.com
@@ -2355,9 +2172,11 @@ kdhdf34j6dfh.dealerwebsite.com
 kdlscaffolding.co.uk
 kecc.com
 kecmanijada.com
+kedai-gamers.com
 keep-passw0rd-supp0rt20211129-0106.supp0rtaaqkadq2zgnizte3ltbly2etnge5yi05ntm3lty2yjcwyzywzdjhmwa.workers.dev
 keepactive-8k98-l9k8-98j8-98j78u-d3d3-fr3d34d-2.pages.dev
 keepboxactive-msoe3e3-osd2rrf432-d342f4-3f34e32edetferef.pages.dev
+kenanhusovic.com
 kevinsmovingservice.com
 kex81.sbs
 key-drcp.com
@@ -2381,12 +2200,12 @@ konfirmasi-identitas-2022.webnode.page
 konnect2kamadhenu.com
 koteng.odoo.com
 kr-bithumb.web.app
-kraftongame.net
 krupije.com
 krx887.com
 ksschool.org.in
 kuchkuchnights.com
 kurortnoye.com.ua
+ky79.com
 l-abe.com
 l-q.in
 lambdaweb.info
@@ -2408,16 +2227,17 @@ leadershipmail.org
 learningimpactmodel.com
 leboncoiinlbc.000webhostapp.com
 leboncoin.delivery01588.icu
+lefaf77683.temp.swtest.ru
 lemeiesta.com
 lenagruessdich.net
 leroycu.ca
+letoptuswebmail-9b69f0.ingress-comporellon.easywp.com
 lettertracing4kids.com
 lexnotes.com.ng
-lg-bluebadgecenter.ml
 lg-onecom-io.web.app
 liberasrl.it
 lihi3.cc
-linkcontract.tech
+linkgrupkakak-disini.duckdns.org
 liongear.com
 lirc.cep.edu.vn
 little-frost-1a15.chrisc11004842.workers.dev
@@ -2441,28 +2261,33 @@ lloydsbank.secure-online-deregister.com
 lloydsbank.secure-personal-device-login.com
 lloyduk-newdevice-registered-online.com
 llsckhuhskcamuqwbonsrhwpvk-dot-gl44393333333.rj.r.appspot.com
+lmbanang.pgryuangbtusngka.link
 lnkd.dev
 lnterbancape-lbk.com
 lnterbank.pe.starneonsignsug.com
+local-postoffice-deliver.com
 localwithg.com
 lockpichincha.webcindario.com
 loengregkuetngferu.live
 lofon-add.firebaseapp.com
 loftywallet.com
+logfuliz.web.app
 login-a5x1ir9bkd0dfo9nrbe2akijf3ux35u2gard0djpitipusxxc8.website.yandexcloud.net
 login-facebook18.webnode.page
 login-live.com-s02.net
 login-np6hh1hdf6csg7hcskopd44b7e7z4clqa8lput68g5abukevka.website.yandexcloud.net
 login-postfinance.com
+login-singaporee.apply-now-online-digital.com
 login.dbs.webdbslistinonline.com
 login.privategold.uytrtyuhij987.gowithapex.com
-login.smbc.weddirecttop.com
 logindhlaccess.dhlupdatelogin.workers.dev
+loginnewatt.weebly.com
 logverify-df12e-verify-1230-eu.web.app
 loinesports.com
 lomadesarrollos.mx
 lombard11.eu
 lot-lp-x.web.app
+love.gos-box.com
 lp.vp4.me
 lrs.financial
 lrs.foundation
@@ -2482,13 +2307,10 @@ m.protc.safty-pege.workers.dev
 m.recovery.safetyacount.workers.dev
 m.recovery.saftypageupdate.workers.dev
 m.salsomascard.top
-m4-appcaixia.com
 m42club.com
-m5bundle.com
 machineryzoneservice.com
 macjakarta.com
 macst.cc
-madamailru.temp.swtest.ru
 madens.com.pl
 madrhinoconsulting.com
 maestro.my.prod.dfg152.ru
@@ -2500,15 +2322,15 @@ mail-account-verify-f4723.web.app
 mail-gmxaktualisierung.yolasite.com
 mail-ovhcloud.web.app
 mail-ssocloud-srvr67yhguh.pages.dev
+mail.atlanticeconcrete.com
 mail.enrollmoreclientsbootcamp.com
-mail.gov-taxid.completofyours.info
-mail.grup-dwsa-indomesia845.duckdns.org
 mail.ims-fe.com
+mail.kenanhusovic.com
 mail.kuttabalfatih.com
 mail.santepluspharma.com
 mail.sweetshopspecialtycoffee.com.au
-mail.tariqalaraimi.com
 mail.updateinfo-billingo2.com
+mail.wellsfargous.duckdns.org
 mail.wheel1factory.net
 mail.zenstream.com
 maildomaiincheck1.web.app
@@ -2536,60 +2358,56 @@ mailserver7656566.blob.core.windows.net
 mailupdattee10.web.app
 mailupdattee11.web.app
 mailupdattee12.web.app
-mailupdattee13.web.app
 mailupdattee14.web.app
-mailupdattee15.web.app
 mailupdattee16.web.app
 mailupdattee17.web.app
-mailupdattee18.web.app
 mailupdattee19.web.app
 mailupdattee20.web.app
 mailupdattee21.web.app
 mailupdattee22.web.app
-mailupdattee23.web.app
 mailupdattee24.web.app
 mailupdattee26.web.app
 mailupdattee27.web.app
 mailupdattee28.web.app
 mailupdattee29.web.app
-mailupdattee32.web.app
 mailupdattee34.web.app
 mailupdattee35.web.app
 mailupdattee40.web.app
-mailupdattee5.web.app
 mailupdattee6.web.app
 mailupdattee7.web.app
 mailupdattee8.web.app
-mailupdattee9.web.app
+mainbugerrorfixing.com
+mainmobilerectify.live
+mainsbscrestore.com
 maintoken.org
-mainwalletappconnect.com
 makcts-go.ru
 make-anon-keep-past.rvsla.workers.dev
 mala-riba.com
 malaprontaargentina.com.br
 malehaenterprises.com
 malukutenggarakab.go.id
+mamasitasont.blogspot.com
 mandirilivinlinksystem.brizy.site
-mandirilivinlinksystem2.brizy.site
 mandirilivinlinksystem3.brizy.site
-manthsedty.live
 manualsync.com
+maotun.xyz
 mapsa.com.pe
+marifilmines.ca
 marinthe.poingaitongamlm.link
 marketplace-axieinfinity.io
 marketplace-axlelnfiniity.com
 marketplace.facebook.com-1b6x8r3ep.isiolo.go.ke
 marketplace.facebook.com-29ta3qbv.isiolo.go.ke
 marketplace.facebook.com-hzup1bae.isiolo.go.ke
+marketplace.facebook.com-izkbuxmx.isiolo.go.ke
 marketplace.facebook.com-kq1oh2ae.isiolo.go.ke
+marketplace.facebook.com-milt5ssm.isiolo.go.ke
 marketplace.facebook.com-qze9zt75vm.isiolo.go.ke
 marketplace.facebook.com-sauuvazpjo.isiolo.go.ke
 marketplace.facebook.com-tyeuieb7.isiolo.go.ke
 marketplace.facebook.com-wd5sulr0f5.isiolo.go.ke
 marketplace.facebook.com-z1au8cxghl.isiolo.go.ke
 marketplaceaxieinfiniity.com
-marmardian.co.vu
-marylkmatzenger.com
 masdas0932.co.vu
 masum.lawyer
 match.lookatmynewphotos.com
@@ -2617,22 +2435,28 @@ mercani.pomyt.info
 mercariz.xyz
 meremanovegabana.website2.me
 mericarir.mbudeu.cn
-mericarir.mg0gbo1.cn
+mericarir.mednljn.cn
 mericarir.mgeukpx.cn
 mericarir.mglsffs.cn
-mericarir.mksydb.cn
+mericarir.mglxyul.cn
+mericarir.mhgqdtv.cn
+mericarir.mjrsrfo.cn
 mericarir.mktbbr.cn
+mericarir.mkxbqnu.cn
 mericarir.mlyffa.cn
+mericarir.mmsfzys.cn
 mericarir.mnfjwy.cn
 mericarir.mnheijt.cn
-mericarir.mrzcafk.cn
 mericarir.msnygk.cn
-mericorci-logining.sfhs26r.lyb6srb.cn
+mericarir.mtlrnzu.cn
+mericarir.mukkwvc.cn
+mericarir.mxsoecl.cn
 meriocori-logining.2y3uio.pyqbas.cn
 mestertignseekjet4.blogspot.com
 mestertignseekjet5.blogspot.com
 mestertignseekjet6.blogspot.com
 mestredaobra.com
+meta-support-centers.ml
 metalurgicagiom.com.br
 metamasc.club
 metamask-connect.com
@@ -2643,11 +2467,13 @@ metamask-wallets.yahoosites.com
 metamask.cam
 metamask.io-php.com
 metamask.kiwi
+metamask.loan
 metamask.protocol-process.me
 metamask.security-information.cc
 metamask.social
 metamask.wallets-reauth.net
 metamaskdownloadandroid.xyz
+metamaskextension.xyz
 metamassklogins-us.tumblr.com
 metaversepadapp.com
 meusabor.com.br
@@ -2655,19 +2481,20 @@ mfacebook.blogspot.com.cy
 mfacebook.blogspot.lt
 mfacebook.blogspot.rs
 mgpskartarpur.com
+mgrandroyale.com
 mibancocrece.com.co
 micacd.elshov.com
-michaelxrandazzo.com
 michiyado.com
 microcav.square.site
 microsoftonline.pages.dev
 microsoftwebserver.mfs.gg
 micuenta01.github.io
+midasbuy1st.com
+midsposc2.com
 mijnics-actualisatie.185-236-231-64.plesk.page
-mikhali.com
+mikayelxhovakimyan.com
 milanobet301.com
 militarybikers.org
-minamikaga.or.jp
 mingming20160152.github.io
 miozpro.com
 miracdoviz.com
@@ -2697,16 +2524,17 @@ mjaymvnlchrlbwjlcjizmxn0.filesusr.com
 mk2.ge
 mkjiool.weebly.com
 mnbxa.73kfer9.cn
+mnbxcas.zm7wwar.cn
 mncxx.qbeepor.cn
 mnnbx.r1rpj09.cn
+mnncxa.fwffsyt.cn
 mobiile.systemredirect-pages.qf4owyef2n-xoy4w7wpr6pw.p.runcloud.link
-mobil-singaporre.digital-online-login-opportunity.com
 mobile-orange-forever.yolasite.com
 mobile-portail.live
 mobile.hedgesportst.me
-moccasinyellowbetatest--josekkk.repl.co
 moccasinyellowbetatest.josekkk.repl.co
 modest-hertz.45-81-232-15.plesk.page
+moiksys.com
 mon-token.com
 mon.espace.lcl.fr.certosini.info
 monbudri.xyz
@@ -2721,6 +2549,7 @@ montrealidiomas.com.br
 monyeward.com
 morcario.xyz
 morfybox.com
+movil.particulares-secure.com
 mqzlsim.mindlogicinfotech.com
 mrpitchman.com
 msc-doelsach.at
@@ -2741,16 +2570,14 @@ my-site219.yolasite.com
 my.jcpwb.com
 my.nhs-get-pass.com
 my.paydi.login-index-home.x4typfc.cn
-my.paydi.logining-nexy-home.en6cnm.asia
 my02billing-login.com
-myaccount.aol.wallat-billing.com.authlog.gq
+mybeii.live
 mycoerver.es
 mygoogleaccount.stantrade.xyz
 myjcb.cyyptoi.cn
 myjcb.thxpj.cn
 mymbg-aa2e2.web.app
 mymeta-securearea.plesk07.zap-webspace.com
-mymetamask-clientarea.185-236-231-227.plesk.page
 mymweb-owner.at.ua
 mypo-delivery.com
 mypsm.psm.edu.mm
@@ -2762,7 +2589,6 @@ mzqualitycleaning.com
 n-naoko-0319.github.io
 n.salsomascard.top
 n26.sa-france.fr
-n26servicetechnique.click
 n7orton.com
 nab-access-breach.com
 nab-alert.mobi
@@ -2770,7 +2596,6 @@ nab-www.303.si
 naderkhani.ir
 najboljeuslugezavas.betterservicesforyou.com
 nalandaias.com
-nalodke.com.ua
 nanjing.itud167.cn
 napgamelienquan.net
 naranja-users.auth0.com
@@ -2785,8 +2610,10 @@ natwest.secured-personal-verify.com
 nayablabs.com
 nayameehomes.com
 nbcc.0bit08a.cn
+nbcd.xiu58rl.cn
 nbcvs.gd65y69.cn
 nbcxa.lctlfdq.cn
+nbcxas.551awvr.cn
 nbhjxa.hblhi96.cn
 nbnonres.com
 nbxaa.b1b6nac.cn
@@ -2798,12 +2625,9 @@ ncgroup.club
 necessitymag.com
 nedbankqa.flowblocks.com
 nedriw.xyz
-neftlexi.com
 negociebra.com.br
 neptuneinnovations.com
 netciti.id
-netf1ix.us-891691712-local-781652.airalgeriecanada.ca
-netfl-lixids938mailmealkas.duckdns.org
 netflix-techarmy.me
 netflixus-uwm-916726-sbi-917827.kamaliakhaddar.pk
 networksol-f35e7.web.app
@@ -2827,9 +2651,8 @@ nhri.net
 nhs.my-vaccine-status.com
 niagarapower.com
 nic-home.com
-nisuper.com
 nizotchauffage.bilty.be
-nontonvidioviral2022nohoax.duckdns.org
+nodesconnection.com
 northlane.esy.es
 notife.help.institutepages.workers.dev
 notification-fb.secure-pages.workers.dev
@@ -2870,23 +2693,22 @@ oidda.5s2iamp.cn
 oijcd.qvjcddv.cn
 oikca.smwceku.cn
 oikcas.6b914ty.cn
+oikcd.uf27ce8.cn
 oikcxa.zvvx01z.cn
 oivac.com
 okcs.qj8yua.cn
 okds.bbtlcve.cn
-okep-terbaru-viral-2022.duckdns.org
+okep-viral-terbaru-terhist-2022.duckdns.org
 okmca.8xcrn6w.cn
 okmca.bxkfham.cn
 okmca.uwudagu.cn
 okmxa.lfgpror.cn
 okpwtu.webwave.dev
+ol-run1.online
 olidooo.waca.tw
 olk.us7apye.cn
 olmnxa.wc2ikux.cn
-olx-pay-pl.pay-id22343.top
-olx.saferegulatory.com
 omesqiwines.de
-omicronvariat.pagedemo.co
 oncopharma-ae.com
 onecreator.info
 onedrive.zhaoge.workers.dev
@@ -2896,13 +2718,16 @@ oneone-19cd8.web.app
 oneone-a38ef.web.app
 online-sistem.com
 onlineasesor01.hostfree.pw
+onlinebanking.unrecognised-new-payee.com
 onlineffn2.temp.swtest.ru
+onlineislemlersayfasivkfgirisicom.tk
+onlinsfuco.temp.swtest.ru
 onlysportplus.com
 ooxvocalor.yolasite.com
 opansea.live
 open24.ie-tsb.email
+operationroofingllc3.com
 opticabattilana.com.ar
-optika-anda.hr
 ora-n.yolasite.com
 orabu.it
 orange-dcr.fr
@@ -2913,11 +2738,8 @@ orange2k22.wixsite.com
 orangeb191.temp.swtest.ru
 orangess.contactin.bio
 org-nr.yolasite.com
-orlen-inwe.web.app
-orlen-x.web.app
 orlen.digital
 ormantencs112.odoo.com
-oryxcaracalsecurity.com
 osis.world
 otomoto-h229.net
 otomoto3452.com
@@ -2926,6 +2748,7 @@ oudczfbniitcqdsrmaapdztwqo-dot-gl44393333333.rj.r.appspot.com
 ourgarden.us
 outlook1541489.webcindario.com
 outlookcom119.yolasite.com
+ouverturecompte.lbp-eer.fr
 oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com
 p1c.servleboncoinser.com
 package2021.blogspot.ba
@@ -2933,7 +2756,6 @@ package2021.blogspot.bg
 package2021.blogspot.com
 page-restrict-case22456548.help
 pages-1008009999700022199021.com
-pages-1008097555214021.com
 pages-alert-facebook.ezyro.com
 pages-community-standart-2022.co
 pages-marvelous-project.webflow.io
@@ -2942,11 +2764,11 @@ pages-support-office-2021.tk
 pages.secure-accts.workers.dev
 pagesdetectscopyrightpostingactivitiesreported.co.vu
 pagos.sinpemovil.cr
+paidpapers.net
 paleyeer.com
 palmm.ps
 pancaakesvap.com
 pancake-sawp.com
-pancake.ellipsis.finance
 pancake7wop.com
 pancakesawpes.com
 pancakesfinances.info
@@ -2956,7 +2778,6 @@ pancakeswap.men
 pancakeswap.multi-wallet.info
 pancakeswap.salsasourcing.com
 pancakeswapes.company
-pancakeswapex.com
 pancakeswapexcgn.com
 pancakeswapexch.com
 pancakeswapexchage.com
@@ -2964,17 +2785,15 @@ pancakeswapexchg.com
 pancakeswappshop.blogspot.com
 pancaku-swap.com
 pancalteswap.finance
+panccakesswap.org
 panckaceswap.finance
-pancoke.com
 pandaskin.ru.com
 panelweb-4cae2.web.app
 pankaceeswap.com
 pankaceswapes.finance
 pankakeswap.ledgity.com
 pannelpub-benin.com
-pansccakeswap.finance
 pantazisezopiiuurmail1.web.app
-pantekkalisakitkepalaku.blogspot.com
 parcel-support018.com
 pardot.assemblecommunities.com
 pasarbta.info
@@ -2985,6 +2804,7 @@ pathospitals.com
 patient-cell-40f5.updatedlogmylogin.workers.dev
 patwise.co.in
 paws.org.au
+paxfulacct.com
 paxfulmenu.com
 pay-sera.web.app
 pay16-olx.pl
@@ -2992,13 +2812,16 @@ paymentnotificationnow.blogspot.com
 paypal-online-2deposits-paymentaccept.tk
 paypal-opladen.be
 paypalforex.co.ke
+pbemail.youxiangdashui.com
 pdf-cloud-document.weeblysite.com
 pdf-sharefile-doc.weeblysite.com
 pdflogincnvwo.app.link
 pdfsecured.mystrikingly.com
 peaceful-black.193-70-50-31.plesk.page
+pedih.001www.com
 pembatalanakundinonaktifkan.weebly.com
 pencakecwap.com
+pensive-payne-505e1a.netlify.app
 perfectliker.net
 peringatanakunfb2k214.webnode.com
 phantom-walletweb.app
@@ -3024,7 +2847,8 @@ pikay13.github.io
 pilmezorda.temp.swtest.ru
 pinchinchaverify.webcindario.com
 pirana.co.rs
-pl-swiatowe-wiadomosci.pl
+pkobp.pl.justns.ru
+pl-wiadomosciswiatowe.pl
 pla1060604.nichost.ru
 plan-o2-monthlypayments.com
 planetaamor.org
@@ -3033,8 +2857,6 @@ platinumserviceac.com
 playgirlgold.com
 ploferta.com
 plugmailextraexpiredoldpolicynotificationscenter.pages.dev
-plwiadomosciwszystkie.pl
-po-deliver-fees.com
 po-service-page.com
 poc-rewards-program-c2dfc.web.app
 podpiska-darom.ru
@@ -3051,6 +2873,7 @@ poligrafiapias.com
 polkadot-france.fr
 polkastarter.app
 polsd.pa0cpof.cn
+polska-informacyjna.pl
 polxa.uh8dg67.cn
 polygon-pro.com
 polygon-secure.com
@@ -3068,7 +2891,6 @@ postch9192.cargo.site
 postechsuivre.ileanamlaw.com
 postnl.post-tracking-delivery.etelinfra.com
 poww.6hkjmb.cn
-ppkllp.com
 ppnnttcc.ppcnthsc.me
 precisionimpex.com
 preg.dspearhead.com
@@ -3085,11 +2907,13 @@ primecentral.jixinggaozhao2.shop
 primecentral.qiourn.shop
 primeone.org
 printtoner.com.mx
+prism.net.in
 privacy-update-page-prtections-association-recovry-secu.web.id
 privacy-update-secu-recovry-page-protection-4565544.web.id
 privacy-update-secu-recovry-page-protection-comunity-45.web.id
 priyankasandokar1606.github.io
 pro.icloudremovaltool.com
+pro.systemine.xyz
 procservautomatizacion.com
 production.anon-rest-keep-reset.sales18130.workers.dev
 production.anon-step-keep-object.sales18130.workers.dev
@@ -3103,6 +2927,7 @@ production.try-murpheos-keep.sales18130.workers.dev
 production.twilight-darkness-9e4b.updatelogaccountprogramedrfwerwrdhscsw.workers.dev
 project1-df3e9.web.app
 projectlovewell.com
+promashoppe.com
 promehedinti.ro
 promerica-sv.webcindario.com
 promericalinea01.webcindario.com
@@ -3111,8 +2936,6 @@ prosmate.com
 prosxsiuser.myfreesites.net
 prosys.poweredbygravit-e.co.uk
 protect-4d56vca.surge.sh
-proteczzguuaaardzzzpagess.000webhostapp.com
-proteczzpagezzguarddzzz.000webhostapp.com
 provodi.com
 proximus-account.azurewebsites.net
 ptxx.cc
@@ -3132,13 +2955,13 @@ qhmqhgnfqbcoxkwamsioilhdmv-dot-gl44393333333.rj.r.appspot.com
 qsh74pekkv5e8.clickfunnels.com
 qssa.x5yrlr.cn
 quinaroja.com
+quirky-jones.172-245-159-112.plesk.page
 quotex-qx.com
 qwas.nfi71vw.cn
 qwea.wvhee0w.cn
 qweas.hi5g95r.cn
 qweas.p6rhddj.cn
 qweas.zwfaclq.cn
-qxluatbght.cfolks.pl
 r3c31v30n3-1d3nt1ty.000webhostapp.com
 rabellartz.de
 rabofree.blogspot.com
@@ -3146,6 +2969,7 @@ rabofree.blogspot.li
 rackenfordlabs.com
 racuten.nuef.info
 radhikamd.github.io
+rafbbmx.ga
 rafbbmx.ml
 raipurrussianescorts.com
 rakoten-card.buogfbizkugf.gq
@@ -3156,17 +2980,12 @@ raktuen.laobanlocker.com
 rakuitan-card.info
 rakuten.awjoadc.cn
 rakuten.card.nuosreaoms.com
-rakuten.card.uosmcoua.com
-rakuthn.shop
-rakuttm.shop
+rakuten.co.jp.rakutenajp.xyz
 ramgarhiamatrimonial.ca
 rareelements.io
-rasmer.fi
 ratewatch.net
 raycargo.com
 raydiom.io
-razcjjf.ga
-razcjjf.ml
 rbcmontgomery.com
 rd8um.app.link
 rdirtfuo6t.vov.ru
@@ -3175,9 +2994,9 @@ re-redirection-acc-id923872635122.blogspot.com
 real-anon-keep-passing-word.rvsla.workers.dev
 realestate-page-10843446024.expresspestcontrol.co.nz
 realindiatravel.com
+recibeya.tufacilmoneyonline.online
 reconfirmpost287846656.us
 recover-pages-media-problems-secur-782.web.id
-recover-pages-secur-media-problems-393.web.id
 recover-pages-secur-media-problems-397.web.id
 recovery-chain.com
 recovery-fb.secure-acct.workers.dev
@@ -3195,12 +3014,12 @@ reglic.in
 regularsweeps.xyz
 reignbike.com
 reikisadhna.com
+rekoution.bcszxcd.shop
 relevant.systems
 remittance369297292749.goshly.com
 renovkonstruksi.com
 repl-mess.myfreesites.net
 restore.exodusapp.ru
-restoredabefore-com.filesusr.com
 restorewallet-activation.net
 retiro-extracash.com
 retiro.cl
@@ -3228,7 +3047,6 @@ roccobonheur1-my-cheetah-website-copy.cheetah.builderall.com
 roisnoob.github.io
 rokulinktechnology.com
 rolinadd.surveysparrow.com
-romanceify.com
 rondalowa.blogspot.com
 rondelbarrilito.com
 ronin-help.com
@@ -3244,10 +3062,10 @@ rplg.co
 rrakutenn.co.jp.azii.cn
 rrakutenn.co.jp.nanofresh.cn
 rsujkblokqlyqfonpzgztejdji-dot-gl44393333333.rj.r.appspot.com
-rufoxxy.com
 runescape-info.com
+runescapebonds.com
+runescapeevents.com
 ruth.martulangbelulalng.workers.dev
-ryanicolehoward.com
 rymproducciones.com
 s-sarfati.co.il
 s.macecri.com
@@ -3272,7 +3090,6 @@ sanjilkumar.com
 sankyo-rz.com
 sanru.cd
 santander.secured-auth-login.com
-santanverifyfunction.com
 santepluspharma.eclatmediasolution.website
 santoshdangi.com.np
 saritapariyar.com.np
@@ -3294,16 +3111,16 @@ secure-boncoincontrol.net
 secure-halifax-device.com
 secure-mynew-devices.com
 secure-runescape.xgm.rnp.mybluehost.me
-secure-service-gateway.com
 secure-zirox.s3.ap-southeast-2.amazonaws.com
 secure.legalmetric.com
 secure.oldschool.com-cl.ru
 secure.oldschool.com-cu.ru
-secure.oldschool.com-cv.ru
 secure.oldschool.com-oz.ru
 secure.oldschool.com-rsu.ru
+secure.runescape.com-ak.ru
 secure.runescape.com-as.cz
 secure.runescape.com-az.ru
+secure.runescape.com-ca.ru
 secure.runescape.com-cl.ru
 secure.runescape.com-co.ru
 secure.runescape.com-cu.ru
@@ -3316,13 +3133,13 @@ secure.runescape.com-vs.ru
 secure300.inmotionhosting.com
 secure303.inmotionhosting.com
 secure55.webhostinghub.com
-secure7-servr01-log-in.4nmn.com
-securee37-authen21.duckdns.org
+secureaccount.ntflxauth.co
 securegateway-ovhcloud.csl-sl.de
 securelloyd-help-app.com
+securewalletprotocol.online
 security-page-community-standards.blogspot.com
 seguridad-oca.webcindario.com
-seleb-indo.duckdns.org
+seleccionperfil.xyz
 selector26.gg
 selector28.gg
 sem.my-drs.co.uk
@@ -3332,7 +3149,7 @@ sendung.eyecatch.ch
 sergebubnin.space
 sertyxese.myfreesites.net
 server-networksolutions.web.app
-serverprotocols.com
+server221.security.coinbase.com.gdone.co.ke
 servervalidationcheck103.web.app
 servervalidationcheck104.web.app
 servervalidationcheck105.web.app
@@ -3387,7 +3204,6 @@ serviceinfo-securehost.duckdns.org
 servicepage.service-page.workers.dev
 servicepichincha.webcindario.com
 services.runescape.com-as.cz
-services.runescape.com-oc.ru
 services.runescape.com-rse.ru
 services.runescape.com-rsu.ru
 servicesbancaire.com
@@ -3415,6 +3231,7 @@ sharedtris.com
 sharelink.sn.am
 shayvardphoto.ir
 shinex.lk
+shippment2.temp.swtest.ru
 shirhokos-mhalskbsiaoutfew43535.duckdns.org
 shirtshanger.com
 shiye666.cn
@@ -3426,11 +3243,9 @@ sidneyfcuorg.freshy.site
 sign-trk.empressmd.com
 signin-gcq7uwojrw58brcckylebjuy39nk2ivt65ol39k6ut6ura94zk.website.yandexcloud.net
 signin-payeer.com
-signin.eday.ed.ws.eday.ispi.dll.signin.using.ssl.hors-stade.com
-silkroadwines.com
 silpovsatb-ua.online
 silverberrygroup.com
-sim0nt0k-viral-terbaru-2022.duckdns.org
+simonecamposshop.com.br
 simpkk.karanganyarkab.go.id
 sindarspen.org.br
 siporados15585.blogspot.com
@@ -3463,12 +3278,11 @@ slavamel.github.io
 sleepmaskz.com
 slickparties.com
 slmkufeckf.jon-jensen.workers.dev
-slovenska-posta.sytes.net
 slowlinebag.jp
 sm.scicemecod.com
 sm777.csb.app
+smartfixconnect.live
 smbc-accout.com
-smbc-credit.shop
 smbc-veaiana.com
 smbcbc.com
 smbccjp.shop
@@ -3476,10 +3290,11 @@ smbcr.mrtka.info
 smbcwodeqingguoshoujicojp.top
 smeo.org.mx
 smgolamalif.github.io
-smirl.org
 smkkesehatanjember.sch.id
 smmsvocal.yolasite.com
+smpn2jeruklegi.sch.id
 sms-check.sc-q.top
+sms-infos.d2tt.co
 sms-shorter.com
 smsbc-info5.com
 smsenligne.myfreesites.net
@@ -3487,6 +3302,7 @@ smsorangephonemail.myfreesites.net
 smsorangesmsmessage.myfreesites.net
 smss-mms.yolasite.com
 smsverificationmms.myfreesites.net
+smvbc-info.com
 smwam.coms.cso.gov.tt
 so.macecri.com
 soaringskiesrentals.com
@@ -3499,7 +3315,6 @@ sognointerno.com
 solicitarfirmaelectronica-sv.com
 solyanayakomnata.ru
 sopac.org.py
-soracoes.xyz
 souaxwaoh.myfreesites.net
 soude-masi.firebaseapp.com
 soufsont.blogspot.com
@@ -3525,6 +3340,7 @@ spirit.gtwozone.com
 spk-entsperren.de
 spk-jahreswechsel.com
 spk-secure-de.com
+spkfod.coms.cso.gov.tt
 sport.protected-secur.workers.dev
 sportshoes.top
 sportybetpremium.wapka.co
@@ -3541,8 +3357,10 @@ ssia.org.sg
 ssl.dsl.isl.mll.aqmst6.stockestan.ir
 sso-garena.com
 sswebmail-4w5twsr.web.app
+staffportal.uoz.edu.krd
 stage.vannaryfowler.com
 staging.eliteautomotive.com.au
+standardcapbnk.com
 standardupdatesupportandhelpcenter2021.ga
 starforsure.com
 starliker.net
@@ -3552,11 +3370,10 @@ static-ak-fbcdn.atspace.com
 static-dev.o2alerts.com
 static-promote.weebly.com
 status-dev.o2alerts.com
-stbkcoltria.atwebpages.com
 stclarechurch.net
 steamcommunites.com
 steamcommunitj.com
-steamnitrof.com
+steamcommunityk.com
 steampoweredtrade.org
 steampoweredtrades.org
 stevemadden-sverige.com
@@ -3572,6 +3389,7 @@ stjohnmarol.com
 stjudes.in
 stolizaparketa.ru
 stollgroup.coms.cso.gov.tt
+stomkinscommercial.com.aus.cso.gov.tt
 storage.yandexcloud.net
 storenike365.top
 studio-lol.com
@@ -3586,13 +3404,11 @@ suiviticket.co
 sukien-pubgmoblevng.ga
 sultan-raza.github.io
 sumpandtankcleaners.in
-sunami.pagedemo.co
 sunbeltmembers.com
 sunge-ode.firebaseapp.com
 sunshineteam.in
 super-dawn-3035.ddahluwalia.workers.dev
 supermilhas.com
-suportecxacesso2020.com
 supotsstunes.servehttp.com
 suppliers.bitshepherd.org
 support-auwebaccessjpnaikpanggung.com
@@ -3624,6 +3440,7 @@ sysm5rn.cn
 system-fassil-net-2-3242353453453--12344443.repl.co
 t0nline0de0login-001-site1.itempurl.com
 taher-mohamed-ahmed-saad.github.io
+take-free-2022.duckdns.org
 taoistw345ie.co
 tarik-fitness.com
 taxcare.page.link
@@ -3645,11 +3462,13 @@ tellmeliu.github.io
 templat65sldh.myfreesites.net
 temporary-url.com
 terpelsicumple.com
-terracontiles.com
+tesladrive-event.com
 test.bayoucitybadges.org
 test.bitflye87.com
 test.dxbproductions.com
+test.myshopclub.ru
 test.webclient4.de
+testing-domain.duckdns.org
 texasfreedomrun.com
 tgpafasfsakkk.pages.dev
 theaceofspaeder.com
@@ -3671,8 +3490,6 @@ tieganford.ca
 tighi.creatorlink.net
 tight-samiuboc.co
 tikitaps.com
-tinhtrangdon.com
-tinyurl.mobi
 tipografieonline.ro
 tirozhjewelry.com
 titelinedrillingintl.yolasite.com
@@ -3691,7 +3508,6 @@ topskills.ru
 torccolborrachas.blogspot.com
 torrinwine.com
 touchidea.top
-touronline2022.com
 tovowhuqeojweawmubmaqmqlv.hofferflow.icu
 tpayleboncoin.com
 traders-joesxyz.com
@@ -3702,23 +3518,18 @@ triangarena-membership.ga
 tribratanewsbondowoso.com
 tribunbalikpapan.com
 truegrip.com
-trust-wallet.com.cn
 trustinpichincha.webcindario.com
 trustpress.gr
 trustypichincha.webcindario.com
-ts3cacd.jhfshm.com
 ts3cacd.rzjxbv.com
 turntekcnc.com
-twoje-zdjecia-622.herokuapp.com
 tx.vc
 txwnmdsbqghviqxpglgzjrgbzv-dot-gl44393333333.rj.r.appspot.com
 typedream.site
 typesmartlyocr.com
 tyrecentre.ru
 u08qv44zu5h.typeform.com
-u1571226.cp.regruhosting.ru
-u1571630.cp.regruhosting.ru
-u1571652.cp.regruhosting.ru
+u1565723.plsk.regruhosting.ru
 u18741649.ct.sendgrid.net
 u827857uw6.ha004.t.justns.ru
 uabaiieo.com
@@ -3741,7 +3552,6 @@ uhnsa.sdmpo0s.cn
 uhnxa.d23xsru.cn
 uhnxa.q83itv9.cn
 uhnxas.rvw56l.cn
-uiuui.pagedemo.co
 ujcd.um2nlru.cn
 ujdaa.fn3m4en.cn
 ujds.5e8tn13.cn
@@ -3762,6 +3572,7 @@ ujnca.wxuqxb7.cn
 ujnca.zgbo0g.cn
 ujncd.kzi68ra.cn
 ujncd.lw2djbm.cn
+ujnxas.vj135ih.cn
 ukcare.in
 umbrellaclubla.com
 unam.myfreesites.net
@@ -3772,9 +3583,8 @@ uniassessoria.com.br
 unicreditaustria.ucs.info
 unifacema.edu.br
 unifacvest.net
-unillantas.com.sv
+unifiedsmartsync.live
 unionheightsresidental.com
-unipo-a.web.app
 unisons.store
 unisonsouthayr.org.uk
 uniswap.ch
@@ -3784,7 +3594,6 @@ uniswap.pages.dev
 uniswap.seal.finance
 uniswap.token.im
 uniswap.trading
-uniswap.vn
 uniswapfinancing.info
 uniswaps.net
 unitedalliance-online.000webhostapp.com
@@ -3795,24 +3604,21 @@ unnxa.pqpchqo.cn
 unpocodearte.cl
 unregpayee-lb.com
 unsub.listhandlr.com
-upbeat-dhawan.179-43-173-14.plesk.page
 updateinfo-billingo2.com
+updatemy.software
 updateseason.com
 updatestory2022.co.vu
 updatevoda-billing.com
 upgrade-25gb-email.thecornerstudio.com.au
 upgradedserver.online
-upgradingattonlinee.weebly.com
 uploadpichincha.webcindario.com
 uploads.codesandbox.io
-upnew.site
 uppledpichincha.webcindario.com
 urbenorte.com
 urgent-halifaxlogin.com
 userboitevocalweb.flazio.com
 userinformationstoreupdatesmail.pages.dev
 usfn.net
-uspsconfirm.iconoomikert.com
 uspsexpressdeliveryline.com
 uswowgame.net
 uueer.7jgy5xe.cn
@@ -3822,6 +3628,7 @@ uyhnxx.urpzkva.cn
 uyqw.dykowec.cn
 uz154.sbs
 v.macecri.com
+v3r1f1c4t10ns-1d3nt1tys.000webhostapp.com
 v3r1f1c4t10ns-c3nt3rp4g3.000webhostapp.com
 vaccine-status-info.com
 vakif.albay-arnold.com
@@ -3829,45 +3636,45 @@ valax-wallet.com
 valenciaoptometry.com
 valenteplay.com.br
 validacionpichincha.odoo.com
+validate-chain.com
 validate-solana.com
 validator-fzkiy.run-us-west2.goorm.io
 vallion.motiffliterature.me
 vcz.gmoqkzu.cn
 velvish.com
 ventas.lnterbarnk.pe.jifad.org
-verfybadgeappform.com
 veri-pichincha.webcindario.com
-verificaciondeprioridad.com
 verification-trustwallet.4bl-eg.com
 verification.fb-page.workers.dev
 verificationmessage.blob.core.windows.net
+verifications-zones.com
 verififacebookid.wixsite.com
 verifiikasi-accounts.weebly.com
 verifikasi-akun-anda0011.weeblysite.com
 verifikasi-akun-facebook0022.weeblysite.com
 verifikasi-identitas47.weebly.com
 verifocaoffa.webcindario.com
+verifymywallets.com
 vgiuhkjnm.b9u6vh5l7g1797.workers.dev
 victorarath99.github.io
 videobigo.com
 vietlime.vn
 vietschi.de
 viettel-com-dot-c2c01-531c7.uc.r.appspot.com
-vigortech.com.np
+vigilant-murdock.45-81-232-15.plesk.page
 viguohilkasdsd.izwe6g6lyc.workers.dev
 vilaanimalviana.pt
 vinbpcfatfnkjftetwwkucfqsi-dot-gl44393333333.rj.r.appspot.com
 vinivet.mk
 vipfbtools.com
-vipprofessional.net
 viral-groub.duckdns.org
 virginia-spi.com
 virtual1dattss.com
 vis-stort.github.io
-visa-band.com
 vishaljangale01.github.io
 visione.co.id
 visionproperty.in
+vk-money.xyz
 vk-posters.ru
 vk-vhods.co
 vkjbm.4nt4nb464e6113.workers.dev
@@ -3886,25 +3693,30 @@ vugik.mecil33784.workers.dev
 vv.macecri.com
 vvjde0h0ttttf9hay.com
 vvpaes-me-index.egvtpp.cn
+vws.co.in
+vxcas.a35570.cn
 vxdse.myfreesites.net
 w2.deraya.org
 w5aproject.s3.us-east.cloud-object-storage.appdomain.cloud
-w5czf.csb.app
 wahed-koudsi2001.github.io
 walkers-dot-composite-store-326315.uk.r.appspot.com
 wallcertifyonmesh.com
 walldesign.com.tr
 wallet-connect012.web.app
 wallet-reconnection.xyz
+wallet-verified.com
 wallet.silesiacoin.com
 wallet22.000webhostapp.com
+walletconnect-tool.net
+walletconnect-tools.xyz
 walletconnectonline.pages.dev
 walletconnectors.com
 walleterrorsupport.com
+walletokenvalidation.com
+walletsconect.live
 walletsconnex.com
 walletsliveconnects.net
 walletsreauth.org
-walletsvalidator.org
 walletsynclive.com
 walletvalidation.me
 walletvalidators.com
@@ -3920,6 +3732,7 @@ warbonus.ru
 warningshadows.org
 warsa.bandungkab.go.id
 wasites.000webhostapp.com
+waterproofingengineer.com
 we-exodus-wallet.yahoosites.com
 web-armas.royale-freefire1garena-bonus.com
 web-b4119.web.app
@@ -3937,13 +3750,15 @@ web-verifi05.webcindario.com
 web-verifi06.webcindario.com
 web.bredbanque.trans.sylog.co
 web.royale-freefire1garena-bonus.com
-web7320.web07.bero-webspace.de
 webbbb.yolasite.com
 webbl.yolasite.com
+webdappsconnection.com
 webdatamltrainingdiag842.blob.core.windows.net
 webdesecure.clickfunnels.com
+webhost-verify.duckdns.org
 webip.yolasite.com
 webmail-2aaa0.web.app
+webmail-optusnet-com-au-sign1.weebly.com
 webmail-sso8uyg.web.app
 webmail.gourmer.co.in
 webmail.login.access.docs67.live
@@ -3953,20 +3768,17 @@ webpres.000webhostapp.com
 webregular.xyz
 webservice-verify.duckdns.org
 websitefun.club
-websiteorange.wixsite.com
 webstories.eu
 webvalidity.com
 well-42d74.web.app
-wellsfargo-online06.herokuapp.com
-weryfikacja-facebookowa-27.herokuapp.com
 weryfikacja-facebookowa-28.herokuapp.com
 weteachbh.com
 whare.100webspace.net
+whatsapp-grub99zyc.duckdns.org
 wheelsofmercy.org
 whitelist-network.com
 widadkamillah.github.io
 wiki.oceanreeflifegame.com
-wildcard.isiolo.go.ke
 windstream-net.firebaseapp.com
 winville.biz
 wireconfirmation68c10a25442a3e13.blogspot.com
@@ -3983,12 +3795,15 @@ wpsoar.com
 wqass-index.chobqu.cn
 wqass-index.dccigq.cn
 wqass-index.gbswz.cn
-wqass-index.jeewiki.cn
 wqass-index.pygbw.cn
 wrww-roblox.com
+wsertyzx.gq
 wteeoq.pfinanceiro.com.de
+ww.lnterbank.pe.personas.aaseguros.mx
 ww.lnterbank.pe.personas.onlinesocket.in
+ww.lnterbank.pe.personas.t-class.org
 ww16.inpost-pl-3dsecure.clear-id.xyz
+wwedealershipon.000webhostapp.com
 www-cursosdigitalesmx-com.filesusr.com
 www-degelyehuda-org-il.filesusr.com
 www-europe564598-com.filesusr.com
@@ -3996,10 +3811,9 @@ www-europessign-com.filesusr.com
 www-key-com.test.edgekey.net
 www-mufg-jp.handicraft.ltd
 www-mufg-jp.kaiqi.ink
-www-wattsapcom.duckdns.org
+www.facebook.com-sauuvazpjo.isiolo.go.ke
 www2.rakutan.co.jploginffd9dfg7.carwork.cn
 www2.rakutan.co.jploginffd9dfg7h.iotbaas.cn
-www2.rakutan.co.jploginvcx8ds.nanoart.cn
 www2.rakuten-card.co.jp.wzsrc.cn
 www2.rakutenn.co.jp.nanopark.cn
 www2.rakutenn.co.jp.zgyo.cn
@@ -4011,6 +3825,7 @@ x.scicemecod.com
 xcas.xoh29oz.cn
 xcasd.7vo6bt.cn
 xcasd.b204uje.cn
+xcasd.tcbjnhq.cn
 xcasd.yikn2gd.cn
 xcryptocars.blogspot.com
 xcvdsd.page.link
@@ -4029,10 +3844,10 @@ xjmr7.mjt.lu
 xjpyyds.pem4yp3.cn
 xkljfg.ml
 xn--gmal-sya.com
-xn--instagam-sf0d.com
 xn--ltappen-80a.se
 xn--metamsk-lwa.link
 xn--rpondeur-sfr2-bhb.yolasite.com
+xpubgfrozen.tk
 xqr3i.mjt.lu
 xqr3n.mjt.lu
 xqr3u.mjt.lu
@@ -4041,14 +3856,16 @@ xrxh1.mjt.lu
 xrxh2.mjt.lu
 xrxhl.mjt.lu
 xsbrookshhjx.top
+xspin.cawnibos.com
 xtio.ch
 xtw42.mjt.lu
+xvideokoreanwifesister18.duckdns.org
 xx.macecri.com
 xxaas.tp00jv9.cn
 xxasd.sf29hrg.cn
 xxx-com-dot-c2c01-531c7.uc.r.appspot.com
-xyproject.xtensio.com
 xzasd.uz64g3.cn
+yahoo%2eco%2ejp@asdxa.p2x11pi.cn
 yahoo%2eco%2ejp@bghgcd.psuxscm.cn
 yahoo%2eco%2ejp@bhgxa.eo76sni.cn
 yahoo%2eco%2ejp@cdas.nxzigco.cn
@@ -4070,12 +3887,11 @@ yahoo%2eco%2ejp@ujhdca.mdwclcb.cn
 yahoo%2eco%2ejp@uyhnxx.urpzkva.cn
 yahoo%2eco%2ejp@zxas.2nd0g8.cn
 yahoo%2eco%2ejp@zxass.jbkyj0o.cn
-yahoopoweredservice.duckdns.org
 yahuomall.square.site
 yairix.github.io
 yalena.me
+yandex-viral.duckdns.org
 yaqoobi.org
-yaranfayez.com
 yayanti.com
 ybdaa.oqsgm9r.cn
 ybggd.fjgjoux.cn
@@ -4095,11 +3911,13 @@ yma1ll0g0n.odoo.com
 ynbgdc.woprkzp.cn
 ynbxa.pvgulkz.cn
 yndda.m117s1s.cn
+yo7ka-anna.com
 yogeshwarwiremesh.com
 youknowar.com
 young-snow-7447.tcheviron5269.workers.dev
 youreasygoing2022.co.vu
 yqlpeitost.duckdns.org
+ytdjhstej.tk
 yuhjjkss.web.app
 yumpai.cn
 z.macecri.com
@@ -4107,10 +3925,12 @@ z.scicemecod.com
 z0massegurabclp1.shreeramwoodindustries.com
 z2qje.codesandbox.io
 z3voicrxxvs.typeform.com
+zacharytlasko.com
 zackselectronics.co.zw
 zaktualizacja-platnosci.netfxtv.co.pl
 zasd.yhxmd30.cn
 zb2-home.web.app
+zen-minsky-ef5931.netlify.app
 zenvinyl.com
 zepe.io
 zeroquiz.com
@@ -4123,10 +3943,8 @@ zmpcoacu.cyou
 zmpcoado.cyou
 zoho-online.web.app
 zoho-validationserv.web.app
-zonalnterbank.com
 zonmca.hxljatvw.cn
 zshrvvo.cn
-zuiunsya.com
 zxas.2nd0g8.cn
 zxas.hs0rgq8.cn
 zxass.jbkyj0o.cn
@@ -4135,7 +3953,6 @@ zxcaspx.aghwlup.cn
 zxcnash.seufhsk.cn
 zxcod.01l241.cn
 zxcuashs.e0n0gh5.cn
-zxdlbny.cn
 zxnahs.3cze6ri.cn
 zz.macecri.com
 ||0333fa5.netsolhost.com/comcast/xfinity.php?d1193169ba22c33594765d16035661b1=&amp;email=a@a.c&amp;.rand=login.xfinity.com.aspx$all
@@ -4143,13 +3960,13 @@ zz.macecri.com
 ||045a3c0.wcomhost.com/ameli-assurance/remboursement/login/iframe-page2.html$all
 ||048d7b4.wcomhost.com/ameli-assurance/remboursement/login$all
 ||048d7b4.wcomhost.com/ameli-assurance/remboursement/login/$all
+||0572f4b.wcomhost.com/escaixa/es/espace/home/$all
 ||108ideashop.com/ads/c/$all
 ||28ecne20f9u.securetnet.com/bbva/592cf4/425bdbd3-91cf-4e9f-9498-7a06b3ad75ec/?test=1$all
-||377080202567359722137708020256735972.blogspot.com/?m=0%5c$all
-||3c5.com/tnrxs$all
 ||3rdstreetmarket.com/wp-content/themes/3rdst/8-login-form/$all
-||8010361370310234068010361370310234.blogspot.com/?m=0%5c$all
 ||a-q-f.com/openpc/directlogin.do$all
+||abre.ai/dhhh?trackingid=gnevs68e&signature=newsletter$all
+||abre.ai/dmjg$all
 ||accounts.google.com/servicelogin?passive=1209600&continue=https://sites.google.com/view/viewbill-bt-1/bt&followup=https://sites.google.com/view/viewbill-bt-1/bt$all
 ||accounts.google.com/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/1lordman1man3/oscman2.html&followup=https://storage.cloud.google.com/1lordman1man3/oscman2.html$all
 ||accounts.google.com/servicelogin?service=cds&passive=1209600&continue=https://storage.cloud.google.com/appspotv450i7r8h9vf9y6yt8uiuft58f7uf5yye36u0jtyf78uuyfyy/index.html&followup=https://storage.cloud.google.com/appspotv450i7r8h9vf9y6yt8uiuft58f7uf5yye36u0jtyf78uuyfyy/index.html$all
@@ -4165,6 +3982,7 @@ zz.macecri.com
 ||alfredtalkelogisticservices-my.sharepoint.com/:x:/r/personal/venus_gardose_talke_com/_layouts/15/wopiframe.aspx?guestaccesstoken=8extkunxrkqozifs2sycqmk4ox0ntao7cizsavm5mjc=&amp;docid=1_14abcf62971634e6b8387df30ef7d978b&amp;wdformid={83a6cfc0-5689-4aa4-ab13-96952b8999ba}&amp;action=formsubmit$all
 ||alinachopra.com/blog/wp-content/themes/10/$all
 ||ambrosecourt.com/our/ourtime/ourtime.html$all
+||ams3.digitaloceanspaces.com/faxwxagm72247832mhwuk7224783272247832/index.html?961961d961$all
 ||ams3.digitaloceanspaces.com/njk/25_40_24_5e_40_26_40_26_28_29_23_23_5e_23_24_26_5e_25_26_40_5e_28_23_26.html$all
 ||anekaslot.com/jps/webmail_reset.htm$all
 ||api-freewallet.com/app/$all
@@ -4192,7 +4010,6 @@ zz.macecri.com
 ||bit.do/fs7cb$all
 ||bit.do/fs8cx$all
 ||bit.do/fsf6l$all
-||bit.do/ftahp$all
 ||bit.ly./3ijwsm2$all
 ||bit.ly/2iz03nf$all
 ||bit.ly/2kduy2u$all
@@ -4339,6 +4156,7 @@ zz.macecri.com
 ||bitly.com/3koilft$all
 ||bitly.com/3xmjxs4$all
 ||bitly.com/taxirsxcy$all
+||bitly.ws/nlwp$all
 ||bitwayconnect.com/en/wallets/$all
 ||blackbearcccouk-my.sharepoint.com/personal/accounts_blackbearcc_co_uk/_layouts/15/onedrive.aspx?id=%2fpersonal%2faccounts%5fblackbearcc%5fco%5fuk%2fdocuments%2fngb%20urgente%20substanti%c3%able%20update%20%5f%20voorstel%2epdf&amp;parent=%2fpersonal%2faccounts%5fblackbearcc%5fco%5fuk%2fdocuments&amp;originalpath=ahr0chm6ly9ibgfja2jlyxjjy2nvdwstbxkuc2hhcmvwb2ludc5jb20vomi6l2cvcgvyc29uywwvywnjb3vudhnfymxhy2tizwfyy2nfy29fdwsvrve5as01b19mukjbcutzeunhv3eznw9ccfbtmze3b2fsrnrgnhpzuenbvlfiqt9ydgltzt1tqjzyquroodjvzw$all
 ||bluehorse.in/sella/info.html$all
@@ -4389,6 +4207,7 @@ zz.macecri.com
 ||creativeingredient.com/wp-includes/images/verify/update/y.html$all
 ||creditiperhabbogratissicuro100.blogspot.com/2011/02/habbo-crediti-gratis-sicuro-100.html$all
 ||cusstomerservicee.blogspot.com/?m=0$all
+||custream.com/91eb6b959cd1249d6877/$all
 ||cutt.ly/2isbc3k$all
 ||cutt.ly/3yqokjg$all
 ||cutt.ly/3yy01ci$all
@@ -4406,6 +4225,7 @@ zz.macecri.com
 ||cutt.ly/dkvkq49/$all
 ||cutt.ly/gyqdc7m$all
 ||cutt.ly/ingdirect-es$all
+||cutt.ly/irsgov$all
 ||cutt.ly/iyn1owx$all
 ||cutt.ly/kiiataa$all
 ||cutt.ly/mynrk6q$all
@@ -4550,7 +4370,6 @@ zz.macecri.com
 ||docs.google.com/forms/d/e/1faipqlsfanborkr2ivrhpsjdnvnb-jktwkjbuub3wnsxb-md7haddsq/viewform?usp=send_form$all
 ||docs.google.com/forms/d/e/1faipqlsfbu-bfa-om2nk21gbc1gbbeoy4veybh7qcrj8jw7nwthmh_w/viewform$all
 ||docs.google.com/forms/d/e/1faipqlsfeoy_w3jwkkz8psgsw4nrja9tmg2lx0x0nvtmv38k0hjzzmq/viewform?usp=send_form$all
-||docs.google.com/forms/d/e/1faipqlsfgomlcpbyhodks1bwjmx6f5jr0tqwhngun_juf2qk0jp8dbq/viewform?vc=0&amp;c=0&amp;w=1&amp;flr=0&amp;usp=mail_form_link$all
 ||docs.google.com/forms/d/e/1faipqlsfgrkvxsp4vv3h2jpge8n2rwi_acvt3o91y4av8-nbjpc0xxw/viewform?c=0&amp;w=1$all
 ||docs.google.com/forms/d/e/1faipqlsfhzli805cycnlai887dfo6ra8bwbwjbc8uehmv5amiaqdbyq/viewform$all
 ||docs.google.com/forms/d/e/1faipqlsfjpx-sxpejnp_q2fmfu0jy8oqoesrx9wbrqplcychw9luupa/viewform$all
@@ -4579,7 +4398,6 @@ zz.macecri.com
 ||docs.google.com/forms/d/e/1faipqlsfygwrauuzg0kcnd6w_s42qneyhqpha0zs1rift0akntmlugq/viewform$all
 ||docs.google.com/forms/d/e/1faipqlsfzhyjvw1nn6bvqhbwmd3rcrm6gukuzir5u9tmsszmcrr8nyw/viewform$all
 ||docs.google.com/presentation/d/e/2pacx-1vrp2k-b45tcwcadgwzkulyaqrs1f9vfjs3y19o6fs_7p34ymzwuascr7lkuijhc83-o6fmsbbvehcf2/pub?start=false&amp;loop=false&amp;delayms=3000&amp;slide=id.p$all
-||dodgersdigest.com/wp-content/uploads/2013/12/thereal_dv$all
 ||drive.google.com/file/d/19zpw90jgon3j5merxi1pauvkjdmx8nfq/edit$all
 ||drive.google.com/file/d/1bcdyitw2vo5jp6yrbdmiy8cfrkcf4tby/view?usp=drive_web$all
 ||drive.google.com/file/d/1c5o9_y8_octsepwyojfarn1k-kj4d9fe$all
@@ -4645,6 +4463,7 @@ zz.macecri.com
 ||flowcode.com/page/bttelecommunicaation$all
 ||flowcode.com/page/bttelecoommunication$all
 ||flowcode.com/page/hjbsvjhfb$all
+||flowcode.com/page/jhgcfghj$all
 ||flowcode.com/page/mnkpo$all
 ||forms.gle/1mqqu8exzgpptqpl8$all
 ||forms.gle/3cyoxmwxqkbfpt2v5$all
@@ -4697,7 +4516,6 @@ zz.macecri.com
 ||go.skimresources.com/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp;test=off&amp;id=355x561&amp;url=https://www.paypal.com/shopping/&amp;xguid=01fezncfbjbj86yneatjn0qvt4&amp;persistence=1&amp;checksum=8142350e161acc6cb246be1d05d596973a1d3ac50af1f3594ee9ea462c87a4ef$all
 ||go.skimresources.com/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp;test=off&amp;id=355x561&amp;url=https://www.paypal.com/shopping/&amp;xguid=01ff06m6n2q43m6zcaqrh8xpm2&amp;persistence=1&amp;checksum=26e140f8abae23dd0c8dd547390a4deb9fc54b1acf3539d8aa44fb19e04902ef$all
 ||go.skimresources.com/?xcust=2c8967cc0ec911ec9332aea895ef3e670int&amp;test=off&amp;id=355x561&amp;url=https://www.paypal.com/shopping/&amp;xguid=01ff0qxy635yfpkrdaxav47j5k&amp;persistence=1&amp;checksum=cb2e0f7328d6ffea0e15a24046095a0bb98d27d4488e822bea4b181763f2eb0b$all
-||golfloslagos.com/wp-includes/js/thickbox/connexion/connexion/app/cdn/?fmfcgzgljlrvjdlwthjpssjfsnvbwgbbfmfcgzgljltdnhmxflbfwpzhjxchnhhqfmfcgzgkzqqhdhckrlvrtkvlbxfdwlclfmfcgzgkzqqhdhckrlvrtkvlbxfdwlclfmfcgzgkzqqhdhckrlvrtkvlbxfdwlcl$all
 ||google.com/url?q=http%3a%2f%2fbit.do%2ffr6ci&sa=d&sntz=1&usg=afqjcne7joz-iz-adrzkrxcihj8t9fs9qw$all
 ||google.com/url?q=http%3a%2f%2fbit.do%2ffsgjq&amp;sa=d&amp;sntz=1&amp;usg=afqjcngvqc30z-4hiaizv03gpwblwu3vnw$all
 ||google.com/url?q=http://srv-auth.web.app/upd/index.html%23%5b%5b-email-%5d%5d&amp;source=gmail&amp;ust=1607952068298000&amp;usg=afqjcnet34jepejaewvja8unv7ycds1vjg$all
@@ -4733,7 +4551,6 @@ zz.macecri.com
 ||hm.ru/mz4yho$all
 ||homeentertainmentexpo.com/zeland.html$all
 ||house18.info/themes/engines/ira.xml$all
-||hpnepgnmwrgdrrsdshzrvyirlx-dot-gl44393333333.rj.r.appspot.com/''''''''''''''''''''''''''''''''/$all
 ||href.li/?https://trimurl.co/0wsx7z$all
 ||href.li/?https://www.rkat2.2r-p.xyz/$all
 ||href.li/?https://ykm.de/f4b990c239777330$all
@@ -4758,13 +4575,12 @@ zz.macecri.com
 ||insurance2019.moneynet.com.tw/wp-admin/maint/?hash=a2fyaw5hywxtzwlkyxjpymvpcm9aag90bwfpbc5jb20=$all
 ||is.gd/areawebmps$all
 ||is.gd/clnhxv$all
+||is.gd/f0iqhg?trackingid=lxyqpvnl&signature=newsletter$all
 ||is.gd/t1xeia$all
-||j.mp/34vpnqn?muriitya$all
 ||j.mp/3arx6oo$all
 ||j.mp/3gydg8x?/supporrecovery$all
 ||j.mp/3i22f5g?jnlope$all
 ||j.mp/3kkkf0n$all
-||jobtima.com/wp-content/themes/swww04/?key=azhoi,email={email}$all
 ||jtbtigers.com/65g2g$all
 ||k12inc-my.sharepoint.com/personal/jdonahue_k12_com/_layouts/15/wopiframe.aspx?guestaccesstoken=jxndynkzmynao0nofzmhz4t%2fk%2br%2fg7qir2agrjo42ha%3d&docid=1_12252b23331654ef4bf8ef978a8eb83ee&wdformid=%7b2711d93c%2d7591%2d4baa%2db377%2dcf40ba8c7343%7d&action=formsubmit$all
 ||kutt.it/c07czi$all
@@ -4793,6 +4609,7 @@ zz.macecri.com
 ||linktr.ee/attmailserver$all
 ||linktr.ee/attonlineservice$all
 ||linktr.ee/attverificationpro$all
+||linktr.ee/btelop$all
 ||linktr.ee/btinternettt$all
 ||linktr.ee/d.emery1$all
 ||linktr.ee/dannygeez$all
@@ -4834,6 +4651,7 @@ zz.macecri.com
 ||mail.trendset.com.ar.ci3.toservers.com/mua/191.110.122.835718/sucursalpersonas.transaccionesbancolombia.com/mua/$all
 ||mail.trendset.com.ar.ci3.toservers.com/mua/191.95.152.1287758/sucursalpersonas.transaccionesbancolombia.com/mua/index.html$all
 ||mail.trendset.com.ar.ci3.toservers.com/mua/201.233.42.1501206/sucursalpersonas.transaccionesbancolombia.com/mua/index.html$all
+||mamasitasont.blogspot.com/?m=0$all
 ||me2.kr/1gne6$all
 ||me2.kr/6w9qj$all
 ||me2.kr/77srn$all
@@ -4852,6 +4670,7 @@ zz.macecri.com
 ||my.forms.app/form/60deff002ca34f5aa4985ab3$all
 ||my.forms.app/form/6112452ca3f6e60d511bad0d$all
 ||my.forms.app/leboncoin-service/confirmationpaiement-1$all
+||mybrenger-transport.com/app/views/abn/identification.php$all
 ||myparc.sharepoint.com/:x:/r/_layouts/15/wopiframe.aspx?guestaccesstoken=xvdowzk%2bkm4wndrziofnpfcj8fb8rkrsqt%2bkybvollg%3d&docid=1_16fb1a2a3e2f9468aa7cebc35874c9da0&wdformid=%7b95111770-0103-492b-8c70-e9625f96b49a%7d&action=formsubmit&cid=4d02a372-8b83-4120-84b5-1d9a2a3492dd$all
 ||netorg6600800-my.sharepoint.com/:x:/r/personal/ginger_gingerfountain_com/_layouts/15/wopiframe.aspx?guestaccesstoken=gpys8ex7ys1urrzbfeasvlexkodtrovmmcpn%2brsnebs%3d&amp;docid=1_1882b07b5eb5643d2bdaa63426324ef0e&amp;wdformid=%7b9bd54af1%2dee16%2d4e07%2d8d62%2d6e9b76e47512%7d&amp;action=formsubmit&amp;cid=9adf3e74-8cc1-4e36-b545-c9165fcafde7$all
 ||netorgft2223515-my.sharepoint.com/:x:/r/personal/leon_leongavartin_com/_layouts/15/wopiframe.aspx?guestaccesstoken=rpanwaz3gooz0d20j9wu7zzskog8p5egpbt4oc5j5bq%3d&docid=1_137b486a2059c4fc7b670d2ddb8f27254&wdformid=%7b07fe213f%2d4079%2d45b9%2db73f%2dfa9809248dd7%7d&action=formsubmit$all
@@ -4862,7 +4681,6 @@ zz.macecri.com
 ||oiazeiuiazolme.blogspot.com/?m=0$all
 ||online.visual-paradigm.com/app/forms/view/zalxyved/a9adea36-d163-4d46-a3de-0e990d86e78e$all
 ||onlinecasinospark.com/ions/index.php?email=redacted@abuse.ionos.com$all
-||oraclemart.com/ondedrive/onedrive/rolex/index.php$all
 ||oyknrmzazildlsaxutqiatopgs-dot-gl44393333333.rj.r.appspot.com/''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''$all
 ||pancakeswapsupport.co/walletconnect/$all
 ||paozeia.blogspot.com/?m=0$all
@@ -4885,6 +4703,9 @@ zz.macecri.com
 ||quip.com/qv7malu8n7cz/you-have-some-messages-pending$all
 ||r3g34.fra1.digitaloceanspaces.com/77ll23ween.html$all
 ||rabofree.blogspot.com/2020?m=1$all
+||readymag.com/u1496343659/3363308/$all
+||readymag.com/u3169021124/3364004/$all
+||readymag.com/u3908669287/3364075/$all
 ||reamaam.blogspot.com/?m=0$all
 ||rebrand.ly/j7107dr$all
 ||rebrand.ly/z83ig2n?rb.routing.mode=proxy&amp;rb.routing.signature=123%20836$all
@@ -4897,14 +4718,13 @@ zz.macecri.com
 ||reurl.cc/xgmxr1$all
 ||rezunz.quip.com/2d0jazx1eky5/click-here-to-verify-your-email$all
 ||riderctposten.blogspot.com/2021/02/blog-post.html$all
-||roygijvhluozwnflsypmewrstt-dot-gl44393333333.rj.r.appspot.com/''''''''''''''''''''''''''''''''$all
 ||ruralaccounting.com.au/ruralaccoun/alibaba.com/portal.php?email=june3354@naver.com$all
 ||s.id/-rb9g$all
+||s.id/actueel1$all
+||s.id/actueel2$all
 ||s.id/crsqh$all
 ||s.id/ytk-r$all
-||s3-us-west-2.amazonaws.com/bvqs45qsd4azdqzz/a.html$all
 ||s3.amazonaws.com/progressivebank-uat/index.html$all
-||s973454980238668645789827366497203975890547864598033674329.fra1.digitaloceanspaces.com/realtrue.html$all
 ||sanclemente.cl/carli_lamell.html$all
 ||sandert12.blogspot.com/p/la-banque-postale.html$all
 ||sateegourmet.com/sbot$all
@@ -5135,6 +4955,7 @@ zz.macecri.com
 ||sites.google.com/view/yt89ougjio/bt$all
 ||sites.google.com/view/ztt5zazu/home$all
 ||skart.co.in/admin/webmail.cpanel.net/user/cp.user.sign_in/auth/cpanel_mailbox/index.htm$all
+||snip.ly/qevjwc$all
 ||solatresont.blogspot.com/?m=0$all
 ||soufatanse.blogspot.com/?m=0$all
 ||soufsont.blogspot.com/?m=0$all
@@ -5202,7 +5023,6 @@ zz.macecri.com
 ||sunnylandingpages.com/usroutput/themeset1_2021-12-21-23-15-13/$all
 ||superpark-my.sharepoint.com/:x:/r/personal/adrian_ramos_superpark_com_hk/_layouts/15/wopiframe.aspx?guestaccesstoken=vofjngnui%2fslbameorlq62qlg8mcdnpo1dizu6i%2bc1m%3d&amp;docid=1_124bbb2f682ca4c7daba6cec6ee34dfb9&amp;wdformid=%7ba85c8abe%2d68be%2d43dd%2d91f3%2db397386186be%7d&amp;action=formsubmit$all
 ||surveyheart.com/form/608bca7586919c70a2066ef7$all
-||surveylegend.com/s/2vze$all
 ||svkmmumbai-my.sharepoint.com/:x:/r/personal/pranjali_chandurkar_nmims_edu/_layouts/15/wopiframe.aspx?guestaccesstoken=668cyp4s%2fwcmx8rj223bvjfwdvtryffzfpyarbrueha%3d&amp;docid=1_1916b69db182644fead12e874cad930c4&amp;wdformid=%7bcd4093b9%2ddfae%2d49f1%2dadde%2df32fbe93b271%7d&amp;action=formsubmit$all
 ||swisscoat.com.cn/index.html$all
 ||synapse-project.com/about-us/netflix/9001ca429212011f4a4fda6c778cc318/account$all
@@ -5231,7 +5051,6 @@ zz.macecri.com
 ||telenorkandklimsupoort.blogspot.com/2021/03/blog-post_48.html$all
 ||thedigirocket.com/wp-content/plugins/form.htm$all
 ||thelibrarysamui.com/wp-content/uploads/2021/11/1/1and1/index.php$all
-||themcsoft.com/wp-track/parceverification9887id=291250485$all
 ||tiny.one/ing587388$all
 ||tiny.one/ing67454$all
 ||tiny.one/reuswnzc$all
@@ -5312,6 +5131,7 @@ zz.macecri.com
 ||vk.com/away.php?to=https://www.marmum.ae/css/?key=lzqm$all
 ||vk.com/away.php?to=https://www.marmum.ae/css/?key=yihv$all
 ||vk.com/away.php?to=https://www.newlifenursery.com/assets/rdt.html?key=lwhi1$all
+||vps3920.ultahost.com/all.php$all
 ||wallieget.com/8jdu/sb6/index.php?_$all
 ||wallieget.com/8jdu/sb6/index.php?_&amp;_$all
 ||wallieget.com/8jdu/sb6/index.php?_&amp;_&amp;_$all